Related
Hello .
Posting a tutorial on how to create a dump out of your stock rom, in case you delete some apps or modify some settings.
ALRIGHT LETS START:
STEP ONE:
Alright, so you want to make a backup of your phone software, but dont know what to do. Its simple, download the package the Android SDK from google and copy it to C:\ drive. Once you have download it, make sure you have Java installed in your system or else it will not work. After everything is done, open the program and install these two packages:
1. Android SDK Tools, revision 6
2. USB Driver package, revision3 ([COLOR="Red"IMP: Its important that the USB driver installed shows up as Composite Android Debug Device, else it wont work. ][/COLOR]
What Android SDK ?? Read about it here: [url]http://developer.android.com/sdk/index.html[/url]
Why Android SDK ? Because: it has the [COLOR="red"]android debug shell[/COLOR] which you require before communicating with your android phone. So download it ! From here:
STEP TWO:
Download Busybox from here : http://rapidshare.com/files/407238531/busybox What is Busybox ?? Read about it here: http://www.busybox.net/
MD5 Signature: C5B76280434EEF49310AD8F1810B10B2
STEP THREE:
One you have downloaded busybox, copy it to the C:\ drive of your computer and then follow the next step. The next step is to open the Command Prompt ( type cmd in the Run prompt ) if using Vista right click on "Run as Administrator".
Assuming you are the root of C:\
Type: C:\cd android-sdk-windows
-> then
Type: C:\android-sdk-windows\ cd tools
-> if you have android debug shell and USB drivers properly installed
Type: adb devices
Now your device will show up as a binary number .. Success ! if it doesn't show up you need to install the drivers again or something else is wrong.
STEP FOUR:
Now once your device shows up, we will need to download the busybox from the computer to the phone. Since we can write anything in the /data/local portion of the android system we will copy the busybox file to the android device.
Type: adb push busybox /data/local/busybox
Once it has been copied to your device issue this command.
Type: adb shell This coomand is issued to go to your mobile's terminal where you can issue commands internally to the phone.
--> then
Type: cd /sdcard This command is given inorder to go to the sdcard ( i.e the internal storage of your phone )
--> then
Type: chmod 755 /data/local/busybox This command is issued to set user -rwxrwxr-x permissions to the file.
--> then
Finally, issue this command.
Type: /data/local/busybox tar cvf Samsung.tar /system This command is given to copy and tar the system folder where all the stock applications and programs are and to create a dump of that system folder.
STEP FIVE:
Job Done !!
The Samsung.tar file can be copied to the computer now. Have fun.
this is perfect, as i want to create a dump of my original ROM
A dump is simply a backup of your original ROM right?
thats good news if it is indeed a a backup of the stock firmware.
i want to back up my warranty firmware!
OrionTC said:
thats good news if it is indeed a a backup of the stock firmware.
i want to back up my warranty firmware!
Click to expand...
Click to collapse
it is only a backup of your stock apps and driver if so however it doesnt convert the files into a flashable rom version.
is there a way for us to backup the firmware?? (not just stock apps)
tids2k said:
it is only a backup of your stock apps and driver if so however it doesnt convert the files into a flashable rom version.
Click to expand...
Click to collapse
So this is not a tutorial of how you back up your stock rom but how you back up your stock apps and stock drivers?
droidwi said:
So this is not a tutorial of how you back up your stock rom but how you back up your stock apps and stock drivers?
Click to expand...
Click to collapse
Correct. We most likely won't be able to actually perform a complete backup until Nandroid works on the handset.
Too bad, the title was very promising but what you show is just an backup archive of the system.
BTW, there is no guarantee that restoring it will produce a usable phone, because kernel, datas, modem baseband etc won't be restored too !
But this can be useful to restore some file after a mistake done on /system files.
supercurio said:
Too bad, the title was very promising but what you show is just an backup archive of the system.
BTW, there is no guarantee that restoring it will produce a usable phone, because kernel, datas, modem baseband etc won't be restored too !
But this can be useful to restore some file after a mistake done on /system files.
Click to expand...
Click to collapse
im working on creating a stock rom ... may be some happy results and happy faces. who knows . keep sticked !
uploading dump again .. please wait.
So, Can i just select this dump in Odin and it will recover to stock firmware. Quite confused here.
The file size is 275 megs , so is it only for apps? Have you flashed with this dump. Nice work so far. THanks.
Edit: Just realised the dump option in Odin is for dumping my rom , not loading one.
So stuck with this until Samsung update. Huh!
Is this the same procedure as making a backup /efs?
I've been searching the forum for hours and this is the only thing I could find that looked anything like it.
This won't work
No, no and no !!
This procedure will not backup your stock ROM.
A complete rom consists in:
- a primary bootloader.
- a secondary bootloader.
- an initrd image with the kernel.
- a rootfs (the /system partition).
- an efs partition.
- a binary radio firmware.
There is no known method to backup all the flash partitions and transform them into proper files that can be reflashed with Odin or Heimdall.
Plinn said:
No, no and no !!
This procedure will not backup your stock ROM.
A complete rom consists in:
- a primary bootloader.
- a secondary bootloader.
- an initrd image with the kernel.
- a rootfs (the /system partition).
- an efs partition.
- a binary radio firmware.
There is no known method to backup all the flash partitions and transform them into proper files that can be reflashed with Odin or Heimdall.
Click to expand...
Click to collapse
+1.. The thread is misleading.. This doesn't accomplish anything! You really think people in the "Android Development" section don't know about tar?
Did anyone already managed to get the built-in dump function from Odin working?
With Odin v1.3 there was the possibility to decide whether to dump AP RAM or AP NAND (followed by an ID).
With Odin v1.52 you can't choose this anymore. It will only dump AP NAND.
But my first attempts were unfortunately not very promising
This tutorial is made to help those getting an Iconia for the first time as well as those who lost/didn't backup before going to custom ROMs.
