---
DISCLAIMER: Everything mentioned in this thread is not for personal use and will destroy your device.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
---
I know (seriously) I should wait for xVANKO to finish his guide but, I really want to unlock the bootloader and/but before I do that even more so take the precautions to be able to relock it again (ILAPO, warranty, you know the deal).
Back in the days I used http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586 and http://forum.xda-developers.com/showpost.php?p=62028523&postcount=2 to root, so I am familiar with "dd" etc.
The following information is collected from across these forums, therefore I neither take any credit nor any responsibility!
Trying to execute those commands on my H815EU (DO NOT TRY THIS AT HOME, especially with anything other than H815EU. It will destroy your device and your house will catch on fire!)
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=585216 count=32768 of=/data/media/0/cust.img
dd if=/dev/block/mmcblk0 bs=8192 skip=16384 count=2048 of=/data/media/0/misc.img
dd if=/dev/block/mmcblk0 bs=8192 skip=23808 count=256 of=/data/media/0/persistent.img
In addition to that - to my understanding these then would be the commands to flash the dumped data back to the unlocked device?
(You have been warned!)
Code:
dd if=/data/media/0/cust.img bs=8192 seek=585216 count=32768 of=/dev/block/mmcblk0
dd if=/data/media/0/misc.img bs=8192 seek=16384 count=2048 of=/dev/block/mmcblk0
dd if=/data/media/0/persistent.img bs=8192 seek=23808 count=256 of=/dev/block/mmcblk0
Anyhow,
TLDR; and this is basically the problem here - it simply sais "FAIL".
Is this because of Marshmallow? Do I have to downgrade to Lollipop first?
I am able to use Send_Command.exe and I have set the right COM port, proper drivers installed (autoprime), connected via USB 2.0 on Win10x64.
THANKS SO MUCH FOR YOUR HELP, IT REALLY IS MUCH APPRECIATED!
PS: Obviously I would ask this in the dedicated thread, but it is locked atm. Sorry for the inconvenience!
Honorable mention aka 'Credits' not including any responsibility for aforementioned potential damages!
xVANKO (for: http://forum.xda-developers.com/g4/general/h815-relock-bootloader-t3506634)
^ btw, please please continue your awesome work for this community! <3
Mislick, my bad.. If a kind moderator would please move this to http://forum.xda-developers.com/g4/help, thanks!
blake_spector said:
---
DISCLAIMER: Everything mentioned in this thread is not for personal use and will destroy your device.
---
I know (seriously) I should wait for xVANKO to finish his guide but, I really want to unlock the bootloader and/but before I do that even more so take the precautions to be able to relock it again (ILAPO, warranty, you know the deal).
Back in the days I used http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586 and http://forum.xda-developers.com/showpost.php?p=62028523&postcount=2 to root, so I am familiar with "dd" etc.
The following information is collected from across these forums, therefore I neither take any credit nor any responsibility!
Trying to execute those commands on my H815EU (DO NOT TRY THIS AT HOME, especially with anything other than H815EU. It will destroy your device and your house will catch on fire!)
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=585216 count=32768 of=/data/media/0/cust.img
dd if=/dev/block/mmcblk0 bs=8192 skip=16384 count=2048 of=/data/media/0/misc.img
dd if=/dev/block/mmcblk0 bs=8192 skip=23808 count=256 of=/data/media/0/persistent.img
In addition to that - to my understanding these then would be the commands to flash the dumped data back to the unlocked device?
(You have been warned!)
Code:
dd if=/data/media/0/cust.img bs=8192 seek=585216 count=32768 of=/dev/block/mmcblk0
dd if=/data/media/0/misc.img bs=8192 seek=16384 count=2048 of=/dev/block/mmcblk0
dd if=/data/media/0/persistent.img bs=8192 seek=23808 count=256 of=/dev/block/mmcblk0
Anyhow,
TLDR; and this is basically the problem here - it simply sais "FAIL".
Is this because of Marshmallow? Do I have to downgrade to Lollipop first?
I am able to use Send_Command.exe and I have set the right COM port, proper drivers installed (autoprime), connected via USB 2.0 on Win10x64.
THANKS SO MUCH FOR YOUR HELP, IT REALLY IS MUCH APPRECIATED!
PS: Obviously I would ask this in the dedicated thread, but it is locked atm. Sorry for the inconvenience!
Honorable mention aka 'Credits' not including any responsibility for aforementioned potential damages!
xVANKO (for: http://forum.xda-developers.com/g4/general/h815-relock-bootloader-t3506634)
^ btw, please please continue your awesome work for this community! <3
Click to expand...
Click to collapse
If you wanna use Send_Command.exe with MM, please visit this thread and examine Method 2. :fingers-crossed:
jskasia said:
If you wanna use Send_Command.exe with MM, please visit this thread and examine Method 2. :fingers-crossed:
Click to expand...
Click to collapse
Ah, I see! Thanks.
Seems a bit troublesome, I guess I'll just flash a Lollipop KDZ for the Send_Command.exe tasks.
Then unlock, TWRP, Root, and "back" to MM . . . :angel:
. . . and eventually, flash Lollipop KDZ again, and "relock" Bootloader for warranty round#2.
blake_spector said:
Ah, I see! Thanks.
Seems a bit troublesome, I guess I'll just flash a Lollipop KDZ for the Send_Command.exe tasks.
Then unlock, TWRP, Root, and "back" to MM . . . :angel:
. . . and eventually, flash Lollipop KDZ again, and "relock" Bootloader for warranty round#2.
Click to expand...
Click to collapse
No, it is really simple. After few times you can do this with eyes closed(ok only one eye ). It's the Marshmallow's bootloader "security".
So after all it's as simple as dumping few partitions to SD and uploading them back again? No HEX editing or other stuff?
Or is it dumping before bootloader unlock and to relock just flash them back?
You don't have to downgrade to be able to use the send_command.exe
There is only an extra trick: you have to use LGUP to enable the com port in download mode.
Here is how to do it:
- Backup your data first
- launch LGUP, select a kdz (preferably the one you currently have),
- Make sure you select upgrade, not refurbish. I missed it once, it will do a factory reset right away!
- start flashing.
- Your device will go in download mode. Few seconds later (around 5% I believe), it will display a com port.
- As soon as you see the COM port displayed on the G4 screen, unplug the usb cable.
- Close LGUP
- Replug the usb cable, send_commands is now working.
If you still want to go ahead before having xVANKO information, I would suggest to also dump the drm partition. And if you want to be extra cautious, dump the whole mmc until userdata. It's a bit big, around 5 GB, but it would allow to extract any other partition if needed.
How do you find out you got a H815EU model?
I'm based in germany and bought a local one. The package simply says LG-H815 as well as the hardware informations inside the settings menu.
Edit: I know there are different types out there, but haven't read about a 'H815EU' model. Do you mean a european device or the unique 'H815EU' type?
Edit 2: Running the commands to backup the partitions shouldn't brick your device. The 'dd' command only reads bytes between skip and count. Executing without those parameter would simply clone your flash drive. Since it seems that there are different partition sizes per model, it could only happen that you read invalid data from the storage. Flashing those backups are the main reason for hard-bricks.
dnkncht said:
How do you find out you got a H815EU model?
I'm based in germany and bought a local one. The package simply says LG-H815 as well as the hardware informations inside the settings menu.
Edit: I know there are different types out there, but haven't read about a 'H815EU' model. Do you mean a european device or the unique 'H815EU' type?
Edit 2: Running the commands to backup the partitions shouldn't brick your device. The 'dd' command only reads bytes between skip and count. Executing without those parameter would simply clone your flash drive. Since it seems that there are different partition sizes per model, it could only happen that you read invalid data from the storage. Flashing those backups are the main reason for hard-bricks.
Click to expand...
Click to collapse
H815EU or H815 EUR is another name for unkockable H815 variant(keep in mind that not every H815 variant can be unlocked, that's why we call it like that). To determine if you have H815EU just download LG phone info check provider. There should be 3 letter long text. There is a list of unkockable H815s so check your letters and find yours on the list. Fortunately, my G4 is H815EU/H815 EUR
Wysłane z mojego LG-H815 przy użyciu Tapatalka
letama said:
- Backup your data first
- launch LGUP, select a kdz (preferably the one you currently have),
- Make sure you select upgrade, not refurbish. I missed it once, it will do a factory reset right away!
- start flashing.
- Your device will go in download mode. Few seconds later (around 5% I believe), it will display a com port.
- As soon as you see the COM port displayed on the G4 screen, unplug the usb cable.
- Close LGUP
- Replug the usb cable, send_commands is now working.
If you still want to go ahead before having xVANKO information, I would suggest to also dump the drm partition. And if you want to be extra cautious, dump the whole mmc until userdata. It's a bit big, around 5 GB, but it would allow to extract any other partition if needed.
Click to expand...
Click to collapse
Thanks a lot for the clear instructions!
In regard to dumping drm partition, or whole mmc . . . I found this, but I don't know how those values translate to the "skip" and "count" parts of the dd command. Do you know the appropriate values?
dnkncht said:
I'm based in germany and bought a local one. The package simply says LG-H815 [ . . . ]
Edit 2: Running the commands to backup the partitions shouldn't brick your device. The 'dd' command only reads bytes between skip and count. Executing without those parameter would simply clone your flash drive. Since it seems that there are different partition sizes per model, it could only happen that you read invalid data from the storage. Flashing those backups are the main reason for hard-bricks.
Click to expand...
Click to collapse
A german H815 does apply to the shenanigans discussed here. My device is the same.
To 'edit 2', you're right! The "reading" part isn't the problem . . . still, better safe than sorry.
blake_spector said:
Thanks a lot for the clear instructions!
In regard to dumping drm partition, or whole mmc . . . I found this, but I don't know how those values translate to the "skip" and "count" parts of the dd command. Do you know the appropriate values?
skip declares the start point, where dd should start to read. count names the amount ob bytes to read.
For example take a look at the cust partition:
48 4794089472B 5062524927B 268435456B ext4 cust
The command would be:
dd if=/dev/block/mmcblk0 bs=8192 skip=585216 count=32768 of=/data/media/0/cust.img
bs equals the block size -> 8192
skip equals = 4794089472 / 8192 -> 585216
count equals = 268435456 / 8192 -> 32768
Now you can calculate your values yourself
Click to expand...
