[UNOFFICIAL][Guide] Update Original Shield Tablet to Android M (6.0) - Shield Tablet General

Unofficial nVidia Shield Tablet (Original) Update to Android 6.0
| ROOT INCLUDED | Updated 1/21/16 |​
I take no credit for the development of this update other than this simplified guide. All of the development was from here mostly via the user 'fards' efforts, castrwilliam's found here, and Steel01 found here
THIS IS A MODIFICATION TO THE ORIGINAL SYSTEM PUT ON THE DEVICE BY NVIDIA. BY FOLLOWING THESE STEPS I ASSUME NO RESPONSIBILITY IF YOU BREAK YOUR DEVICE. THESE IMAGES ARE NOT FULLY TESTED. PROCEED AT YOUR OWN RISK KNOWING UNLOCKING THE BOOTLOADER VOIDS YOUR WARRANTY​
---------
Necessary Files
First, you'll need all of these files:
● https://drive.google.com/file/d/0B4WUjKii92l2bDl0UV9tS3BEbzA/view | This is the staging blob.
**************************************************(Pick ROOT method or non-root below)
● ***https://drive.google.com/file/d/0B4WUjKii92l2ZWROeFF6WTNaNFU/view | This is the rooted boot image (For use with Step 18 A)
OR
●***https://drive.google.com/file/d/0B4WUjKii92l2bHByWi1kaXZtWm8/view | This is the non-rooted boot image (For use with Step 18 B)
**************************************************(Ensure you follow the corresponding steps as addressed above)
● https://www.androidfilehost.com/?fid=24345424848487676 | This is the experimental TWRP for the Shield Tablet.
● https://www.androidfilehost.com/?fid=24345424848488107 | This is the reduced System Image file compatible with the original Shield Tablet.
---------
Installation Steps
Now begins the fun part, you will need to issue the following commands in order:
Step 1: You will need Fastboot drivers and be in a Fastboot permissible state on your Shield Tablet (Power button + Volume Down).
Step 2: Be in the directory you placed the files you downloaded (IE: "cd \users"username"\downloads")
Step 3: You will need to flash the Staging Blob downloaded from above. In a Command Prompt (or corresponding Window) type "fastboot flash staging blob.img"
Step 4: Power down the device and power on the device (it will bootloop).
Step 5: Return to a Fastboot permissible state (the bootloader).
Step 6: Issue the command "Fastboot getvar all" and ensure you see the line "(bootloader) max-download-size: 0x06000000" If you do not see that line, you flashed the blob wrong... so try again.
Step 7: Issue the command "Fastboot format system"
Step 8: Issue the command "Fastboot erase recovery"
Step 9: Issue the command "Fastboot format cache"
Step 10: Issue the command "Fastboot flash boot boot.img (Use your BOOT.IMG name, unless it is actually named 'boot.img'")
Step 11: Issue the command "Fastboot flash recovery twrpXXXXXXXXXXX (Not actually the recovery name, use tab-complete)"
Step 12: Issue the command "Fastboot flash system reducedsystem.img"
Step 13: Reboot.
Step 14: Return to a Fastboot permissible state.
Step 15: Issue the command "Fastboot format userdata"
Step 16: Reboot @terrigan (happy? )
Step 17: Wait for a long time at the "nVidia" logo.
Step 18: SEE LISTED OPTIONS BELOW
●STEP 18 A: Go through setup and in the Playstore install the app "phh's SuperUser"
OR
●STEP 18 B: Install SuperSU 2.65 BETA which can be downloaded https://download.chainfire.eu/752/SuperSU/BETA-SuperSU-v2.65-20151226141550.zip*FIXED
Step 19: Profit.
---------
Optional Stylus Support:
●The developer, fards, has also supplied us with the NVLauncher.apk which will give you the pop-up. That .apk is downloaded here: http://forum.xda-developers.com/attachment.php?attachmentid=3591547&d=1451326283
---------
Known Bugs
●Battery Drain (see fix)
---------
Battery Drain Fix
Thank you to @sockusminimus for finding this fix. What you need to do is be rooted and open a terminal emulator and issue these commands in order:
• su
• mount -o remount,rw /system
• chmod a-x /system/bin/logd
• Go wipe cache in TWRP
Utilizing this battery drain fix will break system logging.
---------
●A note for post-installation Android M end-users: DO NOT panic when the OS runs poorly. For the first several hours following install and use it will lag. This will subside, the ROM has a settling period. After the settling period, it SHOULD run smooth as stock OG shield 5.1.1
---------
Screenshots of OG Shield Tablet running Android M
●http://i.imgur.com/LtuQRyQ.jpg
●http://i.imgur.com/7hrLiOt.jpg
●http://i.imgur.com/aBKlixu.jpg
●http://i.imgur.com/yM02kD1.jpg

Nice - going to mess with this later and maybe get a 6.0 hybrid rom working.

Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?

Thanks for putting it together.
If you run out of drive allowance I'll zip it all up and stick it on Afh.
I really like this mm build, but there's a lot of things can be done to improve on what Nvidia have done with this.
I quite like their nearly aosp builds, but there's still some slowdowns on sdcard access to work with, I don't understand why they feel the need for a ramdisk.
Virtual memory settings are bad, possibly because of the ramdisk.
Mounting the sdcard as a dynamic extension to internal memory is a great idea, if internal memory wasn't filed first, which throws up errors.
If I get a chance I'll look in to these. But no promises.

gotbass said:
Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?
Click to expand...
Click to collapse
The ROM definitely needed settling time and was laggy for quite a while. But after I let all of the system apps update it runs very smoothly with expected battery life. So aside from the relatively complicated install, the experience is smoot.

fards said:
Thanks for putting it together.
If you run out of drive allowance I'll zip it all up and stick it on Afh.
I really like this mm build, but there's a lot of things can be done to improve on what Nvidia have done with this.
I quite like their nearly aosp builds, but there's still some slowdowns on sdcard access to work with, I don't understand why they feel the need for a ramdisk.
Virtual memory settings are bad, possibly because of the ramdisk.
Mounting the sdcard as a dynamic extension to internal memory is a great idea, if internal memory wasn't filed first, which throws up errors.
If I get a chance I'll look in to these. But no promises.
Click to expand...
Click to collapse
That sounds really great! If you would like some amendments to this or updated links.. Just let me know!

gotbass said:
Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?
Click to expand...
Click to collapse
The OTA isn't expected until next year sometime.

IKOB3AST said:
The OTA isn't expected until next year sometime.
Click to expand...
Click to collapse
Thanks for your efforts.
Yeah the install looks like fun haha.

followed the steps and worked perfectly for me. now running android 6 on my og shield tablet

What about the killswitch?

hello, i have tried to flash that blob but the line you indicated on step 6, "(bootloader) max-download-size: 0x06000000", doesnt show up. any ideas?
C:\adb\platform-tools>fastboot getvar all
(bootloader) version-bootloader: 1.0
(bootloader) version-baseband: 2.0
(bootloader) version: 0.4
(bootloader) serialno:
(bootloader) mid: 001
(bootloader) product: ShieldTablet
(bootloader) secure: no
(bootloader) unlocked: yes
(bootloader) partition-size:bootloader: 0x0000000000600000
(bootloader) partition-type:bootloader: basic
(bootloader) partition-size:recovery: 0x0000000001000000
(bootloader) partition-type:recovery: basic
(bootloader) partition-size:boot: 0x0000000001000000
(bootloader) partition-type:boot: basic
(bootloader) partition-size:dtb: 0x0000000000400000
(bootloader) partition-type:dtb: basic
(bootloader) partition-size:system: 0x0000000050000000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:cache: 0x0000000040000000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:userdata: 0x0000000311600000
(bootloader) partition-type:userdata: ext4
all:
finished. total time: 0.137s
Update: I rebooted and went into a bootloop so something changed when i flashed it. I decided to go for it and everything installed perfect and im setting up 6.0 on og shield tablet.

Nailyouh said:
What about the killswitch?
Click to expand...
Click to collapse
Delete tegra-ota ?

fards said:
Delete tegra-ota ?
Click to expand...
Click to collapse
I mean is it possible that we wont recieve the switch due to updated Firmware ofc I will not try that hehe

Will this work on the LTE version?

Nailyouh said:
What about the killswitch?
Click to expand...
Click to collapse
Tested it on a pyrotab and the killswitch DID NOT activate!

aznmode said:
Will this work on the LTE version?
Click to expand...
Click to collapse
It does. I do not believe LTE will work though.