We will try to help you using more than one variant #1, #2 etc to backup and restore your tablet. If you're new stick to the #1s in the first post. If you know a little Android and a little Linux, head to the second post.
Acer does not provide any full-restore ROMs at the moment so your best option is to create your own backup in case something goes wrong.
The ultimate goal is to help users restore their OTA (over the air) update function, aka. get the OS as fresh and clean as it was the day it came out of the factory.
Help us help you! The parts of the tutorial that aren't ready or require your attention are marked in RED. If you got:
A new tablet, never flashed with a custom rom, share your original backup with US, you will need it anyway once you decide to experiment!
A new tablet, never updated, share your Firmware and "Operated Countries" (on the back of the box) so we know what stock ROM belongs to which countries or continent.
Knowledge and the will to share it!
Before you start!
Don't be afraid of rooting, it will not break your OTA (un-rooting is a piece of cake) updates and it is essential to do a proper backup!
Back up your user files from music to documents and save games or you might lose them!
When everything fails > Privacy > data reset is a good way to start fresh. Best to use it when trying something new.
Always unfreeze/restore system APKs like telephony etc before formatting/soft resetting (not to be confused with turning on and off again) your tablet.
Any .zip on the micro-sd card will be automatically flashed on POWER & VOL-
Save Acer Recovery Installer, Root, your favorite file explorer on your desktop
Droid Explorer (PC app) can be a great tool to install apps from your PC
Before attempting to OTA update: un-root, make sure all system apps are in place, remove micro-sd, factory reset (some have reported success after these)
Unbricking
Get the right firmware (Full Package, thanks Vache), for your tablet, decrypt it and extract the update.zip
Put it on your micro-sd card. Shut down. Boot with power and VOL - pressed and it will automatically get flashed.
What firmware is right for my country?
Full Package Acer_A500_0.000.00_1.016.01_COM_GEN1
CWM Backup Acer_A500_0.000.00_1.016.05_COM_GEN1 - Provided by flyinghighaero
Update zip Acer_A500_0.000.00_1.105.01_EMEA_GEN3 - Provided by bpivk
EU: AT, BE, CY, CZ, DK, EE, FI, FR, DE, GR, HU, IE, IT, LV, LT, LY, MT, NL, PL, PT, SK, SI, ES, SE, GB, IS, LI, NO, CH, BG, RO, TR.
Full Package Acer_A500_0.000.00_1.104.02_COM_GEN1:
USA
Full Package Acer_A500_0.000.00_1.104.05_COM_GEN1
Canada
Acer_A500_0.000.00_1.112.01_EMEA_CUS7 - Not available
Germany
Acer_A500_0.000.00_1.016.04_COM_GEN1 - Not available
Thailand - Probably Asia, needs confirmation
Full Package Acer_A500_0.000.00_1.104.03_COM_GEN1
Taiwan - Probably Asia, needs confirmation
Acer_A500_1.105.01_EMEA_GEN3 - Not available
reports of Netherlands and Mexico - hard to tell what EMEA means to Acer
Acer_A501_1.309.02_COM_GEN1 - Warning, this is an European ROM for A501 !!! - thanks captainpaella
Did your tablet come with one of the following firmwares or maybe another one? (Settings > About tablet), tell us what countries/continent it is for by checking the back of the box for the "Operated Countries" label and posting it below:
Acer_A500_0.000.00_1.013.01_EMEA_GEN1
Acer_A500_0.000.00_1.104.04_COM_GEN1
Acer_A500_0.000.00_1.016.02_COM_GEN1
Creating a backup with Acer Recovery Installer #1
Root
Acer Recovery Installer
Install clockwork mod:
select "ClockworkMod Recovery rev1.3.4 by thor2002ro"
click "Install Recovery Image"
click "Yes" when asked to backup the current image!!!
Reboot into CW recovery from the app or with VOL- & POWER
Create a full backup: "backup and restore" -> "Full Backup"
If your backup is a fresh stock-only (no previous custom roms flashed) one, please share it. It's located on your micro SD in clockworkmod/backup/[current date] <= This is the CWM folder we need!
Don't forget to restore the original recovery image to be able to install futher updates. Unrooting might be necesary depending on Acer.
Restoring to defaults via CWM #1
Full restore in CWM: "backup and restore" -> "Full Backup"
Enter Acer Recovery Installer and restore recovery.img!
Aditional restoring info
Remember: un-root, remove micro-sd, factory reset if it doesn't work.
Also don't have modified, removed or frozen system apps, wi-fi module, build.prop or any other OS file!
"dd" method in the second post is practical if you'll want to downgrade from a FW that has no root yet - still needs testing (eg. if you update to a future 3.2 you won't be able to go back to 3.1 or 3.0.1 until 3.2 is rooted, because CWM needs root, here's where ADB and "dd" can really come in handy!)
Available backups:
Updates of original Acer_A500_1.016.01_COM_GEN1
CWM backup successfully used by me, containing: Stock 1.016.01_COM_GEN1 OTA updated to 1.139.02. 1.139.02 is a "dud" - a FW update taken down by ACER that breaks updates; to solve this issue flash the update.zip(1.139.05) with the default acer bootloader (restore the original recovery.img from Acer Recovery Installer to get the default acer bootloader)
1.141.05 provided by Thor - Restore with "dd", see post 2!
Please provide your own CWM folder or flexrom, boot, recovery and system.img, full dumps (p1, p2, p3... description for this method below)
Do not provide
system.zip containing system/app files
3.1 ROMs - the purpose here is to know if OTA is working
What worked for me:
Done with CWM!
Un-root, restore to stock, remove micro-sd - probably not all necesary but it worked for me.
First of all I flashed to my default rom: Acer_A500_0.000.00_1.016.01_COM_GEN1 from Acer's server, didn't have a backup.
I installed acer recovery installer, rooted and then CWM restored 1.139.02. This firmware is probably Acer's mistake as it is not available anymore, nor can you OTA update from it.
Then I entered Acer Recovery Installer, restored the original recovery.img, un-rooted and restored to factory defaults.
