I returned to Moscow. And as I promissed here are tools.
I'm writing those tools for ATIV S ROM. But SMD is used for Android Samsung phones too. And MBN may be not "Samsung only" file format. (QPST uses different format)
This is sourse code on my GitHub: https://github.com/LONELY-WOLF/sam-tools
EXEs are attached to this post.
Right on!
? pack ?
thanks
is it possible to PACK with this version ?
if yes ...
than we can extract an pack our samsung rom
can you also write down some examples with these files
thanks
M
:laugh:
megasounds said:
thanks
is it possible to PACK with this version ?
if yes ...
than we can extract an pack our samsung rom
can you also write down some examples with these files
thanks
M
:laugh:
Click to expand...
Click to collapse
No. Because nobody can flash unsigned SMDs now. We need to unlock bootloader first.
Also, main purpose of this utils is to EXTRACT files. We need ROM contents to make a jailbrake.
Here is example of output:
Code:
D:\ativ_s>smd-tool.exe /h dump\header.bin
Partition name N Offset N Length R Offset R Length Part. ID FS ID
GPT 00000000 00000800 00200C00 0000FC00 00000000 00000000 [ OK ]
SECURE 00000800 00000800 00210800 00000400 00000001 00000000 [ OK ]
DPP 00001000 00004000 00210C00 00800000 00000002 00000000 [ OK ]
SBL1 00008000 00000BB7 00A10C00 0016A400 00000003 00000000 [ OK ]
SBL2 00009000 00000BB7 00B7B000 0016A400 00000004 00000000 [ OK ]
SBL3 0000A000 00000FFF 00CE5400 001F8000 00000005 00000000 [ OK ]
UEFI 0000B000 00001387 00EDD400 00207C00 00000006 00000000 [ OK ]
RPM 0000D000 000003E7 010E5000 0006E400 00000007 00000000 [ OK ]
TZ 0000E000 000003E7 01153400 0006E400 00000008 00000000 [ OK ]
WINSECAPP 0000F000 000003FF 011C1800 0007E000 00000009 00000000 [ OK ]
PLAT 0001A000 00003FFF 0123F800 00742800 0000000A 00000000 [ OK ]
EFIESP 00020000 0001FFFF 01982000 0148C800 0000000B 00000000 [ OK ]
MMOS 00046000 000289B8 02E0E800 0444A800 0000000C 00000000 [ OK ]
MainOS 00070000 003CDF7F 07259000 52CC0000 0000000D EACCE221 [ OK ]
Data 00440000 01918FFF 59F19000 05A20000 0000000E EACCE221 [ OK ]
N - NAND
R - ROM (file)
It's strange but in WP8 ROM "FS ID" is 0. I think value "EA CC E2 21" is connected with a 4096-byte header in NTFS partitions.
Hey,
So I have an interesting situation that may help in determining process with Samsung W8 phones. I have a retail demo t899 Unit, that I would LOVE to flash a signed ROM overtop, and it seems you may have tools to do so. It's a spare and I bought it to screw around with, so I'm willing to test stuff with it, would just be nice to end up with a usable device at the end.
Last tool added! You can now fully extract .wp8 file.
-W_O_L_F- said:
Last tool added! You can now fully extract .wp8 file.
Click to expand...
Click to collapse
Hey W_O_L_F, great job! not many people like u will support wp8 but its awesome! How do I use image-rebase?
EDIT: Nevermind, used smd-tool to replace the old files and its working again! A million thanks! If I had a paypal account, I would donate $500 to you!!
AlvinPhilemon said:
Hey W_O_L_F, great job! not many people like u will support wp8 but its awesome! How do I use image-rebase?
EDIT: Nevermind, used smd-tool to replace the old files and its working again! A million thanks! If I had a paypal account, I would donate to you!!
Click to expand...
Click to collapse
wow 500$!!! nice :good:
AlvinPhilemon said:
If I had a paypal account, I would donate $500 to you!!
Click to expand...
Click to collapse
If there wouldn't be the IF in this sentence :good:
@ -W_O_L_F-: Great job!! Thank you for this!!
I'm a little "sad" right now, that i don't have an Active S Looking forward for the Lumia stuff! :good:
Keep up the good work!
truemozzer said:
wow 500$!!! nice :good:
Click to expand...
Click to collapse
It could be a reason for me to register a PayPal account :laugh:
lordmaxey said:
If there wouldn't be the IF in this sentence :good:
@ -W_O_L_F-: Great job!! Thank you for this!!
I'm a little "sad" right now, that i don't have an Active S Looking forward for the Lumia stuff! :good:
Keep up the good work!
Click to expand...
Click to collapse
Yes, this IF is important.
-W_O_L_F- said:
It could be a reason for me to register a PayPal account :laugh:
Yes, this IF is important.
Click to expand...
Click to collapse
can i unsign an wp8 rom with this?
sireangelus said:
can i unsign an wp8 rom with this?
Click to expand...
Click to collapse
What do you mean?
Successfully mounted the ROMs, the 13GB Data.bin is barely filled. It is 13GB + free space provided in the actual device. Anyway, I checked every provxml and .reg files but could not find a single one to change the H+ and 3G icons. On the 920 its in OEM customizations but the ATIV doesn't have that. And also, themes are now .xamlbin files too. Not registry entries anymore.
-W_O_L_F- said:
I returned to Moscow. And as I promissed here are tools.
I'm writing those tools for ATIV S ROM. But SMD is used for Android Samsung phones too. And MBN may be not "Samsung only" file format.
This is FULL set for extracting now! Use smd-tool for wp8 file. And then image-rebase for Data.bin and MainOS.bin.
This is sourse code on my GitHub: https://github.com/LONELY-WOLF/sam-tools
EXEs are attached to this post.
Click to expand...
Click to collapse
i made the wrong request - can you implement an unsigned repacking? Also.. are the wp8 files simply bit-to-bit images? if i where to restore it say with dd, would it work in teory? i have a bootloader-unlocked ativ s..
sireangelus said:
i made the wrong request - can you implement an unsigned repacking? Also.. are the wp8 files simply bit-to-bit images? if i where to restore it say with dd, would it work in teory? i have a bootloader-unlocked ativ s..
Click to expand...
Click to collapse
I think your bootloader just can't handle SMDs (.wp8).
-W_O_L_F- said:
I think your bootloader just can't handle SMDs (.wp8).
Click to expand...
Click to collapse
i've gone way past that - can you simply make some change so that I can repack the .wp8 scrubbing out the sign? i'll think of something else in the mean time.
Do you know, how digital signing work? It's not encryption. If your phone has unlocked boot, it doesn't read signature. So it can flash any rom.
First, you have to check if flasher recognizes your phone. I bet it won't.
LOL.please take my word for,it; the phone get recognized, but as an engineer one, since it's got secureboot disabled. Could you please do me this favor so I can try it and if it does not,work move on? Thanks,
Sent from my GT-I8750 using XDA Windows Phone 7 App
sireangelus said:
LOL.please take my word for,it; the phone get recognized, but as an engineer one, since it's got secureboot disabled. Could you please do me this favor so I can try it and if it does not,work move on? Thanks,
Sent from my GT-I8750 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
It locks when you flash it with retail firmware. You're trying to make regular ATIV S form the unique one.
You can download ROM and remove signatures with a hexeditor. Find "Ra000FF" followed by data. Fill last 2048 bytes of this data with zeroes. Do it for all Ra000FFs. You need only Ra000FFs with zeroes before.
