Related
I got a uk glow worm on the 27th (2 days before release ) and one of the first things that I tried to do was to root with glownooter. Bad idea! I thought that I had bricked my device. I had to use a lot of trickery to recover from a loading screen lock-up and once I did the first thing that I did was backup my nook (Which i should have done before).
UPDATE!
Please try my new ROOT install pack HERE:
http://forum.xda-developers.com/showthread.php?p=34216660#post34216660
This can be used to root and install the most requested things of this thread in just one zip.
Here is a quick guide to most things you will need to do to get started. I will update this guide as I discover and build new modifications.
To Backup and Restore
Follow this guide. Please do this BEFORE any other tinkering!
http://blog.the-ebook-reader.com/20...-and-restore-nook-glow-and-nook-simple-touch/
Its important to check your backup before proceeding! Please listen to roustabout and dont skip this step... He knows what he's talking about
roustabout said:
I'd like to suggest an addition to the backup method that many folks are using - always test your restore, but dont test it (the first time) on your device.
Your backup file should be about 2 gig.
find a 2 gig or larger flash drive or sdcard and restore your backup image to that drive.
when you're done, there should be 8 partitions, as there were on your Nook to begin with.
If you can't get that working - you're not ready to root yet. Until you're sure you can restore, don't start making changes, please.
People turn up all the time having screwed themselves over by restoring a partial backup and not knowing it, or having restored only one partition from a complete backup and having blown out the partition table.
Click to expand...
Click to collapse
Thanks roustabout
To Root!
Make sure you use the CWM file suitable for your SD Card. I used "2gb_clockwork-rc2" because my card was 2gb+.
http://forum.xda-developers.com/showthread.php?t=1360994 (Thanks mali100)
Use WinImage with admin rights to restore CWM virtual hdd image to your SD.
Download tinynoot-1-of-2 and tinynoot-2-of-2
http://forum.xda-developers.com/showthread.php?t=1650593 (Thanks to eded333 and roustabout)
Put on CWM boot SD.
Install them in CWM back to back (I didn't bother with the restart in the middle as it should not make a difference considering the file content). After a restart you should have root access and an android launcher on your 1.2.0 Nook (among other files). If nook fails to boot one of the tinynoot files may have corrupted. Recover, Re-download and Retry!
To Add Apps
Using ADB to install apps is easy. Extract this to your C drive:
http://dl.dropbox.com/u/13673492/ADB + Fastboot + Drivers.zip
Navigate to the folder in a cmd prompt.
Drop your APK into the same folder and on your nook open the "adbwireless" app and enable ADB
That app will tell you what your nooks IP address is.
Then you can:
Code:
adb connect ip.address.of.nook:portnumber
adb install app_of_your_choice.apk
Setup ADB over USB
OK I have taken the liberty of building a quick driver mod to support your nook through USB. It works for me. First you need to have the android SDK if you don't already (sure you do but just in case ).
http://developer.android.com/sdk/index.html
Make sure you tick to install the android USB driver when the SDK is installed.
Browse to extras\google\usb_driver in your SDK folder (wherever you put it) and replace android_winusb.inf with my file:
http://dl.dropbox.com/u/13673492/android_winusb.inf
Next go to C:\Users\your_user_account\.android and replace adb_usb.ini with my file:
http://dl.dropbox.com/u/13673492/adb_usb.ini
In device manager, point google ADB driver to this and hopefully that should get you set up!
To test type
Code:
adb devices
Its working if you get something like this:
Code:
* daemon not running. starting it now on port ____ *
* daemon started successfully *
List of devices attached
[YOUR NOOK] device
And then try
Code:
adb install app_of_your_choice.apk
UPDATE
Install Multitouch Kernel With Overclocking
Install the CWM zip using your clockworkmod SD card
http://forum.xda-developers.com/showthread.php?t=1906507
:good: Thanks to johnjtaylor for discovering that this kernel works works.
Hopefully this more comprehensive guide will get others with this software to start playing around.
If this helps, be polite and say thankyou
Have you setup ADB yet? If you can connect with ADB and get a shell, you can execute a 'df' at the shell prompt to see how much free space is available in each partition. On my NST (no glowlight) apps seem to be installed in /data/app so see how much free space is there. On the NST, this appears to be the same partition that books purchased from B&N are placed in, so if you have a lot of books from B&N, you may have to archive some to install apps. Of course all this is going on the assumption that the NST Glow is similar to the NST in this regard.