Placed Acer_A500_1.016.01_1.139.05_COM_GEN1 on my micro SD and rebooted into Acer's recovery (PWR&VOL-) installed with no issues.
After the reboot 4.010.22 was available! Started the download, removed the micro-sd(probably wasn't necessary) and the tablet rebooted and installed the update properly!
Voila, 3.1 (4.010.22, kernel 2.6.36.3) with the help of CWM!
This is all the Info I was able to gather about a full restore. Put it to good use and be productive - tell us your results!
Additional backup and recovery methods
Creating a backup via ADB #2
If you're uncomfortable with ADB, this should work with Terminal Emulator +/- Busybox too. Just skip to step 4.
Or you can try the automatic backup tool, just fire it up and follow the instructions. Root and 1GB on the external SD required.
Get ADB + Java both for x32 even if you have windows on 64 bit!
Get the Iconia A500 USB drivers
Run SDK Manager from "C:\Program Files (x86)\Android\android-sdk" and let it download it's junk. I've no idea how much of it you'll need.
Go to "C:\Program Files (x86)\Android\android-sdk\platform-tools"
Create a text file that will contain "cmd" and save it.
Rename your text file ADB.bat and create a shortcut on the desktop for convenience
Root then go to Settings > Applications > Development > USB debugging
Open your adb shortcut, connect the tablet and type "adb shell"
"$" will show up, meaning that you are logged in as an User
type "su", accept the superuser request on your tab
"#" you're now Admin and can issue backup commands.
Backup the first 0x680000 bytes of mmcblk0 and all partitions (except cache + data) with dd:
dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/mnt/external_sd/dumps/mmcblk0_start
dd if=/dev/block/mmcblk0p1 of=/mnt/external_sd/dumps/p1
dd if=/dev/block/mmcblk0p2 of=/mnt/external_sd/dumps/p2
dd if=/dev/block/mmcblk0p3 of=/mnt/external_sd/dumps/p3
dd if=/dev/block/mmcblk0p5 of=/mnt/external_sd/dumps/p5
dd if=/dev/block/mmcblk0p6 of=/mnt/external_sd/dumps/p6
dd if=/dev/block/mmcblk0p7 of=/mnt/external_sd/dumps/p7
Thanks sc2k!
Restoring to factory defaults via Terminal #2
Root
Install Terminal Emulator, Busybox installer and Acer Recovery Installer
Copy system.img, flexrom.img, boot.img, recovery.img in /mnt/sdcard
Run (flash system.img last, it will lock down your tablet and you won't be able to flash the other .img files):
/data/data/com.interphaze.AcerRecoveryInstaller/files/itsmagic
dd if=/mnt/sdcard/flexrom.img of=/dev/block/mmcblk0p6
dd if=/mnt/sdcard/boot.img of=/dev/block/mmcblk0p2
dd if=/mnt/sdcard/recovery.img of=/dev/block/mmcblk0p1
dd if=/mnt/sdcard/system.img of=/dev/block/mmcblk0p3
Restoring to factory defaults via ADB #3
Get ADB + Java both for x32 even if you have windows on 64 bit!
Get the Iconia A500 USB drivers
Run SDK Manager from "C:\Program Files (x86)\Android\android-sdk" and let it download it's junk. I've no idea how much of it you'll need.
Go to "C:\Program Files (x86)\Android\android-sdk\platform-tools"
Create a text file that will contain "cmd" and save it.
Rename your text file ADB.bat and create a shortcut on the desktop for convenience
Root then go to Settings > Applications > Development > USB debugging
Open your adb shortcut, connect the tablet and type "adb shell"
"$" will show up, meaning that you are logged in as an User
type "su", accept the superuser request on your tab
"#" you're now Admin and can issue flashing commands.
Install Acer Recovery Installer
Copy system.img, flexrom.img, boot.img, recovery.img in /mnt/sdcard
Run (flash system.img last, it will lock down your tablet and you won't be able to flash the other .img files):
/data/data/com.interphaze.AcerRecoveryInstaller/files/itsmagic
dd if=/mnt/sdcard/flexrom.img of=/dev/block/mmcblk0p6
dd if=/mnt/sdcard/boot.img of=/dev/block/mmcblk0p2
dd if=/mnt/sdcard/recovery.img of=/dev/block/mmcblk0p1
dd if=/mnt/sdcard/system.img of=/dev/block/mmcblk0p3
I hope many people who just bought their tablet will come here and post the recovery files asap they got it...
I need to return with 01.139.04
If you use the Acer Recovery Tool from the market, would that do the same thing to take you back to stock?
link
Please, always run itsmagic BEFORE any dd operation.
@Bec07: Please swap the commands in your guide.
Restoring to factory defaults via ADB #2
In Step 7 where are the files located that I'm supposed to be copying? Can't find them?
They're supposed to be in /clockwork mod on your micro-sd car, provided you've don a backup. Or you can download them.
@haakuturi
No, I've tried even if you can download the update, it will fail installing. Tried with pre 3.1 updates.
@sc2k
Thanks, fixed. But don't the checksums change after we flash the partitions?
sanaell said:
I hope many people who just bought their tablet will come here and post the recovery files asap they got it...
I need to return with 01.139.04
Click to expand...
Click to collapse
Don't you remember your initial firmware?
Could you check it when close to an iconia stocking shop?
Great tutorial... Thanks
So, a question... If the Restore function in CWM doesn't restore properly, does it backup properly? That is, if I manually restore the files that CWM made when it backed up, will it restore properly or did the backup miss something?
I don't think it backs up properly either. At least not by all checksum standards.
My backup is CWM and I can't restore it with "dd" no matter what. Thor's works but I suspect it's not CWM.
Scrap that! CWM works just fine!
Bec07 said:
I don't think it backs up properly either. At least not by all checksum standards.
My backup is CWM and I can't restore it with "dd" no matter what. Thor's works but I suspect it's not CWM.
Click to expand...
