Database Users

[HOW-TO] Safely Switch Back To Amon From Clockwork Recovery

********************DISCLAIMER********************
XDA-Developers & Myself are in no way responsible for any loss of information or damages to your device that may result from from the use (or misuse) of this process, though the process itself should not cause any such problems I feel it necessary to reinforce this fact.
********************DISCLAIMER********************​
-----Special Thanks-----
jcase
-For the methodology and providing the flash_boot and recovery image links in his eng bootloader thread-
Stick from IRC
-For his sacrifice and bringing this issue to our attention (R.I.P. sticks Eris)-
Suno and Mezy (also IRC)
-For being unwitting guinea pigs and verifying the process-
--------------------​
Overview:
It has recently come to our attention that a version of clockwork recovery included in rom manager can and has (sorry stick) caused problems for Eris. Clockwork (or more specifically this clockwork) does not play nice with the Eris and in at least one case has resulted in a corrupted userdata partition resulting in a brick. This is not necessarily going to happen in all cases but the possibility is there and as such it is better to be safe than sorry. If you are using clockwork without issue but wish to switch back to Amon Ra this thread can also help you meet that end.
NOTE: Users who cannot use Amon RA recovery due to trackball issues should attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)
What You Need:
Android SDK for adb - (alternatively this can be done PC-less but I will cover that later)
flash_image - www.multiupload.com/KS2JCAMGBH
recovery.img - www.multiupload.com/DXQVBXB93G
su - for root permissions
Astro or Root Explorer - (For PC-Less Only)
Terminal Emulator - (For PC-Less Only)
________________________________________________
This process is relatively straightforward and I'm going to cover both the adb method and the PC-Less method in case you for some reason can't get your device recognized by your system (or don't have access to one). I have also made this very detailed for inexperienced users.
The Process:
ADB Version-
1) Download both the flash_image & recovery.img files from the links above and place them in your android-sdk tools directory
2) Open a Command Prompt (or terminal) and navigate to the tools directory.
3) Connect your device (USB Debugging Must Be Enabled) and verify the PC can see the device - type:
Code:
adb devices
4) Push both flash_image & recovery.img to /data/local on your device:
Code:
adb push flash_image /data/local
adb push recovery.img /data/local
5) Change the permissions of flash_image:
Code:
adb shell chmod 777 /data/local/flash_image
6) Flash the recovery image to recovery:
Code:
adb shell
su /*this is for those who do not get dropped into a root shell automatically remember $ = user # = root */
/data/local/flash_image recovery /data/local/recovery.img
7) Give it a few seconds to run (just give it 10 or so seconds to be safe)
8) Issue the following to reboot the device into recovery mode to verify the flash took:
Code:
adb reboot recovery
PC-Less Version-
1) Download both files to your sdcard.
2) Use Astro or Root Explorer to move both of the files to /data/local (if you run into a read only error use this command in terminal emulator and try again)
NOTE: Root Explorer users can hit the rw/ro toggle button.
Code:
su
mount -o remount,rw /
If for what ever reason you either can't get Root Explorer and ASTRO is blocking you from navigating outside your SD go to terminal emulator and issue the commands:
Code:
su
mv /sdcard/download/flash_image /data/local
3) Open terminal emulator and issue this command to set permissions:
Code:
su
chmod 777 /data/local/flash_image
4) Still in terminal emulator flash the recovery image to recovery:
Code:
/data/local/flash_image recovery /data/local/recovery.img
5) When the prompt returns issue the command:
Code:
reboot recovery
Verification:
If you completed either method you should be greeted by a green text recovery menu. If so congrats Amon RA has blessed you with it's presence. go ahead and reboot system or flash a rom if you like.
If This was Helpful I only ask that you become an active member and contribute to the community in any way possible. The OpenSource community is what it is because of people like you giving freely of themselves for the benefit of the whole.

good stuff!
i've never used clockwork... and from my observations... GOOD!
in any case... this should help many users (i personally only recommend Amon).

What was the version the caused the issue? can't you also flash amons from clockwork in rom mgr then delete rom mgr? or would that not work? thank you.

midnight assassin said:
What was the version the caused the issue? can't you also flash amons for clockwork in rom mgr then delete rom mgr? or would that not work? thank you.
Click to expand...
Click to collapse
Not sure of the exact version as I don't personally use rom manager (kinda a manual guy) but I think it has been fixed in the most recent release. As for using Rom Manager to reflash I can't say for sure either but this method is pretty simple and already resolved two cases. I believe stick may have tried it he was in IRC with us for hours and we were bouncing everything we could think of at him but he got sig verification failure in a flash using it not knowing the issue and corrupted his userdata partition.
If there are any more questions I will have to answer them when I wake up because I'm nearly sleeping in my chair right now

thanks for the answer and putting this together. I know there are a lot of noobs like myself around here lately who may benefit from this and the time you put into it. thanks for makin it simple.