David0226 said:
Have you setup ADB yet? If you can connect with ADB and get a shell, you can execute a 'df' at the shell prompt to see how much free space is available in each partition. On my NST (no glowlight) apps seem to be installed in /data/app so see how much free space is there. On the NST, this appears to be the same partition that books purchased from B&N are placed in, so if you have a lot of books from B&N, you may have to archive some to install apps. Of course all this is going on the assumption that the NST Glow is similar to the NST in this regard.
Click to expand...
Click to collapse
Thanks for replying. I'm actually working setting up ADB now. As for books I only just got my nook so all of my titles are epub format on an sd card so i wouldn't think it would be that. As soon as I get ADB set up I will post back my results incase it helps anyone else with this new software version.
Can you look in the documentation that comes with the reader for any reference to 'third party software' or 'GPL software'. They should list where to download / apply for the source code somewhere. Once we can see the source code we can compare it against the existing versions and identify any significant issues.
I set up ADB.
Plenty of space in all partitions including /data for the apps that I want. Managed to install through "adb install some_app_i_want.apk" so problem resides with the amazon app store. Not really an issue for me because I have a specific set of apps that I want and don't need to browse the app store.
I will try to work out what's wrong for others.
staylo said:
Can you look in the documentation that comes with the reader for any reference to 'third party software' or 'GPL software'. They should list where to download / apply for the source code somewhere. Once we can see the source code we can compare it against the existing versions and identify any significant issues.
Click to expand...
Click to collapse
Thanks. I'm looking for it now
No reference to GPL. Only references to third party software are to tell me that my warranty is no longer valid (no surprise there!)
Is there any other place I can find this info thats not the documentation?
loney01843 said:
No reference to GPL. Only references to third party software are to tell me that my warranty is no longer valid (no surprise there!)
Is there any other place I can find this info thats not the documentation?
Click to expand...
Click to collapse
Nothing obvious from the uk.nook.com website. On the US site the 'support' section links to terms of service which contain the links to the open source code (see http://www.barnesandnoble.com/container/nook_lnav.asp?pid=43307 and search for NOOK 1.1.5 OSS Release ), but I can't see an equivalent on the UK site. It's an oversight, but such things happen with a new product launch.
You can email them at [email protected] . The relevant paragraph from the US site is:
1. Notwithstanding anything to the contrary in this Agreement, certain components of the Software are licensed subject to the General Public License Version 2.0, a copy of which is attached as Exhibit A (the "GPL License"). You may not use these components except in compliance with the GPL License. In addition, you may have additional rights with respect to such components under the GPL License, including, without limitation, the right to obtain the source code for such components from us. You may obtain a copy of such source code by contacting us through the contact information provided on the Web Site. We will provide such source code in accordance with the GPL License.
I don't legally have the right to request the source code myself, because I don't own a UK NOOK yet. (Yeah, thinly veiled excuse for laziness!)
staylo said:
Nothing obvious from the uk.nook.com website. On the US site the 'support' section links to terms of service which contain the links to the open source code (see http://www.barnesandnoble.com/container/nook_lnav.asp?pid=43307 and search for NOOK 1.1.5 OSS Release ), but I can't see an equivalent on the UK site. It's an oversight, but such things happen with a new product launch.
You can email them at [email protected] . The relevant paragraph from the US site is:
1. Notwithstanding anything to the contrary in this Agreement, certain components of the Software are licensed subject to the General Public License Version 2.0, a copy of which is attached as Exhibit A (the "GPL License"). You may not use these components except in compliance with the GPL License. In addition, you may have additional rights with respect to such components under the GPL License, including, without limitation, the right to obtain the source code for such components from us. You may obtain a copy of such source code by contacting us through the contact information provided on the Web Site. We will provide such source code in accordance with the GPL License.
I don't legally have the right to request the source code myself, because I don't own a UK NOOK yet. (Yeah, thinly veiled excuse for laziness!)
Click to expand...
Click to collapse
You're obviously not that lazy. Thanks for looking and gathering all of the extra info I need. I'll send B&N an e-mail and see what they say. I wouldn't be surprised if they didn't want to hand it out considering you can use it for an easy root setup and install the amazon and kobo stores which could financially damage their advance into new territories! What are we to do! Can't even subscribe to a newspaper or magazine through the nook store yet!