Click to collapse
Well that's bloody annoying... :/
If I'd known that, I'd have manually backed up my stock ROM...
Tell me about it...
I think I flashed 15-20 times in the past 3 days. Haven't managed to make OTA work for 3.0.1 and now they're all down and I can't see 3.1 either...
can i do the "proper" backup from within the tablet with something like connectbot that has sdcard writing permissions without rooting?
Probably with terminal emulator and busybox too
Bec07 said:
Don't you remember your initial firmware?
Could you check it when close to an iconia stocking shop?
Click to expand...
Click to collapse
I think that was 1.016.01 but I do remember the first update I got was 1.139.04 pushed by OTA
THailand
I'm not aware of any problem with the backup/restore with CWM. I'll try to do some testing to see. The boot, recovery images from CWM should work with the dd command, but the system and data are compacted in a YAFFS2 format and cannot be used with the dd command.
I know the initial version did not run itsmagic automatically, so the checksum of boot would be off after a restore, but that was fixed.
Not sure if this helps but my a500 came with Acer_A500_1.105.01_EMEA_GEN3.
I live in the Netherlands and i have a backup which contains flexrom system and boot.img as well as the update.zip to get it to version Acer_A500_1.141.01_EMEA_GEN3
Download here.
Iconia Build Number
Mine is Acer_A500_1.141.01_EMA_GEN3, I bought the tablet on México.
sanaell said:
I think that was 1.016.01 but I do remember the first update I got was 1.139.04 pushed by OTA
THailand
Click to expand...
Click to collapse
Are you sure, it was 01 because I know mine was 01 and I'm from EU. Wasn't it 02?
spaanplaat said:
Not sure if this helps but my a500 came with Acer_A500_1.105.01_EMEA_GEN3.
.
Click to expand...
Click to collapse
Can you guys look on the back of your box, there should be a sticker "Operated Countries" that should list in what other countries the same firmware version is for.
I suspect EMEA should cover EU, Middle east and Asia, but I've got no idea why there are also separate versions
Thanks!
Due to new security measures added on recent Android versions (mainly dm-verity), using dd Flasher on newer devices or recent firmwares (Marshmallow, Nougat, etc) will certainly result in a bootloop. dd Flasher probably still works if you have a unlocked bootloader and a modified kernel disabling dm-verity, but due lack of free time and other priorities, this tool is currently unmaintained.
Introduction
This tool is a new version of Nicki Root (originally released for Xperia M), but now compatible with almost any device. The purpose of dd Flasher is keeping root access in any firmware version assuming your device already have an exploitable firmware...
How it works?
Sony updates are packed in .sin files, generally stored in FTF packages. Using FlashTool, you can get an image of the system partition (system.ext4) of the latest firmware available, which is sideloaded into your device by dd Flasher. Next, it'll mount the update image (system.ext4) in a loop device, place SuperSU binaries (and when needed, disable RIC protection) and after that, stop all running processes and "flash" the modified image back into your device by using dd binary.
After dd Flasher finishes its work, all you need to do is rebooting your device into flash mode in order to flash the rest of the FTF file (excluding system partition, of course) with FlashTool. In the end, your device will be running the latest available firmware with full root access, making dd Flasher extremely useful for devices with locked bootloader that have exploitable firmwares but lack recoveries or other means to get root access.
Requirements
• Your device must already have root access. You can downgrade to an older firmware and root it with some known exploit, if needed. Also, if you don't have root access, dd Flasher won't work at all.
• You will need FlashTool and an FTF file of the firmware version you want to upgrade your device to.
• Your device should have enough free space to store system partition image of the update temporarily (around 1.5-2.5GB, depending of the device/firmware). At the moment you can store the image either on its Internal Storage or in external SD Card (when possible). USB OTG support is planned too.
• If pushing system image to SD Card, make sure your phone is connected in MTP mode (in Mass Storage mode only Internal Storage is accessible and dd Flasher will fail)
Instructions
Getting system partition image: FTF files are just ordinary .zip files with lots of .sin files inside, format commonly used by Sony in their firmwares for Xperia devices. We are interested in system.sin (it's the one with the partition image), to use it with dd Flasher, so:
• Open the FTF file with WinRAR or 7-Zip (or any other program compatible with .zip files);
• Extract system.sin somewhere you have easy access;
• Open FlashTool and go to Tools => SIN editor;
• A new window will open. Locate system.sin we extracted before, click in "Extract Data" and wait until FlashTool finishes extracting it
• If everything went well, now you should have a system.ext4 file in the same place you extracted system.sin before (you can already delete system.sin -- we won't need it anymore).
Using dd Flasher: now that we got our system partition image, we can move on to dd Flasher:
• If you didn't already have extracted dd Flasher somewhere, do it now (DUH!). Make sure FlashTool isn't running as well -- it's known to interfere with ADB interface;
• Move system.ext4 extracted previously to the same folder you've extracted dd Flasher (where dd_flasher.bat/dd_flasher.sh is located);
• Open dd_flasher.bat (or start dd_flasher.sh from a Terminal if you're on Linux) and follow the instructions. After selecting a storage device, dd Flasher will do its work;
• Please note some steps take a while to complete (mainly pushing the system image and flashing it), your device will look like it's dead and won't respond but don't worry, it's normal (on compatible devices the notification LED will pulse in different colors to indicate the the script is running);
• If everything went well, dd Flasher will notify you (and your notification light will be green, if compatible). After that, you'll need to power cycle the device, disconnect the USB cable and pull your battery off (if your battery is non-removable, use the Off/Reset microswitch). Wait some seconds and put your battery back but don't turn your device on yet.
Flashing the remaining with FlashTool: at this stage, your device have the latest firmware from the FTF you used and full root access but still have old versions of kernel, baseband, etc., so, trying to start your device now will probably result in a boot loop or something like that, so, let's finish it:
• Open FlashTool again and flash the FTF you used to extract system.ext4 in flash mode, however, make sure you've excluded SYSTEM, if you forget to do so, everything the tool did will be lost and you'll need to restart from the beginning;
• After flashing ends, disconnect the USB cable and start your phone. The first boot may take several minutes but if everything went well you should be now running the latest firmware, with full root access!