Thanks for the great post.
I just have to say theres an easier/alternate way to do it
1)download rom manager.
2)at the bottom of rom manager click flash alternate recovery.
[PC WAY]
As pointed out by bftb0 the below method will only work for those on HBOOT 1.49.2000 S-OFF bootloader. (those who flashed the original root rom)
1) download amon's recovery from this thread http://forum.xda-developers.com/showthread.php?t=648025
2) (if you don't already have the android sdk, download it) If your in Windows fastboot is included in the android sdk, if your in mac or linux go here http://developer.htc.com/adp.html and scroll down a bit, click download and move fastboot to your /sdk/tools folder.
3) with your phone connected to your computer and off hold the power and send buttons at the same time until fastboot comes up on the screen.
4) open cmd/terminal and cd to your /sdk/tools folder, and type in "adb flash recovery <path to amon's recovery>"(if your in linux or mac type ./ in front of fastboot).
5)reboot your phone.
I personally use clockwork recovery and have had no problems, though I do not suggest it for anyone. (unless your trackball is as messed up as mine is, I can't even scroll down in amon's recovery)

A couple of comments.
Stick's phone
A corrupted "userdata" (/data mount point) alone might prevent the OS from booting, but that should not effect the ability to start the phone in HBOOT, FASTBOOT, or RUU (oem-78) mode. I didn't sit in on the IRC, so maybe I'm missing something, but there really are only three things which will completely brick the phone:
- screwing up a flash of the (512 kB) bootloader
- screwing up the NVRAM area
- (maybe) screwing up the misc partition
You can screw the pooch in /boot, /recovery, /system, and /data (aka "userdata") - even all four of them at the same time, if you please - and your phone should still not be bricked.
If the bootloader can not be started (in any mode), then that is absolutely a bricked device; OTOH, if you can start up the bootloader in HBOOT mode, the only thing that would prevent you from re-flashing the Leak-V3/"Official" PB00IMG.ZIP file is corruption of either the /misc partition or NVRAM. None of the dev ROMs touch those areas though. So, it is very strange that someone using any custom recovery would cause corruption of those partitions. Is Stick really bricked?
I once corrupted my /system partition which caused it to be unmountable (in Amon_RA) by doing something dumb (twice!) - but re-flashing the entire ROM (HBOOT+PB00IMG.ZIP) overcame that and gave me an earlier starting point from which to re-root and recover via Nand. There is evidence, from looking at the string data contained within the bootloader that it knows how to recreate the partition tables in flash memory - presumably this would be needed if HTC shipped a ROM which needed more space in the /system or /data partitions than existed in prior ROMs. Whether it does that for normal PB00IMG.ZIP-style ROM flashing, I can't say - but there are hints that the HTC bootloader knows how to deal with flash memory in which the entire partition table has been destroyed.
PC-based method
Step #6 in the first set of instructions will not work for rooted (dev) ROMs which do not start adbd as root (that is, "adb shell" from the PC does not launch a root shell). Most dev ROMs do that, so perhaps this is a nit-picking point. If "su" is available in the ROM, prefixing the command with "su" should work, though - just as in the PC-less example.
Use of fastboot
homewmt should probably edit his post to add the disclaimer that using fastboot for flashing of recovery will only work for folks who gained root by flashing the "Root-ROM" (or post-installing it after root was gained), which gave them the 1.49.2000 S-OFF bootloader. None of the other bootloaders will let fastboot do this. I think it is important to mention this because a lot of the new rooters are using either the "One-Click" or "Dummies" (AF) methods to install a custom recovery - and so they never touch their bootloaders.
bftb0

So as long as you can get the boot loader up (power + volume down) then you can still use the 2.1 RUU (for those with HBoot s-on) to get the phone back working?
I think people assume that since the moded recovery image is fried that means the phone is bricked since you can't get into recovery on the phone to restore a backup.
Myself I've been using Clockwork Mod Recovery for 3 months without any problems and I've flashed a lot of ROMS and restored a lot of backups. Both using the recovery console and ROM Manager. I'll never go back to Amon's as I see no point and Koush is at least updating Clockwork on a regular basis.

