build.prop missing in OPR1.170623.026.8.1.10 (Android O)? - Xiaomi Mi A1 Questions & Answers

Hi,
I recently got my M1 A1 from Elisa, in Estonia(packages says Global Version). I've been looking for a guide to enable camera2 API, and since I'm not interested in root or other functionalities, I figured I could only edit build.prop file in /system with the relevant
Code:
persist.camera.HAL3.enabled=1
line.
My steps so far:
1. Unlock the bootloader.
2.Temporarily boot into TWRP:
Code:
PS C:\platform-tools> .\adb reboot bootloader
PS C:\platform-tools> .\fastboot devices
28833e59 fastboot
PS C:\platform-tools> .\fastboot boot recovery-tissot.img
downloading 'boot.img'...
OKAY [ 0.755s]
booting...
OKAY [ 0.592s]
finished. total time: 1.353s
3. Mount /system from TWRP
4. Try to pull out build.prop:
Code:
PS C:\platform-tools> .\adb pull /system/build.prop c:\platform-tools
adb: error: failed to stat remote object '/system/build.prop': No such file or directory
At this point, I was starting to worry: wrong TWRP, /system was not mounted properly, etc.. But then I tried:
Code:
PS C:\platform-tools> .\adb pull /system/default.prop
/system/default.prop: 1 file pulled. 0.0 MB/s (893 bytes in 0.052s)
...and it worked perfectly:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
security.perf_harden=1
ro.adb.secure=1
ro.allow.mock.location=0
ro.debuggable=0
ro.oem_unlock_supported=true
ro.zygote=zygote64_32
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
ro.dalvik.vm.native.bridge=0
dalvik.vm.usejit=true
dalvik.vm.usejitprofiles=true
dalvik.vm.dexopt.secondary=true
dalvik.vm.appimageformat=lz4
pm.dexopt.first-boot=quicken
pm.dexopt.boot=verify
pm.dexopt.install=quicken
pm.dexopt.bg-dexopt=speed-profile
pm.dexopt.ab-ota=speed-profile
debug.atrace.tags.enableflags=0
ro.logdumpd.enabled=0
#
# BOOTIMAGE_BUILD_PROPERTIES
#
ro.bootimage.build.date=Wed Jan 10 14:39:53 WIB 2018
ro.bootimage.build.date.utc=1515569993
ro.bootimage.build.fingerprint=xiaomi/tissot/tissot_sprout:8.0.0/OPR1.170623.026/8.1.10:user/release-keys
persist.sys.usb.config=mtp
So, my question: where does that build.prop live or hides? And can default.prop be used instead for the same purposes as build.prop?
What other steps I've tried so far:
- factory reset(twice);
- full firmware flash with MiFlash(and factory reset after);
- different versions of TWRP(best one from here:https://forum.xda-developers.com/showpost.php?p=75357241&postcount=817 )

Oh, and what I've noticed weird is this message, when invoking adb shell:
Code:
PS C:\platform-tools> .\adb shell
linker: error reading config file "/system/etc/ld.config.txt" for "/sbin/busybox" (will use default configuration): error reading file "/system/etc/ld.config.txt": Too many symbolic links encountered
WARNING: linker: error reading config file "/system/etc/ld.config.txt" for "/sbin/busybox" (will use default configuration): error reading file "/system/etc/ld.config.txt": Too many symbolic links encountered

/system/system/build.prop

You should be interested in root in this case, because whenever you mount the system with write privileges which you do, you loose OTAs. Magisk let you to modify the system systemlessly and whenever you receive OTA, you can install it.

sorry but which is the utility of OPR..?

maross said:
You should be interested in root in this case, because whenever you mount the system with write privileges which you do, you loose OTAs. Magisk let you to modify the system systemlessly and whenever you receive OTA, you can install it.
Click to expand...
Click to collapse
I guess I'll just dirty flash new firmwares with MiFlash . Maybe even restore original build.prop, MiFlash, then modify build.prop again. Rooting sometimes affects some apps, i.e. some banking apps won't install, Neflix won't let you download content, and so on.

sidbyron said:
sorry but which is the utility of OPR..?
Click to expand...
Click to collapse
It's just a naming convension for the firmware filename that Xiaomi uses.

quad_bx said:
I guess I'll just dirty flash new firmwares with MiFlash . Maybe even restore original build.prop, MiFlash, then modify build.prop again. Rooting sometimes affects some apps, i.e. some banking apps won't install, Neflix won't let you download content, and so on.
Click to expand...
Click to collapse
Just use Magisk with Magisk hide feature. You will achieve the same with less effort. Btw. direct modification of system will break Safetynet as far as I know, so you won't be able to install Netflix anyway [emoji846]

_mysiak_ said:
Just use Magisk with Magisk hide feature. You will achieve the same with less effort. Btw. direct modification of system will break Safetynet as far as I know, so you won't be able to install Netflix anyway [emoji846]
Click to expand...
Click to collapse
Well, let's take for example TWRP installation.... The official variant does not work on the last Oreo build(internal storage size is seen as 0, can't install). And for Magisk, I could not find a detailed tutorial to follow.
Anyway, let me see if I can find the hidden build.prop and what happens.

quad_bx said:
Anyway, let me see if I can find the hidden build.prop and what happens.
Click to expand...
Click to collapse
So, I've found it. On the plus side, editing it and re-uploading it did not trip SafetyNet. But... camera2 API is not enabled
I've even managed to edit it twice, in system_a and system_b, same result. Rebooting, clearing the app cache for the apps where I wanted to get RAW shooting did not help either.

I confirm build.prop is in /system/system after mounting it with TWRP.
I can pull it, change it, and push it, but nothing actually changes in the phone.
I confirm that going into "adb shell" generates that error.
Issue is: I DON'T WANT to install Magisk, I DON'T WANT to root.
I want auxiliary tele lens exposed to OpenCamera and gCam porting, and I want Whatsapp forced to use HAL1 specifics (as inner Whatsapp camera brakes after enabling Camera2api).
It means to convert this line:
camera.hal1.packagelist=com.skype.raider,com.google.android.talk
To this
camera.hal1.packagelist=com.skype.raider,com.google.android.talk,com.whatsapp
... and nothing more.
To me it sounds stupid to root, installa Magisk and leave the phone unlocked just to tell Whatsapp to use HAL1.
Also for exposing aux camera, it means to turn:
#Expose aux camera for below packages
vendor.camera.aux.packagelist=org.codeaurora.snapcam,com.android.camera,com.huaqin.factory,com.mi.AutoTest
#add by yaoshaorong for Expose aux camera for D2AO-892 for packagelist can't more than 91 byte
vendor.camera.aux.packagelist2=com.android.systemui
to
#Expose aux camera for below packages
vendor.camera.aux.packagelist=org.codeaurora.snapcam,com.android.camera,com.huaqin.factory,com.mi.AutoTest
#add by yaoshaorong for Expose aux camera for D2AO-892 for packagelist can't more than 91 byte
vendor.camera.aux.packagelist2=com.android.systemui,net.sourceforge.opencamera
But it simply doesn't work.
Is this the right file, or do we need to modify something else?