Compatibility
This tool uses an internal database to automatically set up everything needed in the officially supported devices, with at the moment are:
• Xperia E series (C1504, C1505, C1604, C1605)
• Xperia E3 series (D2202, D2203, D2206, D2212, D2243)
• Xperia M series (C1904, C1905, C2004, C2005)
What to do if my device isn't officially supported? dd Flasher also comes with a "default" config which is automatically selected when used in a unknown device. It should work by default in any Xperia (and may even work in devices from other brands), but if dd Flasher still refuses to work, PM me your device model and firmware version, I'll try to support it
FAQ
Soon
Credits
Although I wrote this script from scratch, it uses some pieces of code written originally by @zxz0O0, @[NUT] and @Chainfire, so, credits to them. I would like to thank also everyone who helped directly or indirectly in the conception of the original Nicki Root script, which became what we know today as dd Flasher
Changelog
Soon
Download
All currently released versions available in downloads tab.
XDA:DevDB Information
dd Flasher, Tool/Utility for the OEM Cross Device Development
Contributors
mbc07
Version Information
Status: Beta
Current Beta Version: 2.0
Beta Release Date: 2015-03-19
Created 2015-03-19
Last Updated 2015-03-19
Awesome!
Incredible!
Thanks for sharing this with the community.
Nice
Thanks for everything
Amazing
Thank you so much!
Who try it with android 5.0.2 of z2,z3,z3c,??? And is is full root, isn't it????
nhoc_huhu said:
Who try it with android 5.0.2 of z2,z3,z3c,??? And is is full root, isn't it????
Click to expand...
Click to collapse
Not ready yet =/
The current SuperSU package included in this beta version is unlikely to work in Lollipop -- I was working into that but it didn't made it into this beta. I'll try to get it ready for the stable version...
Error: can't stat '/data/local/tmp/ddFlasher/system/bin/sh':
Hallo,
i tried this on a xperia m (C1905) and get this error:
---------------------------------------------------
Initializing ADB [DONE]
Waiting for device [DONE]
Waiting root access [DONE]
Preparing script [DONE]
Pushing system image [DONE]
Stopping device [DONE]
Mounting system image [DONE]
Installing packages...
- SuperSU v2.46 (SELinux) cp: can't stat '/data/local/tmp/ddFlasher/system/bin/sh': No such file or directory
[DONE]
- Disable RIC (RAM Disk) [DONE]
Saving changes [DONE]
Flashing image [DONE]
System partition updated.
Reboot your phone into flash mode to finish.
NOTE: device won't respond in current state, that's
normal, pull your battery or use Off/Reset switch.
Press any key to exit...
--------------------------------------------
I used C1905_15.4.A.1.9_CE.ftf for the system.sin.
rootchecker says everything is fine but "folderMount", for example, dosnt work, it does a "hard" restart without request.... the screen went black and then reboots.
Before the rooting i also had 15.4.A.1.9 on the phone.
for "prerooting" i used towlroot v3
Could someone please help me with this.
I like to get more space for apps on the xperia m. with something like folderMount or swapinternal 2 external SD and i really tried a lot rooting technics and rootfixer and so on but nothing works.
its really frustrating.
kind regards
Oliver
olliD said:
rootchecker says everything is fine but "folderMount", for example, dosnt work, it does a "hard" restart without request.... the screen went black and then reboots.
Click to expand...
Click to collapse
You have partial root access, that's why the device reboots. I added that in to-do list, should be fixed in the stable release of dd Flasher. Since you have Xperia M, it's much easier and quicker to root it with TowelRoot and then applying the root fixer (there's a tutorial in Xperia M forums). In the meantime, if TowelRoot still fails, you can try again with the old Nicki Root, although old and not supported anymore, they should still work, at least with Xperia M...
What is the difference with the prfcreator tool?.cheers
juanpirulo said:
What is the difference with the prfcreator tool?.cheers
Click to expand...
Click to collapse
PRF Creator generates a flashable ZIP, you'll need a recovery to use it, differing from dd Flasher that archive this through ADB bridge, so, it works even if there's no recovery for your device...
Hi mbc07,
thanks for the reply.
I did this (with TowelRoot and then applying the root fixer (there's a tutorial in Xperia M forums).) several times. I have 2 Versions of the rootfixer on my pc in the moment, tried both but dosent work. I also looked for the tutorial you mentioned, but i didnt find it, sorry.
Could you please link to the tutorial or the correct rootfixer.
I just saw that i dont tell you that i have a locked bootloader, just for info.
kind regards
Oliver
Try this tutorial @olliD...
Got SuperSU v2.46 (SELinux) cp: can't stat '/data/local/tmp/ddFlasher/system/bin/sh': No such file or directory
and some related errors
Dirtycow-based TA Dumper for Sony Xperia Devices. (v2.0)
Author:
Jens Andersen
Xda: rayman
Twitter: https://twitter.com/EnJens
GitHub: EnJens
Source can be found on https://github.com/EnJens/backupTA.
Must be built within AOSP (e.g. checkout to external/backupTA)
Changelog:
More devices supported. The dreaded "Permission denied" should be long gone
Stability improved
TA dump is now verified before pulling
An error message is correctly shown when the process fails.
Requirements:
Phone running a dirtycow capable OS (E.g. recent N builds won't work).
If you have already upgraded, downgrading (temporarily) should be possible.
It should work on all recent xperia phones, but there might be exceptions.
It works on Linux, Windows and Mac (OS X)
Instructions:
Ensure you have adb access (e.g. drivers installed, enabled etc)
Run backupTA.sh (linux) or backupTA.cmd (windows) in the root directory.
TA will be saved as TA-ModelNumber-Serial-Timestamp.img in
the backupTA.sh directory.
