Related
I followed each one of your steps. I get an error when trying to install the signed zip. "Can't find update script" Can anyone please help me with this.
thank you
I'm doing option 2. I get it signed just get an error "Can't find update script"
This quick guide will teach you how to sign ROMs!
WARNING : YOU WILL NEED AT LEAST A BASE KNOWLEDGE OF HOW TO USE COMMAND PROMPT.
The knowledge of signing ROMs can prove useful to anyone! By knowing how to sign ROMs, you can modify your favorite ROM to add or delete APKs, so when you flash the ROM your favorite apps will be present! Or you can delete apps you don't use so they will not be installed when flashing the ROM!
Before starting, you need a couple of things. First you will need Java SE Development Kit and Java SE Runtime Environment . You can download them HERE.
After you have downloaded and installed both, you will need a very useful tool made by someone at XDA-Developers (if you know who it is please let me know).
Download this tool (attached) and unzip everything inside of it into one common folder. I personally unzipped everything into my Android SDK folder.
Signing
Now run the autosign.bat. You will have to go through commands 1(Set PATH variable for SDK) ,2 (Set CLASSPATH variable for signing tool) and 3 (Install registry entries). They are very easy to use and just follow the instructions. If you are asked to confirm and/or replace a file, always select yes!
Now you are finally ready to sign! There are two options to sign the .zip
1)Find the ROM (.zip) and right click and select "Resign Zip". If you use this option a command prompt box should quickly appear and disappear.
OR
2) Using the Autosign.bat, select option 4, and then write the directory and file name of the ROM. For example,
D:\Android\ROMs\YourROMHere.zip
It will hang for a bit at the part where it says "signing", and then it should say something along the lines of "Successfully completed if no errors above"
If this helped you, comment below!
http://androidforums.com/developer-101/8665-how-signing-roms.html
Anyone...... I know someone knows
You have to zip the contents of the rom, not the rom itself. i.e. if you sign the rom folder, it will be ROM_Signed.zip->ROM->system/data/metainf... you get the picture. Go into the folder you want to zip and then sign, select the contents, and zip them. It will then be ROM_Signed.zip->/system/data/metainf. Then just sign it.
update-script is a script that tells the flash utility what to do. It is located in the zip as part of the following directory structure:
META-INF/com/google/android
The contents can vary. For Darktremor A2SD 2.6.1, here's the contents:
show_progress 0.1 0
copy_dir PACKAGE:system SYSTEM:
show_progress 0.1 10
PACKAGE is used by android to reference the actual zip file, or package file.
SYSTEM is used to represent /system
DATA is used to represent /data
CACHE is used to represent /cache
BOOT is used to represent the boot partition (which is where you flash boot.img)
RECOVERY is used to represent the recovery partition. Never actually seen this used. I guess it used for an update.zip that you would flash via fastboot.
The zip file has to be structured in the same way as the file system on your phone. If you want to install something to, say, /system/bin, you must have a system folder, which in turn has a bin folder.
What I would do is take one of the available ROMs and unzip it. Then look for their update-script. Usually ROM packages are more detailed in the update-script.
If you don't have update-script in your zip file, the flash utility in recovery won't know what to do.
networx2002 said:
I followed each one of your steps. I get an error when trying to install the signed zip. "Can't find update script" Can anyone please help me with this.
thank you
I'm doing option 2. I get it signed just get an error "Can't find update script"
This quick guide will teach you how to sign ROMs!
WARNING : YOU WILL NEED AT LEAST A BASE KNOWLEDGE OF HOW TO USE COMMAND PROMPT.
The knowledge of signing ROMs can prove useful to anyone! By knowing how to sign ROMs, you can modify your favorite ROM to add or delete APKs, so when you flash the ROM your favorite apps will be present! Or you can delete apps you don't use so they will not be installed when flashing the ROM!
Before starting, you need a couple of things. First you will need Java SE Development Kit and Java SE Runtime Environment . You can download them HERE.
After you have downloaded and installed both, you will need a very useful tool made by someone at XDA-Developers (if you know who it is please let me know).
Download this tool (attached) and unzip everything inside of it into one common folder. I personally unzipped everything into my Android SDK folder.
Signing
Now run the autosign.bat. You will have to go through commands 1(Set PATH variable for SDK) ,2 (Set CLASSPATH variable for signing tool) and 3 (Install registry entries). They are very easy to use and just follow the instructions. If you are asked to confirm and/or replace a file, always select yes!
Now you are finally ready to sign! There are two options to sign the .zip
1)Find the ROM (.zip) and right click and select "Resign Zip". If you use this option a command prompt box should quickly appear and disappear.
OR
2) Using the Autosign.bat, select option 4, and then write the directory and file name of the ROM. For example,
D:\Android\ROMs\YourROMHere.zip
It will hang for a bit at the part where it says "signing", and then it should say something along the lines of "Successfully completed if no errors above"
If this helped you, comment below!
http://androidforums.com/developer-101/8665-how-signing-roms.html
Click to expand...
Click to collapse
HeroMeng said:
You have to zip the contents of the rom, not the rom itself. i.e. if you sign the rom folder, it will be ROM_Signed.zip->ROM->system/data/metainf... you get the picture. Go into the folder you want to zip and then sign, select the contents, and zip them. It will then be ROM_Signed.zip->/system/data/metainf. Then just sign it.
Click to expand...
Click to collapse
It took my brain a min, but i got it.