IKOB3AST said:
Tested it on a pyrotab and the killswitch DID NOT activate!
Click to expand...
Click to collapse
Thanks for being that brave haha I just have a pyrotab so I wont do it :b fear is stronger then being courios in this case :angel:

IKOB3AST said:
It does. I do not believe LTE will work though.
Click to expand...
Click to collapse
That's ok I don't use the LTE. Only reason I have the LTE version now is for the 32gb
Sent from my SM-N910T using Tapatalk

Thanx man! This seems intetesting. Is possible to revert to previous system configuration via nandroid backup twrp?
Sent from my LG-E975 using XDA Free mobile app

Paharsahath JG said:
Thanx man! This seems intetesting. Is possible to revert to previous system configuration via nandroid backup twrp?
Sent from my LG-E975 using XDA Free mobile app
Click to expand...
Click to collapse
No cuz u would backup the whole partition but u can use ie. Titanium backup for the appsettings and stuff works great IMO :good:

Related

[GUIDE]Flash Android 2.3.4 with Windows x64/x86

Prerequisites
AT&T Atrix 4G with and UNLOCKED bootloader
Windows OS x64/x86
Motorola drivers installed
The .zip file listed below contains all the files you need.
Extract this to the root of you C drive and use the following commands in the listed order, one at a time :
Put your device in Fastboot mode by holding the volume down button while booting then volume up
Open up a command prompt and type( ONE AT A TIME )
cd C:\moto-fastboot
moto-fastboot flash boot atrix-2.3.4-hktw-boot.img
moto-fastboot flash system atrix-2.3.4-hktw-system.img
moto-fastboot -w
moto-fastboot reboot
If you followed the steps correctly you should have Gingerbread 2.3.4 on you AT&T Atrix.
Cheers!
Thanks to romracer for compiling the moto-fastboot-win32.
I made this user friendly guide and compiled the .zip with everything you need.
WARNING
The leaked build from Hong Kong / Taiwan was probably not built for a device that is exactly like ours. Test phones can have different hardware. Don't expect everything to work, it's super-duper beta and since we've all only been unlocked 24hrs no one really knows how usable it is! Flash at your own risk... (PS you can 'Skip' Motoblur just by hitting 'Menu' during setup. It won't connect anyway...)
Guide for ROOT
I'm gonna try that right now
Question how would i do this for windows xp 32bit
Can someone tell me what works / doesn't work when using HKTW 2.3.4? Also curious about the speed and stability of the Atrix when using the rom. Is it ready for daily use or should we wait on something else?
mudd_cat23 said:
Question how would i do this for windows xp 32bit
Click to expand...
Click to collapse
This guide should work, XP 32bit is x86.
dcarpenter85 said:
Can someone tell me what works / doesn't work when using HKTW 2.3.4? Also curious about the speed and stability of the Atrix when using the rom. Is it ready for daily use or should we wait on something else?
Click to expand...
Click to collapse
It can be used as a daily ROM
only the Webtop and Fingerprint read dont work, i believe however there's a fix for the Webtop.
Webtop Fix
XLR88 said:
It can be used as a daily ROM
only the Webtop and Fingerprint read dont work, i believe however there's a fix for the Webtop.
Webtop Fix
Click to expand...
Click to collapse
Thanks for the info, I will have to give it a try.
mudd_cat23 said:
Question how would i do this for windows xp 32bit
Click to expand...
Click to collapse
More than likely it should work on XP/Vista x64/x86 and I can confirm it works on Windows 7 x64/x86.
Sucks to be me, I guess.
Ok flashed and now need to go trough motoblur wizard
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\moto-fastboot-2.3.4\moto-fastboot>moto-fastboot flash boot atrix-2.3.4-hktw-boot.img
sending 'boot' (3358 KB)... OKAY [ 0.347s]
writing 'boot'... OKAY [ 0.704s]
C:\moto-fastboot-2.3.4\moto-fastboot>moto-fastboot flash system atrix-2.3.4-hktw-system.img
sending 'system' (262144 KB)... OKAY [ 27.876s]
writing 'system'... OKAY [ 13.985s]
sending 'system' (65410 KB)... OKAY [ 7.065s]
writing 'system'... OKAY [ 3.377s]
C:\moto-fastboot-2.3.4\moto-fastboot>moto-fastboot -w
erasing 'userdata'... OKAY [ 6.140s]
erasing 'cache'... OKAY [ 2.136s]
C:\moto-fastboot-2.3.4\moto-fastboot>
C:\moto-fastboot-2.3.4\moto-fastboot>moto-fastboot reboot
rebooting...
C:\moto-fastboot-2.3.4\moto-fastboot>
Hmm, what the hell could I be doing wrong?
Interesting.. can't login to moto blur..
It say's
Error signing into account
An error has occurred. Please try again..
I check username and pass several times..
jwhited said:
Sucks to be me, I guess.
Click to expand...
Click to collapse
Flash 1.83 SBF using RSDLite and then try again
Copy and paste the commands one at a time instead of typing to prevent errors.
zexbig said:
Interesting.. can't login to moto blur..
It say's
Error signing into account
An error has occurred. Please try again..
I check username and pass several times..
Click to expand...
Click to collapse
Press Menu->Skip
unless you really want MotoBlur. (and i am sure you are the only one in the world who wants blurrrrrrr). If thats the case, blurrr wont work on this build. Go back to 1.83 or some other official release
zexbig said:
Interesting.. can't login to moto blur..
It say's
Error signing into account
An error has occurred. Please try again..
I check username and pass several times..
Click to expand...
Click to collapse
Forgot to mention, Motoblur does not work......press menu and then select skip on the screen.
This was way to easy.
Thank you!!
Well.. there is new option.. during setup press menu button and select skip setup..
It will skip moto blur setup and disable locate my phone trough moto blur but that's about it
Where do we put the root commands?
/preinstall/dosu
/bin/mount -o remount,rw /system
cp /preinstall/su /system/bin/
PATH=/system/bin:$PATH pm install /preinstall/Superuser.apk
Click to expand...
Click to collapse
XLR88 said:
Flash 1.83 SBF using RSDLite and then try again
Copy and paste the commands one at a time instead of typing to prevent errors.
Click to expand...
Click to collapse
Hmm, I did start from a 1.83 SBF (from a different source, mine was a .7z file.. Worked just the same, though.) I'll try the one from your link, and go from there.
Should just need to flash SBF, unlock, and go, right?