On failure, the TA file should be missing, but please check that the file is 2.097.152 bytes
Download:
backupTA.zip
Credits:
rayman
Bumble-Bee (Testing)
Myself5 (Testing and some scripts)
oshmoun (Testing)
Androxyde (Testing)
munjeni (checkta source)
Tested on:
Xperia Z1
Xperia ZL
Xperia Z2
Xperia Z3
Xperia Z5
Xperia Z5 Compact
Xperia E5
Xperia M5
Xperia M4 Aqua
Xperia C5
Xperia X
Xperia XA
Xperia XA Ultra
Xperia X Performance
Xperia X Compact
Xperia XZ
XDA:DevDB Information
Universal (Dirtycow-based) TA Backup, Tool/Utility for the OEM Cross Device Development
Contributors
rayman, rayman
Source Code: https://github.com/EnJens/backupTA
Version Information
Status: Stable
Created 2016-12-07
Last Updated 2020-07-27
FAQ:
Q: Why is the backup different between reboots?
A: There is other data stored in the TA partition than just the TA Units. On some devices, the bootloader bootlog is stored there along with other pieces of data.
How it works
A very quick primer on how backupTA works now the source is out:
Sony's devices are extremely locked down with SELinux, and even getting root (with dirtycow) leaves you with very little access to the system.
Other than true root (which is rather difficult to get, although not impossible), only the Sony TA daemon has access to the partition required. But the TA daemon has no access to write any files anywhere on the device where we can pull them...
The basic approach is:
* Overwrite run-as binary with a custom binary
* When executed it switches to root and sets platform_app permissions, which for some bizarre reason is allowed from run-as explicitly. (See note 1)
* Once it has these privileges, it has access to dirtycow /sbin/tad_static
* It overwrites tad_static with a special daemon that allows reading the entire TA partition over the tad socket already used by the system. (See note 2)
* The run-as replacement reads the TA dump over the tad socket and pipes it to stdout to write to a file. (See note 3)
Note 1:
Dirtycow cannot increase the size of any binaries on the system, so to make things actually work, this solution also overwrites screenrecord binary (which is significantly bigger). run-as then executes this after setting up root and does all the fancy things. On some devices the platform-app context with root does not allow reading or writing files anywhere. To get around this, it reads the replacement tad_static from stdin and writes the dump to stdout. The script that runs run-as handles the piping.
Note 2:
When tad_static is first executes during boot, it's cached by linux. For efficiency reasons and because it's on a read-only filesystem, it's executed from this cache in memory. When dirtycow replaces the binary on /sbin, it actually replaces the running binary's code in memory, forcing it to crash. Init automatically restarts it, but now it's the replaced binary running which allows us to dump what we need.
Note 3:
The tad socket is actually quite limited permission-wise too. Only a limited subset of selinux contexts are allowed to read/write to it and the same goes for users. Luckily, root user with some supplementary groups, and the platform_app selinux context does have access to it, so we abuse that fact to talk to the replaced TA daemon.
Awesome. was waiting for this.thanks
Second!
wow nice find! I'm a bit bumped out I allready unlocked my booloader but this is great news!
Awesome... Congrats!!
XP F8131 output :good:
Code:
Picking 64-bit version
Running on F8131 on 64-bit platform
Pushing files
886 KB/s (9984 bytes in 0.010s)
743 KB/s (6088 bytes in 0.008s)
1072 KB/s (14280 bytes in 0.013s)
901 KB/s (10184 bytes in 0.011s)
122 KB/s (876 bytes in 0.006s)
Running scripts to dump ta to "TAIMG" on device
Overwriting run-as
Attempting to dirtycow
Done dirtycowing
Overwriting secondary payload (screenrecord)
Attempting to dirtycow
dirtycow failed
Attempting to dirtycow
Attempting to dirtycow
Done dirtycowing
Attempting exploit
Attempting to dirtycow
dirtycow failed
Waiting for result....
Bad reply received, failing...
Attempting exploit
Attempting to dirtycow
Attempting to dirtycow
dirtycow failed
Waiting for result....
Got a total of 2097152 bytes
Exploit successful!
Dumped TA as TA_F8131_CB512AD0TJ_06122016-2207.img
Pulling image
735 KB/s (2097152 bytes in 2.784s)
Cleaning up
TA Sucessfully pulled to TA_F8131_CB512AD0TJ_06122016-2207.img
****NOTE: Please verify filesize is 2MB ****
Pressione qualquer tecla para continuar. . .
Just a quick heads up. The first attempt failed because /data/local/tmp was not empty! It has two "flat..." files inside it (Stock fw).
Fix can be to change .sh and .cmd scripts to chmod each pushed file separately (instead of *), or even clear that folder.
Code:
Picking 64-bit version
Running on F8131 on 64-bit platform
Pushing files
180 KB/s (9984 bytes in 0.054s)
742 KB/s (6088 bytes in 0.008s)
1983 KB/s (14280 bytes in 0.007s)
1421 KB/s (10184 bytes in 0.006s)
213 KB/s (876 bytes in 0.004s)
[COLOR="DarkRed"]chmod: chmod '/data/local/tmp/flatland' to 100755: Operation not permitted
chmod: chmod '/data/local/tmp/flatland64' to 100755: Operation not permitted[/COLOR]
Running scripts to dump ta to "TAIMG" on device
...
Anyways... It did work like a charm! Respect!!
rayman said:
Dirtycow-based TA Dumper for Sony Xperia Devices.
Author:
Jens Andersen
Xda: rayman
Twitter: @droidray
GitHub: EnJens
Source will follow later this week.
Requirements:
Phone running a dirtycow capable OS (E.g. recent N builds won't work).
If you have already upgraded, downgrading (temporarily) should be possible.
It should work on all recent xperia phones, but there might be exceptions.
Instructions:
Ensure you have adb access (e.g. drivers installed, enabled etc)
Run backupTA.sh (linux) or backupTA.cmd (windows) in the root directory.