Dm verity and the related error correction changes your modifications back to the stock build.prop

Related

TWRP for HTC One M9

From TeamWin
http://twrp.me/devices/htconem9.html
Fastboot method without root? Looks interesting.. ill try later that day.
nope not possible
target reported max download size of 536870912 bytes
sending 'recovery' (35928 KB)...
OKAY [ 1.308s]
writing 'recovery'...
FAILED (remote: cannot flash this partition in s-on state)
finished. total time: 1.328s
but i hope with unlocked bootloader its possible to flash recovery ?
Yes. You need unlocked bootloader.
crucky said:
nope not possible
target reported max download size of 536870912 bytes
sending 'recovery' (35928 KB)...
OKAY [ 1.308s]
writing 'recovery'...
FAILED (remote: cannot flash this partition in s-on state)
finished. total time: 1.328s
but i hope with unlocked bootloader its possible to flash recovery ?
Click to expand...
Click to collapse
Damn man you're lucky you didn't brick your new phone, make sure to do the research first - Adam
@Adam182 - that wouldn't brick it. Reason? It won't flash in the first place.
Mr_Bartek said:
@Adam182 - that wouldn't brick it. Reason? It won't flash in the first place.
Click to expand...
Click to collapse
Got 2.8.5.0 running on my test device...... :good:
Rooted. There are limitations. \system is not writeable, as was initially on the M8 until insecure kernels were released here. Titanium Backup can't write to removable sdcard yet. I still have a hornet's nest of diagnostic software running and I have to give it a wide berth because logging is required on test devices.
Wonder if anyone there will notice what I've done after the overnight logs......
hgoldner said:
Got 2.8.5.0 running on my test device...... :good:
Rooted. There are limitations. \system is not writeable, as was initially on the M8 until insecure kernels were released here. Titanium Backup can't write to removable sdcard yet. I still have a hornet's nest of diagnostic software running and I have to give it a wide berth because logging is required on test devices.
Wonder if anyone there will notice what I've done after the overnight logs......
Click to expand...
Click to collapse
I have a tool which can recompile/decompile a kernel easy! No commands, you're rooted, get the stock kernel and disable it's security through it? I hope it works (Worked on 5-6 Qualcomm devices) .... Look into my sign
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm​
MZ_. said:
I have a tool which can recompile/decompile a kernel easy! No commands, you're rooted, get the stock kernel and disable it's security through it? I hope it works (Worked on 5-6 Qualcomm devices)]
Click to expand...
Click to collapse
How do I get the boot.img from the device?
UPDATE: I might have the image at this point. Stumbled my way through adb commands to get the block, used the instructions here to extract what I believe to be a boot.img. Not sure, though, and sure as hell not going to flash it......
hgoldner said:
How do I get the boot.img from the device?
Click to expand...
Click to collapse
Rooted yeah? Extract from /dev/block/platform/msm_sdcc.1/by-name/boot (I told the link about my phone, yours may vary)
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm​
Boot.img from 1.32.401.8: https://mega.co.nz/#!LY4nSK4D!S2QQcT5RQ2zurniqTiIlAEfOPo2DzndkN0VL5BQlgRc
Mr_Bartek said:
Boot.img from 1.32.401.8: https://mega.co.nz/#!LY4nSK4D!S2QQcT5RQ2zurniqTiIlAEfOPo2DzndkN0VL5BQlgRc
Click to expand...
Click to collapse
Cool, now someone can unpack/repack it with mods and boot from it, please do not flash as we don't know the outcome, better than risking it, just boot
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Info about my work:
1)Kernel tool (reported to work on MTK too, tested on Qualcomm)
2)Bypass forgotten lock-screen without a factory reset
3)A COMPLETE TOOL for android, easy as cake, reported to work on MTK&Qualcomm​
There's no risk in flashing. If it doesn't work just reflash my boot.img.
Mr_Bartek said:
There's no risk in flashing. If it doesn't work just reflash my boot.img.
Click to expand...
Click to collapse
I think I did it, based upon instructions here.
At least I believe I have a boot.img. Filesize is 65,536KB, was block p065. Note, ROM version currently is 1.33.90605.315 on Verizon, not Mr_Bartek's version.
Don't flash my version on Verizon. That is a large partition for just boot.img. What command did you use?
Mr_Bartek said:
Don't flash my version on Verizon. That is a large partition for just boot.img. What command did you use?
Click to expand...
Click to collapse
From the thread, I did the following:
1. I figured out that the mountpoints were located in /dev/block/f9824900.sdhci
2. From that I concluded that boot was mmcblk0p65
3. Based upon that I did the following in a DOS box on a Win7 system with the M9 connected via USB with debugging enabled:
Code:
adb shell
su
dd if=/dev/block/mmcblk0p65 of=/sdcard/boot.img
I then pulled the boot.img off the sdcard to my PC
Note that the problem right now is that the internal drive is encrypted (they asked me to test encryption) and I can't turn encryption OFF on the internal sdcard. I've turned it on and off repeatedly on the removable sdcard (and that's not operating properly either). As a result, when I boot to recovery, TWRP can't read the internal sdcard. It asks me (repeatedly) to decrypt, but it doesn't accept the password. I was able to run a Nandroid onto the removable sdcard and backed up boot that way, too.
there just was an OTA for german O2 variant
Maybe one wanna try to use that boot.img ?
Kugelfischmau said:
here you go:
OTA_HIMA_UHL_L50_SENSE70_O2_UK_1.32.206.15-1.32.206.6_release_426806c23qb1mi6by8irro.zip
Click to expand...
Click to collapse
//EDIT:
was able to extract the kernel out of that boot.img with @MZ_. img tool.
But from here on I can't do nothing. If one could get an M9 for @Lord Boeffla, I'm sure he would have a look
DroidShift79 said:
there just was an OTA for german O2 variant
Maybe one wanna try to use that boot.img ?
//EDIT:
was able to extract the kernel out of that boot.img with @MZ_. img tool.
But from here on I can't do nothing. If one could get an M9 for @Lord Boeffla, I'm sure he would have a look
Click to expand...
Click to collapse
Feeling pretty accomplished .. BTW can't you edit default.prop by that? It has option about ro.secure=1 (be default) ... Not sure but you could try? :/
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
Spoiler
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
default.prop looks like this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.adb.secure=1
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
persist.sys.usb.config=adboff
ro.zygote=zygote64_32
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
ro.dalvik.vm.native.bridge=0
DroidShift79 said:
default.prop looks like this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.adb.secure=1
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
persist.sys.usb.config=adboff
ro.zygote=zygote64_32
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
ro.dalvik.vm.native.bridge=0
Click to expand...
Click to collapse
Try to change first two values to 0 ... Worked for my LGE975 (but remember HTC's bootloader is different)
-------------------------------------------
HIT Thanks if you like my post
-------------------------------------------
My work:
[TOOL]Kernel/Boot.img (un)packer
[ZIP]Flashable zip to bypass lockscreen for LG E975
[TOOL]ANDROID's COMPLETE TOOLBOX
Baseband Fix fir LG F180X converted to International E975