I'll let you know when / if I get a response
There is a setting in nook touch tools that you need to "arm," to allow software from unknown sources to be installed before the Amazon appstore can install software on a tinynooted device.
The setting is a tickbox, "Allow non-Market apps"
Untick it if it is ticked by default, then re-tick it to get apps to install.
roustabout said:
There is a setting in nook touch tools that you need to "arm," to allow software from unknown sources to be installed before the Amazon appstore can install software on a tinynooted device.
The setting is a tickbox, "Allow non-Market apps"
Untick it if it is ticked by default, then re-tick it to get apps to install.
Click to expand...
Click to collapse
Thanks for the reply but I actually tried that. No joy. However perhaps it is this that is not working and not amazon app store. Im just installing through ADB instead. I wonder if I can enable unknown sources through ADB. Something to look at I guess!
UK tinynoot attempt failing
loney01843 said:
Thanks for the reply but I actually tried that. No joy. However perhaps it is this that is not working and not amazon app store. Im just installing through ADB instead. I wonder if I can enable unknown sources through ADB. Something to look at I guess!
Click to expand...
Click to collapse
I tried using the tinynoot process from roustabout's thread here http://forum.xda-developers.com/showthread.php?t=1650593 and am stuck on the final reboot with a "Your NOOK is starting up..." message. Could you let me know if you used a different tinynoot method/set of files?
smerrett said:
I tried using the tinynoot process from roustabout's thread here http://forum.xda-developers.com/showthread.php?t=1650593 and am stuck on the final reboot with a "Your NOOK is starting up..." message. Could you let me know if you used a different tinynoot method/set of files?
Click to expand...
Click to collapse
Yep thats what I used. You on 1.2.0 and did you back up?
I didn't backup first and to get out of the starting message I used this:
http://forum.xda-developers.com/showthread.php?t=1289233&highlight=restore
Then I made a backup using this:
http://blog.the-ebook-reader.com/20...-and-restore-nook-glow-and-nook-simple-touch/
I hope this helps!
loney01843 said:
Yep thats what I used. You on 1.2.0 and did you back up?
I didn't backup first and to get out of the starting message I used this:
http://forum.xda-developers.com/showthread.php?t=1289233&highlight=restore
Then I made a backup using this:
http://blog.the-ebook-reader.com/20...-and-restore-nook-glow-and-nook-simple-touch/
I hope this helps!
Click to expand...
Click to collapse
Thanks for the tip on screen freeze but the link to the images on that post don't work for me. I am on 1.2 and made a backup before attempting any rooting - have managed to reinstate my original nook so quite pleased with myself.
Is there any point in rooting until someone can find a way of getting apps onto the 1.2 NSTG?
smerrett said:
Thanks for the tip on screen freeze but the link to the images on that post don't work for me. I am on 1.2 and made a backup before attempting any rooting - have managed to reinstate my original nook so quite pleased with myself.
Is there any point in rooting until someone can find a way of getting apps onto the 1.2 NSTG?
Click to expand...
Click to collapse
Great that you got a backup. If you want custom apps you can either wait for a different root kit or push ahead (since you have a safety net).
As I said, it worked for me.
If you don't mind searching for the .apk files you want you can use this:
Code:
adb connect ip.address.of.nook:portnumber
adb install app_of_your_choice.apk
This has worked fine for me so far. Just don't try for custom kernels yet as they seem to give me troubles.
I will work more on this tomorrow including adjusting framework for gapps.
loney01843 said:
Great that you got a backup. If you want custom apps you can either wait for a different root kit or push ahead (since you have a safety net).
As I said, it worked for me.
If you don't mind searching for the .apk files you want you can use this:
Code:
adb connect ip.address.of.nook:portnumber
adb install app_of_your_choice.apk
This has worked fine for me so far. Just don't try for custom kernels yet as they seem to give me troubles.
I will work more on this tomorrow including adjusting framework for gapps.
Click to expand...
Click to collapse
Thanks also for the code but as this is my first foray into rooting I think I'll hang around and watch for a bit! Perhaps if I start learning some more I may feel confident enough to try it.