bftb0 said:
A couple of comments.
Stick's phone
A corrupted "userdata" (/data mount point) alone might prevent the OS from booting, but that should not effect the ability to start the phone in HBOOT, FASTBOOT, or RUU (oem-78) mode. I didn't sit in on the IRC, so maybe I'm missing something, but there really are only three things which will completely brick the phone:
- screwing up a flash of the (512 kB) bootloader
- screwing up the NVRAM area
- (maybe) screwing up the misc partition
You can screw the pooch in /boot, /recovery, /system, and /data (aka "userdata") - even all four of them at the same time, if you please - and your phone should still not be bricked.
If the bootloader can not be started (in any mode), then that is absolutely a bricked device; OTOH, if you can start up the bootloader in HBOOT mode, the only thing that would prevent you from re-flashing the Leak-V3/"Official" PB00IMG.ZIP file is corruption of either the /misc partition or NVRAM. None of the dev ROMs touch those areas though. So, it is very strange that someone using any custom recovery would cause corruption of those partitions. Is Stick really bricked?
I once corrupted my /system partition which caused it to be unmountable (in Amon_RA) by doing something dumb (twice!) - but re-flashing the entire ROM (HBOOT+PB00IMG.ZIP) overcame that and gave me an earlier starting point from which to re-root and recover via Nand. There is evidence, from looking at the string data contained within the bootloader that it knows how to recreate the partition tables in flash memory - presumably this would be needed if HTC shipped a ROM which needed more space in the /system or /data partitions than existed in prior ROMs. Whether it does that for normal PB00IMG.ZIP-style ROM flashing, I can't say - but there are hints that the HTC bootloader knows how to deal with flash memory in which the entire partition table has been destroyed.
Click to expand...
Click to collapse
Yes stick is really bricked. He had access to the recovery but got a sig failure which terminally corrupted his userdata partition and the only option available to him was fastboot which would throw a sig failure at any attempt to flash over (even tried PB00IMG and RUU at the end)
NOTE: Good catch on #6 I edited the OP to drop into a shell then su in.
kzoodroid said:
So as long as you can get the boot loader up (power + volume down) then you can still use the 2.1 RUU (for those with HBoot s-on) to get the phone back working?
Click to expand...
Click to collapse
This is inadvisable as stick tried the RUU which is what killed off his ability to enter hboot

edge.thefly said:
Yes stick is really bricked. He had access to the recovery but got a sig failure which terminally corrupted his userdata partition and the only option available to him was fastboot which would throw a sig failure at any attempt to flash over (even tried PB00IMG and RUU at the end)
Click to expand...
Click to collapse
That is truly bizarre. I don't know what Clockwork does for checks, but Amon_RA performs (in the verification step) the equivalent of a "jarsigner --verify" operation: it computes the SHA1 hash of every last file in the .zip archive, and compares those sigs to the manifest. If even a single file is wrong, it won't proceed to the install, but just bombs out on a verification failure. The upshot of that is - in the Amon_RA (or stock recovery update.zip) case - it is literally impossible to install a corrupted ROM file.
In the case of HBOOT and PB00IMG.ZIP installs, a "whole-archive" signature is performed - the individual images are not inspected, but that doesn't matter: if you touch a single bit anywhere, even in the .zip file directory, that verification step will also fail.
So - in both of those examples, the only way to burn something wrong onto the phone is if the files get corrupted internally to the phone, after they have already passed signature checks - or if they are read off the SD card differently between the verification pass and the install pass!
Do you know if Stick has a S-OFF bootloader? (i have a tricky idea, if so) I suspect he doesn't, because if fastboot passes a privilege check, I don't think there are ever any sig checks performed by the phone when the bootloader is in FASTBOOT mode - all you have to do is have a S-OFF bootloader, and you can write total crap to the phone.
bftb0

I'm almost certain he had S-ON but hes not around right now so I can't verify.
I should also note that while he can still power on the device he only has fastboot access it wont even get into bootloader or recovery at this point.

thanks edge this work like a charm

edge.thefly said:
I'm almost certain he had S-ON but hes not around right now so I can't verify.
I should also note that while he can still power on the device he only has fastboot access it wont even get into bootloader or recovery at this point.
Click to expand...
Click to collapse
Ugh. Vol-Down won't get him from FASTBOOT-USB mode to HBOOT?
Sux.
I was going to suggest - only if he had the S-OFF (1.49.0000) bootloader - that he could boot to a recovery image without ever flashing it to the device, e.g.
Code:
[B]C:\blech> [COLOR=green]fastboot boot recovery-RA-eris-v1.6.2.img[/COLOR][/B]
Even if he had S-OFF, and can get a recovery boot up on it's legs, it might still be a long uphill climb if e2fsck/mke2fs can't repair/rebuild /dev/block/mtdblock5 (for instance if the mtd device is so corrupted that the partition map got thrashed).
But that route is a no-go if he has a S-ON bootloader.
bftb0

What's the difference between Amon and Clockwork?