TA will be saved as TA-ModelNumber-Serial-Timestamp.img in
the backupTA.sh directory.
Download (Temporary. Will be moved, so please don't link to it):
https://skumler.net/backupTA.zip
Credits:
rayman
Bumble-Bee
Myself5 (Testing and some scripts)
oshmoun
Tested on:
Xperia Z3
Xperia Z5
Xperia Z5 Compact
Xperia X
Xperia XP
Xperia XC
Xperia XZ
Click to expand...
Click to collapse
So just to confirm, this fully backs up the TA partition including DRM keys on the Xperia XZ. So it's okay for me to now unlock the bootloader and restore everything with this? If so this is just what I've been waiting for!
Just to confirm, after TA (including DRMs) is backed up, I can unlock -> root -> then relock + restoring TA so I can have both root and DRMs working flawlessly? including OTA updates?
I don't think root with locked bootloader is possible. But if you got TA backup you can restore whenever you want and relock bootloader. Maybe important if you want to sell phone or if you need guarantee. @rayman
Will it be possible to create. ftf to flash drm key just like in Z5 line?
Whats the difference?
Difference to what? Your in German "android-hilfe", right?
serajr said:
Awesome... Congrats!!
Just a quick heads up. The first attempt failed because /data/local/tmp was not empty! It has two "flat..." files inside it (Stock fw).
Fix can be to change .sh and .cmd scripts to chmod each pushed file separately (instead of *), or even clear that folder.
Anyways... It did work like a charm! Respect!!
Click to expand...
Click to collapse
Good point. I went lazy-mode and just chmod'ed it all and assumed everything there would be shell-user owned...I guess that doesn't always stand true. I'll fix it up.
Sonic Dash said:
So just to confirm, this fully backs up the TA partition including DRM keys on the Xperia XZ. So it's okay for me to now unlock the bootloader and restore everything with this? If so this is just what I've been waiting for!
Click to expand...
Click to collapse
In theory. I've verified it makes a 100% accurate copy of the TA Partition. I can't realistically guarantee anything else, but yes, it *should* work like that. That's kind of the point.
boydzethuong said:
Just to confirm, after TA (including DRMs) is backed up, I can unlock -> root -> then relock + restoring TA so I can have both root and DRMs working flawlessly? including OTA updates?
Click to expand...
Click to collapse
Probably not... The second you flash back the locked TA, signed boot images will be required again and signed boot images mean dm-verity, meaning verified /system partitions, so it wouldn't boot anymore without 100% stock firmware.
DannyWilde said:
I don't think root with locked bootloader is possible. But if you got TA backup you can restore whenever you want and relock bootloader. Maybe important if you want to sell phone or if you need guarantee. @rayman
Will it be possible to create. ftf to flash drm key just like in Z5 line?
Click to expand...
Click to collapse
I don't see why not, but YMMV. It's certainly possible to extract the DRM key from the backup created by this tool and if Flashtool/bootloader allows flashing the data to a TA unit, it'll be possible.
Aaskereija said:
Whats the difference?
Click to expand...
Click to collapse
Difference to what? As of now, there is no tool to backup the TA on Android Versions above 5.1.1 (last Version where iovyroot worked on), exept this one
rayman said:
Good point. I went lazy-mode and just chmod'ed it all and assumed everything there would be shell-user owned...I guess that doesn't always stand true. I'll fix it up.
Click to expand...
Click to collapse
But shouldn't it just go on? I had the chmod failure during the final tests yesterday too, but I'm pretty sure it was just going on at that time.
How can I restore TA? I Backed up TA.
Heesue said:
How can I restore TA? I Backed up TA.
Click to expand...
Click to collapse
Unlock bootloader, flash TWRP, boot to TWRP, adb shell and use dd command to flash TA image back. Then power off and flash stock system, fotakernel and kernel with flashtool.
thanks great work friend, tested in xperia z5 premium
shoey63 said:
Unlock bootloader, flash TWRP, boot to TWRP, adb shell and use dd command to flash TA image back. Then power off and flash stock system, fotakernel and kernel with flashtool.
Click to expand...
Click to collapse
Thanks a lot!
AWESOME!!!
Very Good Job Guys!
BIG THANKS
Xperia X Compact
Seemed to work on Xperia X Compact:
Running 34.1.A.1.198 firmware
Really nice work
Output
Code:
Running on F5321 on 64-bit platform
Pushing files
[100%] /data/local/tmp/dirtycow
[100%] /data/local/tmp/run-as
[100%] /data/local/tmp/exploitta
[100%] /sdcard/dumpta
[100%] /data/local/tmp/backupTA.sh
Running scripts to dump ta to "TA_F5321_QV705K140B_20161207-1151.img" on device
Overwriting run-as
Attempting to dirtycow
Done dirtycowing
Overwriting secondary payload (screenrecord)
Attempting to dirtycow
dirtycow failed
Attempting to dirtycow
Attempting to dirtycow
Done dirtycowing
Attempting exploit
Attempting to dirtycow
dirtycow failed
Waiting for result....
Bad reply received, failing...
Attempting exploit
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Done dirtycowing
Waiting for result....
Error connecting to unix socket: No such file or directory
Attempting exploit
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Done dirtycowing
Waiting for result....
Error connecting to unix socket: No such file or directory
Attempting exploit
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Attempting to dirtycow
Done dirtycowing
Waiting for result....
Got a total of 2097152 bytes
Exploit successful!
Dumped TA as TA_F5321_QV705K140B_20161207-1151.img
Pulling image
[100%] /data/local/tmp/TA_F5321_QV705K140B_20161207-1151.img
Cleaning up
TA Sucessfully pulled to TA_F5321_QV705K140B_20161207-1151.img
****NOTE: Please verify filesize is 2MB ****
Greetings.. I bought Xperia x F5121 ( 34.0.A.1.264) Android 6.0.1 (Prototype) online & found its prototype.Possible for me to root & flash custom rom.If theres a way,could anyone guide me .Thks in advance.I appreciate it.