Do you have copies of the files needed for the factory reset - the links are still not working for me.
Thanks again and sorry for bothering you. Hope tomorrow is productive for you.
smerrett said:
Thanks also for the code but as this is my first foray into rooting I think I'll hang around and watch for a bit! Perhaps if I start learning some more I may feel confident enough to try it.
Do you have copies of the files needed for the factory reset - the links are still not working for me.
Thanks again and sorry for bothering you. Hope tomorrow is productive for you.
Click to expand...
Click to collapse
http://dl.dropbox.com/u/13673492/n2T-Recovery_0.2.img
This is the file needed to force factory reset. However a quality backup like you have is far more important.
For anyone who wants to give this a go, here is a quick guide for root access and app installs using windows tools until I can make something more complete:
Make sure you use the CWM file suitable for your SD Card. I used "2gb_clockwork-rc2" because my card was 2gb+.
http://forum.xda-developers.com/showthread.php?t=1360994
(Thanks mali100)
Use WinImage with admin rights to restore CWM virtual hdd image to your SD.
Download tinynoot-1-of-2 and tinynoot-2-of-2
http://forum.xda-developers.com/showthread.php?t=1650593
(Thanks to eded333 and roustabout)
Put on CWM boot SD.
Install them in CWM back to back (I didn't bother with the restart in the middle as it should not make a difference considering the file content). After a restart you should have root access and an android launcher on your 1.2.0 Nook (among other files). If nook fails to boot one of the tinynoot files may have corrupted. Recover, Re-download and Retry!
Using ADB to install apps is easy. Extract this to your C drive:
http://dl.dropbox.com/u/13673492/ADB + Fastboot + Drivers.zip
Navigate to the folder in a cmd prompt.
Drop your APK into the same folder and on your nook open the "adbwireless" app and enable ADB
That app will tell you what your nooks IP address is.
Then you can:
Code:
adb connect ip.address.of.nook:portnumber
adb install app_of_your_choice.apk
Hopefully this more comprehensive guide will get others with this software to start playing around.
Click thanks if this guides helpful.
loney01843 said:
If nook fails to boot one of the tinynoot files may have corrupted. Recover, Re-download and Retry!
Navigate to the folder in a cmd prompt.
Drop your APK into the same folder and on your nook open the "adbwireless" app and enable ADB
That app will tell you what your nooks IP address is.
Then you can:
Code:
adb connect ip.address.of.nook:portnumber
adb install app_of_your_choice.apk
Hopefully this more comprehensive guide will get others with this software to start playing around.
Click thanks if this guides helpful.
Click to expand...
Click to collapse
Great - thanks to your more detailed instructions, I have persevered and the second attempt at installing the tinynoot zips worked. Your post gave me the confidence to try installing apks for the first time and for anyone else who is unfamiliar with the processes used, I found these two pages useful for:
navigating within a command prompt (how naive): pcstats.com/articleview.cfm?articleid=1723&page=3
Pasting text into a command prompt (ditto): megaleecher.net/Copy_Paste_Text_Dos_Window
Sorry, as a newb I'm not trusted to post outside links yet. It took a couple of attempts of pasting and pressing enter to work out how to install using the adb code but it's not as hard as I expected.
I have tried installing the 1 Mobile Market which works but it is unable to install apps itself (not enough space).
Also, I have just installed NoRefreshToggle and can't seem to get it to work. Any thoughts - is 1.2 to blame? Really want this to work as Business Calendar Free is just a series of blinks at the moment!
Great! I'm glad you pushed onward and have root.
I am going through possibilities of other ways to install apps and mods.
No refresh is something that I would like as well but I think that the framework may need editing for 1.2.0. For fast mode a new kernel will need to be made or existing one modified.
Be aware that installing kernels not designed for this firmware can give you some serious problems.
Once I can setup app markets, I will work on these other modifications.
Stay tuned :good:
Take a look at the overclock kernel - it's got a lot of the norefresh features baked in, and gives you a nice ability to control both clock and kernel tuning (via the governor control.)
You're right, you can flash the two zips back to back with no ill effect, I was mistaken about what the second zip was doing.
I mistyped when I typed "nook touch tools," I meant nook color tools.
I'm very interested that the amazon store is not working in 1.2. I will see if the software's available for my device, so I can try to see what's happened.