Huawei Y625-U43 "soft" bricked

Hi xda-developers before read my long story sorry for my bad english and I hope you can help me…
I bought this phone recently and because I don't feel comfortable with EMUI I decided to do some modding. I rooted the phone successfully, remove some apps, install a new launcher and at this point everything was fine then i decided to install XPOSED FRAMEWORK.
I didn´t know that Huawei phones has so many problems with Xposed but I took the risk to follow Xposed installation instructions of another Huawei model. I'll write the instructions that I followed.
I changed ro.config.hwtheme in build.prop to 0, reboot and everything was fine
Then I installed a console app to use this commands:
Code:
su
mount -o rw,remount /system
cd system
lsattr
chattr -R -i *
rm –f /system/set_immutable.list
But when i used lsattr and chattr the console display COMMAND NOT FOUND then I read an alternative to that commands.
Code:
chmod –R –i *
I have a little experience with Linux but I had never seen the “-i” modificator on chmod and the console too xD it displays
Code:
“bad mode not valid –i command”
or something similar.
Finally in a moment of stupidity I executed this command
Code:
chmod –R 777 *
I Reboot, Huawei logo then black screen, I remove the baterry, reboot and the same…
Well I only have the default Android recovery on the phone…
I found a ROM but that ROM is for the Huawei Y625-U32 I tried to modify this ROM removing the getprop lines on update-script and resinging the rom with APK SIGN but always trying to flash the signature verification fails.
Finally i read apart of the 3 files that generates APK SIGN in the META-INF folder (cert.rsa, cert.sf and manifest.mf) inside com/android exists other certificates files (otacert and metadata) and this files are related with the file /security/etc/otacerts.zip inside the phone but with Android recovery everything is complicated.
Well after my long story anybody can help me? I thought of these possible solutions:
Anybody can share me a backup ROM (update.App file) of this model (I know is a bit heavy to upload 700MB aprox.)
Help me modifying the Y265-U32 ROM to pass the frustrating signature check of Android Recovery (of course if at the end would be safe to mod that ROM or not )
Or any other suggestion please XDA Friends and thanks in advance.
P.D. I want to try all possibilities before send to technical service besides that the model was released recently (April 2015) and I dont know if they can flash it and sorry for my bad english again.
I'm on Colombia and I have the same model, original firmware can be found here: http://consumer.huawei.com/co/support/downloads/detail/index.htm?id=66735&key4=Y625
This is stock ROM. I recommend you NOT modify your system if you don't know too much.
Hope this helps
Hello guys I have a Huawei Y625-U13 from Mexico. My device is Softbricked, it wont boot up, its stucked at HUAWEI's Logo. I found the firmware to make an update via SD card (dload file). But I can't install it on my device, somebody knows how to?

wifi turning itself off, driver not being loaded.