Click to collapse
dnkncht said:
skip declares the start point, where dd should start to read. count names the amount ob bytes to read.
For example take a look at the cust partition:
48 4794089472B 5062524927B 268435456B ext4 cust
The command would be:
dd if=/dev/block/mmcblk0 bs=8192 skip=585216 count=32768 of=/data/media/0/cust.img
bs equals the block size -> 8192
skip equals = 4794089472 / 8192 -> 585216
count equals = 268435456 / 8192 -> 32768
Now you can calculate your values yourself
Click to expand...
Click to collapse
Marvellous piece of information, vielen vielen Dank!
blake_spector said:
Thanks a lot for the clear instructions!
In regard to dumping drm partition, or whole mmc . . . I found this, but I don't know how those values translate to the "skip" and "count" parts of the dd command. Do you know the appropriate values?
Click to expand...
Click to collapse
You're welcome.
To get the exact offsets for dd commands, I took a dump of the gpt partition table and then used a tool that gave me this (FRA/EUR model):
Code:
[+] Primary GPT header
[-] Signature: b'EFI PART'
[-] Revision: 65536
[-] Header Size: 92
[-] CRC32 of header: F1E68634 (VALID) => Real: F1E68634
[-] Current LBA: 0x00000001
[-] Backup LBA: 0x03A3DFFF
[-] First usable LBA for partitions: 0x00000022
[-] Last usable LBA for partitions: 0x03A3DFDE
[-] Disk GUID: 98101B32-BBE2-4BF2-A06E-2BB33D000C20
[-] Partition entries starting LBA: 0x00000002
[-] Number of partition entries: 52
[-] Size of partition entry: 0x00000080
[-] CRC32 of partition array: 0x7330FD5F
[+] Primary GPT header md5: a22b35048e8f33a3df50a3bf2cc6c1b2
[+] Partition table
[-] WARNING!! CRC32 Check : E177F4F2 (INVALID)
[-] Partition 1
[-] First LBA: 32768
[-] Last LBA: 208895
=> First Offset: 0x01000000
=> Last Offset: 0x065FFE00
[-] Partition Name: modem
[-] Partition 2
[-] First LBA: 229376
[-] Last LBA: 230399
=> First Offset: 0x07000000
=> Last Offset: 0x0707FE00
[-] Partition Name: pmic
[-] Partition 3
[-] First LBA: 230400
[-] Last LBA: 232447
=> First Offset: 0x07080000
=> Last Offset: 0x0717FE00
[-] Partition Name: sbl1
[-] Partition 4
[-] First LBA: 232448
[-] Last LBA: 234495
=> First Offset: 0x07180000
=> Last Offset: 0x0727FE00
[-] Partition Name: tz
[-] Partition 5
[-] First LBA: 234496
[-] Last LBA: 235519
=> First Offset: 0x07280000
=> Last Offset: 0x072FFE00
[-] Partition Name: sdi
[-] Partition 6
[-] First LBA: 235520
[-] Last LBA: 236543
=> First Offset: 0x07300000
=> Last Offset: 0x0737FE00
[-] Partition Name: hyp
[-] Partition 7
[-] First LBA: 236544
[-] Last LBA: 237567
=> First Offset: 0x07380000
=> Last Offset: 0x073FFE00
[-] Partition Name: rpm
[-] Partition 8
[-] First LBA: 237568
[-] Last LBA: 241663
=> First Offset: 0x07400000
=> Last Offset: 0x075FFE00
[-] Partition Name: aboot
[-] Partition 9
[-] First LBA: 241664
[-] Last LBA: 243711
=> First Offset: 0x07600000
=> Last Offset: 0x076FFE00
[-] Partition Name: sbl1bak
[-] Partition 10
[-] First LBA: 243712
[-] Last LBA: 244735
=> First Offset: 0x07700000
=> Last Offset: 0x0777FE00
[-] Partition Name: pmicbak
[-] Partition 11
[-] First LBA: 244736
[-] Last LBA: 246783
=> First Offset: 0x07780000
=> Last Offset: 0x0787FE00
[-] Partition Name: tzbak
[-] Partition 12
[-] First LBA: 246784
[-] Last LBA: 247807
=> First Offset: 0x07880000
=> Last Offset: 0x078FFE00
[-] Partition Name: hypbak
[-] Partition 13
[-] First LBA: 247808
[-] Last LBA: 248831
=> First Offset: 0x07900000
=> Last Offset: 0x0797FE00
[-] Partition Name: rpmbak
[-] Partition 14
[-] First LBA: 248832
[-] Last LBA: 252927
=> First Offset: 0x07980000
=> Last Offset: 0x07B7FE00
[-] Partition Name: abootbak
[-] Partition 15
[-] First LBA: 252928
[-] Last LBA: 253951
=> First Offset: 0x07B80000
=> Last Offset: 0x07BFFE00
[-] Partition Name: sdibak
[-] Partition 16
[-] First LBA: 253952
[-] Last LBA: 254975
=> First Offset: 0x07C00000
=> Last Offset: 0x07C7FE00
[-] Partition Name: limits
[-] Partition 17
[-] First LBA: 254976
[-] Last LBA: 255999
=> First Offset: 0x07C80000
=> Last Offset: 0x07CFFE00
[-] Partition Name: devinfo
[-] Partition 18
[-] First LBA: 256000
[-] Last LBA: 257023
=> First Offset: 0x07D00000
=> Last Offset: 0x07D7FE00
[-] Partition Name: apdp
[-] Partition 19
[-] First LBA: 257024
[-] Last LBA: 258047
=> First Offset: 0x07D80000
=> Last Offset: 0x07DFFE00
[-] Partition Name: msadp
[-] Partition 20
[-] First LBA: 258048
[-] Last LBA: 259071
=> First Offset: 0x07E00000
=> Last Offset: 0x07E7FE00
[-] Partition Name: dpo
[-] Partition 21
[-] First LBA: 259072
[-] Last LBA: 262143
=> First Offset: 0x07E80000
=> Last Offset: 0x07FFFE00
[-] Partition Name: spare1
[-] Partition 22
[-] First LBA: 262144
[-] Last LBA: 294911
=> First Offset: 0x08000000
=> Last Offset: 0x08FFFE00
[-] Partition Name: misc
[-] Partition 23
[-] First LBA: 294912
[-] Last LBA: 360447
=> First Offset: 0x09000000
=> Last Offset: 0x0AFFFE00
[-] Partition Name: persist
[-] Partition 24
[-] First LBA: 360448
[-] Last LBA: 363519
=> First Offset: 0x0B000000
=> Last Offset: 0x0B17FE00
[-] Partition Name: modemst1
[-] Partition 25
[-] First LBA: 363520
[-] Last LBA: 366591
=> First Offset: 0x0B180000
=> Last Offset: 0x0B2FFE00
[-] Partition Name: modemst2
[-] Partition 26
[-] First LBA: 366592
[-] Last LBA: 369663
=> First Offset: 0x0B300000
=> Last Offset: 0x0B47FE00
[-] Partition Name: fsg
[-] Partition 27
[-] First LBA: 369664
[-] Last LBA: 370687
=> First Offset: 0x0B480000
=> Last Offset: 0x0B4FFE00
[-] Partition Name: fsc
[-] Partition 28
[-] First LBA: 370688
[-] Last LBA: 371711
=> First Offset: 0x0B500000
=> Last Offset: 0x0B57FE00
[-] Partition Name: ssd
[-] Partition 29
[-] First LBA: 371712
[-] Last LBA: 372735
=> First Offset: 0x0B580000
=> Last Offset: 0x0B5FFE00
[-] Partition Name: keystore
[-] Partition 30
[-] First LBA: 372736
[-] Last LBA: 376831
=> First Offset: 0x0B600000
=> Last Offset: 0x0B7FFE00
[-] Partition Name: DDR
[-] Partition 31
[-] First LBA: 376832
[-] Last LBA: 377855
=> First Offset: 0x0B800000
=> Last Offset: 0x0B87FE00
[-] Partition Name: sec
[-] Partition 32
[-] First LBA: 377856
[-] Last LBA: 378879
=> First Offset: 0x0B880000
=> Last Offset: 0x0B8FFE00
[-] Partition Name: encrypt
[-] Partition 33
[-] First LBA: 378880
[-] Last LBA: 379903
=> First Offset: 0x0B900000
=> Last Offset: 0x0B97FE00
[-] Partition Name: eksst
[-] Partition 34
[-] First LBA: 379904
[-] Last LBA: 380927
=> First Offset: 0x0B980000
=> Last Offset: 0x0B9FFE00
[-] Partition Name: rct
[-] Partition 35
[-] First LBA: 380928
[-] Last LBA: 385023
=> First Offset: 0x0BA00000
=> Last Offset: 0x0BBFFE00
[-] Partition Name: persistent
[-] Partition 36
[-] First LBA: 385024
[-] Last LBA: 393215
=> First Offset: 0x0BC00000
=> Last Offset: 0x0BFFFE00
[-] Partition Name: spare2
[-] Partition 37
[-] First LBA: 393216
[-] Last LBA: 491519
=> First Offset: 0x0C000000
=> Last Offset: 0x0EFFFE00
[-] Partition Name: laf
[-] Partition 38
[-] First LBA: 491520
[-] Last LBA: 573439
=> First Offset: 0x0F000000
=> Last Offset: 0x117FFE00
[-] Partition Name: boot
[-] Partition 39
[-] First LBA: 573440
[-] Last LBA: 655359
=> First Offset: 0x11800000
=> Last Offset: 0x13FFFE00
[-] Partition Name: recovery
[-] Partition 40
[-] First LBA: [B]655360[/B]
[-] Last LBA: [B]671743[/B]
=> First Offset: 0x14000000
=> Last Offset: 0x147FFE00
[-] Partition Name: drm
[-] Partition 41
[-] First LBA: 671744
[-] Last LBA: 688127
=> First Offset: 0x14800000
=> Last Offset: 0x14FFFE00
[-] Partition Name: sns
[-] Partition 42
[-] First LBA: 688128
[-] Last LBA: 753663
=> First Offset: 0x15000000
=> Last Offset: 0x16FFFE00
[-] Partition Name: mpt
[-] Partition 43
[-] First LBA: 753664
[-] Last LBA: 847871
=> First Offset: 0x17000000
=> Last Offset: 0x19DFFE00
[-] Partition Name: factory
[-] Partition 44
[-] First LBA: 847872
[-] Last LBA: 868351
=> First Offset: 0x19E00000
=> Last Offset: 0x1A7FFE00
[-] Partition Name: fota
[-] Partition 45
[-] First LBA: 868352
[-] Last LBA: 876543
=> First Offset: 0x1A800000
=> Last Offset: 0x1ABFFE00
[-] Partition Name: raw_resources
[-] Partition 46
[-] First LBA: 876544
[-] Last LBA: 884735
=> First Offset: 0x1AC00000
=> Last Offset: 0x1AFFFE00
[-] Partition Name: raw_resourcesbak
[-] Partition 47
[-] First LBA: 884736
[-] Last LBA: 9363455
=> First Offset: 0x1B000000
=> Last Offset: 0x11DBFFE00
[-] Partition Name: system
[-] Partition 48
[-] First LBA: 9363456
[-] Last LBA: 9887743
=> First Offset: 0x11DC00000
=> Last Offset: 0x12DBFFE00
[-] Partition Name: cust
[-] Partition 49
[-] First LBA: 9895936
[-] Last LBA: 12419071
=> First Offset: 0x12E000000
=> Last Offset: 0x17AFFFE00
[-] Partition Name: cache
[-] Partition 50
[-] First LBA: 12419072
[-] Last LBA: 61046783
=> First Offset: 0x17B000000
=> Last Offset: 0x746FFFE00
[-] Partition Name: userdata
[-] Partition 51
[-] First LBA: 61046784
[-] Last LBA: 61071326
=> First Offset: 0x747000000
=> Last Offset: 0x747BFBC00
[-] Partition Name: grow
[+] Partition table md5: ea0c8acec7957b09de3d317ab378824a
LBA is the index ofa 512 bytes block, so for instance to dump drm partition, dd looks like this:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/drm.img bs=[COLOR="Red"][B]512[/B][/COLOR] skip=[COLOR="Red"][B]655360[/B][/COLOR] count=[COLOR="red"][B]16384[/B][/COLOR]
skip value is exactly First LBA in table (=> 655360),
count value is (Last LBA - first LBA +1) (=> 671743 - 655360 +1 => 16384)
You can also retrieve the indexes and size in download mode if you know what partition number is the one you're looking for.