Thanks
********NOTE*********
i have included a few of the tools you will need as attachments to this post. I will not take any credit for these programs as i was not the developer for them... these people work too hard to have anyone steal their credit... please give credit where credit is due!Your nv_data.bin file and its matching nv_data.bin.md5 files are located on your phone in /efs/
All references that i make to "sd card" or "/sdcard/" refer to your phone's internal SD Card, not an external SD card that you may have installed.
I have created a windows batch file that you can run and it will extract your entire /efs/ folder from your phone to your PC. I am currently working on the batch script to move the edited nv_data.bin files back to your/efs/ folder and do the other adb stuff.
attached is the EFS Extractor.zip file that contains the ADB files and the batch script.
The product code for your AT&T Captivate is: SGH-I897ZKAATT
WARNING… I AM NOT RESPONSIBLE IF YOU BREAK YOUR PHONE FOLLOWING ANY OF THESE INSTRUCTIONS
The Attached EFS Extractor.zip file contains the necessary adb file and a couple batch files. "retrieve efs.bat" copies your entire /efs/ folder to your PC in a folder called /efs_bkup/ in the directory where you unzipped the file and ran the batch program from. The file "update nv_data.bat" takes your edited nv_data.bin file from the root directory where you ran the .bat file from and places in in your phone's /efs/ folder and removes the old copies from your phone... when it is done, it will power cycle your phone.
To fix your nv_data.bin, you will have to have access to the following tools:
A hex editor (search google for hex editors, they have tons of them that are free… I use one called HexEdit and i have it attached)
GalaxyS_One-Click_Root_All_Models (available via XDA-Developers... attached)
ADB (Android Debugging Bridge) This is available by getting the Android SDK at the Android Developers Website (http://developer.android.com/sdk/index.html) or if you downloaded the Galaxy S One Click Root, it is in the directory where you unzipped the files.
BusyBox – Search the google market for “BusyBox”. It will appear and will be the free one from stericson (i have included the .apk as an attachement)
Odin One-Click Downloader (available from XDA)… make sure you get the correct one. There are 2 versions. If you batch number is 1008 then you need the one with the 3-button fix, if you batch number is greater than 1008 then you should need the regular one. Your batch number is written on the sticker on your phone under your battery on the left side right under the words “S/N” where your serial number is listed.
Samsung Kies Mini (gotten from Samsung website)
Download the attached EFS Extractor .zip file. It contains everything you need to copy your /efs/ folder to your PC
Now for what you need to do to get your phone’s nv_data.bin back to normal:
Flash back to stock and then do a master clear using Odin One Click
put phone into USB debugging mode and also check the setting to "stay awake"
connect phone to PC and root and install busybox
extract the attached EFS Extractor.zip file and run the "retrieve efs.bat" file. This will copy your entire /efs/ folder from your phone to your PC in a direcotry called ./efs_bkup/
Using the Hex Editor, edit the file ./efs_bkup/efs/nv_data.bin on your PC to have the correct product code SGH-I897ZKAATT. do an ASCII search for "SGH" to locate the line in the file that contains your product key. then save the edited file to ./nv_data.bin (the root directory where you extracted your ZIP file to on your PC)
run the file "update nv_data.bat" to copy your corrected nv_data.bin to your phone's efs folder and chown it and reboot your phone
change USB Settings on phone back to Kies then open Kies Mini and connect phone.
you should now be able to connect to Kies Mini and not have unregistered device... now would be a good time to back_up your /EFS/ folder... you can now either do Odin One-Click and a master clear, or flash a different rom. You should do Odin if you want to use Kies to get updates to be 100% stock to remove your root and busybox.
The general overview what what you need to do is this for those of you that want to know and/or use other tools to do this
Copy your /efs/nv_data.bin file from your phone to your PC
Use a hexeditor to modify the line in the nv_data.bin file that contains the productcode to contain your correct product code
delete any nv_data.* files from your /efs/ folder on your phone
copy the corrected nv_data.bin file from your PC to your /efs/ folder on your phone
busybox chown 1001:1001 /efs/nv_data.bin
reboot phone
Done!
Now, when you backup your /efs/ folder to your PC you may see files like nv_data.bak and nv_data.bak.md5. Using a hexeditor, open the nv_data.bak file and look at the line that has the product code (ASCII values starting wtih SGH)... if the product code in the .bak file is correct, then delete the nv_data.bin and nv_data.bin.md5 from your /efs/ folder on your phone and reboot your phone. Your phone should then create new .bin and .bin.md5 files from the .bak and .bak.md5 files that will have the proper productcode. You can also optionally rename the .bak and .bak.md5 files on your PC to be .bin and .bin.md5 and copy them to your /efs/ folder on your phone.
You can view what Kies is reading your productcode as by opening your windows registry editor Start>Run>regedit[enter]
Connect phone to PC in Kies(Firmware) mode
Navigate to HKEY_CURRENT_USER/Software/Samsung/KiesMini/FUS
Look at the key "PRODUCTKEY" and what it's value is... if it is correct, then you are good. If not, then something went wrong somewhere.
If you have issues please post the issues you are having and I will update as necessary.
Here is a link to a different thread that contains a program and instructions for restoring your unlock codes if that is what you are trying to do. The .jar (java program is written in frech, but it only asks for the codes you want to use for your unlock codes... i did not make this program so I cannot help you with it.
http://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle
Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
mattbeau said:
Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
Click to expand...
Click to collapse
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get generated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to. I have never had the .bak files in my /efs/ folder so i haven't ever been that lucky.
devz3r0 said:
Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle
Click to expand...