Good question. I personally dont use clockwork but...
the navigation interface is different (uses volume keys to select instead of trackball)
Amon_RA is far more tested and reliable on Eris
and of course the general consensus that clockwork should NOT be used on the eris.
NOTE: I am sure there are other internal differences someone like bftb0 or koush would be more apt to give a detailed explanation.

edge.thefly said:
Good question. I personally dont use clockwork but...
the navigation interface is different (uses volume keys to select instead of trackball)
Amon_RA is far more tested and reliable on Eris
and of course the general consensus that clockwork should NOT be used on the eris.
NOTE: I am sure there are other internal differences someone like bftb0 or koush would be more apt to give a detailed explanation.
Click to expand...
Click to collapse
I've been using clockwork for a while now... I haven't had issues yet. What kind of problems have people had with this, anyway? There is an option in rom manager to flash back to Amon ra...
Sent from my Buuf Froyo using XDA App

The usual, failed flashes failed nandroid backups i heard something about a random reboot issue but that could be unrelated and of course the one case of corrupted partition/inability to get into hboot or recovery resulting in a brick.
I will note some people are using clockwork without issue and for them great but it is not advisable on the Eris at this time though I do realize some people have trackball issues and have to in which case best of luck to those few brave souls.
NOTE: If you have trackball issues i advise you to attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)

edge.thefly said:
The usual, failed flashes failed nandroid backups i heard something about a random reboot issue but that could be unrelated and of course the one case of corrupted partition/inability to get into hboot or recovery resulting in a brick.
I will note some people are using clockwork without issue and for them great but it is not advisable on the Eris at this time though I do realize some people have trackball issues and have to in which case best of luck to those few brave souls.
NOTE: If you have trackball issues i advise you to attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)
Click to expand...
Click to collapse
maybe you should post this on OP the trackball issue that is

so...I'm not at my normal computer(and I can't get Root Explorer because my card always screws up when it converts from US to any other currency) and am trying the On-Phone method via Astro. The issue I'm having is I cannot get it to show me the /data/local folder. I can't find any tweak for it in settings or anything. There's no read only error or anything like that, so I don't think that mount command in the first post will help very much. I'm fairly new to Android hacking, so this could easily be something I just don't know yet. My gut says it's a permissions thing, and that since Astro is meant for normal users it just doesn't set itself to show the restricted stuff by default.
So I guess does anyone know how to make this folder appear in Astro?
(I've been meaning to change back to Amon_Ra for a while ever since I noticed that RomManager deleted the other recovery program. Just can't trust something that does that.)
[edit] tried the command to remount as a rewritable et all that jazz(mount -o remount, rw /) and no change.

Do you have Superuser installed? My astro sees those extra files and it isnt in my Superuser permissions list.
However if you cant get past this issue go ahead and use the terminal emulator to perform the move.
Code:
su
mv /sdcard/download/flash_image /data/local

[Q] Fire Bricked; No shell root

I was attempting to root my 6.2.1 and successfully had superuser installed and rooted. When I tried moving the Android Marketplace into the /system/apps/ folder it wouldn't appear so I checked all the write permissions and still no luck. I reverted back but must have deselected all of the permissions because now in my /systems/ folder the /app permissions are d---------.
The result is the Fire is stuck on the "Kindle Fire" boot screen and will go no further. When I try all of the fixes it prevents me from going into the adb shell as root, with either a "Stopped (signal)" or "Segmentation fault" error when I type in "su" or "su -".
None of the other tools such as zergRush work because they can't write to the file system and can't elevate to shell root in order to do so. This thread: http://forum.xda-developers.com/showthread.php?t=1356257 doesn't work either because in order to gain temp root, it requires zergRush. Any help on gaining shell root would be appreciated and any additional details can be provided.

Did you try the lastest KF utility v.7? Your not alone with this problem...

I'm in the same boat as you. I tried for 2 days to fix it to no avail and finally decided I was SOL without one of of these "factory cables". The other day I did a support chat with amazon and they are sending me a new kindle. My main gripe with the kindle is there is no way to easily factory reset because of the lack of hardware buttons. Think I'm gonna wait for a cyanogenmod 9 rom before I mess with the replacement... Good luck.
Sent from my HD7 T9292 using XDA Windows Phone 7 App

Had this problem last night
Already trying to hack your Christmas present?
I had this problem last night. Stuck on boot screen and powering down and up didnt fix. This is what what fixed it for me.
Go into CMD and type this, with the kindle connect via usb,
fastboot -i 0x1949 oem idme bootmode 4000
fastboot -i 0x1949 reboot

Used KF Utility 6
I haven't had success with v7 yet, but will try when I get back. I had trouble with KF Util on Windows 7 so went back to XP. Will try Ubuntu next because it's easier to navigate the command line. Is there any difference between v6 and 7 with respect to elevating shell privileges?

Yeah follow the command... I think we are stuck on fastboot!

Well at least I'm not the only one who did this. Same issue... Tried to copy the marketplace APK and it wouldn't appear. Changed permissions and am now stuck at boot splash. Executing "fastboot -i 0x1949 oem idme bootmode 4000" simply hangs at "<waiting for device>".