To find partition number do:
Code:
ls -l /dev/block/bootdevice/by-name
It will give you this:
Code:
lrwxrwxrwx root root 2015-01-15 01:12 DDR -> /dev/block/mmcblk0p30
lrwxrwxrwx root root 2015-01-15 01:12 aboot -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2015-01-15 01:12 abootbak -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 2015-01-15 01:12 apdp -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 2015-01-15 01:12 boot -> /dev/block/mmcblk0p38
lrwxrwxrwx root root 2015-01-15 01:12 cache -> /dev/block/mmcblk0p49
lrwxrwxrwx root root 2015-01-15 01:12 cust -> /dev/block/mmcblk0p48
lrwxrwxrwx root root 2015-01-15 01:12 devinfo -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 2015-01-15 01:12 dpo -> /dev/block/mmcblk0p20
[B]lrwxrwxrwx root root 2015-01-15 01:12 drm -> /dev/block/mmcblk0p40[/B]
lrwxrwxrwx root root 2015-01-15 01:12 eksst -> /dev/block/mmcblk0p33
lrwxrwxrwx root root 2015-01-15 01:12 encrypt -> /dev/block/mmcblk0p32
lrwxrwxrwx root root 2015-01-15 01:12 factory -> /dev/block/mmcblk0p43
lrwxrwxrwx root root 2015-01-15 01:12 fota -> /dev/block/mmcblk0p44
lrwxrwxrwx root root 2015-01-15 01:12 fsc -> /dev/block/mmcblk0p27
lrwxrwxrwx root root 2015-01-15 01:12 fsg -> /dev/block/mmcblk0p26
lrwxrwxrwx root root 2015-01-15 01:12 grow -> /dev/block/mmcblk0p51
lrwxrwxrwx root root 2015-01-15 01:12 hyp -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2015-01-15 01:12 hypbak -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2015-01-15 01:12 keystore -> /dev/block/mmcblk0p29
lrwxrwxrwx root root 2015-01-15 01:12 laf -> /dev/block/mmcblk0p37
lrwxrwxrwx root root 2015-01-15 01:12 limits -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 2015-01-15 01:12 misc -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 2015-01-15 01:12 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2015-01-15 01:12 modemst1 -> /dev/block/mmcblk0p24
lrwxrwxrwx root root 2015-01-15 01:12 modemst2 -> /dev/block/mmcblk0p25
lrwxrwxrwx root root 2015-01-15 01:12 mpt -> /dev/block/mmcblk0p42
lrwxrwxrwx root root 2015-01-15 01:12 msadp -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 2015-01-15 01:12 persist -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 2015-01-15 01:12 persistent -> /dev/block/mmcblk0p35
lrwxrwxrwx root root 2015-01-15 01:12 pmic -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2015-01-15 01:12 pmicbak -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2015-01-15 01:12 raw_resources -> /dev/block/mmcblk0p45
lrwxrwxrwx root root 2015-01-15 01:12 raw_resourcesbak -> /dev/block/mmcblk0p46
lrwxrwxrwx root root 2015-01-15 01:12 rct -> /dev/block/mmcblk0p34
lrwxrwxrwx root root 2015-01-15 01:12 recovery -> /dev/block/mmcblk0p39
lrwxrwxrwx root root 2015-01-15 01:12 rpm -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2015-01-15 01:12 rpmbak -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2015-01-15 01:12 sbl1 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2015-01-15 01:12 sbl1bak -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2015-01-15 01:12 sdi -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2015-01-15 01:12 sdibak -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 2015-01-15 01:12 sec -> /dev/block/mmcblk0p31
lrwxrwxrwx root root 2015-01-15 01:12 sns -> /dev/block/mmcblk0p41
lrwxrwxrwx root root 2015-01-15 01:12 spare1 -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 2015-01-15 01:12 spare2 -> /dev/block/mmcblk0p36
lrwxrwxrwx root root 2015-01-15 01:12 ssd -> /dev/block/mmcblk0p28
lrwxrwxrwx root root 2015-01-15 01:12 system -> /dev/block/mmcblk0p47
lrwxrwxrwx root root 2015-01-15 01:12 tz -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2015-01-15 01:12 tzbak -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2015-01-15 01:12 userdata -> /dev/block/mmcblk0p50
So, in our case, drm is partition 40, commands to retrieve index and size are:
Code:
cat /sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p[COLOR="Red"]40[/COLOR]/start
cat /sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p[COLOR="red"]40[/COLOR]/size
giving you 655360 and 16384 directly.
Last, to dump full MMC until userdata, I just did dd until userdata LBA:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/full_dump.img bs=512 count=12419072
It's, a big file, around 6 GB. If you want to speed up things a bit, read with a block size of 4096 and divide by 8 the count:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/full_dump.img bs=4096 count=1552384
I didn't test relocking yet though, not enough free time. Hope it helps, don't hesitate to ask if you need more details.
blake_spector
Read private message?
letama said:
You're welcome.