My apologies admin.If i post wrong section pls delete it.
if the BOOTUNLOCK is allowed on your PROTOTYPE DEVICE then
short answer is : YES
dial *#*#7378423#*#* goto SERVICE INFO >> CONFIGURATIONS
HERE you will see alot of info, search for BOOTLOADER UNLOCK ALLOWED text and see what shows ,,, if NO then sorry! this device is locked by SONY and only they can unlock it
if BOOTLOADER UNLOCK ALLOWED has YES then MAGIC CAN BE DONE
IF YOU ARE NEW TO SONY WORLD then you must save XPERIA X DRM KEYS
since you are already on ANDROID 6 (YAY)
just enable USB DEBUGGING from DEVELOPER OPTIONS
and
download the UNIVERSAL (DIRTYCOW-BASED) TABACKUP SCRIPT ( DOWNLOAD FROM HERE ( REFERECE MASTER POST BY RAYMAN
uzip the script on desktop and RUN the .BAT file, it will ask permission on your mobile screen, ALLOW it and after few seconds, the SCRIPT will EXTRACT TA-xxx-xxxx-xxxx-date+timeStamp.IMG file (2mb in size) IN THE SAME FOLDER
you can run .bat mulitiple times! each time it will extact the same TA.img file with different file name , i ran it thrice
now you have your DRM KEYS FILE (SOME USERS SAYS ITS NOT NECESSARY BUT TRUST ME! IT IS! ) KEEP THIS TA.img file SAVED on cloud!
------------------------
UNLOCKING BOOTLOADER
SONY official handout unlocking keys for FREE at
https://developer.sony.com/develop/open-devices/get-started/unlock-bootloader/
follow the steps! select your device model from list, provide them your email, they will send you one time link , to generate BOOT UNLOCK KEY AGAINS YOUR "IMEI" NUMBER ( dial *#06# on your F5121 to obtain IMEI number) (its even given on configuration page, where you checked the bootulock status )
- flashtool (www.flashtool.net) can ALSO unlock xperia Bootloader! (install flashtool and then install drivers also ( c:\flashtool\drivers)
- clicking BLU while device is CONNECTED IN FASTBOOT MODE ( it will prompt you) and giving SONY's generated KEY will UNLOCK your F5121's bootloader! device will JERK, ANDROID BOT WILL APPEAR and ALL PARTITIONS (accpt system) will be FORMATED and you will loose all your data, accounts, details , DRM KEYS ... (make sure you take backup of your photos/videos/music)
--------------------------------------------------
NOW IF YOU WANA STAY ON 34.0.A1.264 and DONT wana UPGRADE to ANY OTHER BUILD came after this then
you need to do this
0. put magisk16.0.zip in sdcard (if you don't have sd card then UTG drive, flashdrive, etc)
1. unlock bootloader
2. flash TWRP (via fasboot
3. FLASH modified kernel ( the MASTER TOOL of SONY WORLD www.flashtool.net) (installing Xperia COMPANION + Google Minimal ADB & Fastboot.zip is M - U - S -T )
4. BOOT in to twrp, flash MAGISK16.0 from sdcard
and reboot device
the device will boot ROOTED 34.0.A.1.264
NOW IF YOU WANT TO UPGRADE TO NOUGAT FROM 34.0.A1.264 and ROOT IT THEN
-the recommended NOUGAT Stockrom version is 34.3.A.0.252 (releasedin dec2017)
1. download the .252 ftf file from xda post
https://forum.xda-developers.com/xperia-x/how-to/sonyx-f5121-downgrade-8-0-0-to-7-1-1-to-t3754986
2. flash it via flashtool / you need to see solid tutorial for that! please do research , flashing xperia is TRICKY
3. flash twrp
4. flash modified kernel
5 boot into twrp and flash MAGISK and REBOOT.
NOW IF YOU WANT TO UPGRADE TO OREO FROM 34.0.A1.264 and ROOT IT THEN
-for OREO the RECOMMENDED STOCKROM version is 34.4.A.2.97 (released in JULY2018)
1. you must download the latest stockrom
2. flash it
3 flash modified Kernel
4. boot in to twrp and
(a) flash the DRMFIX.zip
(b) Magisk16.0.zip
5. reboot
ALL KERNELS BY YEARS/BUILD WITH DRMFIX FILES ETC ARE GIVEN IN MY POST
https://forum.xda-developers.com/xperia-x/how-to/root-xperia-x-f5122-android-n-34-2-2-47-t3594502
PLEASE READ THOROUGHLY !
I have tested all these kernels my self since I have F5122 however if anything goes wrong please note that XDA or any member is NOT responsible
try it on your own risk
Thks again for the fast reply.I'm choosing upgrading to Oreo. I download Germany o2 DE ( 34.4.A.2.97 /R2E ) & i'm using the latest flashtool v0.9.25.0 .I'm stuck at fsc script shown ( Those data are not in the FSC script and will be skipped. RESET-NON-SECURE-ADB. Do u want to continue? )i click no & close it. I download the fsc script 34.4fsc from your site & overwrite paste it on C:\Users\USERNAME\.flashTool\devices\F51XX .Once done,i reopen the flashtool & flash.Same problems occurs.i even restart my pc..No success..
jingaro said:
Thks again for the fast reply.I'm choosing upgrading to Oreo. I download Germany o2 DE ( 34.4.A.2.97 /R2E ) & i'm using the latest flashtool v0.9.25.0 .I'm stuck at fsc script shown ( Those data are not in the FSC script and will be skipped. RESET-NON-SECURE-ADB. Do u want to continue? )i click no & close it. I download the fsc script 34.4fsc from your site & overwrite paste it on C:\Users\USERNAME\.flashTool\devices\F51XX .Once done,i reopen the flashtool & flash.Same problems occurs.i even restart my pc..No success..
Click to expand...
Click to collapse
click yes and proceed
what about drmkeys extraction part?
have you done that