No shell root, no progress
I've tried unrooting with KF utility v7 to no avail. One problem could be that I had Burrito Root on the Fire prior to the bricking, but how I can remove it at this point is beyond me. I can't run the fastboot commands without being in shell root, and KFUtilityv7 doesn't work without those credentials.
Some errors: "(idme) Invalid permission"; "reboot: Operation not permitted". These are seen when I try to put it in recovery mode. FYI, my ADB status is online and my computer sees it, the ADB Rooted status says "No" and I'm in Boot Status 4000 (Normal).
When I try running BurritoRoot it goes through a process, says "Elevating the Shell" and then errors out with "adbd cannot run as root in production builds"
Then below this it says "Root Activated" and "The Kindle is successfully in root mode."
Here is the output from my attempts at installing Permanent Root with KFUtility v7:
***********************************************
* Root Activated *
***********************************************
The kindle is successfully running in root mode.
mount: Operation not permitted
mount: Operation not permitted
failed to copy 'files\su' to '/system/xbin/su': Read-only file system
Unable to chmod /system/xbin/su: Read-only file system
Unable to chmod /system/xbin/su: Read-only file system
2114 KB/s (843503 bytes in 0.389s)
Error: Could not access the Package Manager. Is the system running?
***********************************************
* Root Installed *
***********************************************
Permanent root has been installed.
With great power, comes great responsibility.
Please be careful with how you use root.
It is HIGHLY recommended you have TWRP installed before using root.
****************************************************
At this point you can see the mount operations were not successful because you cannot gain root in the shell with su. I am going to try this through my Ubuntu build and see if I can gain privileges through Linux.

Hi. Same problem here. Changed the /system/app permissions by mistake and the Fire won´t pass the loading screen.
I think the only hope we have is that someone finds a way to root from adb.

According to GregDDC:
GregDDC said:
I had the same issue and fixed it with a recovery cable.
The process was simple, just short the 1st and 4th pins on a microUSB cable and boot into recovery/fastboot. You can find all the information here (link) and here (http://forum.xda-developers.com/showthread.php?t=1392693&page=3). I accomplished everything using Kindle Fire Tools.7 I hope this helps.
Click to expand...
Click to collapse
I just don't have the dexterity to fashion my own cable.
Sent from my SPH-D710 using XDA App
Sent from my SPH-D710 using XDA App

I have the same problem. I get the boot-loop with the kindle fire logo. I can access the file system, but most commands give me a seg or permission error. ZergRush doesn't work so fast boot won't work.
I'm trying to get a factory programming cable off here or make my own. That should bypass the whole root issue and put you directly into fast boot so you can load a kindle rom or cm7 or whatever.

Think I'll wait for my wife to go to work tomorrow so I can spend the day working on a cable without distraction. ;-)
Sent from my SPH-D710 using XDA App

Seriously, you most likely don't need the Factory cable to fix your problems. Just do some more reading. There are more than enough threads on these issues to provide you with a clue on how to get out of or into what you are trying to do.

Care to give us a clue on the solution then? I have scoured both this and other threads.
Sent from my SPH-D710 using XDA App

If you cant boot into the OS, you cant get root again.
If you cant boot into TWRP, you cant get it fixed.
If you were romping around with root, with no recovery installed, its likely bricked.
Get a factory cable, or send it back. Learn from the mistake and install a recovery.

Exactly correct (unfortunately) Vasheypooh. At the crossroads of waiting for another temp root through adb our practice my soldering skills.
Sent from my SPH-D710 using XDA App

Factory cable will be the solution for me i'm from canada.

Vashypooh said:
If you cant boot into the OS, you cant get root again.
If you cant boot into TWRP, you cant get it fixed.
If you were romping around with root, with no recovery installed, its likely bricked.
Get a factory cable, or send it back. Learn from the mistake and install a recovery.
Click to expand...
Click to collapse
i've come to the same conclusion unfortunately. this is only my second attempt at rooting an android device and it's wildly different from the process for the previous device i was working with, so since the instructions i was using didn't mention installing a recovery, i failed to do that myself. my kindle is going to the "Your kindle had detected a problem and must clear App storage" on every boot and all attempts to communicate with it have failed. looks like a cable or a new device are my only options at this point. i will definitely be using a recovery of some kind from now on!

rcabls said:
I was attempting to root my 6.2.1 and successfully had superuser installed and rooted. When I tried moving the Android Marketplace into the /system/apps/ folder it wouldn't appear so I checked all the write permissions and still no luck. I reverted back but must have deselected all of the permissions because now in my /systems/ folder the /app permissions are d---------.
The result is the Fire is stuck on the "Kindle Fire" boot screen and will go no further. When I try all of the fixes it prevents me from going into the adb shell as root, with either a "Stopped (signal)" or "Segmentation fault" error when I type in "su" or "su -".
None of the other tools such as zergRush work because they can't write to the file system and can't elevate to shell root in order to do so. This thread: http://forum.xda-developers.com/showthread.php?t=1356257 doesn't work either because in order to gain temp root, it requires zergRush. Any help on gaining shell root would be appreciated and any additional details can be provided.
Click to expand...
Click to collapse
I have exact same issue. Can someone help. I can't get rooted using any of the tools available today.
HELP!