As of now, the us bn site does not mention an os 1.2 for the glowlight.
Since more than a week i am the - nevertheless happy - owner of a N7 but still looking for a minimal way for rooting. It's my first tablet. I've run Linux 1994-99 (and revived my experience here and then) and am knowing, that the destination of the actual user (on one of several "virtual" terminals) isn't done by the OS but the user - after booting. Is this (last) booting step so deeply integrated into the downsized Linux Android, that there is no other way to get root access than to install a whole (modified) OS ?
There are still some init... files in /android (seen by "adb shell") - under Linux these files are controlling the boot process - and i'd like to read them but have not even read permissions. psneuter is the proposed tool here. "adb push" copied it, "chmod 777" apparently worked, but running psneuter (from adb shell in /data/local/tmp) resulted in:
Failed to set prot mask (Inappropriate ioctl for device)
Click to expand...
Click to collapse
I' not the only one meeting this error, but the answers on related questions of others meeting this have never been meeting the point. More searching on the net yielded this - incomplete and a bit cryptic - site: osvdb.org/74800 with:
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
Click to expand...
Click to collapse
and:
Solution: Upgrade to version 2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Click to expand...
Click to collapse
Accordingly psneuter is useless - dead at least since June 1, 2011. Is that true ?
If you want a minimal root look no further than here.
It runs an exploit to gain root privileges, and from there installs a setuid 'su' executable (and it's companion Android app). Other than that, the ROM is not replaced - it's full stock.
Having said that, folks that fool around with their new-found root privileges inevitably wedge their OS boot somehow... and then come crying in here for help.
The android recovery (which is really just a slimmed-down alternate boot ramdisk - think of it as an improved single-user mode) can be replaced with a custom version which is useful for making full backups to mitigate such disasters. It's a damn good idea, frankly.
Since the recovery boot image is just a binary blob, it can be saved and also overwritten from a root-privileged shell using "dd" (raw copy) with the correct (recovery) partition.
PS If you just want to "look" at some files rather than rooting, you can certainly download the factory images, unpack the boot images, etc. Linux is probably the preferred platform for doing that, although it is not mandatory ... just far easier.
"adb restore <mybak.ab>" is perfectly working for me. Indeed i had a mishap with the Google_Nexus_7_ToolKit_v5.0.0 and got my pad into the same status than backuped afterwards. There won't be any crying. I feel very comfortable with anything i've done in adb.
The hint to factory images might help - i'll check, where Google is providing the droid for download to PC via http or ftp.
Sitll i am curious about psneuter. There are so many recommendations for it by administrators seemingly knowing their stuff.
Thanks, 3Jane
3Jane said:
The hint to factory images might help - i'll check, where Google is providing the droid for download to PC via http or ftp.
Click to expand...
Click to collapse
I think you were asking, here it is anyway
https://developers.google.com/android/nexus/images
Get split_bootimage.pl from here, the ramdisk can be unpacked with a gunzip+cpio pipeline.
Also, you might find extract-ikconfig to be helpful if you want to compare kernel build configs without booting the kernels examined.
have fun
Indeed: Using the exploit of motochopper alone, i was able "to root" adb without any further installing.
Thus my first goal ("cat init.rc" in the adb shell) has been reached. Thanks again, 3Jane
I'm trying to get root on the Avin Avant 2, but unfortunately i've been unsuccessfull despite extensive reading of this fine website. The Specs for the device are as follows:
Android 4.1.1 (Jelly Bean)
Dual Core 1.7Ghz CPU ARMv71
Mali-400MP GPU
Hardware Device Type "Cedric"
My model is the universal unit from avinusa (site down at the time of posting) . Factory options can be accessed with Code "0000" and i've enabled developer options. Allow Unknown Sources is enabled so i can load whatever APK i need via the inernet or flash drive
Things i've tried to get root:
Framaroot, KingRoot, TowelRoot and numerous other Rooting APK Tools - All Failed
RootMyAN21U - Won't install, probably due to signing
Attempting a USB connection - Won't work, i suspect the client mode connection is on the motherboard somewhere.
The unit appears to be vulnerable to all three MasterKey exploits and i've seen other units successfully rooted, so i think it's definitely possible. i've extracted the Settings, SettingsProvider and framework-res Apk's from the device as i've seen these being used as signing sources on other threads.