Related
Warning From TheRomMistress:
8. Donations.
We appreciate all donations to xda-developers.com, it keeps our forum online and well maintained. As a user you're allowed to ask for donations in your signature as a thank you for your hard work. However donations up front are not allowed, this forum is about sharing, not about getting paid to do something, that's what your job is for.
Hello guys !!!
So I am endrix and I am trying to port the linux kernel to our Toshiba TG01. I am an h.264 developer who loves linux. Many of you may hate the phone (I do a little too) because of the crappy windows mobile operating system that Toshiba has offered us. Beside the resistive touch screen our phones have a strong processor that is used almost in each smartphone (ok Samsung and Apple are not using snapdragon but is still Cortex A8).
So to the main point!
Firstly is not an easy task and I do not somebody to write in this thread when Android will work with our phones, I truly do not know if I will (or we will) achieve this! Secondly think to contribute as you can to this project, I am here to guide you if you have any questions about how to compile the kernel and if you have any other problem just send me a message or write it in this thread!
My git repository of the TG01 kernel is this one
github.com/endrix/kernel_common
System compilers and libraries:
I used the one given by source.android.com
apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev ia32-libs x11proto-core-dev libx11-dev lib32readline5-dev lib32z-dev.
certainly you do not need all of them but is ok to have it
So how can you compile the kernel?
Steps:
Use an Ubuntu Linux distribution or virtualise it with Virtualbox
I am using this cross tools: arm-2009q1-203-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2"
in my system I have created a directory in my /opt folder, to that just do "sudo mkdir /opt/cross"
Now go to the directory with "cd /opt/cross"
now rember where you have download the tar archieve and execute the following command, in this command i have downloaded my tar in /home/endrix/Download: so for my directory I do " tar xjvf /home/endrix/Downloads/gnueabi-i686-pc-linux-gnu.tar.bz2"
Now that we have our cross tools installed in our system is it good to create an eviromental varibale to easy our task of ceoss compiling. do this command "gedit ~/.bashrc" and at the end of the file put this line: export CROSS_TOOLS=/opt/cross/arm-2009q1/bin/arm-none-linux-gnueabi-
now execute this command "source ~/.bashrc" so that you command can be activated for the current command, the next time that you will open another console or reboot the varibale $CROSS_TOOLS will work
This is all for the cross tools
Next step Compile the linux kernel:
Create a directory for example "Projects" in your main directory(home), "mkdir ~/Projects"
Clone the repository of my git address: "git clone github.com/endrix/kernel_common.git"
Now you wait, take a coffe or eat a fruit
now you execute this command in the "kernel_common" directory, "make ARCH=arm htcleo_defconfig"
and then to compile the kernel" make ARCH=arm CROSS_COMPILE=$CROSS_TOOLS Image"
To make the process even faster if you have a multicore system, put -j4 (for 2 cores) or -j16 (if you have an intel iCore7 with 4 cores double threaded), that means, "make -j4 ARCH=arm CROSS_COMPILE=$CROSS_TOOLS Image"
After a while depending you system you will get the kernel image file in the arch/arm/boot directory
So now you have the kernel compiled
Next step test the kernel with Haret:
1) Create the file default.txt with :
set mtype 2675
set ramaddr 0x11800000
set ramsize 0x18C00000
set kernel Image
boot
2)Download My modified version of Haret with TG01 support!
Haret for TG01
3)Create a folder in your sd card --> "ToshDroid and put the Image the haret.exe and the default.txt in it.
4) Finally execute the haret.ext and clik on run!
That's all folks! Now I am focusing in the Memory Map...
PS: sorry for links, As a junior member i cannot give a full url
I will update also my blog too for TG01
endri-bezati.blogspot.com
Hi endrix and welcome to xda-developers
I very much appreciate your work.. i've the same device.. it's a beautiful phone.. with a powerful hardware.. but windows mobile is not worthy of the hardware it runs on.. so we look forward for a release of android!
BTW.. i'd know what do you need to do your work.. can you make a list of thing that you need to accelerate your work? the first thing is compile android kernel.. but next? need you we post results? how we can fix the errors?
Sorry for my english but i'm italian.. and thank you.. hoping to see soon a first version of android..
Image Compiled without errors..
running haret it stops to "Jumping to kernel(custom). and freeze..
isikil87 : Ok! forgot something!
Do
1) make clean
2) git checkout android-msm-2.6.32-tg01
3) make ARCH=arm htcleo_defconfig
4) make -j4 ARCH=arm CROSS_COMPILE=$CROSS_TOOLS Image
actually I am working on the android-msm-2.6.32-tg01 branch
compiled successfully...
boot ok.
jump to image ok.
linux pic visible.ok.
now we need the right address to write memory.
Cool !
isikil87 said:
compiled successfully...
boot ok.
jump to image ok.
linux pic visible.ok.
now we need the right address to write memory.
Click to expand...
Click to collapse
Exactly, the framebuffer is wrong too i think the addresse in the msm_iomap is not correct
#define MSM_RAM_CONSOLE_BASE IOMEM(0xF8010000)
have you dump the memory???
dump ?
isikil87 said:
have you dump the memory???
Click to expand...
Click to collapse
I have run haret with "dump mmu" but is not easy to understand everything, I am really a beginner in this domain I am currently searching for documentation!
I am beginer too. How can I help?
Can you share with us that Image file?
The image file
TruckyBN said:
I am beginer too. How can I help?
Can you share with us that Image file?
Click to expand...
Click to collapse
It will not help you a lot but here is the compiled kernel
megaupload.com/?d=W027CS8P
this is interesting
http://htc-linux.org/wiki/index.php?title=Talk:Tg01
About the code
isikil87 said:
this is interesting
http://htc-linux.org/wiki/index.php?title=Talk:Tg01
Click to expand...
Click to collapse
Actually if you compare my modified code for the tg01 branch you will see that I have done the same modification (I was inspired by this pages too)!
endrix said:
It will not help you a lot but here is the compiled kernel
megaupload.com/?d=W027CS8P
Click to expand...
Click to collapse
Thanks for share.
I already to boot up. But error is (teminating haret due to unhandled exception pc=00017254)
please tell me how to config and boot it. thank so much.
best regard !
nhattuong said:
Thanks for share.
I already to boot up. But error is (teminating haret due to unhandled exception pc=00017254)
please tell me how to config and boot it. thank so much.
best regard !
Click to expand...
Click to collapse
have you downloaded the latest version of haret?
check it http://netripper.com/leo/haret-pre-0.5.3-20100914_124354.exe
isikil87 said:
have you downloaded the latest version of haret?
check it http://netripper.com/leo/haret-pre-0.5.3-20100914_124354.exe
Click to expand...
Click to collapse
Thanks for share.
It is already to boot. But after 10 sec...auto reset.
Then hit HaRet App again...after 10 sec...device reset...
Please teach me more ! thank you very much !
P/S : Wich one Android Version you use ?
Best Regard !
nhattuong said:
Thanks for share.
It is already to boot. But after 10 sec...auto reset.
Then hit HaRet App again...after 10 sec...device reset...
Please teach me more ! thank you very much !
P/S : Wich one Android Version you use ?
Best Regard !
Click to expand...
Click to collapse
that is only an alpha version. it doesn't boot up untill we have the right addresses of nand iomap ram ecc of the device.
regards
isikil87 said:
that is only an alpha version. it doesn't boot up untill we have the right addresses of nand iomap ram ecc of the device.
regards
Click to expand...
Click to collapse
oops ! I understand. Thanks.
Best Regard,
No questions about Android please, this thread is only for the kernel!!!
nhattuong said:
Thanks for share.
It is already to boot. But after 10 sec...auto reset.
Then hit HaRet App again...after 10 sec...device reset...