Edit: Considering all the complex processes that I've done, I'm willing to do some series of steps again with the gathered knowledge, but I still need some guidance.
Actual status: Losing my mind (not fixed)
Here's the info of my current problem:
I have a XT1563, cid12 (cl)
Working perfectly until android 6.0 OTA. After restart, in the wifi screen loading bar is constantly present and switches itself off after a couple of seconds of activated. Network list is empty, mac address appears as 02:00:00:00:00:00 in wifi details and status of the phone.
Sent it to support and they 'updated the software', when I got it back wifi was working, but when I installed sd and sim cards back it stopped working.
The most relevant logcat message that appears to be the main one is from WifiStateMachine:
Code:
WifiStateMachine: Fail to set up pno, want false now false
WifiStateMachine: Failed to load driver
Things I've done
Most of this steps have been tried with clean installs and removing sd/sim cards
Network Reset
Factory Reset
Flash different stock roms (currently on 6.0.1 MPD24.107-52)
Flashed ultra kernel R2, R3 and squid kernels 14, 15, 15 oc, 15b
Used twrp 2.8.7 and 3.0.0-r2
Used rsd to flash official firmware for my carrier (RETLA-ENTEL_6.0_MPD24.65-25.1)
Flashed CM 12 and CM 13 unofficial
Installed SuperSU and Busybox
Changed owners and permits in persist/
Copied new persist from different sources
Hex edited .bin file in persist/
downloaded WCNSS_wlan_dictionary.dat and put it in persist to comply with symlink in prima/
fastboot oem install [2 of my carriers; entel, claro]
Replaced WCNSS files in persist with the ones available the motorola repo
Copied WCNSS factory file to prima/ folder
Copied WCNSS_qcom_cfg.ini to /data/misc/wifi
went crazy with 776 permissions
Even after flashing stock with RSDLite, bootloader show the modified status as 3 when I think it should be 2. This has led me to think that something is in the file system that android does not like but is not being fixed by RSD nor clean wipes.
From what I understand, the only thing that could be surviving full flashes and wipes are contents in persist/ and modifications to the root of the system, like busybox and superSU. I've not been able to find any way of cleaning the root of the phone and I imagine that's really dangerous.
TL;DR Wifi driver is not loading, persist folder is ok and clean flash does not fix it.
Possibly relevant logcat entries:
E WifiService: Invoking mWifiStateMachine.setWifiEnable
D WifiStateMachine: setting operational mode to 1
E WifiHW : User build,dont Start logging service.
E WifiService: Invoking mWifiStateMachine.setWifiEnabled
E WifiStateMachine: Failed to load driver
D WifiStateMachine: setWifiState: unknown state
Info for nerds:
Source code of WifiStateMachine.java containing the error message:
Code:
public boolean processMessage(Message message) {
switch (message.what) {
case CMD_START_SUPPLICANT:
[B]if (mWifiNative.loadDriver())[/B] {
// Code for loading supplicant
} else {
loge("Failed to load driver");
}
break;
# More code
}
}
WifiNative.java cointains the class being instantiated where the evaluation calls a empty abstract method:
Code:
public native static boolean loadDriver();
I'm having problems for identifying where this class is being extended for this method to actually do something. If anyone knows please leave a comment.
Wifi problems and fixes
I've still not found a solution for myself, but I figured I still can give some tips for people with problems, especially considering how confusing is to get information about this.
This is a work in progress. I would gladly receive corrections and new info.
Before anything, do a backup. Even if your wifi does not work, it can save you from a lot of problems. Remember to backup the persist folder, a lot of automated recoveries don't make a backup of that folders because it's supposed to survive flashes but there's ways in which you can do it by mistake. It also helps a lot with bug hunting.
Things you should have already tried:
Plane mode on, reboot, wifi on and plane mode off
Network settings reset in android and reboot
Rebooted to safemode (longpress in power off when turning phone off]
Factory reset in android
Removal of SD and SIM cards
Factory reset in recovery
Flash Stock ROM in RDSlite
Unlock bootloader
Activate developer mode and set usb debug on
Installed custom recovery
Clean Flash stock ROM trough fastboot
Flash custom Kernels
Things you need:
adb and fastboot
usb drivers for the phone
Optional Text editor that preserves text format (avoid notepad and MS word)
Optional Busybox for extended commands in android shell (root required)
Optional If you're in windows and want to mess with adb: A decent console to work with.
Option A: cash with cmder
Install cmder
Install NodeJs
Install cash tipping in cmd npm install cash-global -g (after NodeJs)
Option B: babun
http://babun.github.io/
optional Open text editor for easy copy-paste of long paths and commands
optional Hex editor if you want to edit .bin files. I use XVI32
Useful console commands (In windows you need one of the optional shells described above)
List files and folders
Code:
ls -la [path to list]
Find file/folder in linux (and android shell)
Code:
find / -iname '*[word you're looking]*'
* are 'wildcards', they allow for matching any text (or no text at all)
you can add, before -iname, -type f (for files) or -type d (for folders)
Symlink
It's an alternative of copying files. this allows you to simulate having a file in two different places, but really all paint to one. Modifications in this source are going to affect all the links, so it's easier to configure. Android does this a lot.
Code:
ln -s [path to] [from]
Copy files and folders
Code:
cp [-R if you want to move folders] [path to source] [path to target]
logcat for essential wifi messages (short-colored) If someone know more, please let me know
Code:
adb logcat -v brief -v color WifiSerice:V WifiHW:V WifiStateMachine:V FileUtils:V QSEECOMAPI:V *:S
change owners and permissions
the flag -R makes the command work for files and subfolders
Code:
chown user:group [path to file or folder]
chmod [num of user][num of group][num of all] [path to file or folder] [SIZE="2"](e.g. chmod 660 /persist/WCNSS_qcom_wlan_nv.bin)[/SIZE]
grep
This one is awesome; It's for filtering the results of any command, so you can use it for filtering.
Code:
[command you want to filter] | grep -i [term you're looking for]
For example, [adb logcat] gives you a huge list of messages, but [adb logcat | grep -i wifi] gives you just the lines that contain 'wifi'
From my experience, this are the common folders related to wifi configs:
Code:
/persist/
/system/etc/firmware/wlan/prima/
/system/etc/wifi/
/data/misc/wifi/
Command list for do a full clean flash:
please note that system.img_sparsechunk can vary in number according to ROM, but I've put 9 in here because failed commands don't write to phone
note: fastboot flash partition gpt.bin works perfectly when used first, but for me it's failing when I erase system and boot first.
Code:
fastboot erase system -w
fastboot erase boot
fastboot erase fsg
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash system system.img_sparsechunk.9
fastboot flash modem NON-HLOS.bin.
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot erase customize
fastboot erase clogo
fastboot reboot (or reboot-bootloader)
Important: Every time you flash, do a clean wipe. In fastboot this usually means using erase system -w and erase boot before flashing.
Be aware that for getting the logcat your phone must be booted to android OS.
Be aware that for copying and modifying important files you must access the phone's shell either in recovery mode or switching to root with the command (su) that's only accesible if you're rooted.
Ok. If you made it this far you're probably losing your mind. To debug this, especially if you're going to post asking for help, get the catlog of your phone and/or a precise description to look for clues to your problem (I have a command ready for you above).
Here's some common solutions I've found while trying to solve my own problem: (Credits to the authors of the solutions)
Bad permissions/users
These appear to be correct or usable permissions for relevant files. Consider that there's a lot of fragmentation in this info so they might be wrong.
Confirmation of these would be great:
Code:
-rwxrwx--- wifi wifi /system/etc/wifi
-rw-rw---- wifi wifi /system/etc/wifi/wpa_supplicant.conf
-rwxrwx--- wifi wifi /data/misc/wifi
-rwxrwx--- wifi wifi /data/misc/wifi/sockets
-rw-rw---- wifi wifi /data/misc/wifi/wpa_supplicant.conf
-rw-rw---- system:wifi /data/misc/wifi/WCNSS_qcom_cfg.ini
-rw-rw---- wifi wifi WCNSS_qcom_wlan_nv.bin
-rw-rw---- root root WCNSS_wlan_dictionary.dat
-rwxrwx--- is 770, -rw-rw---- is 660
Is reported in some places that the parent folder of wpa_supplicant.conf should be -rw-rw---- wifi wifi
Missing or badly configured wpa_supplicant.conf
The solution is place a new copy of the file in the correct folders. If someone has a 'oficial' source or more info let me know
I remember reading that some people had success deleting the file so the SO rebuilds it. Do it to your discretion and remember to backup
Missing WCNSS files
These files are essential and must be in the correct paths for wifi drivers to load.
There's a lot of different sources for this files, but from my experiencie they don't change a lot (last commits are more than one year old).
Files in oficial source repository from motorola
These posts have info and files
http://forum.xda-developers.com/showthread.php?t=2589790
http://forum.xda-developers.com/showpost.php?p=48861415&postcount=19
Paths of relevant files. Please consider that not just because it's here means you need it
Code:
/persist/WCNSS_qcom_wlan_nv.bin
/persist/WCNSS_qcom_wlan_factory_nv.bin