If someone could rework somthing like RootMyAN21U for me to try with the files i have provided, that would be great! I am open to any other sugestions (or detailed tutorials so i can help myself). A donation is available to whoever provides the solution!
APK'S From Device https://drive.google.com/open?id=0B89NZzCjXoSbWTVwLWVDR0xYU0U
Also, Merry XMAS
it has already root...
For owners of the AVIN Avant-2 unit there is a new software update available. Email tommy for the download link and password.
Software update for the BMW AVIN Avant-2 Update 09-09-2015
Change log:
1. Added ROOT access and SUPERUSER
2. Added EasyConnect app for Mirrorlink support for Android 5.0 phones and AirPlay support without the need of the AirPin app.
3. Removed a lot of apps from the pre_install_apps.zip file making the update process a lot faster. The removed apps are now placed in the optional_app.zip file in the link below.
You can add or remove your choice of app from the pre_install_apps.zip before running the update.
4. Increased userdata partition to 1524MB
And so on...
I not understand
I not Understand
I've emailed support but no reply as of yet. Is this patch uploaded somewhere?
Kaboom22 said:
I've emailed support but no reply as of yet. Is this patch uploaded somewhere?
Click to expand...
Click to collapse
Any luck, or any response, respectively? I am desperately waiting for Root/Superuser-support...
fpingoud said:
Any luck, or any response, respectively? I am desperately waiting for Root/Superuser-support...
Click to expand...
Click to collapse
Do you have a BMW E46?
If so, you got to take a look on the E46fanatics, just google it, there is a huge thread about your device.
Hi All!
I have the same unit in my car.
But the system is laggy and worst of all I'm having a huge BT-echo at the other side of the line which makes it impossible to have a decent call.
Also android 4.1.1 isn't really supported by the newest app-updates like iCoyote.
Smaller problems:
- System does recognize my iPod but it won't play any music from it
- The radio app shuts down every 10-ish minutes of use
- The status bar on top isn't useful at all and only uses up screenspace that i'd rather use for navigation like Waze.
Conclusion:
It "works" but that's about it.
Question:
Would it be possible to install a more recent version of android which uses the hardware more efficiently and makes the system more stable while keeping the most important functions (obviously).
I've contacted Avin Europe (as I live in Belgium) and Tommy from AvinUSA about this problem but sadly they didn't offer a solution. Even worse, they didn't even reply to me since the end of March.
I am wondering if there's a working temp root (or even perm root without bricking Android 6.0 OS) for this Verizon exclusive ASUS Zenpad z10, as I am now looking for a way to unlock the bootloader as most of unlock commands are intact in the bootloader itself - only "Allow OEM unlock" tab is missing, so I will have to extract the bootloader partition and system configuration partitions - the problem is root.
That way I can get started on putting TWRP after unlocking the bootloader.
Already tried temp root the manual way; running su in /data/local/tmp after giving it the correct permission. All I got was "1" in shell, basically along the line, "f*** you, I am not letting you run as root." Why temp root? I have to do it so I don't accidentally brick the tablet - all I want to do right now is to extract the vital partitions and examine every single of them to see if I can indeed get "Allow OEM Unlock" or some bootloader unlock approval commands so I can get ASUS ZenPad z10 unlocked. And there's absolutely NO ASUS update RAW file extractor tool to date.
Apparently it looks like ASUS and several other OEMs don't bother going the extra miles getting the bootloader locked down as tightly as Evil Moto, or worse, Samsung. They just simply remove "Allow OEM Unlock" tab and call it a day. (Beware, though, Qualcomm second stage bootloader varies so much among OEMs which is why I have to take a peek into the partition image and see what I can find.)
Although I'm of no help to you, I will be following this. I just picked up one of these today. There's simply not a lot of information out there.
Sent from my SM-N920V using XDA-Developers mobile app
Apparently, due to the way Android Marshmallow security system works, all I can do is wait (and probably trawl the forums, although I doubt it will happen unless I pull the kernel from the eMMC SSD which is technically a catch-22 situation, as I have to root before I can touch the kernel or even "Allow OEM Unlock" configuration file in some partition - a bit like chicken and egg paradox).
UNLESS there is a temporary root that works by abusing the Dirty Cow exploits, and allows me to pull the eMMC SSD partitions so I can look through the files contained within the pulled partitions.