Please teach me more ! thank you very much !
P/S : Wich one Android Version you use ?
Best Regard !
Click to expand...
Click to collapse
For the moment the kernel has a problem because I have not figured out all the memory addresses and the reset is normal. Now you have to wait for a long time till we achieve to find the memory values. For android is another story if the kernel does not work correctly android will not work!
endrix said:
For the moment the kernel has a problem because I have not figured out all the memory addresses
Click to expand...
Click to collapse
how can we help in reading memory addresses? maybe there is a way that we all could divide work on many tg01 users?
endrix said:
For the moment the kernel has a problem because I have not figured out all the memory addresses and the reset is normal. Now you have to wait for a long time till we achieve to find the memory values. For android is another story if the kernel does not work correctly android will not work!
Click to expand...
Click to collapse
yeap ! i see. Thanks for your great works.
just done a full sbf flash to 1.8.3 and then the puddin sbf and now i am getting
Code:
C:\adb>moto-fastboot flash boot atrix-2.3.4-hktw-boot.img
sending 'boot' (3358 KB)... OKAY [ 0.263s]
writing 'boot'... OKAY [ 0.551s]
C:\adb>moto-fastboot flash system atrix-2.3.4-hktw-system.img
sending 'system' (262144 KB)... OKAY [ 20.649s]
writing 'system'... OKAY [ 13.953s]
sending 'system' (65410 KB)... OKAY [ 5.071s]
writing 'system'... OKAY [ 3.469s]
C:\adb>moto-fastboot flash webtop atrix-2.3.4-hktw-webtop.img
load_file: could not allocate 805177344 bytes
error: cannot load 'atrix-2.3.4-hktw-webtop.img'
C:\adb>moto-fastboot flash recovery recovery-en-goapk-0625-2034.img
sending 'recovery' (4598 KB)... OKAY [ 0.370s]
writing 'recovery'... OKAY [ 0.665s]
C:\adb>
I think my webtop partition is corrupted... I was trying to send the update zip from this thread to my sdcard from adb by using adb push Navalynt_HKTW_v1.7_webtop.zip /sdcard-ext/Navalynt_HKTW_v1.7_webtop.zip and itt sat there for a long time so i unplugged the usb cable. since then this was happening. I can still run GB 2.3.4 and 1.8.3 but for some reason I can't flash the webtop partition
I'm not sure when come from the error but it looks like your computer or may be your phone don't have enought memory to allocate (for the flash process).
That's funny because I've done it before when it was first leaked. i'm not sure what's going on
Seriously? am I the only one this happened to?
SolidHelix said:
error: cannot load 'atrix-2.3.4-hktw-webtop.img'
Click to expand...
Click to collapse
If you look at that error, it looks like its looking for another file named "atrix-2.3.4-hktw-webtop.img"
SolidHelix said:
and itt sat there for a long time so i unplugged the usb cable. since then this was happening.
Click to expand...
Click to collapse
From the Developers post:
**DOWNLOAD v1.7a HERE (WITH Webtop fix)**
*Please ignore that when the script runs it still says v1.6, it's really v1.7 I just forgot to update that line before uploading!
FYI -The Webtop takes a few minutes to install ... so once you start flashing the zip let it be a few minutes (it's working, not frozen)!
SolidHelix said:
Seriously? am I the only one this happened to?
Click to expand...
Click to collapse
Dude chill out. Its only been a hour since you posted. Check back in a day or two.
If you look at that error, it looks like its looking for another file named "atrix-2.3.4-hktw-webtop.img"
Click to expand...
Click to collapse
Isn't that the file I'm attemting to flash?
From the Developers post:
**DOWNLOAD v1.7a HERE (WITH Webtop fix)**
*Please ignore that when the script runs it still says v1.6, it's really v1.7 I just forgot to update that line before uploading!
FYI -The Webtop takes a few minutes to install ... so once you start flashing the zip let it be a few minutes (it's working, not frozen)!
Click to expand...
Click to collapse
I don't think you are following.. I didn't pull the plug while flashing this update in CWM. I was in CWM and connected via adb and typed command adb push Navalynt_HKTW_v1.7_webtop.zip /sdcard-ext/Navalynt_HKTW_v1.7_webtop.zip to load the zip onto my sd-card so that I COULD flash it with cwm. rather than booting up my phone and copying via usb host. I'm after installing this zip I know it takes a while to get past the webtop part.
anyway I still can't see why I can't flash the webtop partition. I have done so several times since the bootloader got unlocked.
Dude chill out. Its only been a hour since you posted. Check back in a day or two.
Click to expand...
Click to collapse
Agreed
bump..... obviously not gonna get any help here pushed to the second page with no replies... guess i'll have to get flamesd for bringing it to the development section
Just want to say, I found the problem.. It was my USB 3.0 port. ****ty Asus drivers, it never worked right. copying large files cause it to fail. Who would have thought? Oh well back to normal.
btw
THANKS FOR THE SUPPORT EVERYONE!!!
just kidding... no one could help me with that one
Interesting, I have the same problem.
Not sure if this could have fixed it too.
I flashed CG58.SMG from 1.8.3 sbf. That is the webtop original webtop image from 1.8.3. I used depacker to split the 1.8.3 sbf into smg files, found CG58.smg and renamed to CG58.IMG and flashed with mot-fastboot. The thing is, when it fixed i was flashing from a different computer so that's why figured it was the USB that was the problem
Download depacker 1.3 here
Open 1.8.3 sbf with it and click split
browse to the folder it created and find CG58,smg and rename to CG58.img
put img in same dir as moto-fastboot
in cmd promt run moto-fastboot flash webtop CG58.img
Like I said I'm not sure it was this that fixed it or the fact that I flashed from a different computer this time
Sent from my MB860 using XDA Premium App
Yeah, did what you did with the depacker, still having same problem. I am guessing it is the usb drivers. I tried using flash_image script from cyanogen mod, but that spits out a syntax error(great...). I am gonna try to rewrite the mmcblk0p13 partition with the dd command, is that the same as flashing?
I should ask tenfar if he can add an option to backup/restore/flash /osh to cwm. That would be nice.
I believe many people wanted to learn how to do this. Well I was one of them until a while ago..
First of all I want to Thank Lens_flare for his awesome MIUIv4 porting guide! I actually learned porting after following his guide..
Anyways,
WHAT YOU'LL NEED:
apktool
ddms for logcat(or adb, whichever you like. I prefer ddms as its more detailed and easy to understand)
File comparison and merging tool.
Araxis Merge(I've been using Araxis Merge during the time I was on Windows. Its a paid tool but its available for free for 30 days)
WinMerge(Windows)
Meld(if you are on linux. Its available on Ubuntu Software Center)
Alternatively, you can google for other file comparison tools; https://www.google.com/search?clien...e+comparison+and+merge+tool&ie=utf-8&oe=utf-8
LET'S BEGIN!
Now ,I don't want to write the instructions on how to make a basic port as rishabh has already written one over here(Don't forget to thank him!). My actual purpose was to make a support post in his thread as a further info on porting but the info which needed to be written was way too big so I decided to post a new thread.. Anyways, follow his guide to get over with the simple porting process .. I highly recommend you to use dsixda's Android Kitchen. It will help a lot in porting. (from deodexing to easily unpacking/re-building ROM zips, signing, zipaligning apks, etc. etc.)
dsixda's Kitchen
Guide for installing and using the Kitchen
The actual porting begins now!..
I assume you already got built your zip following the above given guide, now we can go on..
Firstly flash the zip you built. It will obviously not boot.. so called 'bootloop'... What we are going to do is to observe the logcat and find errors causing bootloop, and fix them..