/persist/WCNSS_qcom_wlan_dictionary.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini
/system/etc/firmware/wlan/prima/WCNSS_cfg.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_nv.bin
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_dictionary.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_factory_nv.bin
/data/misc/wifi/WCNSS_qcom_cfg.ini
/data/misc/wifi/wpa_supplicant.conf
Missing /persist/drm/widevine and/or /persist/prov
Check this two posts:
http://forum.xda-developers.com/showthread.php?t=2589790
http://forum.xda-developers.com/showpost.php?p=48861415&postcount=19
In there you can find backups to get the folders, restore them to /persist/ and check permissions.
Bad MAC address in WCNSS_qcom_wlan_nv.bin
Sometimes the file WCNSS_qcom_wlan_nv.bin needs to be updated with the correct mac address.
Since it's a .bin file, it cannot be changed with a text editor. You need to use a hex editor (XVI32 link is in 'things you need' above).
The mac address starts at 'A' (since is hex) or, more simply, after 10 'cells'. Be aware that in this editor changes get 'inserted' instead of modified, so you have to delete the initial 6 addresses of the old mac.
Put the file back, and check permissions. There's two copies of this file: one in /persist/ and another in /system/etc/firmware/wlan/prima/ change one or both according with your situation
Some logcat messages and details about them
For getting more messages about wifiHW you need a userdebug build like CyanogenMod. Stock roms don't log wifiHW.
Code:
WifiStateMachine: failed to load driver
WCNSS_qcom_cfg.ini and/or WCNSS_cfg.dat is missing somewhere. In my case this was missing from /system/etc/wifi.
Code:
wcnss_service: CAL file not found
This refers to the calibration file. The source of wcnss-service.c defines this file as "WCNSS_qcom_wlan_cal.bin" in the path "/data/misc/wifi/WCNSS_qcom_wlan_cal.bin". however, source show that CAL file is not used if the factory file is present. Source in link gives this address '"/data/misc/wifi/WCN_FACTORY" which is weird because from posts in xda this file has the name "CNSS_qcom_wlan_factory_nv.bin" I'll update if I have more info
Info for nerds:
How android Wifi works:
https://community.freescale.com/docs/DOC-93603
source code for wifi opt framework - android 6.0.1 r22
source code for wifi qcom framework - android 6.0.1 r22
you need hex editor to edit those .bin files.www.droidrzr.com/topic/65438-how-to-change-your-mac-address-xt926/
forum.xda-developers.com/nexus-4/help/nexus-4-mac-changer-spoofing-t2180809/page3
Thank you for your answer!
I'll make the edit in the file but I'll take a while to report back on the results because it's already too late in here.
Considering this, would it make sense for a nonmatching mac address show up as 02:00:00:00:00 in the wifi details screen?
RoDeltaLambda said:
Thank you for your answer!
I'll make the edit in the file but I'll take a while to report back on the results because it's already too late in here.
Considering this, would it make sense for a nonmatching mac address show up as 02:00:00:00:00 in the wifi details screen?
Click to expand...
Click to collapse
Yes, your Mac address is fine, just checked I also have the same
try this and report if its working
1. Put the phone into airplane mode.
2. Restart the phone.
3. Turn on WiFi.
4. Connect to the WiFi network.
5. Turn off airplane mode.
bablu048 said:
Yes, your Mac address is fine, just checked I also have the same
try this and report if its working
1. Put the phone into airplane mode.
2. Restart the phone.
3. Turn on WiFi.
4. Connect to the WiFi network.
5. Turn off airplane mode.
Click to expand...
Click to collapse
I've tried those steps and it's not working.
Logcat shows "WifiStateMachine: Failed to load driver" in each attempt.
I will update the .bin modifications results in a couple of minutes
bablu048 said:
you need hex editor to edit those .bin files.www.droidrzr.com/topic/65438-how-to-change-your-mac-address-xt926/
forum.xda-developers.com/nexus-4/help/nexus-4-mac-changer-spoofing-t2180809/page3
Click to expand...
Click to collapse
I have tried the modifications to no avail.
Steps I did:
get the wifi mac address from the recovery logs
adb pull the files on recovery with persist mounted
hex edited the lines taken from the screenshot on your second link (Both _factory_nv.bin and _nv.bin
adb pushed lines back to mounted persist on recovery
cleaned data/cache/dalvik
rebooted to system
Is there something in the /data/ folder that could be causing the issue? Now both files show back at -rw-r--r-- permissions with root:root owner. I'll try again without wiping data this time and post the report.
RoDeltaLambda said:
I have tried the modifications to no avail.
Click to expand...
Click to collapse
I think this thread solved the problem just by replacing the files from another device forum.cyanogenmod.org/topic/84876-wifi-failure-after-cm11-install-still-present-after-restore-from-backup/
bablu048 said:
I think this thread solved the problem just by replacing the files from another device forum.cyanogenmod.org/topic/84876-wifi-failure-after-cm11-install-still-present-after-restore-from-backup/
Click to expand...
Click to collapse
I have tried the steps in that topic, copying the exact same files in /persist and /prima. Problem still persists
From that topic I've learned that at flash time the files from persist are taken out and sent to system folders. I will try to reflash now with the new files and permissions set up
After the actions of my last post and before the new flash, I scanned the results of adb logcat *: D | grep Wifi
Here are some entries that could be of interest:
more possibly relevant logcat entries:
Code:
[SIZE="2"][I]Initially country code appears to be empty:[/I][/SIZE]
I WifiService: WifiService trying to set country code to with persist set to true
WifiService: Client connection lost with reason: 4
I WifiService: WifiService trying to set country code to cl with persist set to true
E WifiService: Invoking mWifiStateMachine.setWifiEnable
D WifiStateMachine: setting operational mode to 1
E WifiHW : User build,dont Start logging service.
E WifiService: Invoking mWifiStateMachine.setWifiEnabled
E WifiStateMachine: Failed to load driver
D WifiStateMachine: setWifiState: unknown state
RoDeltaLambda said:
I have tried the steps in that topic, copying the exact same files in /persist and /prima. Problem still persists
From that topic I've learned that at flash time the files from persist are taken out and sent to system folders. I will try to reflash now with the new files and permissions set up
Click to expand...
Click to collapse
I've fully flashed the device with RSD and problem still persist.
Eager to hear some more ideas.
I noticed that in system/etc/firmware/prima, adding to the files I copied, there's one symlink: WCNSS_wlan_dictionary.dat -> /persist/WCNSS_wlan_dictionary.dat
This file is not present in my persist folder (nor the rest of the files in the phone, based on adb shell find . -name WCNSS_wlan_dictionary.dat). I imagine this could clearly cause a problem with the wifi driver looking for a file that does not exist.
Someone has a reliable source where I could get this file? I can try to delete it to see if the SO tries to rebuild something, but I would prefer the safest option first.
have you tried flashing back stock recovery then do a factory reset from there?
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
bablu048 said:
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
Click to expand...
Click to collapse
Thank you for the file and the instructions. I've checked the diff with 3 different sources:
Meninblack007 - vendor
huawei_msm8916
google android source code
All match, so I'll asume this is a universal file without modifications.
Moving this file to persist/ folder made no difference
I've also tried taking the files from motorola official github repo, copy them to persist/ and flash. Without success this far.
I'll send factory_nv.bin to prima folder and report back
flash the firmware through rsd lite, lock the bootloader and take it again to service center.
I am out of ideas and also Google searches.. I'll keep looking and report if I find anything else.
bablu048 said:
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
Click to expand...
Click to collapse
I've copied the file between the locations trough adb shell and there's no noticeable difference.
MAC address does not appear either in this screen:
I'll post this image and the versions of the phone in the OP
did u try ultra kernel?
i have same problem.
i flash ultra kernel(r3), and my wifi work fine.
jalal-jap said:
did u try ultra kernel?
i have same problem.
i flash ultra kernel(r3), and my wifi work fine.
Click to expand...
Click to collapse
Yes I've tried.
Flashed ultra kernel R2, R3 and squid kernels 14, 15, 15 oc, 15b
Click to expand...
Click to collapse
Considering all the changes I've done, it was a good idea to try again.
I've tried the last release of squid kernel, since the dev of ultra kernel recommended this one for 6.0.1.
Installed the kernel, wiped cache/dalvik and rebooted without success. Logcat is still showing failure at loading drivers.
The main problem I'm having is that the failure point is not correctly specified, so now I'll try to dig deeper into logcats to see if I pinpoint the source of the issue. If anyone can let me know about some complementary logs, I would be super grateful.
I've installed CM to have a userdebug build, in order to debug more in detail thanks to the logs of wifiHW.
After fixing an error of missing WCNSS_qcom_cfg.ini in /system/etc/wifi (Copied from prima folder) I've came across this error appearing persistently:
Code:
wcnss_service: Failed to open /dev/wcnss_ctrl : Bad address
I've looked around but there's no info of how could I deal with this. I will dig around a little more but if someone has a tip I would gladly hear