To get the exact offsets for dd commands, I took a dump of the gpt partition table and then used a tool that gave me this (FRA/EUR model):
Code:
[+] Primary GPT header
[-] Signature: b'EFI PART'
[-] Revision: 65536
[-] Header Size: 92
[-] CRC32 of header: F1E68634 (VALID) => Real: F1E68634
[-] Current LBA: 0x00000001
[-] Backup LBA: 0x03A3DFFF
[-] First usable LBA for partitions: 0x00000022
[-] Last usable LBA for partitions: 0x03A3DFDE
[-] Disk GUID: 98101B32-BBE2-4BF2-A06E-2BB33D000C20
[-] Partition entries starting LBA: 0x00000002
[-] Number of partition entries: 52
[-] Size of partition entry: 0x00000080
[-] CRC32 of partition array: 0x7330FD5F
[+] Primary GPT header md5: a22b35048e8f33a3df50a3bf2cc6c1b2
[+] Partition table
[-] WARNING!! CRC32 Check : E177F4F2 (INVALID)
[-] Partition 1
[-] First LBA: 32768
[-] Last LBA: 208895
=> First Offset: 0x01000000
=> Last Offset: 0x065FFE00
[-] Partition Name: modem
[-] Partition 2
[-] First LBA: 229376
[-] Last LBA: 230399
=> First Offset: 0x07000000
=> Last Offset: 0x0707FE00
[-] Partition Name: pmic
[-] Partition 3
[-] First LBA: 230400
[-] Last LBA: 232447
=> First Offset: 0x07080000
=> Last Offset: 0x0717FE00
[-] Partition Name: sbl1
[-] Partition 4
[-] First LBA: 232448
[-] Last LBA: 234495
=> First Offset: 0x07180000
=> Last Offset: 0x0727FE00
[-] Partition Name: tz
[-] Partition 5
[-] First LBA: 234496
[-] Last LBA: 235519
=> First Offset: 0x07280000
=> Last Offset: 0x072FFE00
[-] Partition Name: sdi
[-] Partition 6
[-] First LBA: 235520
[-] Last LBA: 236543
=> First Offset: 0x07300000
=> Last Offset: 0x0737FE00
[-] Partition Name: hyp
[-] Partition 7
[-] First LBA: 236544
[-] Last LBA: 237567
=> First Offset: 0x07380000
=> Last Offset: 0x073FFE00
[-] Partition Name: rpm
[-] Partition 8
[-] First LBA: 237568
[-] Last LBA: 241663
=> First Offset: 0x07400000
=> Last Offset: 0x075FFE00
[-] Partition Name: aboot
[-] Partition 9
[-] First LBA: 241664
[-] Last LBA: 243711
=> First Offset: 0x07600000
=> Last Offset: 0x076FFE00
[-] Partition Name: sbl1bak
[-] Partition 10
[-] First LBA: 243712
[-] Last LBA: 244735
=> First Offset: 0x07700000
=> Last Offset: 0x0777FE00
[-] Partition Name: pmicbak
[-] Partition 11
[-] First LBA: 244736
[-] Last LBA: 246783
=> First Offset: 0x07780000
=> Last Offset: 0x0787FE00
[-] Partition Name: tzbak
[-] Partition 12
[-] First LBA: 246784
[-] Last LBA: 247807
=> First Offset: 0x07880000
=> Last Offset: 0x078FFE00
[-] Partition Name: hypbak
[-] Partition 13
[-] First LBA: 247808
[-] Last LBA: 248831
=> First Offset: 0x07900000
=> Last Offset: 0x0797FE00
[-] Partition Name: rpmbak
[-] Partition 14
[-] First LBA: 248832
[-] Last LBA: 252927
=> First Offset: 0x07980000
=> Last Offset: 0x07B7FE00
[-] Partition Name: abootbak
[-] Partition 15
[-] First LBA: 252928
[-] Last LBA: 253951
=> First Offset: 0x07B80000
=> Last Offset: 0x07BFFE00
[-] Partition Name: sdibak
[-] Partition 16
[-] First LBA: 253952
[-] Last LBA: 254975
=> First Offset: 0x07C00000
=> Last Offset: 0x07C7FE00
[-] Partition Name: limits
[-] Partition 17
[-] First LBA: 254976
[-] Last LBA: 255999
=> First Offset: 0x07C80000
=> Last Offset: 0x07CFFE00
[-] Partition Name: devinfo
[-] Partition 18
[-] First LBA: 256000
[-] Last LBA: 257023
=> First Offset: 0x07D00000
=> Last Offset: 0x07D7FE00
[-] Partition Name: apdp
[-] Partition 19
[-] First LBA: 257024
[-] Last LBA: 258047
=> First Offset: 0x07D80000
=> Last Offset: 0x07DFFE00
[-] Partition Name: msadp
[-] Partition 20
[-] First LBA: 258048
[-] Last LBA: 259071
=> First Offset: 0x07E00000
=> Last Offset: 0x07E7FE00
[-] Partition Name: dpo
[-] Partition 21
[-] First LBA: 259072
[-] Last LBA: 262143
=> First Offset: 0x07E80000
=> Last Offset: 0x07FFFE00
[-] Partition Name: spare1
[-] Partition 22
[-] First LBA: 262144
[-] Last LBA: 294911
=> First Offset: 0x08000000
=> Last Offset: 0x08FFFE00
[-] Partition Name: misc
[-] Partition 23
[-] First LBA: 294912
[-] Last LBA: 360447
=> First Offset: 0x09000000
=> Last Offset: 0x0AFFFE00
[-] Partition Name: persist
[-] Partition 24
[-] First LBA: 360448
[-] Last LBA: 363519
=> First Offset: 0x0B000000
=> Last Offset: 0x0B17FE00
[-] Partition Name: modemst1
[-] Partition 25
[-] First LBA: 363520
[-] Last LBA: 366591
=> First Offset: 0x0B180000
=> Last Offset: 0x0B2FFE00
[-] Partition Name: modemst2
[-] Partition 26
[-] First LBA: 366592
[-] Last LBA: 369663
=> First Offset: 0x0B300000
=> Last Offset: 0x0B47FE00
[-] Partition Name: fsg
[-] Partition 27
[-] First LBA: 369664
[-] Last LBA: 370687
=> First Offset: 0x0B480000
=> Last Offset: 0x0B4FFE00
[-] Partition Name: fsc
[-] Partition 28
[-] First LBA: 370688
[-] Last LBA: 371711
=> First Offset: 0x0B500000
=> Last Offset: 0x0B57FE00
[-] Partition Name: ssd
[-] Partition 29
[-] First LBA: 371712
[-] Last LBA: 372735
=> First Offset: 0x0B580000
=> Last Offset: 0x0B5FFE00
[-] Partition Name: keystore
[-] Partition 30
[-] First LBA: 372736
[-] Last LBA: 376831
=> First Offset: 0x0B600000
=> Last Offset: 0x0B7FFE00
[-] Partition Name: DDR
[-] Partition 31
[-] First LBA: 376832
[-] Last LBA: 377855
=> First Offset: 0x0B800000
=> Last Offset: 0x0B87FE00
[-] Partition Name: sec
[-] Partition 32
[-] First LBA: 377856
[-] Last LBA: 378879
=> First Offset: 0x0B880000
=> Last Offset: 0x0B8FFE00
[-] Partition Name: encrypt
[-] Partition 33
[-] First LBA: 378880
[-] Last LBA: 379903
=> First Offset: 0x0B900000
=> Last Offset: 0x0B97FE00
[-] Partition Name: eksst
[-] Partition 34
[-] First LBA: 379904
[-] Last LBA: 380927
=> First Offset: 0x0B980000
=> Last Offset: 0x0B9FFE00
[-] Partition Name: rct
[-] Partition 35
[-] First LBA: 380928
[-] Last LBA: 385023
=> First Offset: 0x0BA00000
=> Last Offset: 0x0BBFFE00
[-] Partition Name: persistent
[-] Partition 36
[-] First LBA: 385024
[-] Last LBA: 393215
=> First Offset: 0x0BC00000
=> Last Offset: 0x0BFFFE00
[-] Partition Name: spare2
[-] Partition 37
[-] First LBA: 393216
[-] Last LBA: 491519
=> First Offset: 0x0C000000
=> Last Offset: 0x0EFFFE00
[-] Partition Name: laf
[-] Partition 38
[-] First LBA: 491520
[-] Last LBA: 573439
=> First Offset: 0x0F000000
=> Last Offset: 0x117FFE00
[-] Partition Name: boot
[-] Partition 39
[-] First LBA: 573440
[-] Last LBA: 655359
=> First Offset: 0x11800000
=> Last Offset: 0x13FFFE00
[-] Partition Name: recovery
[-] Partition 40
[-] First LBA: [B]655360[/B]
[-] Last LBA: [B]671743[/B]
=> First Offset: 0x14000000
=> Last Offset: 0x147FFE00
[-] Partition Name: drm
[-] Partition 41
[-] First LBA: 671744
[-] Last LBA: 688127
=> First Offset: 0x14800000
=> Last Offset: 0x14FFFE00
[-] Partition Name: sns
[-] Partition 42
[-] First LBA: 688128
[-] Last LBA: 753663
=> First Offset: 0x15000000
=> Last Offset: 0x16FFFE00
[-] Partition Name: mpt
[-] Partition 43
[-] First LBA: 753664
[-] Last LBA: 847871
=> First Offset: 0x17000000
=> Last Offset: 0x19DFFE00
[-] Partition Name: factory
[-] Partition 44
[-] First LBA: 847872
[-] Last LBA: 868351
=> First Offset: 0x19E00000
=> Last Offset: 0x1A7FFE00
[-] Partition Name: fota
[-] Partition 45
[-] First LBA: 868352
[-] Last LBA: 876543
=> First Offset: 0x1A800000
=> Last Offset: 0x1ABFFE00
[-] Partition Name: raw_resources
[-] Partition 46
[-] First LBA: 876544
[-] Last LBA: 884735
=> First Offset: 0x1AC00000
=> Last Offset: 0x1AFFFE00
[-] Partition Name: raw_resourcesbak
[-] Partition 47
[-] First LBA: 884736
[-] Last LBA: 9363455
=> First Offset: 0x1B000000
=> Last Offset: 0x11DBFFE00
[-] Partition Name: system
[-] Partition 48
[-] First LBA: 9363456
[-] Last LBA: 9887743
=> First Offset: 0x11DC00000
=> Last Offset: 0x12DBFFE00
[-] Partition Name: cust
[-] Partition 49
[-] First LBA: 9895936
[-] Last LBA: 12419071
=> First Offset: 0x12E000000
=> Last Offset: 0x17AFFFE00
[-] Partition Name: cache
[-] Partition 50
[-] First LBA: 12419072
[-] Last LBA: 61046783
=> First Offset: 0x17B000000
=> Last Offset: 0x746FFFE00
[-] Partition Name: userdata
[-] Partition 51
[-] First LBA: 61046784
[-] Last LBA: 61071326
=> First Offset: 0x747000000
=> Last Offset: 0x747BFBC00
[-] Partition Name: grow
[+] Partition table md5: ea0c8acec7957b09de3d317ab378824a
LBA is the index ofa 512 bytes block, so for instance to dump drm partition, dd looks like this:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/drm.img bs=[COLOR="Red"][B]512[/B][/COLOR] skip=[COLOR="Red"][B]655360[/B][/COLOR] count=[COLOR="red"][B]16384[/B][/COLOR]
skip value is exactly First LBA in table (=> 655360),
count value is (Last LBA - first LBA +1) (=> 671743 - 655360 +1 => 16384)
You can also retrieve the indexes and size in download mode if you know what partition number is the one you're looking for.