Got my pair of Glass, time to give back to the community

Hi,
I finally got very own pair of Google Glass, HAPPY
and I've done a little hack so far...
What works?
Install a launcher on Glass (i used holo launcher)
playback youtube.apk videos
What doesnt work?
Google Play services (cannot install, i guess some mod is required?)
Google Play Store (you can open the store, but when you try to download something, FC comes)
Semi-work?
Bluetooth mouse, but keyboard doesnt work(cannot type any letter or number), but the hotkey on the keyboard works (no idea why, but i ordered the keyboard&mouse bundled bluetooth device to get basic thing working) [Razer Orochi + Apple Bluetooth Keyboard]
If anyone want to ask something or wanna me try something fun on the Glass, please ask!
I would love to see the great potential of this little android devices
Dump.. EVERYTHING.
I need a complete dump of every part of Glass so I can work on creating a decent ROM for phones.
You could try shoveling through the files for Google Play and see if it requires any frameworks and if so, then copy those from a nexus device.
ytwytw said:
Hi,
I finally got very own pair of Google Glass, HAPPY
and I've done a little hack so far...
What works?
Install a launcher on Glass (i used holo launcher)
playback youtube.apk videos
What doesnt work?
Google Play services (cannot install, i guess some mod is required?)
Google Play Store (you can open the store, but when you try to download something, FC comes)
Semi-work?
Bluetooth mouse, but keyboard doesnt work(cannot type any letter or number), but the hotkey on the keyboard works (no idea why, but i ordered the keyboard&mouse bundled bluetooth device to get basic thing working) [Razer Orochi + Apple Bluetooth Keyboard]
If anyone want to ask something or wanna me try something fun on the Glass, please ask!
I would love to see the great potential of this little android devices
Click to expand...
Click to collapse
Like you suspect, it could be your keyboard. They demo'd something similiar to this keyboard at the Hacking Glass talk at I/O
I know and i did order that keyboard and its on the way
Sent from my HTC One using Tapatalk 2
TonyStark23 said:
Dump.. EVERYTHING.
I need a complete dump of every part of Glass so I can work on creating a decent ROM for phones.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2271315
[SYSTEM DUMP][DEV] Google Glass XE5
i guess this is what you need?
or let me know how to dump it
Sent from my HTC One using Tapatalk 2
-a- said:
You could try shoveling through the files for Google Play and see if it requires any frameworks and if so, then copy those from a nexus device.
Click to expand...
Click to collapse
i would love to try but it cant be done without root access and I don't want to root my Glass without factory image from Google
Sent from my HTC One using Tapatalk 2
ytwytw said:
i would love to try but it cant be done without root access and I don't want to root my Glass without factory image from Google
Click to expand...
Click to collapse
TheManii said:
Just to organize everything:
glass_1-img-201305051837.zip
boot.img
recovery.img
system.img
c17357b01ac6.signed-glass_1-665738-from-625737.c17357b0.zip
fpga.img
MLO
u-boot.bin
The first link is the factory image for XRR35 (XE5) from google, the 2nd link is the OTA from XRR02 -> XRR35 (ie XE4 -> XE5)
Click to expand...
Click to collapse
Could you make a list of the partitions on the gGlass to see if we're actually missing any bootloader pieces?
I would assume that fpga.img/MLO/u-boot.bin would make up all the leftover pieces, but we could certianly use a confirmation.
Code:
/dev/block/platform/<omap something>.1(?)/by-name
would be a good place to start, you may need to be rooted but goog's posted enough files to revert that when needed.
I was going to be ballsy and try flashing the image onto a Gnex, I'm actually curious if anyone will attempt to make a Glass ROM for other devices.
TheManii said:
Could you make a list of the partitions on the gGlass to see if we're actually missing any bootloader pieces?
I would assume that fpga.img/MLO/u-boot.bin would make up all the leftover pieces, but we could certianly use a confirmation.
Code:
/dev/block/platform/<omap something>.1(?)/by-name
would be a good place to start, you may need to be rooted but goog's posted enough files to revert that when needed.
Click to expand...
Click to collapse
[email protected]:/dev/block/platform/omap/omap_hsmmc.1 $ ls
by-name
by-num
mmcblk0
mmcblk0boot0
mmcblk0boot1
mmcblk0p1
mmcblk0p2
mmcblk0p3
mmcblk0p4
mmcblk0p5
mmcblk0p6
mmcblk0p7
mmcblk0p8
mmcblk0p9
[email protected]:/dev/block/platform/omap/omap_hsmmc.1 $
I guess is this what you need?
TonyStark23 said:
I was going to be ballsy and try flashing the image onto a Gnex, I'm actually curious if anyone will attempt to make a Glass ROM for other devices.
Click to expand...
Click to collapse
https://github.com/zhuowei/Xenologer
i believe just simply install those apk + pie control (to emulate hardware key) is great enough to get GLASS experience on current android devices
ytwytw said:
[email protected]:/dev/block/platform/omap/omap_hsmmc.1 $ ls
by-name
I guess is this what you need?
Click to expand...
Click to collapse
could you do inside the by-name folder?
permission denied
i just back from work, gonna install ubuntu on my pc and unlock bootloader & root it
Sent from my HTC One using Tapatalk 2
This actually has huge potential because I think these Glass apps can be a viable replacement of car mode in our phone. Tasker+Glass app=awesomeness over 9000
spent 3 days on rooting glass
My computer cannot find Glass when its in Fastboot mode, and i tried another machine, fastboot devices works, but after i excute fastboot oem unlock, Glass hangs... damn... and the genetic 4.0.3 root not working either...
Sent from my HTC One using Tapatalk 4 Beta
ytwytw said:
spent 3 days on rooting glass
My computer cannot find Glass when its in Fastboot mode, and i tried another machine, fastboot devices works, but after i excute fastboot oem unlock, Glass hangs... damn... and the genetic 4.0.3 root not working either...
Sent from my HTC One using Tapatalk 4 Beta
Click to expand...
Click to collapse
Try using my tool.
Sent from my Kindle Fire HD 7 using xda app-developers app
-a- said:
Try using my tool.
Sent from my Kindle Fire HD 7 using xda app-developers app
Click to expand...
Click to collapse
Here is the problem, my Windows Machine cannot even see Glass if I do "adb devices", when I reboot the Glass into fastboot mode, connecting to the windows machine, it simply says the USB device has problem, please unplug and plug in again
On my mac machine, I tried to run your bat manually, it doesn't work, which I am not surprised (the exploit only works on XE4, not XE5, and its Android 4.0.3 only, 4.0.4 wont work)
and when I try to unlock bootloader on my Mac, I have the following error
$ fastboot oem unlock
< waiting for device >
...
(bootloader) Warning: Unlocking your device will void your warranty
(bootloader) and erase your personal data from the device.
(bootloader) Run "fastboot oem unlock" again to confirm.
(bootloader) Device still locked.
OKAY [ 0.001s]
finished. total time: 0.001s
$ fastboot oem unlock
...
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
finished. total time: 0.149s
$ fastboot oem unlock
...
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
finished. total time: 230.879s
$
I also tried a ubuntu machine, adb devices can see Glass, but after i reboot into bootloader, fastboot devices wont see Glass anymore
I am MAD, just saying, I have a N4 and HTC One, both works great on Windows, Mac and Ubuntu Machine, no issue at all, so... IDK if google did some trick somewhere IDK
ytwytw said:
Here is the problem, my Windows Machine cannot even see Glass if I do "adb devices", when I reboot the Glass into fastboot mode, connecting to the windows machine, it simply says the USB device has problem, please unplug and plug in again
On my mac machine, I tried to run your bat manually, it doesn't work, which I am not surprised (the exploit only works on XE4, not XE5, and its Android 4.0.3 only, 4.0.4 wont work)
and when I try to unlock bootloader on my Mac, I have the following error
$ fastboot oem unlock
< waiting for device >
...
(bootloader) Warning: Unlocking your device will void your warranty
(bootloader) and erase your personal data from the device.
(bootloader) Run "fastboot oem unlock" again to confirm.
(bootloader) Device still locked.
OKAY [ 0.001s]
finished. total time: 0.001s
$ fastboot oem unlock
...
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
finished. total time: 0.149s
$ fastboot oem unlock
...
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
finished. total time: 230.879s
$
I also tried a ubuntu machine, adb devices can see Glass, but after i reboot into bootloader, fastboot devices wont see Glass anymore
I am MAD, just saying, I have a N4 and HTC One, both works great on Windows, Mac and Ubuntu Machine, no issue at all, so... IDK if google did some trick somewhere IDK
Click to expand...
Click to collapse
Follow the tutorial I linked for the adb drivers in my thread on rooting the glass
Sent from my Amazon Kindle Fire HD using xda app-developers app
-a- said:
Follow the tutorial I linked for the adb drivers in my thread on rooting the glass
Sent from my Amazon Kindle Fire HD using xda app-developers app
Click to expand...
Click to collapse
The problem is... there is no yellow warning sign in device manager, only Glass 1 Camera device listed in device manager :[
tried to force update that driver, but win8 doesnt allow me to do so (driver signature already turn off as I am using other toolbox)
TheManii said:
could you do inside the by-name folder?
Click to expand...
Click to collapse
just flashed insecured boot, and here is your need
[email protected]:/dev/block/platform/omap/omap_hsmmc.1/by-name # ls
boot
bootconfig
bootloader
cache
fpga
recovery
system
userdata
xloader
[email protected]:/dev/block/platform/omap/omap_hsmmc.1/by-name #

Multi-platform 1-Click bootloader unlock for *ANY* 3rd Gen HDX (with VirtualBox)