COMPARING AND PATCHING/DIFFING
We are going to fix errors by finding the error causing .smali files by observing the log (There might of course be other factors for a bootloop, but that doesn't interest us yet. If in the porting process we get different kind of errors we are goin to look into them then..)
Please look below at "UNDESTANDING LOGS AND DEBUGGING" section for better understanding of logcat and what we are gonna do exactly!
Patching?? What's that?
Lens_flare said:
Patching (usually named diffing, diff that means "find differences and eliminate them") in our context is a process of comparing two files and adding contents of one of them to another and not replacing anything.
Click to expand...
Click to collapse
OK! Let's imagine logcat gave us this info;
Code:
E/dalvikvm( 8925): ERROR: couldn't find native method
E/dalvikvm( 8925): Requested: Landroid/content/res/AssetManager;.splitThemePackage:(Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;)I
E/JNIHelp ( 8925): RegisterNatives failed for 'android/content/res/AssetManager', aborting
I'm pretty sure you can all see
Code:
android/content/res/AssetManager
and
Code:
ERROR: couldn't find native method
these show us that there is a missing native method in AssetManager.smali file under android/content/res of framework.jar
Now, I assume you already got apktool set up, we should decompile both base framework.jar(the one in the base rom, obviously) and port framework.jar(the one you are porting). Rename the base framework.jar file to "framework_base.jar" and leave the port stay "framework.jar" and put them in apktool directory..
Run a cmd, cd to the apktool directory and decompile the jars by typing
Code:
apktool d framework.jar
Code:
apktool d framework_base.jar
Once the de-compilation is finished you will get two folders in the apktool directory. One "framework.jar.out" and the other "framework_base.jar.out"
Navigate to "smali/android/content/res" in both the folders and find AssetManager.smali.
Get your comparison tool opened up and import the base AssetManager.smali to one side and the port to the other.
Now, you can start adding missing stuff.. NOTE: While patching AssetManager.smali, DO NOT REPLACE ANYTHING! JUST ADD MISSING LINES!!
Ok after you make sure you have added missing lines, save files and close the program.
Switch back to apktool and recompile the port framework.jar by typing the following command:
Code:
apktool b framework.jar.out
OK! you are good to go. Now either put this in a small flashable.zip for sake of time. or put it in your WORKING_FOLDER and rebuild the whole zip. Flash it and you shouldn't see the AssetManager.smali error any more.
But wait! You didn't think you would get you Port booting? did you? Well, if you did you were to be happy too fast! You are going to face this kind of errors again and again.. Then sometime you'll see you rom booting and will be the happiest guy
Anyways, when you see other similar errors just apply the same technique to them. The technique of "patching"!
Porting ARMv7 to v6 might throw up some other errors except smali files. If something happens and you can't fix feel free to post a log here I'll do my best to solve it. If I cant, then I hope some others, more experienced people can contribute..
UNDERSTANDING LOGS AND DEBUGGING
This section is a slightly modified version of the "understanding logs and debugging" section of Lens_flare's guide on MIUI porting(make sure you thank him too!) to better fit our purpose.. (I've got his permission)
I've put his word under this show/hide button for a cleaner thread
Most likely people are going to forum and just posting logcat (that might contain common error). My goal is show you - logcat is not you should fear to see!
First of all, let's assume something:
adb - powerful tool, in our case the must have thing to make a log. Article on android devs most likely describes all the moments about adb power: http://developer.android.com/tools/help/adb.html
logcat/log - one of the android advantages that allows you to debug what's going on with your system. by "make log" I will assume issuing
Code:
adb logcat >log.txt
command, last argument - log.txt is a text file with log system provided to you (you could use any name).
debug/debugging - process of analyzing code which helps to eliminate bugs (that's why de-bug)
You could also use ddms instead, it has a nice GUI. You can find the logcat at the right bottom of the ddms window..
Some people experiencing problems with log, most common are:
-no/corrupted/wrong usb drivers on PC
-Windows :crying: most likely is about new usb subsystems etc, so advice is the only one - try on ubuntu (not working without udev rules)
-somewhat corrupted/inconsistent usb port
Note: if your log only consists of:
Code:
link system/bin/sh failed: no such file or directory
or something like that, you should contact a CM dev, else, you are most likely know what happened ;]
Alright when we got a log, it consist of many many lines that are looping if your system not boots. That's why it is sometimes called bootloop. System may repeat a error eternal time it lives, so log might be huge.
To parse what's going on there are some advice:
keywords:
search in log you got some keywords, that might be useful on debugging boot issue;
most common keywords are:
"E/" - error
"E/dalvikvm" - possibly crucial system error
"No such file or directory" - says it all
"couldn't" - android likes that, mostly shows faulty things.
"fail"/"failed" - mostly crucial error
"W/"/"warning" - says it all, but not always warm could be a boot failure cause
"exception"(especially NullPointerException) - points you that something went wrong in framework or application work
I/ tags could be also useful at debugging, but most helpful are errors and warnings.
Most common constructs:
"couldn't find native method", the most common reason of a bootloop.
For instance:
Code:
E/dalvikvm( 100): ERROR: couldn't find native method
E/dalvikvm( 100): Requested: Landroid/view/GLES20Canvas;.nStartTileRendering:(IIIII)V
E/JNIHelp ( 100): RegisterNatives failed for 'android/view/GLES20Canvas', aborting
Let's parse that construct to extract parts we will fix.
First of all. smali path might be extracted from that line:
Code:
E/JNIHelp ( 100): RegisterNatives failed for 'android/view/GLES20Canvas', aborting
->
Code:
android/view/GLES20Canvas
that's it, smali we are looking for is GLES20Canvas.smali. But.. android/view.. where it is? Answer comes from android source, it took some time to analyze frameworks.. Just let's assume: all that starting with "android" in path belongs to framework,jar.
What if path doesn't contain "android" at the beginning?
Again the answer is in source. Paths like"org/" are belong to framework.jar.
"com/android/server" - services.jar (there is the same folder at framework.jar but most likely you don't need to touch it).
another place we could be mixed up:
"com/android/internal" - framework.jar
"com/android/internal/policy/impl/" - android.policy.jar
for framework.jar path ends up on internal, which represents telephony folder. policy/impl is the only android.policy.jar folder.
Other frameworks are actually not used in port as they contain core android functionality which is common.
Note about smali you found:
it might be not smali you are looking for, most likely when code points you to android functionality and widgets (control elements) like combobox or listview, it's a sign to think twice what have you done on your system to port it
it might be tree of smali, to ease of use, always replace smali with its tree, and only if error becomes worse, think about single smali or about diff )
from
Code:
E/dalvikvm( 100): Requested: Landroid/view/GLES20Canvas;.nStartTileRendering:(IIIII)V
we could extract a method which is missing - nStartTileRendering. In some cases only that method should be added and nothing more.
" Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)"
Hope all of you heared about C language. That error is a form of C "exceptional case"(in other words - exception).
You will see if it happen:
Code:
F/libc ( 2698): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
I/DEBUG ( 130): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 130): Build fingerprint: 'tmous/htc_doubleshot/doubleshot:4.0.3/IML
74K/275847.101:user/release-keys'
I/DEBUG ( 130): pid: 2698, tid: 2698 >>> zygote <<<
I/DEBUG ( 130): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaa
d
I/DEBUG ( 130): r0 deadbaad r1 00000001 r2 a0000000 r3 00000000
I/DEBUG ( 130): r4 00000000 r5 00000027 r6 4086fbfd r7 00000036
I/DEBUG ( 130): r8 40253f04 r9 40233a7e 10 0000904c fp 00009062
I/DEBUG ( 130): ip 4028b240 sp befcfa60 lr 401043c1 pc 40100adc cpsr 600
00030
I/DEBUG ( 130): d0 2f64696f72646e61 d1 2f746e65746e6f63
I/DEBUG ( 130): d2 657373412f736572 d3 726567616e614d74
I/DEBUG ( 130): d4 0000d4cc0000d4b1 d5 0000d4e80000d4cd
yaa.. ENORMOUS code block, build fingerprint, fatal signal and stack trace.. welcome to hell
One little thing: error is right above that block, don't even try to parse its contents, ignore it.