Complete Partition Backup Script

After trying to install the March security patch and revert to stock, my XT1644 changed from a Moto G4 Plus to a Moto G4 without fingerprints etc.
I learned after the fact that my TWRP backup only backed up 3 partitions of my phone's 48 partitions (only 4 were offered on the first version of TWRP I tried). Reflashing all ROMS, including npjs25-93-14-4 via fastboot does not help. I have since found the solution. The hw partition had become corrupted.
Because of this issue, I wrote a script which dumps all partitions (by default only partitions of 102400 blocks or less). It writes a summary to a file called partitions.txt which includes checksums of all partitions. It also writes the output from getprop to build.prop. It writes everything to a sub directory of wherever the script is uploaded to.
The options are as follows:
Code:
#adb shell /data/media/0/PartitionImages/backupPartitions.sh -h
Usage /data/media/0/PartitionImages/backupPartitions.sh [-z] [-b MaxBlocks] [-n partition1 ] [-n partition2 ]
options:
-z optional to tar.gz the output folder default=false
-b 102400 optional maximum number of blocks of the partition - 0 will dump all partitions default=102400
-n partitionName... optional - one or more partitions to dump
To use do this, all you need is an unlocked bootloader and ADB debugging turned on.
The steps are as follows:
1) Boot into TWRP Recovery
2) Run the following commands via ADB to prepare the backup (note /data/media/0/ can be substituted for /sdcard if you have one)
Code:
adb shell mkdir /data/media/0/PartitionImages
adb push .\backupPartitions.sh /data/media/0/PartitionImages/backupPartitions.sh
adb shell chmod 0755 /data/media/0/PartitionImages/backupPartitions.sh
3) Perform the backup to backup (see options above if you want a full backup or a more limited backup)
Code:
adb shell /data/media/0/PartitionImages/backupPartitions.sh
4) Copy the results back to your computer
Code:
adb pull /data/media/0/PartitionImages .\PartitionImages
Try to flash twrp and clear internal memory as well
And after that flash dec security version of android 7..
dont try to lock the bootloader.
It worked for me ...
Best of luck
Resolved!
As posted on a related thread I just found, I have resolved the issue:
Moto G4 Plus's Model changed to G4,lost one imei and finger print.
Excellent tool, thank you very much.
So, in the unlucky case that i would lose fingerprint scanner, etc. due to bootloader downgrade or whatsoever that causes it. if i flash my previously backuped (with your script) hw.img partition with ' fastboot flash hw hw.img ', my device will be recognized as a Moto G4 plus?
And features like fingerprint, network, will be in working condition again?
I think that your script is a "must have" for every flashaholic that owns a G4 Plus. I did the backup, just in case. Thanks for sharing it.
moonlightdrive said:
Excellent tool, thank you very much.
So, in the unlucky case that i would lose fingerprint scanner, etc. due to bootloader downgrade or whatsoever that causes it. if i flash my previously backuped (with your script) hw.img partition with ' fastboot flash hw hw.img ', my device will be recognized as a Moto G4 plus?
And features like fingerprint, network, will be in working condition again?
I think that your script is a "must have" for every flashaholic that owns a G4 Plus. I did the backup, just in case. Thanks for sharing it.
Click to expand...
Click to collapse
That is the idea yes, but I haven't tested restoring anything - only done a binary patch of the first little bit of that partition - using dd. I wrote it mostly to get the MD5s of each partition from someone with a working phone so I could start looking for differences. There are lots of more professional backup tools out there which are likely all just wrappers around dd - but this will likely do the job with very basic requirements.
Nice work mate :good: @givitago
givitago said:
After trying to install the March security patch and revert to stock, my XT1644 changed from a Moto G4 Plus to a Moto G4 without fingerprints etc.
I learned after the fact that my TWRP backup only backed up 3 partitions of my phone's 48 partitions (only 4 were offered on the first version of TWRP I tried). Reflashing all ROMS, including npjs25-93-14-4 via fastboot does not help. I have since found the solution. The hw partition had become corrupted.
Because of this issue, I wrote a script which dumps all partitions (by default only partitions of 102400 blocks or less). It writes a summary to a file called partitions.txt which includes checksums of all partitions. It also writes the output from getprop to build.prop. It writes everything to a sub directory of wherever the script is uploaded to.
The options are as follows:
Code:
#adb shell /data/media/0/PartitionImages/backupPartitions.sh -h
Usage /data/media/0/PartitionImages/backupPartitions.sh [-z] [-b MaxBlocks] [-n partition1 ] [-n partition2 ]
options:
-z optional to tar.gz the output folder default=false
-b 102400 optional maximum number of blocks of the partition - 0 will dump all partitions default=102400
-n partitionName... optional - one or more partitions to dump
To use do this, all you need is an unlocked bootloader and ADB debugging turned on.
The steps are as follows:
1) Boot into TWRP Recovery
2) Run the following commands via ADB to prepare the backup (note /data/media/0/ can be substituted for /sdcard if you have one)
Code:
adb shell mkdir /data/media/0/PartitionImages
adb push .\backupPartitions.sh /data/media/0/PartitionImages/backupPartitions.sh
adb shell chmod 0755 /data/media/0/PartitionImages/backupPartitions.sh
3) Perform the backup to backup (see options above if you want a full backup or a more limited backup)
Code:
adb shell /data/media/0/PartitionImages/backupPartitions.sh
4) Copy the results back to your computer
Code:
adb pull /data/media/0/PartitionImages .\PartitionImages
Click to expand...
Click to collapse
guys i dont understand what to do my pls help me can u describe in detail what are the steps to get back my moto g4 plus fingerprint can you make a video
or explain this
can anyone can upload their full backup of his moto g4 plus ? it will me really helpful because after 201-1 aka june security patch update totally bricked my phone and from since no bootloader and nothing is in my phone. and the blackflash method is also not working. so if I somehow use tour backup as emmc and bering my phone back to life ?!?! Thanks.....
Hello,
Please help me my moto g4 plus is dead after nougat update only white LED is blinking