This is because you changed the properties on all the files in /system.
Why would you do that?
su no longer has permissions to run.
If you can't get into recovery, you likely need a factory cable to fix.

[Q] Trouble Installing a Custom Recovery

I have Razr M 98.18.94.XT907, running the stock version of Android 4.1.2, that is the Motorola/Verizon variant. The phone is rooted, but everytime I try to run motopocalypse to unlock the bootloader it is unsuccessful. I have tried the APK, which doesn't give any indications it didn't work until I load into fastboot and it still sows the device as locked. I have also tried a script version of motopocalypse as well as DROID_RAZR_M_Utility_1.20, both of which run their course, but there are mixed messages and of course, fastboot still shows to be locked.
[*] Pushing unlock tool...
3721 KB/s (38280 bytes in 0.010s)
[*] Unlocking phone...
[+] TrustZone target address resolved to 2a020a02
[-] TrustZone write failed: -11.
[*] Cleaning up...
[*] Unlocking complete. Rebooting into bootloader mode.
[*] Press enter once the phone has rebooted into bootloader mode.​
Any ideas or suggestions?

vphreeze said:
I have Razr M 98.18.94.XT907, running the stock version of Android 4.1.2, that is the Motorola/Verizon variant. The phone is rooted, but everytime I try to run motopocalypse to unlock the bootloader it is unsuccessful. I have tried the APK, which doesn't give any indications it didn't work until I load into fastboot and it still sows the device as locked. I have also tried a script version of motopocalypse as well as DROID_RAZR_M_Utility_1.20, both of which run their course, but there are mixed messages and of course, fastboot still shows to be locked.
[*] Pushing unlock tool...
3721 KB/s (38280 bytes in 0.010s)
[*] Unlocking phone...
[+] TrustZone target address resolved to 2a020a02
[-] TrustZone write failed: -11.
[*] Cleaning up...
[*] Unlocking complete. Rebooting into bootloader mode.
[*] Press enter once the phone has rebooted into bootloader mode.​
Any ideas or suggestions?
Click to expand...
Click to collapse
you have to update to 4.4.2 to use the motopocalypse apk to unlock bootloader

Ok, I'll give that a try.

Alright, I try to go to the Settings > About Phone > System Updates, and it finds the 4.4.2 (182.46.10.en.US) update, downloads it and reboots to where it looks like it's working. But once rebooted it says "the software update failed!". Do I need to unroot first? Or is there a tool that I can use to put the update on there?
I plan to clear everything off and do a clean install of a custom ROM and everything, but even though I think I have gotten everything of value off of it, I would feel a lot better being able to do some like a nandroid backup first...just in case.

vphreeze said:
Alright, I try to go to the Settings > About Phone > System Updates, and it finds the 4.4.2 (182.46.10.en.US) update, downloads it and reboots to where it looks like it's working. But once rebooted it says "the software update failed!". Do I need to unroot first? Or is there a tool that I can use to put the update on there?
I plan to clear everything off and do a clean install of a custom ROM and everything, but even though I think I have gotten everything of value off of it, I would feel a lot better being able to do some like a nandroid backup first...just in case.
Click to expand...
Click to collapse
theres a thread tutorial somewhere to flash the 4.4.2 firmware with rsd lite

[ROOT][Surnia]Moto E 2015 root all the things!