Discovered that this tablet do have root detection system - it basically tattle to Verizon. Those bastards. Nevertheless, I would need to find a way to allow OEM unlocking (which I had gut feeling that it's there somewhere) without it getting all antsy.
The more I dig into it, the more I just want the bootloader itself to be unlocked. It never cease to amaze me how far Verizon will do anything to be so nosy.
Slightly off topic, but since you seem to be the only other person here who has this tablet... Have you attempted to figure out a simultaneous charge and data option? I've tried several different cables and adapters so far without much luck.
Sent from my SM-N920V using XDA-Developers mobile app
Good question, however I don't really have a computer with USB-C port, if you meant that (been considering doing a new computer build at some point which then I get better idea how this tablet function on USB-C doing general stuff via USB - it may be by the time this tablet is running CM 14.x, once we figure out how to unlock the bootloader, so it may be hard to say how it will function with stock ROM). On the other hand, regular USB is usually limited to 500 milliamps (1/4 that of bundled charger), so may not charge because of the current requirements that may have to be met within the power management firmware (meaning about 1 Amp - which many DIY PC motherboards now meet the minimum specifications).
However, the screen backlight consume the most juice so you may try turning off the screen after you have mounted the MTP drive (due to MTP security in Android - it will stay mounted after you plug it into computer and turn off the screen however), which then you may be able to charge it. It will take a while as there's a huge battery inside (7.8 Amp hour rating). You would have better luck with a computer that conforms to USB Power Delivery specifications (USB 3.x already support that - USB 3.x ports are usually blue, BTW, so it's kind of hard to miss).
Finally extracted the files from ASUS' Verizon ROM image - ZArchiver Pro apparently can read ASUS' RAW image file, much to my delight. Now, I will have to figure out how to treat the Qualcomm second-stage bootloader (aboot.img) and few other partition images as a disk drive so I can figure out how to enable OEM unlock so I can get this thing unlocked (and I will disassemble the Linux kernel - boot.img - and recovery toolkit - recovery.img - so I can get ball rolling).
Tried to unpack the boot.img and recovery.img - the boot unpacker failed with "Android boot magic not found". Oh well, I will try to keep at it.
Alright, I think it's because the kernel is compiled in ARM64 assembly codes (thus not really standard as far as most Linux kernel boot.img unpackers are concerned), so now I will try one that can and will touch 64-bit kernel image. Then keep on probing the entire recovery and boot images for potential clues to the OEM unlock configuration (and as well as system.img - one problem is, Linux refuse to touch the system.img even though it is evidently the EXT4 FS SSD image).
Anyone who know of decent multi-faceted disk image extractor (the ones that can touch the non-standard disk image, including boot.img and recovery.img which doesn't have the standard "ANDROID!" magic), let me know. I have been googling anywhere, and it's difficult to pull the vital files which I can look for important files. System image, however, may have to be analyzed for type of fuse file system (if it's not sparse file system, then it's definitely an odd SSD image).
Another ZenPad owner checking in. I had to go to asus's site to say this thing even is. The model number P00l is absolutely worthless.
Anyways I've ordered a laptop with native USB 3.0 so will poke around where I don't belong soon.
I absolutely hate this UI, who is to blame? Asus? Verizon?
Verizon. They usually make the call in firmware development (Can you say who locked the bootloader?) and yeah, they're famous for horrible stock firmware. Hence, I am figuring out how to unlock the bootloader just so we can get rid of garbage on the tablet. ZenUI is on ASUS though.
Nice hardware, bad software. That's kind of a shame. It will hurt even less when we get CyanogenMod 14.x operating system on it.
EDITED: the model number is zt500kl, not superfluous "P00l" - I had to figure it out, and GSM Arena had the model number (and bootloader apparently confirmed that).
Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).
Asus ZenPad ZT500KL
I just purchased this tablet yesterday. If you need me to test anything feel free to pm me.....
Thanks for working on this, if I can be of any help. do not hesitate to ask.
Dr. Mario said:
Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).
Click to expand...
Click to collapse
Due to a potential brick risk due to entering the wrong magic value, I'd rather that we have temporary root or shell root first so we can pull the soft efuse partition and some setting files from ASUS settings.apk / systemui.apk to figure out the FRP values just so we don't accidentally lock ourselves out or worse.