i have try blankflash aslo but same issue...
error is.
Motorola qboot utility version 3.40
[ -0.000] Opening device: \\.\COM3
[ 0.001] Detecting device
[ 0.003] ...cpu.id = 2418 (0x972)
[ 0.003] ...cpu.sn = 30871031 (0x1d70df7)
[ 0.004] Opening singleimage
[ 0.012] Loading package
[ 0.016] ...filename = singleimage.pkg.xml
[ 0.018] Loading programmer
[ 0.019] ...filename = programmer.mbn
[ 0.019] Sending programmer
[ 0.240] Handling things over to programmer
[ 0.240] Identifying CPU version
[ 0.246] Waiting for firehose to get ready
[ 60.377] Waiting for firehose to get ready
[120.466] ...MSM8952 unknown
[120.466] Determining target secure state
[120.469] Waiting for firehose to get ready
[180.546] ...secure = no
[180.584] Flashing GPT...
[180.601] Flashing partition:0 with gpt_main0.bin
[180.602] Initializing storage
[180.606] Waiting for firehose to get ready
[240.617] Configuring device...
[240.622] Waiting for firehose to get ready
[300.634] Waiting for firehose to get ready
[360.651] Waiting for firehose to get ready
[420.661] Waiting for firehose to get ready
[480.668] ERROR: do_package()->do_recipe()->do_flash()->gpt_flash()->get_storage
()->init_storage()->firehose_do_fmt()->do_recipe()->do_configure()->buffer_read(
)->device_read()->IO error
[480.668] Check qboot_log.txt for more details
[480.668] Total time: 480.668s
FAILED: qb_flash_singleimage()->do_package()->do_recipe()->do_flash()->gpt_flash
()->get_storage()->init_storage()->firehose_do_fmt()->do_recipe()->do_configure(
)->buffer_read()->device_read()->IO error
please help
Hi, is there is any hardware partition for camera and flashlight???? Bcoz ny device camera hardwares are good but not opening. Camera says "camera is busy" and flashlight option is missing from my device ans it says flashlight not detected in flashlight app. Same issue i had for network and fingerprint. It is solved via hw partition image. Is there is any hardware partition for camera also???? If it is there, plz include in this thread...
Aashakmeeran said:
Hi, is there is any hardware partition for camera and flashlight???? Bcoz ny device camera hardwares are good but not opening. Camera says "camera is busy" and flashlight option is missing from my device ans it says flashlight not detected in flashlight app. Same issue i had for network and fingerprint. It is solved via hw partition image. Is there is any hardware partition for camera also???? If it is there, plz include in this thread...
Click to expand...
Click to collapse
This can be software related or hardware issue.. not any partition related..
For Hardware*
I don't know anything.. you can see fixing videos or go to service center..
For software* (two methods)
1) Try this app, https://f-droid.org/en/packages/info.aario.killcamera/
2) reflash ROM, try different ROM.
3) this is hardware issue.
Do you know if it was working before you flashed ROM and device changed to normal G4..??
____Mdd said:
This can be software related or hardware issue.. not any partition related..
For Hardware*
I don't know anything.. you can see fixing videos or go to service center..
For software* (two methods)
1) Try this app, https://f-droid.org/en/packages/info.aario.killcamera/
2) reflash ROM, try different ROM.
3) this is hardware issue.
Do you know if it was working before you flashed ROM and device changed to normal G4..??
Click to expand...
Click to collapse
Ya it works fine before the name I got g(4) but after doing frp flash it is not getting. Even the flashlight also not works.
Aashakmeeran said:
Ya it works fine before the name I got g(4) but after doing frp flash it is not getting. Even the flashlight also not works.
Click to expand...
Click to collapse
Tried app i mentioned ?
Tried reflashing other/stock rom?
If still not working, it's definitely hardware issue, because others with same issue (g4plus > g4) haven't reported any camera problem.
If you know hardware stuff, then go and check it. Otherwise service centers are best choice..
____Mdd said:
Tried app i mentioned ?
Tried reflashing other/stock rom?
If still not working, it's definitely hardware issue, because others with same issue (g4plus > g4) haven't reported any camera problem.
If you know hardware stuff, then go and check it. Otherwise service centers are best choice..
Click to expand...
Click to collapse
That app need root it seems. So root process is going on. Ill try my best and thank you:good:
By doing this I lost my Imei number plz help:crying: anyone
givitago said:
After trying to install the March security patch and revert to stock, my XT1644 changed from a Moto G4 Plus to a Moto G4 without fingerprints etc.
I learned after the fact that my TWRP backup only backed up 3 partitions of my phone's 48 partitions (only 4 were offered on the first version of TWRP I tried). Reflashing all ROMS, including npjs25-93-14-4 via fastboot does not help. I have since found the solution. The hw partition had become corrupted.
Because of this issue, I wrote a script which dumps all partitions (by default only partitions of 102400 blocks or less). It writes a summary to a file called partitions.txt which includes checksums of all partitions. It also writes the output from getprop to build.prop. It writes everything to a sub directory of wherever the script is uploaded to.
The options are as follows:
Code:
#adb shell /data/media/0/PartitionImages/backupPartitions.sh -h
Usage /data/media/0/PartitionImages/backupPartitions.sh [-z] [-b MaxBlocks] [-n partition1 ] [-n partition2 ]
options:
-z optional to tar.gz the output folder default=false
-b 102400 optional maximum number of blocks of the partition - 0 will dump all partitions default=102400
-n partitionName... optional - one or more partitions to dump
To use do this, all you need is an unlocked bootloader and ADB debugging turned on.
The steps are as follows:
1) Boot into TWRP Recovery
2) Run the following commands via ADB to prepare the backup (note /data/media/0/ can be substituted for /sdcard if you have one)
Code:
adb shell mkdir /data/media/0/PartitionImages
adb push .\backupPartitions.sh /data/media/0/PartitionImages/backupPartitions.sh
adb shell chmod 0755 /data/media/0/PartitionImages/backupPartitions.sh
3) Perform the backup to backup (see options above if you want a full backup or a more limited backup)
Code:
adb shell /data/media/0/PartitionImages/backupPartitions.sh
4) Copy the results back to your computer
Code:
adb pull /data/media/0/PartitionImages .\PartitionImages
Click to expand...
Click to collapse
hey bro can u please explain me this actually my moto g4 plus isnt accepting new hw image