UPDATE 2022-03-05: Network Access Snafu
During the last week or so, a server-side issue caused 1-Click to fail
either silently or with a "1-Click needs network access!" message
on startup. If you experienced the above, please try again!
Changed:
VirtualBox 6.1.x support (tested with 6.1.16)
works fine on Linux with Firefox and USB2 ports
tends to be flaky on MacOS with Safari; PLEASE use Firefox or Chrome!!
may need to connect via a USB2 hub or try different ports and cables
More accurate state assessment (i.e. rooted/unlocked/etc)
More aggressive planning logic
always look for ROM/GAPPS/SU in internal storage
may end up offering choices that make very little sense
Assorted fixes and improvements
hopefully fewer new bugs were introduced than old ones fixed
Unchanged:
No prerequisites on the device side
no root needed
full stock is OK
stuck in fastboot is fine
heck, it even works with _some_ soft-bricks
Does NOT work on Windows
1-Click is a virtual machine and a script that starts the VM in VirtualBox.
Unfortunately, VirtualBox on Windows fails to pass certain USB devices
including the HDX in bulk mode from Windows to the VM.
Network access required to grab the right aboot + TWRP for your device
Optional TWRP magic to auto-install ROM.zip, GAPPS.zip, and SU.zip from internal storage
PM me for a personal link and please state your regular HOST operating system.
Gotchas:
Requests without HOST OS information will be ignored.
Naturally, the same applies to requests with a Windows HOST OS.
Running 1-Click inside another VM is almost guaranteed NOT to work.
Link requests should be sent at the earliest 2 weeks after join date.
Freshly joined members are encouraged to spend some time
familiarizing themselves with the details of working with this device
by studying the relevant threads in this forum.
If you send a request be sure to monitor your account for replies!
A response should arrive within a week (or so), but the link is only valid for 2 days.
Don't miss your chance!
draxie said:
Title says it all..
(Well, almost: you need a vulnerable bootloader,
i.e. 3.2.3.2 or earlier, that foolishly accepts forged
signatures...)
Download and unpack the attached zip file.
Run the right '1-Click' script for your platform
(that is, '1-Click.bat' for Windows users,
and '1-Click' on OS X and Linux).
Simply clicking on the script works in Windows and OS X.
On these more "one-size fits all" operating systems, the scripts
-modulo network connectivity- will also download and install
VirtualBox, if it's not already installed.
Linux users need either VirtualBox or QEMU installed.
There are simply too many variants to automate this
for all the different distros. Sorry...
On some Linux variants, instead of launching the script
the click action opens the script in editor... YMMV
This may, in fact, be very useful, since on some of the same
Linux variants the script has to be run as root to avoid
automounters taking precedence; in which case, you're
well advised to make sure you read and understand what
the script is doing before you run it as root, because I take no
-that is: ZERO- responsibility for any damage that may result.
I personally tested the scripts on
Linux: Mint 17.2 (both 32-bit and 64-bit versions)
OS X: Mountain Lion, Yosemite, El Capitan
Windows: 7, 8.1, 10
The 1-Click VM runs a minimal Linux system with adb/fastboot
and a pure C "cuber" using OpenSSL's BigNum library.
No need to download adb/fastboot, python, or worry about
drivers on your host system.
Good luck!
Click to expand...
Click to collapse
Very cool! Will be interesting to try this out (have to wait for a someone with an eligible device that is willing to give it a whirl).
Any takers?
Davey126 said:
Very cool! Will be interesting to try this out (have to wait for a someone with an eligible device that is willing to give it a whirl).
Click to expand...
Click to collapse
BTW, this works with already unlocked devices also,
if anyone is willing to do some independent testing.
This is how I tested also... should be completely harmless.
Ran this against my HDX 7
Puttytel reported an 'error reading from serial device', but after it had initiated device shutdown so just a gui annoyance (I'm on windows, so commonplace.) It seemed to work, but I haven't verified yet..
> fastboot -i 0x1949 oem device-info
kindle fire [fastboot]
oem device-info...Device tampered: false
Ok.
I'll do some more testing later.
codeshane said:
Puttytel reported an 'error reading from serial device', but after it had initiated device shutdown so just a gui annoyance (I'm on windows, so commonplace.) It seemed to work, but I haven't verified yet..
> fastboot -i 0x1949 oem device-info
kindle fire [fastboot]
oem device-info...Device tampered: false
Ok.
I'll do some more testing later.
Click to expand...
Click to collapse
Thanks for reporting back!
The puttytel message is normal: the serial port it's talking to
disappears when the VM shuts down.
If/when you test again do check your Kindle after the fastboot prompt
appears but **before** you hit [Enter] in the puttytel window!
You should see "Unlock code correct" in green,
if the unlock worked...
Other than that, since you seem to have fastboot working, you can use
Code:
fastboot -i 0x1949 oem idme ?
to see if your device is unlocked (see here for a list of commands).
draxie said:
Other than that, since you seem to have fastboot working, you can use
Code:
fastboot -i 0x1949 oem idme ?
to see if your device is unlocked (see here for a list of commands).
Click to expand...
Click to collapse
C:\>fastboot -i 0x1949 oem idme ?
...
(bootloader) board_id: 0c0400
(bootloader) serial: xxxxxxxxxxxxxxxx
(bootloader) mac_addr: 00BB3Axxxxxx
(bootloader) bt_mac_addr: 00BB3Axxxxxx
(bootloader) productid: 0
(bootloader) productid2: 0
(bootloader) bootmode: 1
(bootloader) postmode: 0
(bootloader) bootcount: 203
(bootloader) panelcal:
(bootloader) time_offset: 0
(bootloader) signature:
(bootloader) idme done
OKAY [ 0.359s]
finished. total time: 0.361s
I feel rusty, haven't done any android dev in two years.. never tried to unlock a bootloader beyond 'fastboot oem unlock' before, but I really don't want them re-locking this one (they've taken root from me twice before.) I verified I have root still, but some apps are reporting that I don't. lame. more tests when I have some time, thanks for your time and effort!
Update:
Successfully flashed twrp recovery image recovery-twrp-recovery-2-8-1-0-apollo-t2991155
Happily considering ROMs to blow-away Amazon's 'os' with
codeshane said:
C:\>fastboot -i 0x1949 oem idme ?
...
(bootloader) board_id: 0c0400
(bootloader) serial: xxxxxxxxxxxxxxxx
(bootloader) mac_addr: 00BB3Axxxxxx
(bootloader) bt_mac_addr: 00BB3Axxxxxx
(bootloader) productid: 0
(bootloader) productid2: 0
(bootloader) bootmode: 1
(bootloader) postmode: 0
(bootloader) bootcount: 203
(bootloader) panelcal:
(bootloader) time_offset: 0
(bootloader) signature:
(bootloader) idme done
OKAY [ 0.359s]
finished. total time: 0.361s
Click to expand...
Click to collapse
codeshane said:
I feel rusty, haven't done any android dev in two years.. never tried to unlock a bootloader beyond 'fastboot oem unlock' before, but I really don't want them re-locking this one (they've taken root from me twice before.) I verified I have root still, but some apps are reporting that I don't. lame. more tests when I have some time, thanks for your time and effort!
Update:
Successfully flashed twrp recovery image recovery-twrp-recovery-2-8-1-0-apollo-t2991155
Happily considering ROMs to blow-away Amazon's 'os' with
Click to expand...
Click to collapse
Thoughts:
- take a backup of your current rom before flashing; leave it on the device until the new rom is stable (simplifies recovery)
- if you get a response from 'fastboot -i 0x1949 oem idme' your bootloader is unlocked!
- once you overwrite FireOS there is no chance of loosing root due to Amazon actions. OTA capability is baked into FireOS - not the device firmware.
- If you like AOSP go with Nexus v4. Any of the other HDX roms (CM11, CM12, SlimLP) are also fine choices. Each has a few minor quirks but no major 'gotchas'.
Sorry for the delay, wrote back a while ago but I guess it didn't post (cellular, pfft.)
Went for the Nexus v4 rom, which is running great so far. Thanks again for such a brilliantly simple unlock utility!
I have a few questions.
1. How can I tell I have a vulnerable bootloader?
I've been on Safestrap 3.7 and one of the early 4.2.2 Android Roms since the December after the HDX's release. My stock slot Fire OS hasn't been updated either. So am I on a vulnerable bootloader? How do I check?
2. Where do I start with this?
Is there anything I need to remove? Do I need to be on the stock Fire OS slot? Or do I simply run it as you stated.
3. After the unlock where do I go from there?
I'm so out of the loop I don't know what's the ideal stable rom to use .
Thanks, I'd appreciate any help .
zXiC said:
I have a few questions.
1. How can I tell I have a vulnerable bootloader?
I've been on Safestrap 3.7 and one of the early 4.2.2 Android Roms since the December after the HDX's release. My stock slot Fire OS hasn't been updated either. So am I on a vulnerable bootloader? How do I check?
2. Where do I start with this?
Is there anything I need to remove? Do I need to be on the stock Fire OS slot? Or do I simply run it as you stated.
3. After the unlock where do I go from there?
I'm so out of the loop I don't know what's the ideal stable rom to use .