"Unable to extract+optimize DEX from '/system/framework/framework.jar'" and other WTF cases
examples:
Code:
D/dalvikvm( 103): DexOpt: --- BEGIN 'framework.jar' (bootstrap=1) ---
E/dalvikvm( 172): Duplicate class definition: 'Landroid/media/MediaRecorder;'
E/dalvikvm( 172): Trouble with item 2900 @ offset 0x17a86c
E/dalvikvm( 172): Cross-item verify of section type 0006 failed
E/dalvikvm( 172): ERROR: Byte swap + verify failed
E/dalvikvm( 172): Optimization failed
W/dalvikvm( 103): DexOpt: --- END 'framework.jar' --- status=0xff00, process failed
E/dalvikvm( 103): Unable to extract+optimize DEX from '/system/framework/framework.jar'
D/dalvikvm( 103): Unable to process classpath element '/system/framework/framework.jar'
E/JNIHelp ( 103): Native registration unable to find class 'android/debug/JNITest', aborting
Code:
05-30 14:15:15.970: E/NetworkLocationRealOs(2304): no android ID; can't access encrypted cache
05-30 14:15:15.970: E/NetworkLocationRealOs(2304): java.io.IOException: no android ID; can't access encrypted cache
Code:
1012: 07-03 03:28:21.350: E/System(1538): ************ Failure starting core service
07-03 03:28:21.350: E/System(1538): java.lang.NullPointerException
07-03 03:28:21.350: E/System(1538): at com.android.server.pm.PackageManagerService.grantPermissionsLPw(PackageManagerService.java:4299)
07-03 03:28:21.350: E/System(1538): at com.android.server.pm.PackageManagerService.updatePermissionsLPw(PackageManagerService.java:4247)
07-03 03:28:21.350: E/System(1538): at com.android.server.pm.PackageManagerService.<init>(PackageManagerService.java:1170)
07-03 03:28:21.350: E/System(1538): at com.android.server.pm.PackageManagerService.main(PackageManagerService.java:858)
07-03 03:28:21.350: E/System(1538): at com.android.server.ServerThread.run(SystemServer.java:167)
07-03 03:28:21.350: I/SystemServer(1538): Input Method Service
07-03 03:28:21.360: W/SystemServer(1538): ***********************************************
1021: 07-03 03:28:21.370: A/SystemServer(1538): BOOT FAILURE starting Input Manager Service
1022: 07-03 03:28:21.370: A/SystemServer(1538): java.lang.NullPointerException
1023: 07-03 03:28:21.370: A/SystemServer(1538): at android.app.PendingIntent.getBroadcast(PendingIntent.java:293)
1024: 07-03 03:28:21.370: A/SystemServer(1538): at com.android.server.InputMethodManagerService.<init>(InputMethodManagerService.java:548)
1025: 07-03 03:28:21.370: A/SystemServer(1538): at com.android.server.ServerThread.run(SystemServer.java:271)
1026: 07-03 03:28:21.400: E/AndroidRuntime(1538): Error reporting WTF
1027: 07-03 03:28:21.400: E/AndroidRuntime(1538): java.lang.NullPointerException
1028: 07-03 03:28:21.400: E/AndroidRuntime(1538): at com.android.internal.os.RuntimeInit.wtf(RuntimeInit.java:345)
1029: 07-03 03:28:21.400: E/AndroidRuntime(1538): at android.util.Log$1.onTerribleFailure(Log.java:103)
1030: 07-03 03:28:21.400: E/AndroidRuntime(1538): at android.util.Log.wtf(Log.java:278)
1031: 07-03 03:28:21.400: E/AndroidRuntime(1538): at com.android.server.ServerThread.reportWtf(SystemServer.java:77)
1032: 07-03 03:28:21.400: E/AndroidRuntime(1538): at com.android.server.ServerThread.run(SystemServer.java:274)
mostly likely is about way assembling framework files. Also some of them might be just corrupted by accident. Sometimes these errors caused by wrong smali replacement or wrong diff methodology. Or it might be just banal reason - no place in system or cache partitions.
English []
Most log parts are in mere, not technician English,log might be read as little book with bright characters. Find what you are looking for and fix it..
Source code is your best friend in porting
I'd recommend to have an android source code [from internet or on your local PC] to port something that outstands of rules I listed. For example CM frameworks source could be found here: https://github.com/CyanogenMod/android_frameworks_base .
Any log line represents a line of code in source, that one could search and debug from there. Each smali represents a java source code or its part(- subclass which is signed by $), each java is in frameworks folder on source (mostly frameworks/base). Log line is a message, which formed with C rules about these rules, so you have to avoid ciphers or guess how could code represent that message. You may search guessed line in source to locate java file, or locate it manually according to smali location and my advice and search in it.
I WISH YOU A SUCCESSFUL AND HAPPY PORTING PROCESS!! :good:
wow,i've been looking for this for longtime..
gonna try it now..
Sent from my GT-S5660 using Tapatalk 2
AiphNday said:
wow,i've been looking for this for longtime..
gonna try it now..
Sent from my GT-S5660 using Tapatalk 2
Click to expand...
Click to collapse
Good Luck!
XiproX said:
Good Luck!
Click to expand...
Click to collapse
thanks..
you dont mind if i send you a PM to ask for help dont you??
Sent from my GT-S5660 using Tapatalk 2
AiphNday said:
thanks..
you dont mind if i send you a PM to ask for help dont you??
Sent from my GT-S5660 using Tapatalk 2
Click to expand...
Click to collapse
Well, its better to ask here. Some other people having the same issue might benefit from your question and its answer...
XiproX said:
Well, its better to ask here. Some other people having the same issue might benefit from your question and its answer...
Click to expand...
Click to collapse
sure,i'll do that..
Sent from my GT-S5660 using Tapatalk 2
Do not use dsixda's Kitchen to port. Use it for anything else except porting.
It's best to do your ports Manually, or make a tool yourself to do it automatically for you.
That way, you'll know what your doing and how to fix the upcoming errors.
Try not to use apktool to decompile JARs. Because inside JARs are classes.dex
You want to rename the classes.dex to anything you want, then decompile it using smali/baksmali:
Code:
java -jar baksmali-1.4.0.jar -a 10 classes.dex -o classes_output
The [highlight]-a[/highlight] switch determines the api level. See more here
Try not to refer the technique as "patching", instead, call it "diffing". It's just more common
P.S Nice job on the Guide. Could be a little more detailed..
Peteragent5 said:
Do not use dsixda's Kitchen to port. Use it for anything else except porting.
It's best to do your ports Manually, or make a tool yourself to do it automatically for you.
That way, you'll know what your doing and how to fix the upcoming errors.
Try not to use apktool to decompile JARs. Because inside JARs are classes.dex
You want to rename the classes.dex to anything you want, then decompile it using smali/baksmali:
Code:
java -jar baksmali-1.4.0.jar -a 10 classes.dex -o classes_output
The [highlight]-a[/highlight] switch determines the api level. See more here
Try not to refer the technique as "patching", instead, call it "diffing". It's just more common
P.S Nice job on the Guide. Could be a little more detailed..