Click to collapse
Yeah, looking at it quickly it looks like all the instructions are correct... maybe abbreviated too much... Thanks for that... i will update with instuctions similar.... i have to remember that there are those folks that have never used adb or know what it is. I will credit you in my update tomorrow. I am used to where i work we have people that use computers that don;t know how to power them on and off so they just leave them on all the time... i have to be very specific on my instructions that i tell them so they can understand... a two second task becomes an all-day event. Just something i am used to doing.
I will be working on a dos script (.bat) file that will do most of the adb stuff so then the users only need a few things to do and just let the scripts take care of the rest.
hansonmi said:
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get greated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to.
Click to expand...
Click to collapse
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help
mattbeau said:
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help
Click to expand...
Click to collapse
Yeah... the problem is that not everyone knew to do it before flashing as a lot of the ROM pages don't say it (I was one of them that never knew about it)... i knew what the java was saying but since i don't have an unlocked phone, i had no way of testing it to see if it worked for me or not... and on top of that it didn't work with restoring my productcode (i know that becuase i couldn't use Kies until i did things manually)... I tell people to rename the files, becuse i am assuming they copy the contents of their /efs/ folder to a PC or something... then they just have to delete the nv_data files from /efs/ on their phone, and rename the .bak files on their PC and copy them back to their phone's /efs/ so they still have a copy of their original files saved on their PC... plus i don't like relying on the phone doing the renaming because if it doesn't no one will know what went wrong...
Working on Windows Batch (.bat) script
I will be working on doing a windows .bat script that will do most of the dirty work for you... it may take a couple days because where i work the end of the year is the busiest time for me and i don't have a lot of time between work during the week.
I will make the script an attachment and will hopefully be able to zip with the abd files to make life a little easier for everyone.
Thanks for the input everyone.
What line
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Worked great, followed steps exactly as outlined didn't have any problems. Thanks again for this, I've been wanting to have a proper backup of efs folder with correct product code, but could never change it back.
Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.
Big thanks for posting this.
I'll give this a shot prior to flashing Axura 2.5.
Thanks hansonmi! I got it updated with kies. I done it a lil diffent using root explorer to move files around and used hexeditor to edit files and root explorer to copy back.
great guide.
wish this would have been around the first time i ran into this problem as it was a headache when it happened and the threads and advice on fixing were so fragmented within the forum threads.
The only thing i did differently was that i didn't use ADB on a pc at all during the process (I completed the process using both Root Explorer and Terminal Emulator on my phone and copying files to pc via mounting the phone and its storage as disk drives).
(PS before doing any of this i backup up my efs folder first to my external SD using root explorer and then to my pc via mounting the phones storage)
1. I had already copied my nv_data.bin file to external SD when backing up EFS folder.
2. Connected to pc via usb and mounted for storage (with debugging on)
3. copid nv_data to pc
4. used PsPad to edit the nv_data file in accordance with previous instruction in this thread. (I highly recommend PSpad as a hex editor. Its nice that you can switch back and forth between hex and text editor views) See PS in the end for using PSpad hex editor to find the line you need to edit. That seemed to be the only thing that needed clarified.
5. copy nv_data.bin back to the root directory of external sd
6. use root explorer to move newly edited nv_data from external sd back to original EFS folder.
7. Delete the nv_data..bin.md5 file..i left the backup from efs folder
7. delete any nv_data.baks from efs folder
8. Now the use of Termainl Emulator (download from market). Busybox must be installed as well
9. Open terminal emulator execute following commands:
SU
busybox chown 1001:1001 /efs/nv_data.bin
reboot
(reference to step 4 using hex editor)
PS - These are the steps for editing the hex code and starting with step first step assuming you have copied the nv_data.bin to your PC
1. Open PsPad (or other hex editor)
2. Open nv_data.bin in hex editor mode
3. Go to line 188000 (using search modes you will likely have to enter $00188000 or 00188000) Using PsPad you would do the following:
Select SEARCH from top tool bar. Select GOTO LINE.......then enter $00188000
4. You will see yTMB....SGH_i897ZKATMB (or yTOR....SGH-ZKATOR).
5. Replace that first TMB or TOR with ATT then replace ZKATMB or ZKAATOR with KZAATT
6. Save
7. Now you should have a proper nv_data.bin
HBeezy said:
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.
Click to expand...
Click to collapse
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help
Slowazz28 said:
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help
Click to expand...
Click to collapse
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitive menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read TT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|TT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....
bames said:
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitative menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read AT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|AT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....
Click to expand...
Click to collapse
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG
File
I didn't back this up from my first flash to a custom ROM. Stated at the beginning it says this is likely unfixable. I have run Axura, Cog and Perception Roms (not in that order). Not sure if that makes a difference. Is this still fixable? The problem I have (using new market) is apps are either
A) Installed and not showing so on the market
B) I have them installed and they disappear & have to reinstall them from the market only to have them disappear from my phone again
C) Unable to download them (such as Pocket Legends)
Any feedback is appreciated.
Thanks
Slowazz28 said:
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG
Click to expand...
Click to collapse
my bad
the 188010 should start TT i will correct my original.
but you should be able to find lines 188008 an 18 though you wont need to do anything with 18. Did you try looking at it with the android hex editor app from market?
You won't see the 008 and 018 lines if your using a hex editor on PC you will only see the lines by by 10's.
The section you are referring to are for Using Android Hex Editor App on your phone.