To find partition number do:
Code:
ls -l /dev/block/bootdevice/by-name
It will give you this:
Code:
lrwxrwxrwx root root 2015-01-15 01:12 DDR -> /dev/block/mmcblk0p30
lrwxrwxrwx root root 2015-01-15 01:12 aboot -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2015-01-15 01:12 abootbak -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 2015-01-15 01:12 apdp -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 2015-01-15 01:12 boot -> /dev/block/mmcblk0p38
lrwxrwxrwx root root 2015-01-15 01:12 cache -> /dev/block/mmcblk0p49
lrwxrwxrwx root root 2015-01-15 01:12 cust -> /dev/block/mmcblk0p48
lrwxrwxrwx root root 2015-01-15 01:12 devinfo -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 2015-01-15 01:12 dpo -> /dev/block/mmcblk0p20
[B]lrwxrwxrwx root root 2015-01-15 01:12 drm -> /dev/block/mmcblk0p40[/B]
lrwxrwxrwx root root 2015-01-15 01:12 eksst -> /dev/block/mmcblk0p33
lrwxrwxrwx root root 2015-01-15 01:12 encrypt -> /dev/block/mmcblk0p32
lrwxrwxrwx root root 2015-01-15 01:12 factory -> /dev/block/mmcblk0p43
lrwxrwxrwx root root 2015-01-15 01:12 fota -> /dev/block/mmcblk0p44
lrwxrwxrwx root root 2015-01-15 01:12 fsc -> /dev/block/mmcblk0p27
lrwxrwxrwx root root 2015-01-15 01:12 fsg -> /dev/block/mmcblk0p26
lrwxrwxrwx root root 2015-01-15 01:12 grow -> /dev/block/mmcblk0p51
lrwxrwxrwx root root 2015-01-15 01:12 hyp -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2015-01-15 01:12 hypbak -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2015-01-15 01:12 keystore -> /dev/block/mmcblk0p29
lrwxrwxrwx root root 2015-01-15 01:12 laf -> /dev/block/mmcblk0p37
lrwxrwxrwx root root 2015-01-15 01:12 limits -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 2015-01-15 01:12 misc -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 2015-01-15 01:12 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2015-01-15 01:12 modemst1 -> /dev/block/mmcblk0p24
lrwxrwxrwx root root 2015-01-15 01:12 modemst2 -> /dev/block/mmcblk0p25
lrwxrwxrwx root root 2015-01-15 01:12 mpt -> /dev/block/mmcblk0p42
lrwxrwxrwx root root 2015-01-15 01:12 msadp -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 2015-01-15 01:12 persist -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 2015-01-15 01:12 persistent -> /dev/block/mmcblk0p35
lrwxrwxrwx root root 2015-01-15 01:12 pmic -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2015-01-15 01:12 pmicbak -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2015-01-15 01:12 raw_resources -> /dev/block/mmcblk0p45
lrwxrwxrwx root root 2015-01-15 01:12 raw_resourcesbak -> /dev/block/mmcblk0p46
lrwxrwxrwx root root 2015-01-15 01:12 rct -> /dev/block/mmcblk0p34
lrwxrwxrwx root root 2015-01-15 01:12 recovery -> /dev/block/mmcblk0p39
lrwxrwxrwx root root 2015-01-15 01:12 rpm -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2015-01-15 01:12 rpmbak -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2015-01-15 01:12 sbl1 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2015-01-15 01:12 sbl1bak -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2015-01-15 01:12 sdi -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2015-01-15 01:12 sdibak -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 2015-01-15 01:12 sec -> /dev/block/mmcblk0p31
lrwxrwxrwx root root 2015-01-15 01:12 sns -> /dev/block/mmcblk0p41
lrwxrwxrwx root root 2015-01-15 01:12 spare1 -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 2015-01-15 01:12 spare2 -> /dev/block/mmcblk0p36
lrwxrwxrwx root root 2015-01-15 01:12 ssd -> /dev/block/mmcblk0p28
lrwxrwxrwx root root 2015-01-15 01:12 system -> /dev/block/mmcblk0p47
lrwxrwxrwx root root 2015-01-15 01:12 tz -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2015-01-15 01:12 tzbak -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2015-01-15 01:12 userdata -> /dev/block/mmcblk0p50
So, in our case, drm is partition 40, commands to retrieve index and size are:
Code:
cat /sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p[COLOR="Red"]40[/COLOR]/start
cat /sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p[COLOR="red"]40[/COLOR]/size
giving you 655360 and 16384 directly.
Last, to dump full MMC until userdata, I just did dd until userdata LBA:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/full_dump.img bs=512 count=12419072
It's, a big file, around 6 GB. If you want to speed up things a bit, read with a block size of 4096 and divide by 8 the count:
Code:
dd if=/dev/block/mmcblk0 of=/data/media/0/full_dump.img bs=4096 count=1552384
I didn't test relocking yet though, not enough free time. Hope it helps, don't hesitate to ask if you need more details.
Click to expand...
Click to collapse
Wow, great post!! Thank you so much for that! :good:
Relocking works if you have cust and misc partitions saved before unlock, tested myself on H815!
Sent from my LG-H815
petro_ionut said:
Relocking works if you have cust and misc partitions saved before unlock, tested myself on H815!
Sent from my LG-H815
Click to expand...
Click to collapse
Interesting because it did not work for me.
I made a lil "thing" to help with the calculations . . .
http://codepen.io/blake_spector/pen/yVrNxg?editors=0010
(feel free to fork, expand, what not . . .)
Again, thanks to letama for the data!
OllieD said:
Interesting because it did not work for me.
Click to expand...
Click to collapse
I read your post in xVANKOs thread. I wonder what the issue was . . . other ppl confirmed it worked.
^ that is basically why i started this thread, to make sure to take all possible precautions.
petro_ionut said:
Relocking works if you have cust and misc partitions saved before unlock, tested myself on H815!
Click to expand...
Click to collapse
:good:
As of yet, my phone is still untouched/locked from when I got back the few days after LG warranty.
But I will, as soon as possible, backup all the partitions and see how it turns out.
blake_spector said:
I read your post in xVANKOs thread. I wonder what the issue was . . . other ppl confirmed it worked.
^ that is basically why i started this thread, to make sure to take all possible precautions.
:good:
As of yet, my phone is still untouched/locked from when I got back the few days after LG warranty.
But I will, as soon as possible, backup all the partitions and see how it turns out.
Click to expand...
Click to collapse
I reverted to lollipop, Dumped my partitions. Unlocked my Bootloader and restored the partitions and my bootloader remained unlocked.
I do have some other dumps and cannot remember the exact commands i used to dump the partitions.
I believe i just reversed the DD commands he issued in his video (swapping the if= and of= )
I also took some partition backups with flashfire before unlocking but havent tried to restore those.
My initial test however proved unsucessful.
I was waiting for him to release his method but he has since locked the thread.
His account was created just before he made his claims which is mildly suspicious.
If it were me, in the true spirit of the XDA Developers community, i would have just released all the information i had regardless of it not working on certain devices. the community could have helped fill the gaps in my work.
I think he is holding off with the aim of claiming the full unofficial unlock bounty, however i feel he will be lucky to recieve much of that given that most people dont pay and most of those who would have long since moved on to other devices.
Time will tell if this is just another hoax.
I'm hoping its not since i'm probably not the only one to unlock my device due to his claims.
OllieD said:
I reverted to lollipop, Dumped my partitions. Unlocked my Bootloader and restored the partitions and my bootloader remained unlocked.
I do have some other dumps and cannot remember the exact commands i used to dump the partitions.
I believe i just reversed the DD commands he issued in his video (swapping the if= and of= )
I also took some partition backups with flashfire before unlocking but havent tried to restore those.
My initial test however proved unsucessful.
I was waiting for him to release his method but he has since locked the thread.
His account was created just before he made his claims which is mildly suspicious.
If it were me, in the true spirit of the XDA Developers community, i would have just released all the information i had regardless of it not working on certain devices. the community could have helped fill the gaps in my work.
I think he is holding off with the aim of claiming the full unofficial unlock bounty, however i feel he will be lucky to recieve much of that given that most people dont pay and most of those who would have long since moved on to other devices.
Time will tell if this is just another hoax.
I'm hoping its not since i'm probably not the only one to unlock my device due to his claims.
Click to expand...
Click to collapse
I am not quite sure that it's a bland hoax (the RElocking part, unlocking all devices . . . another story)
petro_ionut confirmed in this thread it was working for him (as in the original thread) as well as polfrank in the original thread.
Suspisions aside, why would anyone registered a couple of years ago suddenly claim some hoax bs?!
I still have to come up with my own results obviously, but still I trust those guys?! I see no reason not to.
Anyhow, I take your feedback/results very seriously! In the end, I want this to work for me (and others), right?
Also I'm 100% with you on the community part! That's how it should be done . . . I try my best to do it that way.
PS: Did you only swap of= and if= . . . ? or also the seek and skip? I made extra sure to include this tiny detail in my harmful tool http://codepen.io/blake_spector/pen/yVrNxg?editors=0010
Related
I achive for now:
!!!! Restore from any softbrick (any partition ful corrupted emmc) almost infalible!!! i have soft bricked bootloaders gpt, more than 10 times and resurrected again
A clowermod recovery
Semi flashed with f70 d315 stock?
I´m working when i can i post my results
Root
root is easy just use Towelroot
Clowermod Recovery
Tanks to OpenBump
put in sdcard and
Code:
adb shell
su
dd if=/sdcard/cwmrecovery_bumped.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
reboot recovery
Clower mod for L31L
Boot loader
The bootloader has some protection in aboot
if you disasemble with idapro is idem to the f70 d315, g2 mini and family the block that you have to patch
but this file is protected if you pach a single bit it bring you a raw disk when conect the phone (Q9006 mode)
-----OLD POST--------
I have a LG F70 D315 from tracfone whit this company the models change to LGL31L but I verify and many references says that is F70 an no other
I wan to flash whit a lesser restrictive firmware that not belong to this company to later flash a custom room, volume down while conet to get DOWNLOAD MODE are removed from this phone
I have KDZ, extracted to , i rooted sucefully the phone, got recovery mode
but the only way I find to flash is via download and this mode dosent apear
I think is rplace with a batery charging becouse that is what I see whit
Code:
adb reboot-bootloader
and others
and when try key conbinations to power up to download mode it bring me to the batery loader again
In the original extracted f70 d315 kdz the download mode is in the laf partition
I have it have a diferent size of the original fone laf
there is a way to push this to get download mode?