Click to expand...
Click to collapse
wait,i dont get it..
classes.dex was inside the framework.jar right??
so i have to decompile the jar first to get the classes.dex,or just simply take the classes.dex inside the jar using 7zip then decompile the classes.dex with smali/baksmali??
Sent from my GT-S5660 using Tapatalk 2
AiphNday said:
wait,i dont get it..
classes.dex was inside the framework.jar right??
so i have to decompile the jar first to get the classes.dex,or just simply take the classes.dex inside the jar using 7zip then decompile the classes.dex with smali/baksmali??
Sent from my GT-S5660 using Tapatalk 2
Click to expand...
Click to collapse
classes.dex is what make the JAR file.
Do not decompile the JAR
Just simply extract the classes.dex inside the JAR with any Archiver, then decompile it using baksmali
After recompiling, you should sign the JAR file.
Peteragent5 said:
Do not use dsixda's Kitchen to port. Use it for anything else except porting.
It's best to do your ports Manually, or make a tool yourself to do it automatically for you.
That way, you'll know what your doing and how to fix the upcoming errors.
Try not to use apktool to decompile JARs. Because inside JARs are classes.dex
You want to rename the classes.dex to anything you want, then decompile it using smali/baksmali:
Code:
java -jar baksmali-1.4.0.jar -a 10 classes.dex -o classes_output
The [highlight]-a[/highlight] switch determines the api level. See more here
Try not to refer the technique as "patching", instead, call it "diffing". It's just more common
P.S Nice job on the Guide. Could be a little more detailed..
Click to expand...
Click to collapse
Well, thanks! I don't have a huge experience at porting. but you know many people want to know how to port ARMv7 -> v6.. and there wasnt any tutorial for it.. I decided to write this as a beginning. Im open to any kind improvements.
BTW, has anyone found a file comparison tool to exclude specific values like: .line foo
Please let me know! It'll help a lot in my porting, as well as with everyone else's
Peteragent5 said:
classes.dex is what make the JAR file.
Do not decompile the JAR
Just simply extract the classes.dex inside the JAR with any Archiver, then decompile it using baksmali
After recompiling, you should sign the JAR file.
Click to expand...
Click to collapse
so after i finished,compile with smali and put the classes.dex back inside the jar again right??
Peteragent5 said:
BTW, has anyone found a file comparison tool to exclude specific values like: .line foo
Please le me know! It'll help alot in my porting, as well as with everyone else's
Click to expand...
Click to collapse
did you try Araxis Merge its paid software, there is a 30 day trial version, and there are some alternative ways of getting the full version. You know... I used it for some time and it was great.. But Im not sure if it has that feature.. You can check if you want.
Peteragent5 said:
Do not use dsixda's Kitchen to port. Use it for anything else except porting.
It's best to do your ports Manually, or make a tool yourself to do it automatically for you.
That way, you'll know what your doing and how to fix the upcoming errors.
Click to expand...
Click to collapse
I don't really understand. I mean, the kitchen just does the extracting and rebuilding job. What could that cause?
AiphNday said:
so after i finished,compile with smali and put the classes.dex back inside the jar again right??
Click to expand...
Click to collapse
Yes.
To compile:
Code:
java -jar smali-1.4.0.jar classes_output -o classes.dex
Then make a zip file, place classes.dex into it (the name has to be classes.dex for any JAR).
Rename the zip to a JAR. Then sign it.
XiproX said:
did you try Araxis Merge its paid software, there is a 30 day trial version, and there are some alternative ways of getting the full version. You know... I used it for some time and it was great.. But Im not sure if it has that feature.. You can check if you want.
Click to expand...
Click to collapse
I'll check it out.
XiproX said:
I don't really understand. I mean, the kitchen just does the extracting and rebuilding job. What could that cause?
Click to expand...
Click to collapse
The kitchen does everything automatically, even up to modifying the kernel. That's good and all, but we all have different devices, and the kitchen is too General & Broad when it comes to its porting features. It could brick your device.
Peteragent5 said:
The kitchen does everything automatically, even up to modifying the kernel. That's good and all, but we all have different devices, and the kitchen is too General & Broad when it comes to its porting features. It could brick your device.
Click to expand...
Click to collapse
Well, yes, but Im not telling that we should use its porting tools. I too know that it wouldnt do much of a work even if it worked properly for every device and that the manual way is the best.. Im just talking about 4/5 main functions which are creating WORKING_FOLDER from rom/zip, de-odexing, signing, zipaligning, and finally building(creating zip from WORKING_FOLDER)
How could these features affect the porting process? I dont really think they could. Again Im talking about only these above written features..
XiproX said:
Well, yes, but Im not telling that we should use its porting tools. I too know that it wouldnt do much of a work even if it worked properly for every device and that the manual way is the best.. Im just talking about 4/5 main functions which are creating WORKING_FOLDER from rom/zip, de-odexing, signing, zipaligning, and finally building(creating zip from WORKING_FOLDER)
How could these features affect the porting process? I dont really think they could. Again Im talking about only these above written features..
Click to expand...
Click to collapse
Some of the features you shouldn't use from the kitchen are these:
Making an updater-script/update-binary
Create a working Folder, you can just extract your rom and rename it to WORKING_[highlight]ROM[/highlight]
and it's porting tools
these result to an unsuccessful port.
Peteragent5 said:
Some of the features you shouldn't use from the kitchen are these:
Making an updater-script/update-binary
Create a working Folder, you can just extract your rom and rename it to WORKING_[highlight]ROM[/highlight]
and it's porting tools
these result to an unsuccessful port.
Click to expand...
Click to collapse
"Making an updater-script/update-binary" I agree! I never was using it
"Create a working Folder" Weird. I ported MIUI ics and jellybean both by using this method and it all was fine. Anyways not so important. can live without it.
Peteragent5 said:
Yes.
To compile:
Code:
java -jar smali-1.4.0.jar classes_output -o classes.dex
Then make a zip file, place classes.dex into it (the name has to be classes.dex for any JAR).
Rename the zip to a JAR. Then sign it.
I'll check it out.
The kitchen does everything automatically, even up to modifying the kernel. That's good and all, but we all have different devices, and the kitchen is too General & Broad when it comes to its porting features. It could brick your device.
Click to expand...
Click to collapse
can you help me with this?? http://pastebin.com/7uMdU3EX
i was runout of idea.. :silly:
AiphNday said:
can you help me with this?? http://pastebin.com/7uMdU3EX
i was runout of idea.. :silly:
Click to expand...
Click to collapse
there is a problem with pastebin at the moment(for me). you could try to post the log as an attachment text file?
From TeamWin
http://twrp.me/devices/htconem9.html
Fastboot method without root? Looks interesting.. ill try later that day.
nope not possible
target reported max download size of 536870912 bytes
sending 'recovery' (35928 KB)...
OKAY [ 1.308s]
writing 'recovery'...
FAILED (remote: cannot flash this partition in s-on state)
finished. total time: 1.328s
but i hope with unlocked bootloader its possible to flash recovery ?
Yes. You need unlocked bootloader.
crucky said:
nope not possible
target reported max download size of 536870912 bytes
sending 'recovery' (35928 KB)...
OKAY [ 1.308s]
writing 'recovery'...
FAILED (remote: cannot flash this partition in s-on state)
finished. total time: 1.328s
but i hope with unlocked bootloader its possible to flash recovery ?
Click to expand...