-----------------------
if your using a hex editor on your PC you should see the following when corrected:
188000 | FFFF | FFFF | 5245 | 5630 | 2E34 | 0000 | 0000 | FF41 |
188010 | 5454 | 0000 | 0000 | 5347 | 482D | 4938 | 3937 | 5A4B |
188020 | 4141 | 5454 | 0000 | 0000 | 0000 | 0150 | 024E | 034E |
Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
It really depends on the editor you are using and you have to make sure you are searching for ASCII...
in the edit that i use, it is line 188010
Overview:
This thread is a guide on how to fix the apply_patch_check error message experienced during an upgrade of the Android OS. Specifically, this will detail the steps for an upgrade of Jelly Bean from 4.1.1 to 4.1.2 on the Nexus 7 with CWM Recovery for a user of Windows. I'm sure similar steps will work for other recoveries/upgrades/devices and PC OSes.
You should only bother with this if you don't want to flash the entire system.img file to your phone, which is way easier.
Here is an example of the error message I'm talking about:
Code:
assert failed: apply_patch_check("/system/app/Chrome.apk", "819b34b66335c6faec86404d736a002b8871600", "9d6b55e63b0bf20bea433fb1ee7089f88ab73fb6")
E: Error in /sdcard/03a4eaf95f73.signed-nakasi-JZO54K-from-JRO03D.03a4eaf9.zip
(Status 7)
Installation aborted.
A few notes about the error:
This doesn't have to happen with the Chrome.apk specifically -- it could happen with any app in /system/app or .so in /system/lib.
Those random strings of numbers/letters are SHA-1 hashes of the apk.
The first one is the hash of the apk installed on your device. In my example, this happens to be the version of Chrome that comes with JB 4.1.2.
The second one is the expected hash of the apk that comes with JB 4.1.1.
Cause of the problem:
The reason this error occurs is because the file was somehow modified from its original state. In my case -- and most likely your case -- this was done by Titanium Backup. TB has an option to "Integrate updates of system apps into ROM", which will cause the apk in /system/app (and associated library files in /system/lib, if needed) to be overwritten with the updated apk.
Solution:
Download this zip file which contains the full /system/app and /system/lib directory from the JB 4.1.1 factory image. *
Extract the zip to a location of your choosing on your PC.
In the extracted folder, locate the .apk or .so file referenced in the error message on your device.
Copy this file to your device via your preferred method (USB cable works fine). I put my file in /sdcard/Download.
On your device, use a root file explorer to move the file from /sdcard/Download to /system/app (or /system/lib).
If you don't have a program that can do this, I use ES File Explorer. Be sure to go to Settings > Root Settings and turn on Root Explorer, Up to Root, and Mount File System.
Reboot into your Recovery and try to install the update again.
Repeat steps 3-6 for each subsequent file that produces an error. You will basically need to do this for each app you integrated using TB and maybe a few library files, too. **
* Future updates (above 4.1.2):
Since I won't be keeping the zip file from step #1 up-to-date, here's how to get the directories that I included in the zip for yourself:
Obtain a factory image for your device's current Android version (the version you're updating from).
For JB 4.1.1, this file is called nakasi-jro03d-factory-e102ba72.tgz.
If you're reading this guide at a later date, the JB 4.1.2 file is called nakasi-jzo54k-factory-973f190e.tgz.
You can try your luck at the official Google site, but they seem to only provide the version you're trying to update to, not from.
Extract the .tgz file somewhere on your PC.
Locate the image-naksi-jro03d.zip file and extract that, as well.
In the folder you just extracted from the previous step, located the system.img file.
Download and use a program called sgs2toext4 (View attachment 645320) to convert the system.img to system.ext4.img. ***
Download and use a program called Linux Reader to open system.ext4.img.
Do this by going to Drives > Mount Image > Next > select your file.
It will then be listed under the Hard Disk Drives section in red as "Linux Ext Volume 1".
Navigate to: Linux Ext Volume 1/system.
Right-click on the app (or lib) directory and pick Save > Next > Output to dir of your choice.
You now have the directories that were included with the zip file from Solution step #1, so just follow those steps now.
** How to avoid repeating steps:
If you'd rather not have to try to reinstall after updating only one file, just to find another file that needs updating, try this:
Obtain the /system/app and /system/lib folders from the factory image and save them to your PC.
For the sake of this guide, let's say you save them to C:\factory_app and C:\factory_lib.
Copy the /system/app and /system/lib directories from your phone to your PC.
For the sake of this guide, let's say you saved them to C:\phone_app and C:\phone_lib.
Download the File Checksum Integrity Verifier utility from Microsoft.
Start > Run > cmd
fciv.exe -sha1 -xml factory_app.xml -wp C:\factory_app
fciv.exe -sha1 -xml factory_app.xml -v -bp C:\phone_app
Don't ask me why, but you need to use -bp instead of -wp for the second command.
Don't forget the -v on the second command.
The output of the last command will show you the list of files that are different. These are the files you need to take from C:\factory_app and put into the /system/app directory on your phone.
Do the same for the lib directories (just replace all instances of "_app" with "_lib" in the previous commands).
Summary:
I hope that this post helped some of you who really didn't want to have to flash the system.img or wipe your device just to update. In the future, use TB to back up the original.
I wouldn't normally bother writing up a guide like this (it took almost as long to write as it did to figure out how to do this) but I couldn't find this solution anywhere even though I saw that I wasn't the only person with the problem. Sorry for not posting this guide sooner (update has been out for a while now), but the forum required me to make a bunch of useless spam posts before I could include any links in my guide and I didn't get around to making those posts right away.