Sorry for my bad English and for post in this secction becouse I dont find LG 70 board
thanks
The partition info off the phone is this
Code:
shell># cat /proc/partitions
major minor #blocks name
179 0 7634944 mmcblk0
179 1 65536 mmcblk0p1
179 2 1024 mmcblk0p2
179 3 512 mmcblk0p3
179 4 512 mmcblk0p4
179 5 512 mmcblk0p5
179 6 2048 mmcblk0p6
179 7 512 mmcblk0p7
179 8 512 mmcblk0p8
179 9 2048 mmcblk0p9
179 10 2048 mmcblk0p10
179 11 3072 mmcblk0p11
179 12 3072 mmcblk0p12
179 13 16384 mmcblk0p13
179 14 32768 mmcblk0p14
179 15 22528 mmcblk0p15
179 16 22528 mmcblk0p16
179 17 22528 mmcblk0p17
179 18 3072 mmcblk0p18
179 19 512 mmcblk0p19
179 20 512 mmcblk0p20
179 21 512 mmcblk0p21
179 22 512 mmcblk0p22
179 23 512 mmcblk0p23
179 24 8192 mmcblk0p24
179 25 8192 mmcblk0p25
179 26 20480 mmcblk0p26
179 27 32768 mmcblk0p27
179 28 1024 mmcblk0p28
179 29 32768 mmcblk0p29
179 30 512 mmcblk0p30
179 31 2097152 mmcblk0p31
259 0 921600 mmcblk0p32
259 1 4220416 mmcblk0p33
259 2 40943 mmcblk0p34
179 32 512 mmcblk0rpmb
shell># ls -al /dev/block/platform/msm_sdcc.1/by-name
lrwxrwxrwx root root 1970-01-02 20:09 DDR -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 1970-01-02 20:09 aboot -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 1970-01-02 20:09 abootb -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 1970-01-02 20:09 boot -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 1970-01-02 20:09 cache -> /dev/block/mmcblk0p32
lrwxrwxrwx root root 1970-01-02 20:09 drm -> /dev/block/mmcblk0p24
lrwxrwxrwx root root 1970-01-02 20:09 eksst -> /dev/block/mmcblk0p30
lrwxrwxrwx root root 1970-01-02 20:09 encrypt -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 1970-01-02 20:09 factory -> /dev/block/mmcblk0p26
lrwxrwxrwx root root 1970-01-02 20:09 fota -> /dev/block/mmcblk0p27
lrwxrwxrwx root root 1970-01-02 20:09 fsc -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 1970-01-02 20:09 fsg -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 1970-01-02 20:09 grow -> /dev/block/mmcblk0p34
lrwxrwxrwx root root 1970-01-02 20:09 laf -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 1970-01-02 20:09 misc -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 1970-01-02 20:09 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 1970-01-02 20:09 modemst1 -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 1970-01-02 20:09 modemst2 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 1970-01-02 20:09 mpt -> /dev/block/mmcblk0p29
lrwxrwxrwx root root 1970-01-02 20:09 pad -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 1970-01-02 20:09 persist -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 1970-01-02 20:09 rct -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 1970-01-02 20:09 recovery -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 1970-01-02 20:09 rpm -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 1970-01-02 20:09 rpmb -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 1970-01-02 20:09 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 1970-01-02 20:09 sbl1b -> /dev/block/mmcblk0p28
lrwxrwxrwx root root 1970-01-02 20:09 sdi -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 1970-01-02 20:09 sns -> /dev/block/mmcblk0p25
lrwxrwxrwx root root 1970-01-02 20:09 ssd -> /dev/block/mmcblk0p20
lrwxrwxrwx root root 1970-01-02 20:09 system -> /dev/block/mmcblk0p31
lrwxrwxrwx root root 1970-01-02 20:09 tz -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 1970-01-02 20:09 tzb -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 1970-01-02 20:09 userdata -> /dev/block/mmcblk0p33
shell># parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: MMC 8WMB3R (sd/mmc)
Disk /dev/block/mmcblk0: 7818MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 8389kB 75.5MB 67.1MB fat16 modem
2 75.5MB 76.5MB 1049kB sbl1
3 76.5MB 77.1MB 524kB rpm
4 77.1MB 77.6MB 524kB tz
5 77.6MB 78.1MB 524kB sdi
6 78.1MB 80.2MB 2097kB aboot
7 80.2MB 80.7MB 524kB rpmb
8 80.7MB 81.3MB 524kB tzb
9 81.3MB 83.4MB 2097kB abootb
10 83.4MB 85.5MB 2097kB pad
11 85.5MB 88.6MB 3146kB modemst1
12 88.6MB 91.8MB 3146kB modemst2
13 91.8MB 109MB 16.8MB misc
14 109MB 143MB 33.6MB ext4 persist
15 143MB 166MB 23.1MB laf
16 168MB 191MB 23.1MB boot
17 191MB 214MB 23.1MB recovery
18 214MB 217MB 3146kB fsg
19 218MB 219MB 524kB fsc
20 219MB 219MB 524kB ssd
21 226MB 227MB 524kB DDR
22 235MB 235MB 524kB encrypt
23 235MB 236MB 524kB rct
24 243MB 252MB 8389kB ext4 drm
25 252MB 260MB 8389kB ext4 sns
26 260MB 281MB 21.0MB factory
27 281MB 315MB 33.6MB fota
28 319MB 320MB 1049kB sbl1b
29 320MB 353MB 33.6MB ext4 mpt
30 353MB 354MB 524kB eksst
31 361MB 2508MB 2147MB ext4 system
32 2508MB 3452MB 944MB ext4 cache
33 3452MB 7774MB 4322MB ext4 userdata
34 7776MB 7818MB 41.9MB grow
(parted) q
I copy laf to recovery partition with dd and bring me to Download Mode when I enter to recovery but i dont find a way to flash yet
unlock boot loader
I maybe try to flash via custom recovery but i have to unlock bootloader
This method
http://forum.xda-developers.com/g2-mini/development/bootloader-unlock-t2827748
says change bites in this string 20 00 EB 00 00 50 E3 E0 FF FF 0A
The stock firmware have this string in aboot.img 20 00 eb 00 00 50 e3 e0 ff ff 0a 60 00 9f e5
but the aboot of my phone the string change to
20 00 eb 00 00 50 e3 08 00 84 e5 07 00 00 0a
and is the string only string that match to 20 00 eb 00 00 50 e3
20 00 eb 00 00 50 e3 e0 ff ff 0a 60 00 9f ->stock firm
20 00 eb 00 00 50 e3 08 00 84 e5 07 00 00 0a ->current room
If i change this with this conditions the phone may not boot anymore?
I am trying to get the download mode for the L31l and am wondering how you copied the files to the recovery partition.
I got the kdz file extracted it and extracted the dz files and have the binfiles.
I have also created an image file by combining the bin files but don't think this will do anything.
I am planning to use the method from:
htt p://ww w.lg-phone s.org/how-to-flas h-unbrick-lg-f70-bac k-to-stoc k.htm l
(Remove spaces)
To flash the kdz file of I can get download mode to work.
Thanks
Download mode
To get download mode:
1-To get download mode I rooted easy with towelroot
2-With dd made a backup of all partitions (nandroid backup)
3-Flash laf partition to recovery (change msm_sdcc I dont know exactly the name because I don´t have phone here and my tools):
dd if=/dev/block/platform/msm_sdcc.1/by-name/laf of=/dev/block/platform/msm_sdcc.1/by-name/recovery
4-Do
Code:
adb shell
reboot recovery
and you will enter to download instead of recovery
but for me was unseful because the firmware is for Lgf70 and is a lgl31l
and any flash sofware detected
I do the last I posted and dead:silly: to usb qualcom mode that see as raw disk
http://forum.xda-developers.com/showthread.php?t=2582142
this mode is easy to recover but intead I fail and dd other partition sbl
and have a mode that is very very triky and dont find how to solve
cause nothing worme form my phone
This a mode who I'am now QDLoader 9008
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
http://forum.xda-developers.com/lg-g2/general/fix-unbrick-lg-g2-stuck-qualcomm-hs-usb-t2933830/page17#post58460319
I also got into download but couldn't get it to load the F70 rom.
Anybody have any ideas?
Thanks for your work. Have you been able to load the portion of the f70 rom that contains the hidden menu for unlock?
I know there is some information about adding it back to the verizon g2 available.
Thanks again
Any more info to share?
You mentioned a f70 rom. Any more luck getting it to work?
Thanks
f70 rom
1god 1Bad news I flash the f70 but the unlock menu says that not more atemps left (usseless)
Flash f70 room bricks me the phone many times with a backup I can bring back ever I want but may sometimes have to open the phone and make a tespoint
Frist backup all your phone whit dd
I backup all single partition
dd if=/dev/block/platform/msm_sdcc.1/by-name/xxx of=/sdcard/backup
and after backup the GPT partition table
you beter dd all then phone mmc instead
of course copy to a PC or any external
Extract boot.img and system.img of F70 room kdztools etc...
For f70 room you have to bumped boot.img of F70
frist have to repack whit bootimg.exe http://en.miui.com/thread-27657-1-1.html
descompress and compress
and after used open bump
http://forum.xda-developers.com/lg-g2/orig-development/tool-bump-sign-boot-images-t2950595
Better put frist system.img to sdcard
1)whit dd flash the recovery to the boot img after that youre phone start always in recovery
because no recovery convination
2)flash boot.img to recovery
3) Now when you turn your phone start in the recovery mount /sdcard /system...
conect in and this recovery have adb
flash whit dd system partition
don't exit recovery
4)wipe cache factory reset
5) in avanced revot recovery will boot system (anytimes you power on have to do this)
The gide is not easy and safe i can made a better but flash f70 dosen't worst
yes you have more usb modes enabled, wifi theter and hotspot
but no unock , even any unlock boxes that have f70 direct unlock
all becuse the nvram is not accesible????
i brick my d315 with update v10e
hello,
I have got a LG D315 with root and TWRP 2.8.0.0.
today i see there is a update v10e for my phone.
so i accept the install. the update download , pass de verify ( no problem cause root) and reboot.
but the phone boot on TWRP only and the update no run . i can't reboot normaly , I'm blocked on TWRP ( reboot on system, bootloader or recovery >> return to TWRP) , the phone refuse to upgrade or reboot normaly ?
any ideas ???
please help !!
ps : sorry I'm french and i write bad english
willowlefou said:
hello,
I have got a LG D315 with root and TWRP 2.8.0.0.
today i see there is a update v10e for my phone.
so i accept the install. the update download , pass de verify ( no problem cause root) and reboot.
but the phone boot on TWRP only and the update no run . i can't reboot normaly , I'm blocked on TWRP ( reboot on system, bootloader or recovery >> return to TWRP) , the phone refuse to upgrade or reboot normaly ?
any ideas ???
please help !!
ps : sorry I'm french and i write bad english
Click to expand...
Click to collapse
I resolved my problem ,
I have backup the LAF files so in TWRP I 've restore the laf
Code:
dd if=/sdcard/backup/laf.img of=/dev/block/platform/msm_sdcc.1/by-name/laf
after i reboot in download mode ( power off / button up + plug usb cable )
the LGFlashTool2014 detect my phone i Ican retore the D31510e_00.kdz file with this tools.
my data aren't destroy.
thanks!