Click to collapse
Damn man you're lucky you didn't brick your new phone, make sure to do the research first - Adam
@Adam182 - that wouldn't brick it. Reason? It won't flash in the first place.
Mr_Bartek said:
@Adam182 - that wouldn't brick it. Reason? It won't flash in the first place.
Click to expand...
Click to collapse
Got 2.8.5.0 running on my test device...... :good:
Rooted. There are limitations. \system is not writeable, as was initially on the M8 until insecure kernels were released here. Titanium Backup can't write to removable sdcard yet. I still have a hornet's nest of diagnostic software running and I have to give it a wide berth because logging is required on test devices.
Wonder if anyone there will notice what I've done after the overnight logs......
hgoldner said:
Got 2.8.5.0 running on my test device...... :good:
Rooted. There are limitations. \system is not writeable, as was initially on the M8 until insecure kernels were released here. Titanium Backup can't write to removable sdcard yet. I still have a hornet's nest of diagnostic software running and I have to give it a wide berth because logging is required on test devices.
Wonder if anyone there will notice what I've done after the overnight logs......
Click to expand...
Click to collapse
I have a tool which can recompile/decompile a kernel easy! No commands, you're rooted, get the stock kernel and disable it's security through it? I hope it works (Worked on 5-6 Qualcomm devices) .... Look into my sign
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm
MZ_. said:
I have a tool which can recompile/decompile a kernel easy! No commands, you're rooted, get the stock kernel and disable it's security through it? I hope it works (Worked on 5-6 Qualcomm devices)]
Click to expand...
Click to collapse
How do I get the boot.img from the device?
UPDATE: I might have the image at this point. Stumbled my way through adb commands to get the block, used the instructions here to extract what I believe to be a boot.img. Not sure, though, and sure as hell not going to flash it......
hgoldner said:
How do I get the boot.img from the device?
Click to expand...
Click to collapse
Rooted yeah? Extract from /dev/block/platform/msm_sdcc.1/by-name/boot (I told the link about my phone, yours may vary)
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm
Boot.img from 1.32.401.8: https://mega.co.nz/#!LY4nSK4D!S2QQcT5RQ2zurniqTiIlAEfOPo2DzndkN0VL5BQlgRc
Mr_Bartek said:
Boot.img from 1.32.401.8: https://mega.co.nz/#!LY4nSK4D!S2QQcT5RQ2zurniqTiIlAEfOPo2DzndkN0VL5BQlgRc
Click to expand...
Click to collapse
Cool, now someone can unpack/repack it with mods and boot from it, please do not flash as we don't know the outcome, better than risking it, just boot
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm
There's no risk in flashing. If it doesn't work just reflash my boot.img.
Mr_Bartek said:
There's no risk in flashing. If it doesn't work just reflash my boot.img.
Click to expand...
Click to collapse
I think I did it, based upon instructions here.
At least I believe I have a boot.img. Filesize is 65,536KB, was block p065. Note, ROM version currently is 1.33.90605.315 on Verizon, not Mr_Bartek's version.
Don't flash my version on Verizon. That is a large partition for just boot.img. What command did you use?
Mr_Bartek said:
Don't flash my version on Verizon. That is a large partition for just boot.img. What command did you use?
Click to expand...
Click to collapse
From the thread, I did the following:
1. I figured out that the mountpoints were located in /dev/block/f9824900.sdhci
2. From that I concluded that boot was mmcblk0p65
3. Based upon that I did the following in a DOS box on a Win7 system with the M9 connected via USB with debugging enabled:
Code:
adb shell
su
dd if=/dev/block/mmcblk0p65 of=/sdcard/boot.img
I then pulled the boot.img off the sdcard to my PC
Note that the problem right now is that the internal drive is encrypted (they asked me to test encryption) and I can't turn encryption OFF on the internal sdcard. I've turned it on and off repeatedly on the removable sdcard (and that's not operating properly either). As a result, when I boot to recovery, TWRP can't read the internal sdcard. It asks me (repeatedly) to decrypt, but it doesn't accept the password. I was able to run a Nandroid onto the removable sdcard and backed up boot that way, too.
there just was an OTA for german O2 variant
Maybe one wanna try to use that boot.img ?
Kugelfischmau said:
here you go:
OTA_HIMA_UHL_L50_SENSE70_O2_UK_1.32.206.15-1.32.206.6_release_426806c23qb1mi6by8irro.zip
Click to expand...
Click to collapse
//EDIT:
was able to extract the kernel out of that boot.img with @MZ_. img tool.
But from here on I can't do nothing. If one could get an M9 for @Lord Boeffla, I'm sure he would have a look
DroidShift79 said:
there just was an OTA for german O2 variant
Maybe one wanna try to use that boot.img ?
//EDIT:
was able to extract the kernel out of that boot.img with @MZ_. img tool.
But from here on I can't do nothing. If one could get an M9 for @Lord Boeffla, I'm sure he would have a look
Click to expand...
Click to collapse
Feeling pretty accomplished .. BTW can't you edit default.prop by that? It has option about ro.secure=1 (be default) ... Not sure but you could try? :/
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
Spoiler
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
default.prop looks like this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.adb.secure=1
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
persist.sys.usb.config=adboff
ro.zygote=zygote64_32
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
ro.dalvik.vm.native.bridge=0
DroidShift79 said:
default.prop looks like this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.adb.secure=1
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
persist.sys.usb.config=adboff
ro.zygote=zygote64_32
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
ro.dalvik.vm.native.bridge=0
Click to expand...
Click to collapse
Try to change first two values to 0 ... Worked for my LGE975 (but remember HTC's bootloader is different)
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Baseband Fix fir LG F180X converted to International E975
Disclaimer:
PoC was made for testing and educational purposes, ME is not responsible for what you do on/with your device using PoC, you must agree that you using PoC on your own risk, I am not responsible if you brick your device, you lost your personal data or anything else!
Hello!
First of all this tool fully replaces DRM fix! So do not use our tool with DRM fix!!! I'm going to explain what is this, how it working. Everybody know what drm fix doing and everybody know whats happening when bootloader is unlocked. Ok. This PoC is designed for unlocked devices and makes things identic to having bootloader never unlocked! Which mean this is for peoples who have backup of the trim area BEFORE unlocking bootloader! This PoC mounts your trim area backup (TA.img) to the kernel loop5 device which makes your trim area like real trim area partition (in our case it mounts your backup TA.img and uses it instead of unlocked trim area partition) so everything after android boot up is like having locked bootloader which mean all drm keys, widevine keys and etc is fully functional! And most better thing, we can use PoC with AOSP, CM or whatever for having trim area fully functional!!!
Do in mind this is for stock roms only! Only nougat and marchmallow by now, some of before marchmalow too.
Supported kernel images:
- SIN (kernel.sin)
- ELF (kernel.elf)
- IMG (boot.img)
So you no need to extract elf from kernel since our tool extract any sony format, sin,img,elf autodetection.
Credits:
- I must give big creadits to @steom since he tested things very deeply on his xperia x compact, he tested things more than 7 days, he tested it very frequently and I must say... big respect to him! Thanks man!
- Also respect to @tobias.waldvogel ! His mkinitfs source code (idea about #perm appended to file names) helped me a lot making our tool for windows. His scripts helped me a lot figuring out all things! Thanks man! Original forum thread for tobias.waldvogel great work -> https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
- Uhh sorry, forgot to give credit to @osm0sis for great extended version of the boot image tools https://github.com/osm0sis/mkbootimg
- @serajr mate sorry, forgot your great scripts!
- @the_laser for figuring out that poc is working by directly using TA.img, no need to mount to loop, thanks man!