Root OP3T without unlocking bootloader - Automated App

ROOT w/o UNLOCKING BOOTLOADER:
Few of Qualcomm Devices have been found to have engineering mode software preinstalled on the device, which has root access. Using the same exploit root can be achieved in OP3, OP3T, OP5 and others, without unlocking the bootloader. Here is a full story: OnePlus Accidentally Pre-Installed an App that acts as a Backdoor to Root Access
The exploit was found by the user Elliot Alderson. An application has been promised by the author soon, to gain root access.
I have tested the method in OnePlus 3T and it works perfectly and passes SafetyNet check, furthermore you do not get DM-Verity error either.
Please follow the guide from here: OnePlus 3T Root w/o unlocking bootloader
Note: Do not modify system files though it won't let you, doing so will trigger Dm Verity.
Magisk Modules do not work, i,e you won't be able to use any modules.
Root and hide root works.
You will get system update but updating might kick you out of the root and you won't be able to gain access to root again.
It works on latest Oreo Beta, as you see in the screenshot.
Disclaimer: Follow the guide at your own risk, it is working fine for me, that in no way means it will work the same for you. Neither me nor the people envolved in this takes any responsibility. You and only you are responsible if anything goes wrong.
Note: I am not the developer or the person who found this exploit or root method. All credits go to them.
SCREENSHOTS ATTACHED
Update 1:
An app has been realsed by Oğuzhan Yiğit here is the link, the full credit goes to him for the same. Here is the link to the post:
Oneplus 3T Root Via App, further it installs SuperSU
This step is required every time you reboot:
adb shell
cd /data/magisk/
./magisk --mountimg xbin.img /system/xbin
magisk --post-fs
magisk --post-fs-data
magisk --service
I haven't tried doing the same, but theoretically, it shouldn't work.
[deleted]
casual_kikoo said:
...OnePlus 2...
Click to expand...
Click to collapse
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
SpasilliumNexus said:
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
Click to expand...
Click to collapse
Ok, as I thougth something else enter into account.
Thanks a lot !
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
anuajayan said:
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
Click to expand...
Click to collapse
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
coolstoneapurva said:
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
Click to expand...
Click to collapse
I don't know from where or how to start with? Please guide me accordingly..
replace hosts file
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
trying without success
and from within
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
SpasilliumNexus said:
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Click to expand...
Click to collapse
How do I do that? Assume I have already introduced magisk to my phone.
mitkko said:
How do I do that? Assume I have already introduce magisk to my phone.
Click to expand...
Click to collapse
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
SpasilliumNexus said:
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
Click to expand...
Click to collapse
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
mitkko said:
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
Click to expand...
Click to collapse
It's not persistent. The last steps for root access in that guide needs to be done after every reboot, which is also needed for AdAway to apply the block. Applying the adblock after root doesn't need a reboot.
You're better off just doing the traditional unlock and root instead.
Hope that makes sense.
Deodexed and Patched EngineeringMode.apk for restore default Privilege
I played a little with Angela`s Root and wanted to restore the previous level of privilege. In the application there is a special button rollback changes, but it is Invisible
Code:
this.mPrivilege = this.findViewById(2131493042);
this.mPrivilege.setOnClickListener(((View$OnClickListener)this));
this.mPrivilege.setVisibility(4); //this.mPrivilege.setVisibility(View.INVISIBLE);
So I did the application deodex and patched the application, changing it to
Code:
this.mPrivilege.setVisibility(0); //this.mPrivilege.setVisibility(View.VISIBLE);
After that I changed the original application to patched
Code:
adb remount
adb push EngineeringMode_SIGNED_ALIGNED.apk /system/app/EngineeringMode/EngineeringMode.apk
And start them
Code:
adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Result Screenshort:
After click on the button, the phone restarts and all privileges are restored
mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
You shouldn't make any changes to system partion doing to will render you unable to boot, as dm verity is enabled.
andQlimax said:
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
Click to expand...
Click to collapse
Yes it will work on next update as system files are intact, further it works on Beta Oreo as you can see the screenshot. I will further update the post with the same.
seems not working on Android 8 /OOS 5

Categories

Resources