Thanks, I'd appreciate any help .
Click to expand...
Click to collapse
Check your FireOS version in the stock slot. If 3.2.6 or below you can unlock the bootloader. The rollback procedure depends on the current version of FireOS. Report back and we'll go from there.
Just a little add-on to @Davey126's info:
3.2.3.2 and lower can unlock, 3.2.4 - 3.2.6 must downgrade first.
Once on 3.2.8 or higher you can NOT downgrade anymore due to rollback protection by Amazon, attempting would brick the device! So if you're on 3.2.6 or lower do NOT update!
Cl4ncy said:
Just a little add-on to @Davey126's info:
3.2.3.2 and lower can unlock, 3.2.4 - 3.2.6 must downgrade first.
Once on 3.2.8 or higher you can NOT downgrade anymore due to rollback protection by Amazon, attempting would brick the device! So if you're on 3.2.6 or lower do NOT update!
Click to expand...
Click to collapse
Just a quick comment: since there are no known adverse affects of a failed unlock,
you could just try unlocking to see if your bootloader is 3.2.3.2 or earlier..
If the unlock fails, you could move on to figuring out if downgrading is an option.
draxie said:
Just a quick comment: since there are no known adverse affects of a failed unlock,
you could just try unlocking to see if your bootloader is 3.2.3.2 or earlier..
If the unlock fails, you could move on to figuring out if downgrading is an option.
Click to expand...
Click to collapse
True!! But for for the 'typical' Kindle user (I know...sterotypes) working with a Windows host the effort to unlock far exceeds that of simply checking the FireOS version if still installed.
Hi, can any help why it keep telling me my kindle device is not connected? i using windowX86 and sure open the adb on kindle. thank you!
More accuracy please! (-;
fuxkamazon said:
Hi, can any help why it keep telling me my kindle device is not connected? i using windowX86 and sure open the adb on kindle. thank you!
Click to expand...
Click to collapse
Hi there,
I'm convinced that I can help you,
but I would need a more accurate
trouble report...
In the meantime, I'll try to give some background
and possible causes and remedies to what I think
might be your problem.
1-Click relies on VirtualBox's USB filter mechanism
to pass through any USB device with Amazon' s
vendorId (0x1949) to the 1-Click VM.
This may not always work.
The most common reasons are as follows:
No device is connected.
I presume this does *not* apply...
The device is in use.
This could happen easily, e.g. if you were browsing files on your Kindle.
Apart from possible privilege issues (see next bullet),
these kind of issues are usually solved by simply disconnecting
and reconnecting your device while the VM is running.
This is the most common/likely case, which 1-Click also tells you about..
Have you tried this? (Your report is not very clear on this.)
Possible lack of privilege.
I've only encountered this on Linux (as described in the first post),
but, then again, on all the Windows boxes I tested on, my user is
in the Administrators group; so, this may still apply there.
BTW, I'm guessing that you are on some 32-bit version of Windows,
although I must admit that the "windowX86" moniker in your post
doesn' t make this crystal clear.
Global USB filter rules in VirtualBox may override the rule used by 1-Click.
This only applies if VirtualBox had already been installed
and configured with global USB filter rules before 1-Click.
There may be other reasons, but the above should cover
the most obvious/common cases.
ty for you quick reply. i dun know what info i can provide but ill try. im now using this bl unlock on safestrap3.75 stock rom without opening or browsing any documents. yet, it show the samething i did last couple times. Here is,
Welcome to 1-Click
mount: proc mounted on /proc.
mount: sys mounted on /sys.
mount: dev mounted on /dev.
* daemon not run[ 1.269523] random: adb urandom read with 6 bits of entropy available
ning. starting it now on port 5037 *
* daemon started successfully *
Please make sure ADB is enabled on your Kindle
and connect the device to your computer
In case you don't already know, ADB is enabled by turning on the
'Settings/Device[ Options]/Developer Options/Enable ADB' option.
If 'Developer Options' is missing in 'Settings/Device[ Options]',
tapping 'Settings/Device[ Options]/Serial Number' seven times
will enable it..
Hit [Enter] to continue
No device appears to be connected..
You may need to disconnect and reconnect your device
Hit [Enter] to continue[ 27.214445] random: nonblocking pool is initialized
so hope you can find whats going wrong. ty!
draxie said:
Hi there,
I'm convinced that I can help you,
but I would need a more accurate
trouble report...
In the meantime, I'll try to give some background
and possible causes and remedies to what I think
might be your problem.
1-Click relies on VirtualBox's USB filter mechanism
to pass through any USB device with Amazon' s
vendorId (0x1949) to the 1-Click VM.
This may not always work.
The most common reasons are as follows:
No device is connected.
I presume this does *not* apply...
The device is in use.
This could happen easily, e.g. if you were browsing files on your Kindle.
Apart from possible privilege issues (see next bullet),
these kind of issues are usually solved by simply disconnecting
and reconnecting your device while the VM is running.
This is the most common/likely case, which 1-Click also tells you about..
Have you tried this? (Your report is not very clear on this.)
Possible lack of privilege.
I've only encountered this on Linux (as described in the first post),
but, then again, on all the Windows boxes I tested on, my user is
in the Administrators group; so, this may still apply there.
BTW, I'm guessing that you are on some 32-bit version of Windows,
although I must admit that the "windowX86" moniker in your post
doesn' t make this crystal clear.
Global USB filter rules in VirtualBox may override the rule used by 1-Click.
This only applies if VirtualBox had already been installed
and configured with global USB filter rules before 1-Click.
There may be other reasons, but the above should cover
the most obvious/common cases.
Click to expand...
Click to collapse
fuxkamazon said:
ty for you quick reply. i dun know what info i can provide but ill try. im now using this bl unlock on safestrap3.75 stock rom without opening or browsing any documents. yet, it show the samething i did last couple times. Here is,
Welcome to 1-Click
mount: proc mounted on /proc.
mount: sys mounted on /sys.
mount: dev mounted on /dev.
* daemon not run[ 1.269523] random: adb urandom read with 6 bits of entropy available
ning. starting it now on port 5037 *
* daemon started successfully *
Please make sure ADB is enabled on your Kindle
and connect the device to your computer
In case you don't already know, ADB is enabled by turning on the
'Settings/Device[ Options]/Developer Options/Enable ADB' option.
If 'Developer Options' is missing in 'Settings/Device[ Options]',
tapping 'Settings/Device[ Options]/Serial Number' seven times
will enable it..
Hit [Enter] to continue
No device appears to be connected..
You may need to disconnect and reconnect your device
Hit [Enter] to continue[ 27.214445] random: nonblocking pool is initialized
so hope you can find whats going wrong. ty!
Click to expand...
Click to collapse
This looks fine. The question is what you did next..
Have you tried disconnecting and reconnecting your Kindle
as the message above suggests?
(BTW, since this was the only direct question in my previous post,
I sort of expected you to answer that, but now you get another chance. )
just tried this. i had rooted my kindle when root first came out without safestrap as i didnt like all the restrictions of safestrap. i installed twrp much later and then cm 11 for twrp without an unlocked BL. tried this one click and had to disconnect and reconnect the tablet at one point, no biggie. at another it sat there with no instructions till i hit enter, but it did complete and said it was successful. so ty very much. at some point soon ill try a rom that requires an unlocked BL and see that my BL is really unlocked. great program if it really did work. will donate soon
I'm using Thor with stock 13.3.2.4 block OTA update and safetrap 3.75. So can i use this tool to unlock BL right away or i've downgraded 13.1.0.0 then unlock?
nickytun said:
I'm using Thor with stock 13.3.2.4 block OTA update and safetrap 3.75. So can i use this tool to unlock BL right away or i've downgraded 13.1.0.0 then unlock?
Click to expand...
Click to collapse
You can NOT unlock versions above 3.2.3.2, so you must downgrade first.
Good News is you can downgrade to 3.1.0 using the downgrade images provided by @ggow. Check page 2 here (page 1 is about 3.2.5/3.2.6 users who can NOT use these images!). Then flash TWRP, update the bootloader to 3.2.3.2, unlock the bootloader, then use ROM of your choice.
Read the info, ask if you've any questions before you brick your HDX! Note that factory reset in Safestrap means the standard wipe only (wipes data, cache & dalvik only)! Do NOT go into advanced wipe, do NOT wipe System!
Be sure to make backups of your current system (even if you don't need it anymore), remove the secondary slot(s) in Safestrap to get back the storage used by it (if you created any), and after installation of TWRP create a backup of your Fire OS before you flash any custom ROM.