- @mbc07 for this post https://forum.xda-developers.com/showpost.php?p=73232574&postcount=1547
How to extend our tool:
I have reserved some spaces for everybody who need to extend our tool (tool looks for user script.sh or script.bat), so if tool found user script tool will execute that scipt which mean everybody can make own scipt to extend ramdisk patching mechanism (e.g. to add su... etc). If tool didn't find user script, tool pause so you have enough time to modify everything you need manualy and continue tool by pressing any key on your keyboard. Tool didn't delete output folder so you can use for example something from unmodified boot.img-ramdisk.gz if you need. Also sepolicy binary file have a backup (backupsepolicy) so you can use it too if you need.
How to fix byself denials from dmesg:
This explains how: https://forum.xda-developers.com/showpost.php?p=70955889&postcount=47
And finaly this is a tool: https://forum.xda-developers.com/showpost.php?p=70973513&postcount=120
Everybody and every device is involved! You need at least good knownledge in getting logcat and dmesg if you want to help here! You can suggest, speak whatewer you want in this thread since this thread is for everybody! Need your words about tool and suggestions! Please if you want to post logcat or dmesg please use http://www.pastebin.com for it! If you need tool working for your device please get involved here!
. .
munjeni said:
That mean we can use stock camera blobs finaly with AOSP, CM or whatewer!!!
Click to expand...
Click to collapse
This will change everything regarding (not stock based) custom ROMs... If this is proved to work...
Outstanding job! Even if this post has no logcat/dmesg attached I felt like that I have to say some respectful words! :good:
Bootloop on nougat is solved now! New version is out! Soo close to get it working on nougat
I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!
Does it mean, that camera will now work well on Xperias with Nougat AOSP?
Anyway it's big success.
haha was thinking of the same thing some weeks ago
tad_static can be cheated easily but what about suntrold and rmt_storage?
Where are your sources please?
steom said:
I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!
Click to expand...
Click to collapse
Bro i want to test on my z5 dual but dont know what should i do it
can you explain clearly?
thanks
having problems
Code:
hash:0x54288A7A calc_hash:0x54288A7A
hash:0x4CBAA939 calc_hash:0x4CBAA939
hash:0x9B8793E3 calc_hash:0x9B8793E3
hash:0x482AF9EB calc_hash:0x482AF9EB
device: F8331
serial number: CB512BEE32
drm key: 0001046B 0010 44 98 8A 61 A3 B2 10 48 02 19 38 59 73 7F 7E 52
Trim area dump is a valid.
Locked bootloader.
Deleting old folder ramdisk if exist...
if exist ramdisk (rd ramdisk /s/q)
returned: 0.
New directory ramdisk created.
Created ouput folder "out"
opening kernelX.sin
unable to open kernelX.sin
Kernel dump tool returned an error!
Mmm.... rename kernel.sin to kerlelX.sin helped
Using EliteKernelV3 (Z3C) did not work with following output:
Code:
------------------------------------------------------------------------
Nougat Trim Area PoC kernel image patcher by Munjeni @ 2017
------------------------------------------------------------------------
hash:0x037C9C1E calc_hash:0x037C9C1E
hash:0x90A0164B calc_hash:0x90A0164B
hash:0x04E5A139 calc_hash:0x04E5A139
device: D5803
serial number: YT911BPNF7
drm key: 0001046B 0010 ED EE 37 63 7B D8 AD 8B 03 C4 8C 1C 2A 3C 61 B0
Trim area dump is a valid.
Locked bootloader.
Deleting old folder ramdisk if exist...
if exist ramdisk (rd ramdisk /s/q)
returned: 0.
New directory ramdisk created.
Created ouput folder "out"
opening boot_Z3c.img
boot_Z3c.img is Android image format.
Dumping to out...
BOARD_KERNEL_CMDLINE androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3b7 ehci-hcd.park=3 androidboot.bootdevice=msm_sdcc.1 vmalloc=400M dwc3.
maximum_speed=high dwc3_msm.prop_chg_detect=Y androidboot.selinux=permissive
BOARD_KERNEL_BASE 00000000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_KERNEL_OFFSET 00008000
BOARD_RAMDISK_OFFSET 02000000
BOARD_TAGS_OFFSET 01e00000
BOARD_DT_SIZE 284672
Done.
Gunziping...
setting up infflate...
infflating...
infflate returned: -3
gzpipe: invalid or incomplete deflate data
Error gunziping boot_Z3c.img!
Drücken Sie eine beliebige Taste . . .
I compared the the files in folder "out" with the one of osmosis' Android Image Kitchen:
This is TA Tool: boot.img-ramdisk.gz
And this AIK: boot_Z3c.img-ramdisk.cpio.gz
But both with exact the same file size...
Ramdisk is not decompressed successfully.... Looks for me like an mismatch while decompressing cpio and gunzip.
My thought: Your tool is expecting gzip files - But EliteKernelV3 was compressed first with cpio and then with gzip.
kernel.sin and kernel.elf are working fine!
Is lollipop in progress or?
for z1 that would be great
maksim_kw said:
Mmm.... rename kernel.sin to kerlelX.sin helped
Click to expand...
Click to collapse
Come one! You have to adjust the starting batch file according to your kernel file name
fluffi444 said:
Using EliteKernelV3 (Z3C) did not work with following output:
I compared the the files in folder "out" with the one of osmosis' Android Image Kitchen:
This is TA Tool: boot.img-ramdisk.gz
And this AIK: boot_Z3c.img-ramdisk.cpio.gz
But both with exact the same file size...
Ramdisk is not decompressed successfully.... Looks for me like an mismatch while decompressing cpio and gunzip.
My thought: Your tool is expecting gzip files - But EliteKernelV3 was compressed first with cpio and then with gzip.
kernel.sin and kernel.elf are working fine!
Click to expand...
Click to collapse
It's for stock kernel. EliteKernel has own fix method.
nailyk said:
haha was thinking of the same thing some weeks ago
tad_static can be cheated easily but what about suntrold and rmt_storage?
Where are your sources please?
Click to expand...
Click to collapse
Hi! Till after ta is mounted whole things working like real trim area on locked bootloader! Things which might not work (untested curently) is fota and other things, but I realy not going to mess with it, you guys can make your own scripts for fine tune purpose! Source code as I promised after my ban not going to be public available because my ban.
vato4001 said:
Is lollipop in progress or?
for z1 that would be great
Click to expand...
Click to collapse
I didn't tried, probably it will work or error during compilation.
x_one said:
EliteKernel has own fix method.
Click to expand...
Click to collapse
You know that I know that - But I really prefer this TA solution than DRM fix which I removed from Kernel as soon as I got the manual TA mod working on EliteKernel.
You know that I have an working EliteKernel with TA mount... But it would also be nice to get this tool working for such custom kernel as well.
Anyway - I really appreciate @munjeni 's work. And if the answers is ONLY for stock kernel than it's fine for me as well (the manual way works - as I said)
fluffi444 said:
You know that I know that - But I really prefer this TA solution than DRM fix which I removed from Kernel as soon as I got the manual TA mod working on EliteKernel.
You know that I have an working EliteKernel with TA mount... But it would also be nice to get this tool working for such custom kernel as well.
Anyway - I really appreciate @munjeni 's work. And if the answers is ONLY for stock kernel than it's fine for me as well (the manual way works - as I said)
Click to expand...
Click to collapse
In general it will work on any kernel since I have made some free space for userscripts! It will come later till after poc starts working!
New version is out and finaly it is a first one working for nougat! Only one problem thought is tool have an bug which I need to figure our (you must copy TA.img to the /data/local/tmp) folder to get poc working! I will solve that soon!