Once we find out what it is, we can go ahead and test that (kind of wish I have extra money to get a sacrificial tablet to take a jab at the bootloader, as Verizon love to make it risky).
Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.
Dr. Mario said:
Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.
Click to expand...
Click to collapse
I'm within my 14 day return period ...., send me a pm
Sent from my iPhone using Tapatalk
Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).
Dr. Mario said:
Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).
Click to expand...
Click to collapse
Sounds good. Didn't even know the tablet had a fingerprint reader ( home button)
Sent from my iPhone using Tapatalk
Since @burcbuluklu did such a nice job of creating this for mantis (4k), I've decided to copy that concept for sheldon.
I've created a couple different images, which I'll post in the next few days hopefully.
Sorry for the delay. I've actually managed to get further with this then I expected. The wait will be worth it. I've managed to bring back the OOBE (the welcome setup you have to run through when the stick is brand new). There's one last piece I would like to figure out before I post the image.
I'm looking for help on creating a script that will trigger after the OOBE is complete. There is a flag that gets set after successful completion of the OOBE so that value could be read on boot for example and then trigger the script. Would also want to ensure the script only runs once. It will just be a basic debloating script. This is the last piece of the puzzle. This is a bit out of my skill set. If you can give me a hand with this I'll be able to post a really nice complete image.
--------------------------------------
I've now managed to get around the following problem, though not as cleanly as I would like.
Unfortunately, I'm stuck at a critical part. I need to remove my amazon account before I can share it.
I've approached it in two ways but neither have been successful. First is to remove my account after everything has been setup and done, this would be a bit preferable as I've already done all the work to create this. Second is to not have to sign in with amazon to begin with. Basically disable the OOBE, build up the ROM and then re-enable OOBE so when it gets flashed it's easy to run through that part of the setup. If OOBE can't be re-enabled, then the setup to connect your remote will be the same as in the 4K thread, hopefully.
I had played with various ways to get around OOBE, getting ADB enabled out of the box etc, all with various levels of success on mantis but for whatever reason I can't get ADB enabled on sheldon. For clarification, the intent is to get ADB enabled via recovery so it's accessible before having to run through OOBE.
EDIT:
The only plausible way I've figured out is to use "deregister". Not sure how much "personal info" is left as it says it won't remove all personal info but I used a dummy account anyway. The other factor that is different from mantis/6.2.7.6, is to complete OOBE after the stick has been deregistered, the stock amazon launcher must still be enabled. When trying with another launcher set via launch manager, OOBE won't complete as it gets into a loop during the registration stage. Definitely unfortunate as I would have liked the user to end up on the customer launcher (wolf in this case) rather then having to enable it after getting through the OOBE. If anyone has a better way please let me know.
Can't you just enable ADB through IDME?
Finnzz said:
Can't you just enable ADB through IDME?
Click to expand...
Click to collapse
I'm not familiar with IDME. I couldn't find a whole lot on it. Mind pointing me in the right direction?
bnevets27 said:
I'm not familiar with IDME. I couldn't find a whole lot on it. Mind pointing me in the right direction?
Click to expand...
Click to collapse
IDME is part of the Amazon feature layer added to all their bootloaders. It includes flags to enable ADB, enable ADB with root, and enable ADB without authorization.
You can check it out if you boot up FireOS and use the command 'ADB shell IDME print'. Fos_flags is the value you are interested in in this case.
The fos_flag value can be set from within FireOS using ADB, or from fastboot. These values are written to the end of the bootloader partition, or backup bootloader. It's magic is "beefdeed", and you could edit it directly.
For more information go to Amazon's FireTV open source page, download the source for Sheldon and search the bootloader source for IDME.h
reserved
reserved
@Finnzz thanks for the suggestion but I wasn't able to figure out IDME. Looks pretty interesting though. End result is was easier to just run through the OOBE. Now that I have an image it doesn't matter too much anymore. And I think I've managed to remove all account traces. Though I still want to figure out how to get adb access and bypass the OOBE. I've seen @SweenWolf do it for mantis. Of course I can do it with an image restore but that's not really the same thing. It's not really need but interesting anyhow.
Getting close to a release, just need help making a script that triggers after the OOBE is complete. More info on that in the OP.