Hi guys! My lg f70 phone broken after use flash tool, (Qdloader 9008), i search fixing on internet, and finding them QFIl and qpst.. My phone cpu msm8926, need emmc firehose 8926 file for flashing emmc and fastboot restore file, somebody help? Sorry my bad english!
Sorry for this perhaps dumb question and I'm sure it was answered anywhere but searching for "mount root recovery" lists everything to root the device. Last time I need to do this was on my HTC Desire with that S-ON
Ok, but for the backgrounds:
I am running CM13 (rooted of cource) and I need to tweak /init.cm.rc startup script.
When doing this while running CM13 (/ filesystem mounted rw) any changes are gone after reboot.
So how can I do this?
My first thought was: Edit while in recovery. But in TWRP (3.0) the root filesystem isn't mounted - so how can I mount it?
Or on which partition is it located?
Thanks in advance!
Code:
Found valid GPT with protective MBR; using GPT
Disk /dev/block/mmcblk0: 61071360 sectors, 1148M
Logical sector size: 512
Disk identifier (GUID): 98101b32-bbe2-4bf2-a06e-2bb33d000c20
Partition table holds up to 44 entries
First usable sector is 34, last usable sector is 61071326
Number Start (sector) End (sector) Size Code Name
1 16384 180223 80.0M 0700 modem
2 180224 182271 1024K 0700 sbl1
3 182272 182463 98304 0700 sdi
4 182464 184511 1024K 0700 tz
5 184512 185511 500K 0700 rpm
6 185512 186535 512K 0700 hyp
7 186536 186791 128K 0700 pmic
8 186792 188839 1024K 0700 DDR
9 188840 189095 128K 0700 sec
10 189096 197855 4380K 0700 aboot
11 197856 198111 128K 0700 pmicbak
12 198112 200159 1024K 0700 sbl1bak
13 200160 202207 1024K 0700 tzbak
14 202208 203207 500K 0700 rpmbak
15 203208 204231 512K 0700 hypbak
16 204232 212991 4380K 0700 abootbak
17 212992 212993 1024 0700 devinfo
18 229376 237567 4096K 0700 fsg
19 245760 245761 1024 0700 limits
20 262144 270335 4096K 0700 modemst1
21 270336 278527 4096K 0700 modemst2
22 278528 279039 256K 0700 apdp
23 279040 279551 256K 0700 msadp
24 279552 280063 256K 0700 keymaster
25 280064 280575 256K 0700 cmnlib
26 280576 281087 256K 0700 keymasterbak
27 281088 281599 256K 0700 cmnlibbak
28 281600 281601 1024 0700 dpo
29 281602 281603 1024 0700 fsc
30 281604 281619 8192 0700 ssd
31 281620 294911 6646K 0700 oeminfo
32 294912 311295 8192K 0700 persist
33 311296 344063 16.0M 0700 metadata
34 344064 409599 32.0M 0700 boot
35 409600 475135 32.0M 0700 recovery
36 475136 606207 64.0M 0700 oem
37 606208 1015807 200M 0700 vendor
38 1015808 1220607 100M 0700 cache
39 1220608 1222655 1024K 0700 misc
40 1222656 1223679 512K 0700 keystore
41 1223680 1224703 512K 0700 frp
42 1224704 1225703 500K 0700 persistent
43 1225704 7517159 3072M 0700 system
44 7517160 61071326 25.5G 0700 userdata
markusmuster said:
Sorry for this perhaps dumb question and I'm sure it was answered anywhere but searching for "mount root recovery" lists everything to root the device. Last time I need to do this was on my HTC Desire with that S-ON
Ok, but for the backgrounds:
I am running CM13 (rooted of cource) and I need to tweak /init.cm.rc startup script.
When doing this while running CM13 (/ filesystem mounted rw) any changes are gone after reboot.
So how can I do this?
My first thought was: Edit while in recovery. But in TWRP (3.0) the root filesystem isn't mounted - so how can I mount it?
Or on which partition is it located?
Thanks in advance!
Code:
Found valid GPT with protective MBR; using GPT
Disk /dev/block/mmcblk0: 61071360 sectors, 1148M
Logical sector size: 512
Disk identifier (GUID): 98101b32-bbe2-4bf2-a06e-2bb33d000c20
Partition table holds up to 44 entries
First usable sector is 34, last usable sector is 61071326
Click to expand...
Click to collapse
sorry but init.cm.rc is a RAMDISK file... that means you need to change it in the boot.img .... so you will need to compile a new boot.img with your changes or use android image kitchen... but i warn you... playing with boot.img is for devs so dont do mistakes in there!
Sent from my Xperia T using XDA Free mobile app
Thanks for the information. Already guesses that.
Yesterday I saw somewhere in the init scripts that there was a Cyan-test for a user script. I will investigate this.
I am looking for a way to create a perfect, byte for byte, image of my internal memory so that I can recover data from the image in a safer way and from a copy where I cant destroy the original. I am really just looking to recover files I had under the /sdcard (USERDATA mount) however, since my partitions are messed up, I want to broaden the scope and capture everything. Can anyone point me in the right direction?
Help is greatly appreciated.
re: byte for byte
waypoint.delta said:
I am looking for a way to create a perfect, byte for byte, image of my internal memory so that I can recover data from the image in a safer way and from a copy where I cant destroy the original. I am really just looking to recover files I had under the /sdcard (USERDATA mount) however, since my partitions are messed up, I want to broaden the scope and capture everything. Can anyone point me in the right direction?
Help is greatly appreciated.
Click to expand...
Click to collapse
You would need to develop or find a developer who knows
how to create a very specific & special application to do that.
At the present time there is no applications that can do it.
You would be way better off to simply copy whatever good
files are in your internal memory to your computer because
any other way would result in many unusable files since
you said that the partition is all messed up.
By creating a byte for byte image of your internal memory
you would simply end up with a lot of unusable files since
your partitions are messed up.
Good luck, have a great day!
Thanks for the response Mr Junky. I can tell you I am fairly determined, short of hopping the NSA fence and demanding justice. Anyways, The partitions only matter so much since they do not define the files, the 1's and 0's do. There's tons of recovery software already, so no need to go that far, just need to get the data off my phone so it can be analysed. Square one is I grabbing a quality snapshot of the Internal Memory and putting it on my PC. At that point I can rebuild my phone without concern.
Misterjunky said:
. . .
Click to expand...
Click to collapse
Does anyone know if the partition/sector offsets ever change, or are they static? I ask because I ran "Repair or Change File System" on /data which shares a mount with /sdcard (i think). If they are static, it wont matter that the partition table was rebuilt, the lost data should still reside there. I can simply use DD to capture /dev/block/sda18 to a file. As a side note, I'm really glad i had busybox installed.
Code:
~ # ←[6n[COLOR="DarkGreen"][B]busybox fdisk -l /dev/block/sda[/B][/COLOR]
Note: sector size is 4096 (not 512)
Found valid GPT with protective MBR; using GPT
Disk /dev/block/sda: 62464000 sectors, 2336M
Logical sector size: 4096
Disk identifier (GUID): 52444e41-494f-2044-4d4d-43204449534b
Partition table holds up to 128 entries
First usable sector is 6, last usable sector is 7807994
Number Start (sector) End (sector) Size Code Name
1 1024 2047 4096K 0700 BOTA0
2 2048 3071 4096K 0700 BOTA1
3 3072 8191 20.0M 0700 EFS
4 8192 10239 8192K 0700 PARAM
5 10240 20479 40.0M 0700 BOOT
6 20480 32255 46.0M 0700 RECOVERY
7 32256 34303 8192K 0700 OTA
8 34304 45055 42.0M 0700 RADIO
9 45056 45311 1024K 0700 TOMBSTONES
10 45312 45567 1024K 0700 DNT
11 45568 45759 768K 0700 PERSISTENT
12 45760 45823 256K 0700 STEADY
13 45824 48127 9216K 0700 PERSDATA
14 48128 1148927 4300M 0700 SYSTEM
15 1148928 1200127 200M 0700 CACHE
16 1200128 1238527 150M 0700 HIDDEN
17 1238528 1239807 5120K 0700 CP_DEBUG
[COLOR="Red"][B] 18 1239808 7806719 25.0G 0700 USERDATA[/B][/COLOR]
~ # ←[6n
C:\adb>
C:\adb>adb shell
/dev/block/platform/155a0000.ufs/by-name # ?[6n[COLOR="darkgreen"][B]ls -l[/B][/COLOR]
__bionic_open_tzdata: couldn't find any tzdata when looking for localtime!
__bionic_open_tzdata: couldn't find any tzdata when looking for GMT!
__bionic_open_tzdata: couldn't find any tzdata when looking for posixrules!
lrwxrwxrwx 1 root root 15 Jan 2 12:45 BOOT -> /dev/block/sda5
lrwxrwxrwx 1 root root 15 Jan 2 12:45 BOTA0 -> /dev/block/sda1
lrwxrwxrwx 1 root root 15 Jan 2 12:45 BOTA1 -> /dev/block/sda2
lrwxrwxrwx 1 root root 16 Jan 2 12:45 CACHE -> /dev/block/sda15
lrwxrwxrwx 1 root root 15 Jan 2 12:45 CPEFS -> /dev/block/sdd1
lrwxrwxrwx 1 root root 16 Jan 2 12:45 CP_DEBUG -> /dev/block/sda17
lrwxrwxrwx 1 root root 16 Jan 2 12:45 DNT -> /dev/block/sda10
lrwxrwxrwx 1 root root 15 Jan 2 12:45 EFS -> /dev/block/sda3
lrwxrwxrwx 1 root root 16 Jan 2 12:45 HIDDEN -> /dev/block/sda16
lrwxrwxrwx 1 root root 15 Jan 2 12:45 OTA -> /dev/block/sda7
lrwxrwxrwx 1 root root 15 Jan 2 12:45 PARAM -> /dev/block/sda4
lrwxrwxrwx 1 root root 16 Jan 2 12:45 PERSDATA -> /dev/block/sda13
lrwxrwxrwx 1 root root 16 Jan 2 12:45 PERSISTENT -> /dev/block/sda11
lrwxrwxrwx 1 root root 15 Jan 2 12:45 RADIO -> /dev/block/sda8
lrwxrwxrwx 1 root root 15 Jan 2 12:45 RECOVERY -> /dev/block/sda6
lrwxrwxrwx 1 root root 16 Jan 2 12:45 STEADY -> /dev/block/sda12
lrwxrwxrwx 1 root root 16 Jan 2 12:45 SYSTEM -> /dev/block/sda14
lrwxrwxrwx 1 root root 15 Jan 2 12:45 TOMBSTONES -> /dev/block/sda9
[COLOR="Red"][B]lrwxrwxrwx 1 root root 16 Jan 2 12:45 USERDATA -> /dev/block/sda18[/B][/COLOR]
/dev/block/platform/155a0000.ufs/by-name # ?[6n
I created the dd image of the USERDATA partition and saved it to the external SD card using the following command
Code:
dd if=/dev/block/sda18 of=/external_sd/dev/block/sda18.dd bs=4096
I then ran it against photorec which only returned 2 elf files. I will run it against testdisk as well, but I'm thinking either the data is gone or I did not use DD correctly.