[UNLOCK][ROOT][TWRP][UNBRICK][DOWNGRADE] Fire 7 (ford and austin).

Read this whole guide before starting.
This is for the 5th gen Fire and 7th gen Fire
Current Version
5th gen: amonet-ford-v1.4.1.zip
7th gen: amonet-austin-v1.4.1.zip
What you need:
A Linux installation or live-system
A micro-USB cable
If your Fire is on a newer preloader-version (or a 7th gen) you may also need:
Something conductive (paperclip, tweezers etc)
Something to open the tablet.
There is an alternative for opening the tablet (only 5th gen), which is described below.
Install python3, PySerial, adb and fastboot. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
If you're lucky and have an old preloader (Up to FireOS 5.3.2, thanks @MontysEvilTwin), you can just hold the left volume button while plugging the device in.
If you're on a newer preloader, there are two options:
Open the device and short the pin marked in the attached photo to ground while plugging in.
(Only 5th gen) Downgrade to 5.0.1 firmware via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
NOTE: Using option two will brick your device until you have successfully finished the process.
1. Extract the attached zip-file "amonet-ford-v1.4.1.zip" (use "amonet-austin-v1.4.1.zip" for 7th gen) and open a terminal in that directory.
2. start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
3. If you have an old preloader or used option 2 above:
Hold the left volume-button and plug the device in.
If you chose option 1, short the device according to the attached photo and plug it in.
NOTE: Make sure the device is powered off, before plugging it in.
NOTE: If you have issues getting a 7th gen into bootrom, read this post by @hwmod
NOTE: For hints, how to access the pins on a 7th gen without removing the shield, check Post 1075 by @shelleyfrank
NOTE:
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
8. Wait for the device to reboot into TWRP.
9. Use TWRP to flash custom ROM, Magisk or SuperSU
To return back to stock, Go into hacked fastboot-mode, then run
Code:
sudo ./stock-recovery.sh
Your device should reboot into amazon recovery. Use adb sideload to install stock image from there.
NOTE:
Only ever flash boot/recovery images using TWRP, if you use FlashFire or other methods that are not aware of the exploit,
your device will likely not boot anymore (unless you flashed a signed image).
TWRP will patch recovery/boot-images on the fly.
NOTE:
fastboot-step flashes the 5.6.3 boot.img, if your device hangs at the orange fire logo, try wiping cache first.
If that doesn't help, your system is probably incompatible with that image, just flash the right boot.img via TWRP.
NOTE:
This process does not disable OTA or does any other modifications to your system.
You will have to do that according to the other guides in this forum.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Thanks also to @ANDROID2468 and @bibikalka for testing things.
Thanks to @mateo121212 and @hwmod for debugging 7th gen.
Thanks to @MontysEvilTwin for figuring out volume-button access works up to FireOS 5.3.2, and for figuring out that 5.3.2 PL/TZ fix prime video.
Features.
Uses 5.3.2 Preloader/TZ for easy access to bootrom (using left volume button/only 5th gen)
Uses 5.6.3 LK for full compatibility with newer kernels.
Hacked fastboot mode lets you use all fastboot commands (flash etc).
Boots custom/unsigned kernel-images (need to be patched)
Sets androidboot.unlocked_kernel=true (enables adb root-shell)
For the devs: sets printk.disable_uart=0 (enables debug-output over UART).
NOTE: Hacked fastboot can be reached via TWRP.
NOTE: Hacked fastboot won't patch your boot/recovery-images, so you can easily go back to stock.
Use TWRP for autopatching.
Version 1.4 (25.03.2019)
Update TWRP to twrp-9.0 sources
Implement downgrade-protection for LK/PL/TZ
Add scripts to enter fastboot/recovery in case of bootloop
Automatically restore boot-patch when you boot into recovery
Version 1.3 (20.03.2019)
Fix Prime Video for ford (5th gen), thanks @MontysEvilTwin (See Post #537 for more info).
Version 1.2.1 (17.02.2019)
Fix bug in 7th gen.
16.02.2019
Now also unlock for the 7th gen
Version 1.2 (14.02.2019)
Updated TWRP to contain new microloader..
Added TWRP shell command reboot-amonet to reboot into hacked fastboot.
Version 1.1 (14.02.2019):
Fixed bug, caused when flashing large images via hacked fastboot.
Include stock recovery.img and script to flash back.
Source Code:
https://github.com/chaosmaster/amonet
https://github.com/chaosmaster/android_bootable_recovery
Nice job.
Anyone who wants to update to the latest FW without undoing the unlock you can get it here
I'm also releasing a customized fire os that I'm calling "fire os revamped" ( comes with nova launcher and other enhancements) it will be on xda soon
edit: here it is.
Sent from my VS986 using XDA Labs
So I can do this without opening it up if I'm on a newer version?
---------- Post added at 06:44 PM ---------- Previous post was at 06:34 PM ----------
So my 5.1.1 Fire, which I believe was originally on 5.0.1 worked.
---------- Post added at 06:51 PM ---------- Previous post was at 06:44 PM ----------
I mean it worked without having to brick or open it up.
k4y0z said:
Read this whole guide before starting.
...
Click to expand...
Click to collapse
@k4y0z awesome work ! My congratulations again for the great achievement and implementation.
Your solution is letting users revive their "bricks" and make them free to use their gadget as they wishes.
There is still some quirk I have on the 7th Gen tablets with the "microloader" code, though it works well
with the 5th Gen, so I am assuming that something can be improved on the 7th Gen and maybe in general.
Your work opens up to new ROMS and other possible use of the tablet for things I have been dreaming about
for long time, having Linux load from µSDCard, from SSD on OTG or from the network (BOOTP/DHCP/NFS ... ).
I know this will take some time and effort but now more than ever I feel the target objective is on sight.
The first thing would be rebuild a completely modular kernel, maybe a more recent one (4.x).
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
...
Click to expand...
Click to collapse
In all Linux OS the correct way for a normal user to gain read/write access to the serial ports (UARTs) is to make himself a member of the "dialup" group.
You can do this by issuing once the following command (two alternatives given here, use only one):
Code:
sudo adduser MY_USER_NAME dialout
or
Code:
usermod -a -G dialout MY_USER_NAME
This avoids using "sudo" and having to type password several times to gain permission to access the serial device,
it also solved many issues I was having due to multiple concurrent access to the Serial Ports and/or USB Ports from
various software and devices (Bluetooth, Camera, Phones, Digital Signing, Crypto Cards, Prolific/FTDI serial converters ... ).
And this is another suggestion for those continuously testing phones and tablets ...
To avoid trashing the tablet connectors due to continuous connect/disconnect of the USB cables I highly recommend
using the following type of USB Multiport Hub with power switches or similar (there are both USB 2.0 and USB 3.0 versions)
they are inexpensive and really unique in its type having an on/off switch for every port effectively help to avoid damaging connectors.
Have a good hacking night. :good:
.:HWMOD:.
---------- Post added at 02:34 AM ---------- Previous post was at 02:17 AM ----------
Pix12 said:
So I can do this without opening it up if I'm on a newer version?
---------- Post added at 06:44 PM ---------- Previous post was at 06:34 PM ----------
So my 5.1.1 Fire, which I believe was originally on 5.0.1 worked.
---------- Post added at 06:51 PM ---------- Previous post was at 06:44 PM ----------
I mean it worked without having to brick or open it up.
Click to expand...
Click to collapse
This is the proof that it was possible to make the hack available to a bigger group of users.
Another big achievement obtained by the awesome @k4y0z though in my tests this is not
always possible yet, more testing will probably reveal the reason and let's improve on that.
This is especially annoying on the 7th Gen tablets but I keep hoping a simpler way would help there.
Disconnecting the battery does the difference at times and that means just removing two small screws.
.:HWMOD:.
k4y0z said:
Read this whole guide before starting.
This is for the 5th gen Fire.
It can also be used to root a 7th gen, but there are some differences.
It's best you wait for a separate guide how to use this to root your 7th gen.
:
:
Very special thanks to @xyz' for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Thanks also to @[email protected] and @bibikalka for testing things.
Click to expand...
Click to collapse
Outstanding contribution. Clear, concise and relevant to a broad community with appropriate acknowledgements. This is what XDA is all about.
hwmod said:
@k4y0z
There is still some quirk I have on the 7th Gen tablets with the "microloader" code, though it works well
with the 5th Gen, so I am assuming that something can be improved on the 7th Gen and maybe in general.
Click to expand...
Click to collapse
What quirks other than the non-functional screen?
Have you tested what I suggested in the other thread?
In all Linux OS the correct way for a normal user to gain read/write access to the serial ports (UARTs) is to make himself a member of the "dialup" group.
Click to expand...
Click to collapse
That would be the "correct" way of course, I just assumed people where using live-systems, so sudo seems like the easier solution.
k4y0z said:
What quirks other than the non-functional screen?
Have you tested what I suggested in the other thread?
That would be the "correct" way of course, I just assumed people where using live-systems, so sudo seems like the easier solution.
Click to expand...
Click to collapse
Yes I tried to use the file "boot.7th.patched.img" you shared and the UART but the tablet doesn't boot up,
it crashes as soon as the "microloader.bin" is executed, the logs says something like "undefined, aborting"
instead of printing the heading "microloader by xyz. Copyright 2019" as it does with the 5th Gen.
It doesn't print the message "Something went horribly wrong!" that the code print if an error is detected.
It seems the error has to do with a wrong load address, after the error the processor registers are dumped.
Two things I noticed the first shouldn't be a problem but all the image wrappers contains a residual
from the mt8163 platform, the parameters "bootopt=64S3,32N2,32N2". It is present also in "microloader.bin".