*** I would like to thank balamu96m for his guide on extracting data from the system.img file and drphrozen for making the sgs2toext4 program.
Thanks for this. Will try now.
Worked great. Had to copy the apk and odex file.
Good job! It's great to see the steps for Windows users!
Just a heads up that I simply extracted the files I needed from and on my N7 using Root Explorer, without using my PC at all.
Great guide! Method worked perfectly on my Nexus 7 going from 4.1.2 to 4.2, thanks
Please... is there some other way to update the files w/o installing Java on my Windoze PeeCee? I accidentally messed up my YouTube.apk with Titanium Backup... now I can't update from 4.1.2 --> 4.2 JB.
EDIT: JavaPortable FTW... updating (fingers crossed)
EDIT: SUCCESS TY OP!
For anyone who flashed the 4.2 clock/keyboard already
Hey, for anyone who flashed the 4.2 clock and keyboard on their Nexus 7 already and need to roll back to do the 4.2 update, I used OP's method to make a flashable zip that puts the 4.1.2 clock and keyboard back.
Worked perfectly for my Nexus 7 to get me up and running. Hope it helps anyone!
cantthinkofa.com/files/RestoreClockKeyboard.zip
galaxy nexus
Hi can you post a guide for galaxy nexus? Or if it is the same, can you post the link of JB factory image for galaxy nexus? Sorry, I can't find any thread for galaxy nexus, and I don't want to complete flash the stock image since I don't want to wipe my phone.
Thanks in advance!
Nice Guide
perfect, the guide works just fine. Now finally running 4.2.
Awesome guide... Thanks... Happily running 4.2 now aften beeing stuck at libutils.so...
Sent from my Nexus 7 using xda premium
damagno said:
Hi can you post a guide for galaxy nexus? Or if it is the same, can you post the link of JB factory image for galaxy nexus? Sorry, I can't find any thread for galaxy nexus, and I don't want to complete flash the stock image since I don't want to wipe my phone.
Thanks in advance!
Click to expand...
Click to collapse
I don't have a Galazy Nexus, but I think the steps should be the same. Here is a link to the factory images: https://developers.google.com/android/nexus/images#takju . It looks like they now have links for older versions, rather than just the newest images (which is how it was when I made my guide). So that's pretty sweet.
Thanks a lot man, i succeeded to "patch" my system files to update from 4.2 to 4.2.1. I first check what files didn't correspond with fciv (9 files counting both apks and odex) and then replaced them in system/app. In fact they were the apps I previously integrated with tb (learned lesson: never do it if you want to remain stock and receive OTAs). I also noticed many not-matching files in system/lib but i didn't touch them and the update went smooth the same.
Another thing: when in the OP you say it's way easier just to reflash the system.img you mean just run from bootloader "fastboot flash system system.img" (taken from the factory image as usual) or there's some other thing to do in order to fix the system partition in the right way?
GallStones said:
Thanks a lot man, i succeeded to "patch" my system files to update from 4.2 to 4.2.1.
Click to expand...
Click to collapse
I was wondering if you could tell me how you did it? I'm searching a way to install 4.2.1 with no avail as of yet :crying:
GallStones said:
Thanks a lot man, i succeeded to "patch" my system files to update from 4.2 to 4.2.1. I first check what files didn't correspond with fciv (9 files counting both apks and odex) and then replaced them in system/app. In fact they were the apps I previously integrated with tb (learned lesson: never do it if you want to remain stock and receive OTAs). I also noticed many not-matching files in system/lib but i didn't touch them and the update went smooth the same.
Another thing: when in the OP you say it's way easier just to reflash the system.img you mean just run from bootloader "fastboot flash system system.img" (taken from the factory image as usual) or there's some other thing to do in order to fix the system partition in the right way?
Click to expand...
Click to collapse
Yes. I am having the same issue. I cannot update mine from 4.2 to 4.2.1. I wonder to know which original stock image you have used. Can you list a detail procedure?
Thank you very much.
Ric
dev/block/param
legom said:
Overview:
This thread is a guide on how to fix the apply_patch_check error message experienced during an upgrade of the Android OS. Specifically, this will detail the steps for an upgrade of Jelly Bean from 4.1.1 to 4.1.2 on the Nexus 7 with CWM Recovery for a user of Windows. I'm sure similar steps will work for other recoveries/upgrades/devices and PC OSes.
You should only bother with this if you don't want to flash the entire system.img file to your phone, which is way easier.
Here is an example of the error message I'm talking about:
Code:
assert failed: apply_patch_check("/system/app/Chrome.apk", "819b34b66335c6faec86404d736a002b8871600", "9d6b55e63b0bf20bea433fb1ee7089f88ab73fb6")
E: Error in /sdcard/03a4eaf95f73.signed-nakasi-JZO54K-from-JRO03D.03a4eaf9.zip
(Status 7)
Installation aborted.
A few notes about the error:
This doesn't have to happen with the Chrome.apk specifically -- it could happen with any app in /system/app or .so in /system/lib.
Those random strings of numbers/letters are SHA-1 hashes of the apk.
The first one is the hash of the apk installed on your device. In my example, this happens to be the version of Chrome that comes with JB 4.1.2.
The second one is the expected hash of the apk that comes with JB 4.1.1.
Cause of the problem:
The reason this error occurs is because the file was somehow modified from its original state. In my case -- and most likely your case -- this was done by Titanium Backup. TB has an option to "Integrate updates of system apps into ROM", which will cause the apk in /system/app (and associated library files in /system/lib, if needed) to be overwritten with the updated apk.
Solution:
Download this zip file which contains the full /system/app and /system/lib directory from the JB 4.1.1 factory image. *
Extract the zip to a location of your choosing on your PC.
In the extracted folder, locate the .apk or .so file referenced in the error message on your device.
Copy this file to your device via your preferred method (USB cable works fine). I put my file in /sdcard/Download.
On your device, use a root file explorer to move the file from /sdcard/Download to /system/app (or /system/lib).
If you don't have a program that can do this, I use ES File Explorer. Be sure to go to Settings > Root Settings and turn on Root Explorer, Up to Root, and Mount File System.
Reboot into your Recovery and try to install the update again.
Repeat steps 3-6 for each subsequent file that produces an error. You will basically need to do this for each app you integrated using TB and maybe a few library files, too. **
* Future updates (above 4.1.2):
Since I won't be keeping the zip file from step #1 up-to-date, here's how to get the directories that I included in the zip for yourself:
Obtain a factory image for your device's current Android version (the version you're updating from).
For JB 4.1.1, this file is called nakasi-jro03d-factory-e102ba72.tgz.
If you're reading this guide at a later date, the JB 4.1.2 file is called nakasi-jzo54k-factory-973f190e.tgz.
You can try your luck at the official Google site, but they seem to only provide the version you're trying to update to, not from.
Extract the .tgz file somewhere on your PC.
Locate the image-naksi-jro03d.zip file and extract that, as well.
In the folder you just extracted from the previous step, located the system.img file.
Download and use a program called sgs2toext4 (View attachment 645320) to convert the system.img to system.ext4.img. ***
Download and use a program called Linux Reader to open system.ext4.img.
Do this by going to Drives > Mount Image > Next > select your file.
It will then be listed under the Hard Disk Drives section in red as "Linux Ext Volume 1".
Navigate to: Linux Ext Volume 1/system.
Right-click on the app (or lib) directory and pick Save > Next > Output to dir of your choice.
You now have the directories that were included with the zip file from Solution step #1, so just follow those steps now.
** How to avoid repeating steps:
If you'd rather not have to try to reinstall after updating only one file, just to find another file that needs updating, try this:
Obtain the /system/app and /system/lib folders from the factory image and save them to your PC.
For the sake of this guide, let's say you save them to C:\factory_app and C:\factory_lib.
Copy the /system/app and /system/lib directories from your phone to your PC.
For the sake of this guide, let's say you saved them to C:\phone_app and C:\phone_lib.
Download the File Checksum Integrity Verifier utility from Microsoft.
Start > Run > cmd
fciv.exe -sha1 -xml factory_app.xml -wp C:\factory_app
fciv.exe -sha1 -xml factory_app.xml -v -bp C:\phone_app
Don't ask me why, but you need to use -bp instead of -wp for the second command.
Don't forget the -v on the second command.
The output of the last command will show you the list of files that are different. These are the files you need to take from C:\factory_app and put into the /system/app directory on your phone.
Do the same for the lib directories (just replace all instances of "_app" with "_lib" in the previous commands).
Summary:
I hope that this post helped some of you who really didn't want to have to flash the system.img or wipe your device just to update. In the future, use TB to back up the original.
I wouldn't normally bother writing up a guide like this (it took almost as long to write as it did to figure out how to do this) but I couldn't find this solution anywhere even though I saw that I wasn't the only person with the problem. Sorry for not posting this guide sooner (update has been out for a while now), but the forum required me to make a bunch of useless spam posts before I could include any links in my guide and I didn't get around to making those posts right away.
*** I would like to thank balamu96m for his guide on extracting data from the system.img file and drphrozen for making the sgs2toext4 program.
Click to expand...
Click to collapse
my error 7 was generated by emmc: dev/block/mmdblk0p7 (the file is "param" any suggestions?
Thanks. After searching for a lot of time, this post helped me updating my SGS3.:victory: I previously tried to integrate youtube update into rom using titanium backup.
GallStones said:
Another thing: when in the OP you say it's way easier just to reflash the system.img you mean just run from bootloader "fastboot flash system system.img" (taken from the factory image as usual)
Click to expand...
Click to collapse
Yes, that's what I mean. The reason I didn't want to do this on my device is because I had modified some other system files that I wanted to keep the modifications for.
Wow, thanks a lot OP! Your guide helped me fixing an error during the update to 4.2.2 on my Nexus 4.
please include a video ,im getting lost in the details
solved.
First Things First
1.This guide is highly based on the reference guides below (You should take a look there first) and is intended for those who are experiencing failures while unbricking their devices.
2.This guide only applies to black bricks (No display, no vibrant after pressing power, displaying QHUSB_DLOAD / QHUSB_BULK / QHUSB_ARMPRG in device manager). If you can still feel a vibrant after pressing power button or the NOKIA logo still displays, what you need is flashing your firmware again using Windows Phone Recovery Tool or Nokia Care Suite.
3.Thanks to these guides that I used for reference! They helped me a lot!
https://docs.google.com/document/d/1FdTtfRcR80qnSzjHX1kvTcjMRcoWh8j5hUxw8UM_prE/edit?pli=1
http://forum.xda-developers.com/windows-phone-8/development/help-programmer-unbrick-jtag-t3082592
4.I’m new here, so please accept my apology & tell me if I’ve done anything offensive. [emoji28]
Possible ways to solve your problem with thor2
Please remember to reset your dead phone (long press power button 30 seconds) after any failed operations with thor2, or it may say “Message send failed with error code -1” while detecting devices.
1.THOR2_ERROR_CONNECTION_NOT_FOUND
Error code 85030
First try pressing the power button of your phone for 30 seconds to reset it & try again.
If that doesn’t work, it means driver not correctly installed or device not found.
Try reinstall the emergency driver here:
And then press the power button of your phone for 30 seconds.
2.THOR2_EMERGENCYFLASHV1_ERROR_PROGRAMMER_SEND_FAILED
THOR2_EMERGENCYFLASHV1_ERROR_MSG_SEND_RECIEVE_FAILED
Or error code 85021
Probably means incorrect HEX file / mbn file.
*Some hex file from WPRT Server seems to be incorrect. It happens to my RM-994 (Lumia 1320), please use the hex files from the original post.
3.SAFE hex file was used and unallowed memory address was being written
Error code 85034
& SOME OTHER ISSUES.
//You could follow the instructions below if you have tried everything but still failed with thor2:
In the original post, it says that it PROBABLY means bootloader flashed, BUT I don’t really think so, because mine keeps unconscious after resetting. But I suppose, if you are seeing this, it at least means the hex & mbn files ARE CORRECT (even if it tells you to reset the device and use the correct hex file).
Now, you need to follow these steps:
1.Download Windows Phone Recovery Tool
2.Install it
3.Launch it, and click My phone was not detected.
4.Connect your phone.
If your device model could be identified successfully, it would save a lot of effort. Just follow the instructions provided by WPRT.
If it shows that “This device cannot be recovered”, you’ll need to:
1. Download your phone’s firmware (full, not only ffu).
2.Copy them to C:\ProgramData\Microsoft\Packages\Products\RM-XXX
Create the directory if it does not exist.
3.Relaunch Windows Phone Recovery Tool and click “My phone was not detected”, then you shall see your device model on the list, just simply follow the instructions and move on. (It will download hex / mbn from Microsoft Server and save your phone automatically. Those hex & mbn files will be placed in the same folder where you’ve just copied your firmware to.)
However, seems that I’ve got a really bad luck. It fails everytime when I tried to do the operation above. If you fail too, try these steps to see the log:
1.Open Settings menu in Windows Phone Recovery Tool.
2.Select Troubleshooting and export your log file.
3.Open your log file and search for “thor2.exe -mode emergency –hexfile”.
4.You’ll find a sentence around it showing where the log file of thor2 is stored.
Mine’s like this:
SEE ATTACHMENT
Open that log file you’ll see what the heck has happened then check up the error code at the beginning part.
If it shows error code 85021, you’re probably experiencing the same issue as me:
The solution to that is simply copying the command in that log file and change the hex file & mbn file into your own ones from xda and then execute it in command prompt. Finally, the NOKIA logo appeared on the screen of my device and I got pumped.
This is the first time for me to write such guides, so it might not be clear in someways. This guide is somewhat based on the guides I've referred to, and I really appreciate those great contributors (and you may also want to read their original post to learn more ).
Wish all you guys good luck.
That might be helpful incase I totally brick my phone, which... never will happen.
Great Thanks!
Sent from Board Express on my Nokia Lumia 1020. Best phone ever!!
Note to noobs: DON'T PM ME WITH QUESTIONS. POST IN THE FORUMS. THAT'S WHAT THEY ARE HERE FOR!
If your device model could be identified successfully, then lucky you. Just follow the instructions and everything will be fine.
If it shows that “This device cannot be recovered”, you’ll need to:
1. Download your phone’s firmware (full, not only ffu).
2. Copy them to C:\ProgramData\Microsoft\Packages\Products\RM-XXX
Create the directory if it does not exist.
3. Relaunch Windows Phone Recovery Tool and click “My phone was not detected”, then you shall see your device model on the list, just simply follow the instructions and move on. (It will download hex / mbn from Microsoft Server and save your phone automatically. Those hex & mbn files will be placed in the same folder where you’ve just copied your firmware to.)
this worked for me !
then flashed manually via thor2 :
thor2 -mode uefiflash -maxtransfersizekb 128 -ffufile “C:\ProgramData\Nokia\Packages\Products\rm-XXX\rest_of_path_to_file.ffu“
I have a Lumia 830 RM-983. I have tried re-flashing my phone 5 times now. Nothing is working!
jimmy19990 said:
If it shows that “This device cannot be recovered”, you’ll need to:
1. Download your phone’s firmware (full, not only ffu).
2.Copy them to C:\ProgramData\Microsoft\Packages\Products\RM-XXX
Create the directory if it does not exist.
3.Relaunch Windows Phone Recovery Tool and click “My phone was not detected”, then you shall see your device model on the list, just simply follow the instructions and move on. (It will download hex / mbn from Microsoft Server and save your phone automatically. Those hex & mbn files will be placed in the same folder where you’ve just copied your firmware to.)
Click to expand...
Click to collapse
it's worked for me, thanks
i love you man i fixed my phone
https://forum.xda-developers.com/windows-phone-8/development/unbrick-dead-boot-lumia-jtag-t3872885
First, to clarify, the last time I rooted anything was a Galaxy S3 back in the day. I'm by no means an expert, I just figured I'd help out folks like me that haven't touched all these new tools, well, ever.
Just did this myself earlier today attempted to get Magisk root, but alas, I got stuck in a boot loop. Luckily I had muddled through getting the image first, otherwise I'd still be stuck in said boot loop. I figured I'd post this for anyone else trying to root these things just to make sure you have a backup you can trust (I generally don't trust rando images that folks post online). All of the instructions below are assuming you're on Windows 10 and using PowerShell just because that's the default these days. Without further adieu.
Download ADB/fastboot (on your Windows machine)
I downloaded adb/fastboot from google directly: https://developer.android.com/studio/releases/platform-tools
Just extract and browse to the platform-tools directory in Windows Explorer until you can see adb.exe and a bunch of other tools
Download the latest SP Flash Tool
I just grabbed it from here: https://spflashtools.com/
Please let me know if there's an "official" place to find SP Flash Tool, cause everything surrounding all the download sites seems a bit sus...
Enable USB Debugging (on the tablet)
Go to settings -> About tablet
Tap the Build number 10 times (until debugging mode unlocks)
Hit back and go to System
Click Advanced and then Developer Options
Enable USB Debugger
I also enabled OEM unlocking because the whole point of this is for me to run either AOSP or Lineage someday. I honestly don't know if unlocking the bootloader is needed for dumping your own images, but I highly suspect it's not.
Plug the tablet into your computer
You'll likely see a prompt on your tablet about allowing your computer to debug your tablet. I just checked the box and hit accept so I wouldn't see it again.
Get your scatter file (on your Windows machine)
I tried several things to get the scatter file (I guess this is like a partition table based on the contents I saw) but in the end, by far the easiest way was to just download the scatter file from the file system.
In the Windows Explorer window from before (platform-tools), hold down shift while left clicking and click on Open PowerShell window here
Now type the following to get a shell on your:
.\adb.exe shell
This will get you into the shell environment. Now type the following to verify your scatter file is there:
ls -al /system/data/misc/
In here you should see something like:
-rw-r--r-- 1 root root 13893 2008-12-31 19:00 MT8168_Android_scatter.txt
Now that we have the name, just type exit to get out of the shell
Download the scatter file
.\adb.exe pull /system/data/misc/MT8168_Android_scatter.txt
Open up the scatter file in your favorite text editor (for me, Notepad++)
Now you can see the partition layout, offsets, etc, etc
Dump your image(s) (on your Windows machine)
Now open SP Flash Tool (flash_tool.exe)
On the Download tab, make sure the Download-Agent is MTK_AllInOne_DA.bin
Now click Choose for the Scatter-loading file and browse to the scatter file you just downloaded
This should be in your platform-tools folder unless you moved it
Once the scatter file is loaded, the partition table should fill up with a bunch of partitions
Click on the Readback tab
Click Add
Double-click on the new entry
Navigate to where you want to save your image, and give it a name (in this case I'm starting with boot.img)
Remember how you opened the scatter file in a text editor? Search in the scatter file for boot.img
Make sure the region matches (should be EMMC_USER) between the scatter file and SP Flash Tool
Copy/paste the value for start_addr in the scatter file to Start Address in SP Flash Tool
Copy/paste the value for partition_size in the scatter file to Length in SP Flash Tool
Now do the same thing for recovery.img and any other images you'd like
If you want a full ROM backup, name the file something like ROM_0, then use Start Address of 0x0 and length as the start_addr for the second-to-last entry in the scatter file (in my case, it was 0xc1a80000, just make sure it doesn't start with f's)
Note: I don't know for sure if this is accurate or not, I'm still playing with it, but so far it appears to be. Probably?
Poking around in WwR MTK 2.51, it looks like for this particular device (100011885) I wanted a total dump of 0x73A000000. It looks like this number is derived from the first 8Mb of the EMMC_USER dump, so I'm not sure of an easier way than throwing WwR MTK at it for the moment.
Once you've got all the entries for what you'd like to dump, make sure to disconnect the tablet from your computer and power it off
Now click on Download in SP Flash tool
Once things grey out, then plug the tablet in. After a few seconds, you'll see the images start dumping.
Congrats, you have a boot.img (and whatever other images you wanted). Like I said, from here I tried using Magisk to patch the boot file, but when I flashed it in fastboot, after enabling OEM unlocking in Developer Options, it just kept popping up the initial Onn graphic along with the Orange State warning without getting to the "fancy" Onn graphic and the rest of the boot process. I was able to flash the original boot.img back and it once again booted properly again.
Also, for anyone interested, I've posted my dumped files for the 100011885 in my google drive: https://drive.google.com/drive/folders/17LtLtjKg4JJU9EJdIXPsyNjen0H-ilMX?usp=sharing
Maybe someone will have pity on me and figure out why Magisk isn't working?
Whenever I get a moment, I'll dump my 100003562 as well.
First, thanks a ton for this. I have been trying to pull a full system dump since I bought the tablet and had resorted to single pulls by name(very long and involved) I don't know if this will work for you, but on both of my 7 inch Gen 2 tablets, I just sideloaded Magisk Manager and then opened it (this was after unlocking the tablet) When I first opened MM it just said it needed to download some additional files for my environment. I clicked okay, it downloaded and installed the additional files. Once it rebooted, I open MM again and clicked install Magisk. On the next screen, I clicked direct install and let it do it's thing. After rebooting, root checker showed I had root, but I still can't get it to pass safetyNet. Root access does work as I have installed a few modules and busy box.