disclaimer:
Code:
I take no responsibility for any devices that may be bricked,
or any bad things that will happen to you.
flash/boot twrp from here
either flash SuperSU by chainfire, or reboot system and accept installing supersu via TWRP.
we've experienced a bug on the first boot after flashing supersu, where there is no boot animation. instead the warning sign will stay up saying "you're unlocked".
Do not worry. It will still load, and supersu will prompt you to finish installing SU. do so, and everything will be back to normal.
A known issue happens, where root breaks the camera.
If this happens to you, then change SeLinux to permissive. I may look in to fixing it properly at a later point.
thank you to @fix-this for testing
previous post:
Please note this is a development thread. If something is said that is NOT constructive, I will have it deleted.
OK so this thread doesn't tell you how to root your device... yet.
in the process of rooting my device, I have essentially soft bricked it until I can get hold of either a boot/recovery image, or I find out the kernel base, ramdisk offset and tags offset.
long story short, I shouldn't have been messing about with the system while I was tired, so I forgot about dm-verity, and now it won't boot since the boot image contains a dm-verity key. hurrah for perma root prevention systems finally working.. sort of..
Motorola has implemented a nifty method in to their bootloaders. It essentially allows you to dump a partition. This is when I stumbled on yet another security measure. to allow you to do anything with the bootloader, you must flick a switch in the android dev settings to give full access... oh wait, I can't load the system I don't know if this switch is done by writing a value to memory, or is passed on with the reboot reason. I don't know Java that well, and I sure as hell don't know smali.
So far I have attempted:
Dump a modified system image (Failed because dm-verity).
Pull the boot image (Failed because SELinux)
Dump the boot image via moto fastboot (failed because either outdated mfastboot, or security from [read above])
Boot directly in to DLOAD mode. (Failed. seems with the msm8916, they've changed the method of accessing it, and having dload mode is now optional [which they disabled.. probably..]. I'm not going to risk wiping the bootloader to see if DLOAD mode will load as a fail safe).
so how can you help?
method failed. trying something else..
I need someone who doesn't mind unlocking their bootloader (or already has done), and doesn't need their hand holding. (request for hand holding isn't development, it will be deleted).
unlock bootloader.
get mfastboot
go to settings, dev settings, and allow oem unlock
boot to fastboot/bootloader
run this command
Code:
mfastboot oem partition dump recovery
If this fails, then try this (with this fastboot) (Thank you @m1cha for this version of fastboot, sources here)
Code:
fastboot_dump dump recovery.img oem partition moto-dump recovery
send the results back to me
Hopefully, this will all go well. If not, I'll spend a few hours figuring out the values they've used for the kernel base and offsets.
If anyone else has any ideas (even if it's to get a temp root), then feel free to share them
Big thankyou to @PotatoJ who has donated a very generous $20

And it finally begins

Gave em both the commands, nothing. Both are restricted. Ugh...
C:\windows\system32>fastboot dump recovery.img oem partition moto-dump recovery
...
(bootloader) Command Restricted
FAILED (remote failure)
finished. total time: 0.002s

more updates. just been told that those commands are for internal use only.
had an idea though.. will get back to you

cybojenix said:
more updates. just been told that those commands are for internal use only.
had an idea though.. will get back to you
Click to expand...
Click to collapse
Whatever you need, let me know. I've got the phone waiting for commands.

if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.
i also messaged jcase to see if he might be able to help us.

fix-this! said:
if im correct i think the system images are now available. ill help with what i can to obtain root. id hope rooting this wont be too hard considering we can unlock the bootloader via moto.
i also messaged jcase to see if he might be able to help us.
Click to expand...
Click to collapse
No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity

cybojenix said:
No need for jcase now. the boot image is out. I can patch it, and talk with chainfire about how to best handle dm-verity
Click to expand...
Click to collapse
Yeah jcase responded and said since we can unlock the bootloader all we needed was a custom recovery to flash superuser. Was just trying to help.

fix-this! said:
Yeah jcase responded and said since we can unlock the bootloader all we needed was a custom recovery to flash superuser. Was just trying to help.
Click to expand...
Click to collapse
it's kind of a pain to make a custom recovery without having a recovery/boot image

Do you plan on making the recovery work with the boost mobile Variant

903tex said:
Do you plan on making the recovery work with the boost mobile Variant
Click to expand...
Click to collapse
no. I don't have the device.
btw, got twrp on it, however the return of the "No touch till screen goes off" bug is back.

Xda seems to be glitching, and won't show there's a thread in original dev from the main forum, so here's a direct link.
http://forum.xda-developers.com/moto-e-2015/orig-development/twrp-moto-e-2015-recovery-t3049726

if you need me to test, pm me. otherwise ill wait until you say its ok to root.

Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #

cybojenix said:
Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #
Click to expand...
Click to collapse
congratulation to you to gaining root access. :good::good::good:
we want rooting all together:laugh::laugh:

cybojenix said:
Code:
$ adb shell
[email protected]_umts:/ $ su
[email protected]_umts:/ #
Click to expand...
Click to collapse
you hard work is much appreciated.

so some bad news. the GB and EU variants have different camera blobs it seems.
unless I get decent testers, I will not be supporting the different variants.

cybojenix said:
so some bad news. the GB and EU variants have different camera blobs it seems.
unless I get decent testers, I will not be supporting the different variants.
Click to expand...
Click to collapse
how would i know if i have a gb or eu variant? and yes that's sad indeed for users. ill test whatever you need. i have an unlocked lte gsm model from moto.

root is done, thanks @fix-this for doing the final testing

cybojenix said:
root is done, thanks @fix-this for doing the final testing
Click to expand...
Click to collapse
Whatever you need for the CDMA variant I'll be happy to provide!