In TWRP, when you go to "Wipe" -> "Advanced Wipe" you see a list of partitions, among them are "Data" and "Internal Storage". I wiped the "Data" partition as I thought "Internal Storage" would be untouched (since it was listed seperatly). Nope. Apparently they map to the exact same partition
Code:
/dev/block/sda18 on /data type ext4 (rw,seclabel,relatime,data=ordered)
/dev/block/sda18 on /sdcard type ext4 (rw,seclabel,relatime,data=ordered)
I used "Change File System" on "Data" in order to make it usable again, I must have destroyed all the data I was trying to recover. Had I build the image before I fixed the data partition, I would probably have recovered most everything.
Thanks go out to Samsung for enabling auto update by default and for thoroughly testing the update which blew up my phone! Great job guys : )
waypoint.delta said:
I am looking for a way to create a perfect, byte for byte, image of my internal memory so that I can recover data from the image in a safer way and from a copy where I cant destroy the original. I am really just looking to recover files I had under the /sdcard (USERDATA mount) however, since my partitions are messed up, I want to broaden the scope and capture everything. Can anyone point me in the right direction?
Help is greatly appreciated.
Click to expand...
Click to collapse
You need to use photorec directly on the block device, not a copy. Copies don't copy detached inodes, even with dd.
Sent from my SM-G935T using Tapatalk
Everything I've read online negates that statement. however, I've yet to recover anything from the images I've copied, but I believe it may be due to hardware error. As a test, I put an photo on my /system mount and deleted the image. then I cloned the system block device and attempted recovery using photorec. this test failed to recover the file. so either DD is not copying the raw bytes or I am doing something incorrectly. I will try the same test using scalpel and also on another android phone.
toastido said:
You need to use photorec directly on the block device, not a copy. Copies don't copy detached inodes, even with dd.
Sent from my SM-G935T using Tapatalk
Click to expand...
Click to collapse
Can someone explain me how the TPT does the booting? According to the nvidia manual there should be a BCT image somewhere on the device, either in SPI or in eMMC but I can not find it. According to this post: https://forum.xda-developers.com/showthread.php?t=2318140 there should be 16 partitions, but it looks like I only have 10:
Code:
[email protected]:/ # cat /proc/partitions
major minor #blocks name
179 0 15387648 mmcblk0
179 1 6144 mmcblk0p1
179 2 8192 mmcblk0p2
179 3 786432 mmcblk0p3
179 4 921600 mmcblk0p4
179 5 2048 mmcblk0p5
179 6 524288 mmcblk0p6
179 7 20480 mmcblk0p7
259 0 143360 mmcblk0p8
259 1 20480 mmcblk0p9
259 2 12939264 mmcblk0p10
[email protected]:/ # ls -al /dev/block/platform/sdhci-tegra.3/by-name/
lrwxrwxrwx root root 2018-08-16 09:07 AP -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2018-08-16 09:07 CC -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2018-08-16 09:07 LX -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2018-08-16 09:07 MC -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2018-08-16 09:07 PA -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2018-08-16 09:07 SC -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2018-08-16 09:07 SS -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2018-08-16 09:07 UA -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2018-08-16 09:07 UP -> /dev/block/mmcblk0p8
As p1 is the recovery image and p2 is the kernel, I do not see any more partitions where the BCT image could be.
nvflash does not work on my device, as the APX mode is locked.
What I find a little bit worrying, is that fdisk says I have no partition table:
Code:
[email protected]:/ # fdisk -l mmcblk0
Disk mmcblk0: 15.7 GB, 15756951552 bytes
4 heads, 16 sectors/track, 480864 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
Disk mmcblk0 doesn't contain a valid partition table
Should this command fail?
But there must be the configuration somewhere, right?
I have a TPT 1839-22G
I imaged now the whole eMMC using dd and found out that in difference to the posted partition table, the partitions BCT, PT, EBT and GP1 are missing. the Partitions SOS starts 0x100000 bytes earlier as given in the other thread.
Between 0x0 and 0x00d00000 I can find some non zero bytes but nothing which caught my attention.
Using gdisk I could restore the partition table:
Code:
GPT fdisk (gdisk) version 1.0.3
Unsupported GPT version in backup header; read 0x00000000, should be
0x00010000
Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: not present
Creating new GPT entries.
Command (? for help): p
Disk mmcblk0.img: 30775296 sectors, 14.7 GiB
Sector size (logical): 512 bytes
Disk identifier (GUID): D3A36F54-6FB0-48C2-B599-DFD0D4E294BF
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 30775262
Partitions will be aligned on 2048-sector boundaries
Total free space is 30775229 sectors (14.7 GiB)
Number Start (sector) End (sector) Size Code Name
Command (? for help): r
Recovery/transformation command (? for help): b
Recovery/transformation command (? for help): p
Disk mmcblk0.img: 30775296 sectors, 14.7 GiB
Sector size (logical): 512 bytes
Disk identifier (GUID): D3A36F54-6FB0-48C2-B599-DFD0D4E294BF
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 30775262
Partitions will be aligned on 2048-sector boundaries
Total free space is 30775229 sectors (14.7 GiB)
Number Start (sector) End (sector) Size Code Name
Recovery/transformation command (? for help): c
Warning! This will probably do weird things if you've converted an MBR to
GPT form and haven't yet saved the GPT! Proceed? (Y/N): y
Caution! After loading partitions, the CRC doesn't check out!
Recovery/transformation command (? for help): p
Disk mmcblk0.img: 30775296 sectors, 14.7 GiB
Sector size (logical): 512 bytes
Disk identifier (GUID): D3A36F54-6FB0-48C2-B599-DFD0D4E294BF
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 30775262
Partitions will be aligned on 2048-sector boundaries
Total free space is 30653 sectors (15.0 MiB)
Number Start (sector) End (sector) Size Code Name
1 26624 38911 6.0 MiB 0700 体S
2 38912 55295 8.0 MiB 0700 乌X
3 55296 1628159 768.0 MiB 0700 偁P
4 1628160 3471359 900.0 MiB 0700 䅃C
5 3471360 3475455 2.0 MiB 0700 卍C
6 3475456 4524031 512.0 MiB 0700 䥐A
7 4524032 4564991 20.0 MiB 0700 䕓C
8 4564992 4851711 140.0 MiB 0700 单P
9 4851712 4892671 20.0 MiB 0700 䑐A
10 4892672 30771199 12.3 GiB 0700 䑕A
Which also shows, that there are no partitions before 0xd00000.
But where is the BCT stored then?
Hello to all.
I am trying to resize the partition /system using the parted and gdisk commands. But none of these commands succeed in changing mmcblk0 partitions after execution.
The things I do are as follows:
- install adb and fastboot and put them to the system variables.
- enable Settings>developer options>USB debugging and Root debugging
- install TWRP recovery.
- run cmd in adminitsrator permission.
- write these command in CMD :
adb root
adb reboot recovery
adb push gdisk /sbin
adb push parted /sbin
adb shell chmod 777 /sbin/gdisk
adb shell chmod 777 /sbin/parted
adb shell
~#> cd /dev/block
dev/block> gdisk mmcblk0
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): p
Disk /dev/block/mmcblk0: 61071360 sectors, 29.1 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 98101B32-BBE2-4BF2-A06E-2BB33D000C20
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 61071326
Partitions will be aligned on 2-sector boundaries
Total free space is 8158 sectors (4.0 MiB)
Number Start (sector) End (sector) Size Code Name
1 8192 38911 15.0 MiB 8300 apnhlos
2 38912 156543 57.4 MiB 0700 modem
3 156544 157567 512.0 KiB FFFF sbl1
4 157568 157631 32.0 KiB FFFF dbi
5 157632 157695 32.0 KiB FFFF ddr
6 157696 161791 2.0 MiB FFFF aboot
7 161792 162815 512.0 KiB FFFF rpm
8 162816 163839 512.0 KiB FFFF tz
9 163840 184319 10.0 MiB FFFF pad
10 184320 204799 10.0 MiB 8300 param
11 204800 233471 14.0 MiB 8300 efs
12 233472 239615 3.0 MiB FFFF modemst1
13 239616 245759 3.0 MiB FFFF modemst2
14 245760 268287 11.0 MiB FFFF boot
15 268288 294911 13.0 MiB FFFF recovery
16 294912 321535 13.0 MiB FFFF fota
17 321536 335853 7.0 MiB 8300 backup
18 335854 341997 3.0 MiB FFFF fsg
19 341998 341999 1024 bytes FFFF fsc
20 342000 342015 8.0 KiB FFFF ssd
21 342016 358399 8.0 MiB 8300 persist
22 358400 376831 9.0 MiB 8300 persdata
23 376832 5095423 2.3 GiB 8300 system
24 5095424 5709823 300.0 MiB 8300 cache
25 5709824 5730303 10.0 MiB 8300 hidden
26 5730304 61071326 26.4 GiB 8300 userdata
Command (? for help): d
Partition number (1-26): 26
Command (? for help):w
(curser blinking) and device goes to hang!!!!!
anyone can help me? I do this in parted command. It is like above.
after restarting the device, all of the partition are there, like before...
I also used PIT file with different partition sizes, but nothing change. Odin shown : RQT_CLOSE!!