I understand that probably it doesn't do anything bad on our Fire mt8127 platform but removing these would
also ensure that possible behaviours are also removed and we don't have that "cmdline" parameter hanging
around without a precise scope.
The second thing is that it seems to me the "boot.7th.patched.img" you shared and asked me to try doesn't
come from version 5.6.3 of the firmware and that may be another point which might break the loading
process and the version mismatches I am seeing on the 7th Gen.
So we don''t have a native "preloader" for the 7th Gen that allow booting images as we have for the 5th Gen so
we are forced to use the one we have from 5th Gen but the we have no matching secondary loader and that
might be another reason we are having a hard time replicating the process that run smoothly on the 5th Gen.
However, even on the 7th we have gained "root" by using the "SuperSu" and also the TWRP seems to be working
well and following that path also the touch screen problems do not show up and everything run natively correct.
Now, what's happen when we face the update route is still unknown, however we will soon learn that since this
evening my 5th Gen downloaded as much as 18 components that needed to be updated on 5.6.3.
I captured them all and have saved the 18 pieces, all are "apk" files, no ".zip" and no ".bin" files.
I am going to download the update version you released today and the patched TWRP and
tomorrow I will restart testing everything again and will let you know if something changes and if there are
further improvements for the 7th Gen.
One request I have is: where can I put more kernel "cmdline" parameters as you did with "printk_disable_uart=0" ?
That's all for now, thank you again for the nice surprises !
.:HWMOD:.
hwmod said:
Yes I tried to use the file "boot.7th.patched.img" you shared and the UART but the tablet doesn't boot up,
it crashes as soon as the "microloader.bin" is executed, the logs says something like "undefined, aborting"
instead of printing the heading "microloader by xyz. Copyright 2019" as it does with the 5th Gen.
It doesn't print the message "Something went horribly wrong!" that the code print if an error is detected.
It seems the error has to do with a wrong load address, after the error the processor registers are dumped.
Click to expand...
Click to collapse
Ok that shouldn't happen, it should at least get further than that.
You are testing it with the 5th gen preloader/lk correct?
Maybe I messed something up creating the image.
I have attached a new one from the 7th 5.6.3 firmware.
Please use the new version 1.1 of the package I just updated a few minutes ago.
(It uses different addressing).
hwmod said:
Two things I noticed the first shouldn't be a problem but all the image wrappers contains a residual
from the mt8163 platform, the parameters "bootopt=64S3,32N2,32N2". It is present also in "microloader.bin".
I understand that probably it doesn't do anything bad on our Fire mt8127 platform but removing these would
also ensure that possible behaviours are also removed and we don't have that "cmdline" parameter hanging
around without a precise scope.
Click to expand...
Click to collapse
I don't think that will cause any issues, the kernel should at least load and print something to UART.
It's not even loading the microloader correctly. (which should work, since it works for TWRP)
hwmod said:
One request I have is: where can I put more kernel "cmdline" parameters as you did with "printk_disable_uart=0" ?
Click to expand...
Click to collapse
I will have to think about that, the flags would need to be stored somewhere.
Sadly the 5.6.3 bootloader doesn't suppoert "oem append-cmdline" anymore.
k4y0z said:
Ok that shouldn't happen, it should at least get further than that.
You are testing it with the 5th gen preloader/lk correct?
Maybe I messed something up creating the image.
I have attached a new one from the 7th 5.6.3 firmware.
Please use the new version 1.1 of the package I just updated a few minutes ago.
(It uses different addressing).
I don't think that will cause any issues, the kernel should at least load and print something to UART.
It's not even loading the microloader correctly. (which should work, since it works for TWRP)
I will have to think about that, the flags would need to be stored somewhere.
Sadly the 5.6.3 bootloader doesn't suppoert "oem append-cmdline" anymore.
Click to expand...
Click to collapse
What about "fastboot --cmdline" that is in the help of newer version ?
I have never been able to use that. Can that be made to work in some way ?
hwmod said:
What about "fastboot --cmdline" that is in the help of newer version ?
I have never been able to use that. Can that be made to work in some way ?
Click to expand...
Click to collapse
I haven't tried, my fastboot doesn't support this option.
If the 5.6.3 LK supports it, it should work in hacked fastboot mode.
k4y0z said:
I haven't tried, my fastboot doesn't support this option.
If the 5.6.3 LK supports it, it should work in hacked fastboot mode.
Click to expand...
Click to collapse
Here it is !
Taken from Fedora 29 should work on any recent Linux.
See the line I have made in bold in the included help output here.
Seems to indicate that "fastboot" will pass the "cmdline" parameter,
obviously it needs to be implemented in the target platform though.
Code:
# fastboot --help
usage: fastboot [OPTION...] COMMAND...
flashing:
update ZIP Flash all partitions from an update.zip package.
flashall Flash all partitions from $ANDROID_PRODUCT_OUT.
On A/B devices, flashed slot is set as active.
Secondary images may be flashed to inactive slot.
flash PARTITION [FILENAME] Flash given partition, using the image from
$ANDROID_PRODUCT_OUT if no filename is given.
basics:
devices [-l] List devices in bootloader (-l: with device paths).
getvar NAME Display given bootloader variable.
reboot [bootloader] Reboot device.
locking/unlocking:
flashing lock|unlock Lock/unlock partitions for flashing
flashing lock_critical|unlock_critical
Lock/unlock 'critical' bootloader partitions.
flashing get_unlock_ability
Check whether unlocking is allowed (1) or not(0).
advanced:
erase PARTITION Erase a flash partition.
format[:FS_TYPE[:SIZE]] PARTITION
Format a flash partition.
set_active SLOT Set the active slot.
oem [COMMAND...] Execute OEM-specific command.
boot image:
boot KERNEL [RAMDISK [SECOND]]
Download and boot kernel from RAM.
flash:raw PARTITION KERNEL [RAMDISK [SECOND]]
Create boot image and flash it.
[B] --cmdline CMDLINE Override kernel command line.[/B]
--base ADDRESS Set kernel base address (default: 0x10000000).
--kernel-offset Set kernel offset (default: 0x00008000).
--ramdisk-offset Set ramdisk offset (default: 0x01000000).
--tags-offset Set tags offset (default: 0x00000100).
--page-size BYTES Set flash page size (default: 2048).
--header-version VERSION Set boot image header version.
--os-version MAJOR[.MINOR[.PATCH]]
Set boot image OS version (default: 0.0.0).
--os-patch-level YYYY-MM-DD
Set boot image OS security patch level.
Android Things:
stage IN_FILE Sends given file to stage for the next command.
get_staged OUT_FILE Writes data staged by the last command to a file.
options:
-w Wipe userdata.
-s SERIAL Specify a USB device.
-s tcp|udp:HOST[:PORT] Specify a network device.
-S SIZE[K|M|G] Break into sparse files no larger than SIZE.
--slot SLOT Use SLOT; 'all' for both slots, 'other' for
non-current slot (default: current active slot).
--set-active[=SLOT] Sets the active slot before rebooting.
--skip-secondary Don't flash secondary slots in flashall/update.
--skip-reboot Don't reboot device after flashing.
--disable-verity Sets disable-verity when flashing vbmeta.
--disable-verification Sets disable-verification when flashing vbmeta.
--wipe-and-use-fbe Enable file-based encryption, wiping userdata.
--unbuffered Don't buffer input or output.
--verbose, -v Verbose output.
--version Display version.
--help, -h Show this message.
.:HWMOD:.
hwmod said:
Here it is !
Taken from Fedora 29 should work on any recent Linux.
See the line I have made in bold in the included help output here.
Seems to indicate that "fastboot" will pass the "cmdline" parameter,
obviously it needs to be implemented in the target platform though.
Click to expand...
Click to collapse
Just noticed in mine there is
-c <cmdline> Override kernel commandline.
Click to expand...
Click to collapse
I don't think it's supported by LK.
I suppose you could just rebuild a kernel-image with the appropriate cmdline.
k4y0z said:
Just noticed in mine there is
I don't think it's supported by LK.
I suppose you could just rebuild a kernel-image with the appropriate cmdline.
Click to expand...
Click to collapse
Yes that was another form of of passing the same arguments in a previous version of "fastboot".
I am keeping a collection of "fastboot" version and by looking to the "lk" binaries I see there are
still a lot of referrals string related to "cmdline" handling.
If there is a way to still pass some parameter it might be feasible to inject some on the "cmdline".
Another thing I have been exploring is the MISC partition which contains the ENV variable of "lk".
There is a parameter written in the "lk" environment which reside in that MISC partition which is
"off-mode-charge=1", that parameter is followed by a simple CRC sum of the bytes of the string.
I thought that maybe by writing more parameters in MISC it would result to a parameter injection
but I didn't have the success I hoped, maybe I didn't test well enough or failed something, anyway
that MISC partition is almost empty and maybe it can be used too as extra persistent memory should
we need to save something bigger than a couple of kilobytes.
Have fun !
.:HWMOD:.
~
k4y0z said:
If you're on a newer preloader, there are two options:
Open the device and short the pin marked in the attached photo to ground while plugging in.
Downgrade to 5.0.1 firmware via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
Thanks also to @[email protected]
Click to expand...
Click to collapse
Wasn't exactly clear on this, so on the 7th gen we can sideload the 5.0.1 firmware (bricking the device) then we're able to enter boot-rom and are able to continue with the rest of the the steps?
Rortiz2 said:
@hwmod finally I rooted the fire 7 7th gen! Thanks to @mateo121212 !
Click to expand...
Click to collapse
with the new files k4y0z posted i am working on streamlining the process to make a simpler method for the 7th gen. also the SU 2.82 sr5 edits the .sh file that rebuilds the recovery. thats why some people lose there recovery even if they flash both system and boot from same FW.
.
~

Did I brick my v20 H910/H915?

Bought an LG v20 H910.
One of the methods to change from standard ROM involved altering the phone to an H91510e.
Although the expected results from those instructions did not happen on this phone, afterward the phone WAS working as an H915.
Tried again with a different method to add TWRP to the (now) H915 but I fear it bricked.
1) I can get [fastboot mode] (vol-, then plug USB in) to come up but I have no idea from here how to get to install TWRP (or even it it did get installed).
2) Trying to enter [download mode] just gives me a colorful garbled screen.
3) Just trying now to turn on the phone says OS corrupted.
In [download mode] LGUP does run but it cannot determine the phone's model, so it won't do anything.
In [fastboot mode] the screen just has tiny writing that says "1140 fastboot mode" started, and above that it that has some data about the phone:
product_name - msm8886 64GB
variant - msm8886 64GB
bootloaded version -
baseband version -
carrier_info - N/A
serial_number - [serial number here]
signing - production
secure_boot - disabled
lock_state - locked
PS - The msm# above (8886) *could be* 9996 or 8996, etc. The print is way tiny and characters too close together. Can't really tell
Can anyone help?
ElMudshark said:
Bought an LG v20 H910.
One of the methods to change from standard ROM involved altering the phone to an H91510e.
Although the expected results from those instructions did not happen on this phone, afterward the phone WAS working as an H915.
Tried again with a different method to add TWRP to the (now) H915 but I fear it bricked.
1) I can get [fastboot mode] (vol-, then plug USB in) to come up but I have no idea from here how to get to install TWRP (or even it it did get installed).
2) Trying to enter [download mode] just gives me a colorful garbled screen.
3) Just trying now to turn on the phone says OS corrupted.
In [download mode] LGUP does run but it cannot determine the phone's model, so it won't do anything.
In [fastboot mode] the screen just has tiny writing that says "1140 fastboot mode" started, and above that it that has some data about the phone:
product_name - msm8886 64GB
variant - msm8886 64GB
bootloaded version -
baseband version -
carrier_info - N/A
serial_number - [serial number here]
signing - production
secure_boot - disabled
lock_state - locked
PS - The msm# above (8886) *could be* 9996 or 8996, etc. The print is way tiny and characters too close together. Can't really tell
Can anyone help?
Click to expand...
Click to collapse
Finish the H910 root guide and you'll be fine
Sent from my ONEPLUS A6010 using Tapatalk
clsA said:
Finish the H910 root guide and you'll be fine
Click to expand...
Click to collapse
Following the instructions at:
https://forum.xda-developers.com/v20/how-to/root-h910-v10m-t3664500
Do I have the wrong instructions? At one point the instructions say :
"Download this modified ... DirtySanta root package: [link] - Extract this somewhere that you can run adb and fastboot from."
But that [link] is dead so I found what I assumed to be the right "LG V20 Root Package.zip" and ran that, but later problems (where the instruction on what to manually type in and run) are obviously for different files than what came in my ZIP download. The instructions call for .BAT files, but I have .CMD files, and they're in a sub-folder.
Also, even though the next link also seems dead I managed to find and D/L h910-10r.zip.
Anyway, running "adb logcat -s dirtysanta" does open a CMD window that freezes after "beginning of system & beginning of main, then nothing.
In the other CMD window I'm supposed to run the .BAT files I do not have and the .CMD files will not run.
So, going back now to the instructions If I want to pick up where it failed, where do I go?
I suppose I must start the phone in fastboot mode but even so STEP1.CMD will not run.
I can run "JustRunMe.cmd" which opens a couple of DOS windows but in there steps 1 & 2 both fail.
Step 3 does /something/ on the phone (files transfers?) then the phone reboots to that LG logo screen and stays there forever.
Thanks. (Hoping that helps you to help me!)
ElMudshark said:
Following the instructions at:
https://forum.xda-developers.com/v20/how-to/root-h910-v10m-t3664500
Do I have the wrong instructions? At one point the instructions say :
"Download this modified ... DirtySanta root package: [link] - Extract this somewhere that you can run adb and fastboot from."
But that [link] is dead so I found what I assumed to be the right "LG V20 Root Package.zip" and ran that, but later problems (where the instruction on what to manually type in and run) are obviously for different files than what came in my ZIP download. The instructions call for .BAT files, but I have .CMD files, and they're in a sub-folder.
Also, even though the next link also seems dead I managed to find and D/L h910-10r.zip.
Anyway, running "adb logcat -s dirtysanta" does open a CMD window that freezes after "beginning of system & beginning of main, then nothing.
In the other CMD window I'm supposed to run the .BAT files I do not have and the .CMD files will not run.
So, going back now to the instructions If I want to pick up where it failed, where do I go?
I suppose I must start the phone in fastboot mode but even so STEP1.CMD will not run.
I can run "JustRunMe.cmd" which opens a couple of DOS windows but in there steps 1 & 2 both fail.
Step 3 does /something/ on the phone (files transfers?) then the phone reboots to that LG logo screen and stays there forever.
Thanks. (Hoping that helps you to help me!)
Click to expand...
Click to collapse
all the correct files to do the root guide are in my AFH here > https://www.androidfilehost.com/?w=files&flid=281250
theirs a Noob version of this guide here also > https://forum.xda-developers.com/showthread.php?t=3932999
clsA said:
all the correct files to do the root guide are in my AFH here > https://www.androidfilehost.com/?w=files&flid=281250 theirs a Noob version of this guide here also > https://forum.xda-developers.com/showthread.php?t=3932999
Click to expand...
Click to collapse
Trying to download the (15) files at that drop but (so far) one of the 1st several I've clicked on fails to d/l every time.
h910_root_pkg.zip seems to complete then I get a network error and the ZIP is corrupted. I tried mirrors, same result and I still have 13 files to go! The "full stock" d/l is another hour it says... Do you have another file drop or maybe all files in one ZIP?
Thanks. You're doing (as they say) the lord's work
PS 2 questions after looking over the instructions:
1) Nougat vs Oreo?
2) Once I have all the files can you tell me at what step in the instructions I should pick up at? The phone seems to be completely wiped out and I can only boot to "fastboot". Also, LGUP (that I have) will not recognize the model. The SDK says at the top left corner H910 and in the top right corner H915.
ElMudshark said:
Trying to download the (15) files at that drop but (so far) one of the 1st several I've clicked on fails to d/l every time.
h910_root_pkg.zip seems to complete then I get a network error and the ZIP is corrupted. I tried mirrors, same result and I still have 13 files to go! The "full stock" d/l is another hour it says... Do you have another file drop or maybe all files in one ZIP?
Thanks. You're doing (as they say) the lord's work
PS 2 questions after looking over the instructions:
1) Nougat vs Oreo?
2) Once I have all the files can you tell me at what step in the instructions I should pick up at? The phone seems to be completely wiped out and I can only boot to "fastboot". Also, LGUP (that I have) will not recognize the model. The SDK says at the top left corner H910 and in the top right corner H915.
Click to expand...
Click to collapse
Yes AFH is having issue today
The root package is all you need their
All the other links in the guide work fine
Sent from my ONEPLUS A6010 using Tapatalk
Have u been able to fix your phone???? This is me kn telegram @princedede . U can hala me
I have not. The one package I need AFH fails on me ("network error") every time I try to download it.
ElMudshark said:
I have not. The one package I need AFH fails on me ("network error") every time I try to download it.
Click to expand...
Click to collapse
why didn't you ask ?
here's your file > https://drive.google.com/open?id=1Vn6HUGMwCX8vZ48M6AZloikCMD82De7j
I just downloaded it again from AFH no problems
So, I have moved to a new v20. I was never able to get that file from AFH.
Anyone want to buy a (maybe not) bricked v20?
There's an insignificant crack in the lower right corner.
I *would* like to root the phone, primary reason being to get a real backup saved but once bitten...
clsA said:
why didn't you ask ?
here's your file > https://drive.google.com/open?id=1Vn6HUGMwCX8vZ48M6AZloikCMD82De7j
I just downloaded it again from AFH no problems
Click to expand...
Click to collapse
I just tried that link, maybe I waited too long but it fails me too.
ElMudshark said:
I just tried that link, maybe I waited too long but it fails me too.
Click to expand...
Click to collapse
Try now
https://www.androidfilehost.com/?fid=1395089523397955603
https://drive.google.com/file/d/1D79WTkqifCXciSWHTFNJJXpw99lzLWWO/view?usp=sharing
Sent from my ONEPLUS A6010 using Tapatalk
Still no good.
Chrome:
Google Drive
We're sorry. You can't access this item because it is in violation of our Terms of Service.
FireFox:
Google Drive
Sorry, the file you have requested does not exist.
ElMudshark said:
Still no good.
Chrome:
Google Drive
We're sorry. You can't access this item because it is in violation of our Terms of Service.
FireFox:
Google Drive
Sorry, the file you have requested does not exist.
Click to expand...
Click to collapse
I reuploaded it try now
AFH and Google Drive both each still fail me in the same way they have. No difference

Categories

Resources