Root without unlocking bootloader

Hi,
I'd like to root my zenfone 2 laser (ze550kl z00ld). I've been trying to unlock the bootloader with the Asus app (version 9.0.0.3) for a few days but it fails every time as for many other users (can't post urls but several threads on asus zentalk forums). I can't find version 9.1.0.0 of the tool unfortunately. However, it looks like I could root the phone without unlocking the bootloader because I can use adb to reboot to fastboot mode (adb reboot bootloader from pc command line) as I have enabled developer mode with usb debugging and the computer is allowed on the phone.
Am I right to do this?
- download latest twrp recovery image for phone model (twrp-3.3.1-0-Z00L.img from dl.twrp.me) on computer
- connect phone to computer (linux OS) & reboot to fastboot mode
- flash twrp image via
Code:
flashboot flash recovery twrp-3.3.1-0-Z00L.img
from computer
- simultaneously reboot the phone from computer via
Code:
fastboot reboot
while simultaneously holding down the volume down key on the phone
- this should allow me to reboot into twrp recovery from which I can flash the supersu app zip dowloaded from supersu.com and copied from the computer onto the phone's sd card root
Does this seem correct to you? Is this likely to succeed or should I continue trying to unlock the bootloader?
Thank you very much!

DrWaste said:
Hi,
Does this seem correct to you? Is this likely to succeed or should I continue trying to unlock the bootloader?
Thank you very much!
Click to expand...
Click to collapse
Hello
You won't be able to install TWRP without unlocking the bootloader.
The official unlocking tool is very buggy, and pretty much useless since it never works.
I recommend you follow this unofficial method.
https://forum.xda-developers.com/ze...de-unlock-bootloader-asus-unlock-app-t3405850
You should be able to unlock the bootloader in less than 5minutes. Just enable adb, boot into fastboot and run the code available in that thread, and it should do the trick.
After unlocking, then you can install TWRP and then Magisk, if all you want is to have root.

Hello,
FHC1998 said:
I recommend you follow this unofficial method.
https://forum.xda-developers.com/ze...de-unlock-bootloader-asus-unlock-app-t3405850
Click to expand...
Click to collapse
There's something I don't understand. On the first message of that thread it says:
You MUST be rooted to use this method.
Click to expand...
Click to collapse
That can't work for me as my phone isn't rooted.
It says to follow other methods given in another thread to try to root the phone beforehand. I'd read all these threads before. There are three which give a guide to root the zenfone 2 laser ze550kl. One requires to first unlock the bootloader (feels like I'm going round in circles here...) and the other two link to a firmware patch which used to be hosted on mega.nz but aren't available anymore.
I'd love to go the easy way and unlock the bootloader first before flashing twrp recovery and then rooting, but it seems like that's just not possible because all the guides are obsolete, or am I missing something more subtle?
Thanks!

DrWaste said:
Hello,
There's something I don't understand. On the first message of that thread it says:
That can't work for me as my phone isn't rooted.
It says to follow other methods given in another thread to try to root the phone beforehand. I'd read all these threads before. There are three which give a guide to root the zenfone 2 laser ze550kl. One requires to first unlock the bootloader (feels like I'm going round in circles here...) and the other two link to a firmware patch which used to be hosted on mega.nz but aren't available anymore.
I'd love to go the easy way and unlock the bootloader first before flashing twrp recovery and then rooting, but it seems like that's just not possible because all the guides are obsolete, or am I missing something more subtle?
Thanks!
Click to expand...
Click to collapse
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.

Hello,
FHC1998 said:
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.
Click to expand...
Click to collapse
OK, I'll give a shot that way. If you do find the system image that would be cool.
Thanks.

Hello,
FHC1998 said:
If I recall correctly, the root part is only used to make the partitions backup with adb shell.
The bootloader unlocking part (the two line code that goes "echo ....") doesn't need it.
I used this tutorial a long time ago, so take this info with a grain of salt.
The problem is that this phone is almost 4 years old now, so most links are not being updated or dead.
So it might be worth a shot trying to run that code without root. (By my understanding, root does not alter the fastboot binaries, so it should not be necessary).
In any case, I might have a backup of a patched system IMG somewhere on my computer. I'll try searching for it and if I find I'll upload it to you.
Click to expand...
Click to collapse
Nope, seems to require root to modify the hex value of byte 16 on the boot device (I presume that's what the command does, there's no man accessible via adb shell but that's what that dd command does on unix machines). I can't even, as normal user, list /dev/block or even /dev:
Code:
1|[email protected]_Z00L_63:/ $
count=1 seek=16 of=/dev/block/bootdevice/by-name/devinfo <
dd: /dev/block/bootdevice/by-name/devinfo: Permission denied
1|[email protected]_Z00L_63:/ $ ls /dev
/dev: Permission denied
Bummer, really hoped it would work. Back to unlocking the bootloader via the buggy Asus app it seems, or chucking the phone out of the window maybe...
Thanks for your help anyway :good: