1. AVanover5's Avatar
    This is a simple little guide that'll show you how to back up your phone (COMPLETELY) without the famous nandroid. This is mostly meant for knowledge sake but shell scripts can be set up to perform these actions as well. Comments in code will be followed with a '//' marking.

    First, install the android SDK. And of course, be sure that your phone is rooted. There's a separate guide on that somewhere. You can either use the rageagainstthecage exploit or z4root.

    Code:
    adb shell	//enter the device native shell
    $ su		//enter the secure shell (make sure your screen is unlocked when you run this command, then click allow when the window pops up on the phone's screen)
    # cat /proc/mtd	//show device partitions
    Here's an example output. Note: not all phones are like this, some have different partitions. This just happens to be the structure of the LS670.

    Code:
    cat /proc/mtd
    dev:    size   erasesize  name
    mtd0: 00700000 00020000 "boot"
    mtd1: 07c20000 00020000 "cache"
    mtd2: 00700000 00020000 "recovery"
    mtd3: 00140000 00020000 "splash"
    mtd4: 00700000 00020000 "FOTA_STO"
    mtd5: 09e80000 00020000 "system"
    mtd6: 0a4e0000 00020000 "userdata"
    mtd7: 00080000 00020000 "misc"
    mtd8: 00180000 00020000 "persist"
    IMPORTANT!! FOR THE BELOW 'catenate partition 0 to boot.img' COMMAND TO WORK YOU MUST REBOOT INTO SAFE MODE!! TO DO THIS: POWER OFF THE DROID, THEN POWER ON BY HOLDING THE POWER AND MENU BUTTONS AT THE SAME TIME UNTIL IT'S THROUGH ALL THE BOOT SCREENS. IT SHOULD SHOW "SAFE MODE" IN THE LOWER LEFT CORNER OF THE SCREEN. IF YOU DON'T DO THIS, YOU'LL GET A BUNCH OF RANDOM CHARACTERS AND A FROZEN PROMPT. OTHER PARTITIONS SHOULD WORK FINE IN NORMAL BOOT...

    Code:
    # cat /dev/mtd/mtd0 > /sdcard/boot.img	//catenate partition 0 to boot.img
    # cat /dev/mtd/mtd1 > /sdcard/cache.img	//catenate partition 1 to cache.img
    # cat /dev/mtd/mtd2 > /sdcard/recovery.img	//catenate partition 2 to recovery.img
    # cat /dev/mtd/mtd3 > /sdcard/splash.img	//catenate partition 3 to splash.img
    # cat /dev/mtd/mtd4 > /sdcard/FOTA_STO.img	//catenate partition 4 to FOTA_STO.img
    # cat /dev/mtd/mtd5 > /sdcard/system.img	//catenate partition 5 to system.img
    # cat /dev/mtd/mtd6 > /sdcard/userdata.img	//catenate partition 6 to userdata.img
    # cat /dev/mtd/mtd7 > /sdcard/misc.img	//catenate partition 7 to misc.img
    # cat /dev/mtd/mtd8 > /sdcard/persist.img	//catenate partition 8 to persist.img
    Now your phone is completely backed up. NO MORE BRICKS!!! To restore your phone to it's previous state, you'll need fastboot which should come with the SDK. But if for some reason you don't have it then you can download it HERE. Now, simply follow these instructions (see 'Section 0' if fastboot doesn't work).

    Code:
    # exit //exit the secure shell
    $ exit //exit the device native shell
    fastboot flash boot /sdcard/boot.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash cache /sdcard/cache.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash recovery /sdcard/recovery.img	//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash splash /sdcard/splash.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash FOTA_STO /sdcard/FOTA_STO.img	//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash system /sdcard/system.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash userdata /sdcard/userdata.img	//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash userdata /sdcard/misc.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot flash persist /sdcard/persist.img		//wait for 'sending...OKAY / writing...OKAY'
    fastboot reboot						//reboot the device
    === Section 0 (fastboot doesn't work) ===

    If fastboot doesn't work then you'll need to modify the boot.img file and change ro.secure=1 to ro.secure=0 in "default.prop". Type "getprop ro.secure" in "adb shell" to check if you've done this correctly, it should return a 0. Skip Section 1 and follow instructions at Section 2 if you just want to flash the images without fastboot.

    === Section 1 ===

    Unfortunately, I only know how to do this with a hex editor. But hey, this tutorial is for knowledge! ^^ In each of the image files, there is a 2 kilobyte (2048 bytes) header. This translates to address 800 in hexadecimal. So open the image file in your favorite hex editor (I use the HexEdit plugin for Notepad++) and strip off (cut) the 2KB header.

    What you're left with is the kernel, the ramdisk, and the second stage loader. We want the ramdisk and the kernel. So look for a bunch of zeros with 1F 8B followed after it. 1F 8B is the magic number for the gzip file and consequently the beginning of the ramdisk image.

    Copy everything from the first line, through the zeros, and stopping at 1F 8B. Insert all of that into a separate file as kernel.bin, because this is the kernel. Now, cut that part out from the original file to leave only the ramdisk and the second stage loader. Save what's left as boot-ramdsk.gz; don't worry about the second stage loader, gzip will ignore this as 'trailing garbage'.

    Open up a unix shell, I just used cygwin instead of the devices native shell (which I'm not sure will support these commands or not). Make sure you put boot-ramdsk.gz in the working directory of cygwin.

    Code:
    $ gunzip -c ./boot-ramdsk.gz | cpio -i //unpacks the archive and copies contents to working directory
    Fantastic! Now you can edit any file, including default.prop. Okay, so now change ro.secure=1 to ro.secure=0 in default.prop. This will allow you to do adb remount, fastboot, auto su login, ect.

    Code:
    $ find . | cpio -o -H newc | gzip > ./boot-ramdsk.cpio.gz //repacks files from working directory into an archive (MAKE SURE NO OTHER FILES ARE IN THE WORKING DIRECTORY!!)
    Now the final step is to combine the kernel and ramdisk into the full image file which is to be flashed back onto the phone. To do this, you'll need mkbootimg from the git repository (which you should download and compile).

    Code:
    $ mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel kernel.bin --ramdisk boot-ramdsk.cpio.gz -o newboot.img
    Once you've combined those, you have to (manually) attach the 2KB header to the beginning of the image and the second stage loader to the end of the image. Failure to do so will result in your device being bricked when you have flashed the image.

    === Section 2 ===

    Now we're going to flash the image to the phone. So first, you'll need "flash_image" which doesn't come with the SDK. You can download it HERE. Copy the "flash_image" file and your newly made "newboot.img" into your SDK tools folder.

    If you're skipping to this section then simply do the same, but instead; copy your backed up images files into the SDK tools folder, adb push them onto the SD card (rather than newboot.img), and flash those with flash_image (rather than newboot.img).

    Code:
    adb push flash_image /sdcard/					//push the flash_image file onto the SD card
    adb push newboot.img /sdcard/					//push newboot.img onto the SD card
    adb shell							//enter the device native shell
    $ su								//enter the secure shell
    # mount -o remount,rw -t yaffs2 /dev/block/mtdblock5 /system	//mount partition 5 as '/system' in r/w using 'yet another file system 2'
    # cat /sdcard/flash_image > /system/bin/flash_image		//catenate the flash_image file from the SD to '/system/bin'
    # chmod 755 /system/bin/flash_image				//change permissions of flash_image file to rwxr-xr-x
    # mount -o remount,ro -t yaffs2 /dev/block/mtdblock5 /system	//mount partition 5 as '/system' in r/o using 'yet another file system 2'
    # flash_image boot /sdcard/newboot.img				//flash the boot partition with boot.img from the SD card
    # reboot							//reboot the device
    The convenience of fastboot is that images can be flashed from outside the device native shell. So to do a flash of the system partition then I think you'll need to use fastboot. I can't verify this, but it makes sense.
    12-31-2010 07:48 PM
  2. evonotevil's Avatar
    What exactly would happen if the phone would no longer boot therefore not connect to adb anymore?? ( Like if you were installing custom kernel or rom and things went bad.) If you have no custom recovery installed and no nandroid backup, what would you do? Use your phone as a paperweight perhaps?
    01-02-2011 09:34 PM
  3. trekkie1701c's Avatar
    There's a reason for the term "brick". In all seriousness, if it's that bad, take it back to the store and see if they can do anything for it.
    01-02-2011 11:07 PM
  4. bluedragon#AC's Avatar
    I wasn't able to cat those with the error of no such file or directory eve though it show each area when i cat the /proc/mtd...so not sure what you did or what your filesystem your using.
    02-21-2011 08:57 AM
  5. denshigomi's Avatar
    IMPORTANT!! FOR THE BELOW 'catenate partition 0 to boot.img' COMMAND TO WORK YOU MUST REBOOT INTO SAFE MODE!! TO DO THIS: POWER OFF THE DROID, THEN POWER ON BY HOLDING THE POWER AND MENU BUTTONS AT THE SAME TIME UNTIL IT'S THROUGH ALL THE BOOT SCREENS. IT SHOULD SHOW "SAFE MODE" IN THE LOWER LEFT CORNER OF THE SCREEN. IF YOU DON'T DO THIS, YOU'LL GET A BUNCH OF RANDOM CHARACTERS AND A FROZEN PROMPT. OTHER PARTITIONS SHOULD WORK FINE IN NORMAL BOOT...
    This is not correct.
    A cat can be run on mtd0 regardless of what mode the phone is in, and it will give correct results.
    The behavior you are describing indicates that you forgot to redirect output from STDOUT.
    02-22-2011 04:19 AM
  6. spaesani's Avatar
    Does setting ro.secure=0 in the boot.img enable the phone's fastboot?
    Or is the phone's fastboot a bootsector bootloader (1st stage) feature?
    If it's the former, setting ro.secure=0 enables phone's fastboot, then
    isn't it possible to simply:
    root the phone
    >adb shell
    #flash_image boot bootwithfastboot.img
    reboot the phone
    ?

    I'm considering giving it a shot on my fastboot disabled phone.
    Any suggestions before I do it?

    Thanks
    04-25-2011 09:36 PM
  7. 14gautam's Avatar
    Is this same as creating a Backup ROM?
    11-07-2011 09:33 AM
  8. bennyceria's Avatar
    What exactly would happen if the phone would no longer boot therefore not connect to adb anymore?? ( Like if you were installing custom kernel or rom and things went bad.) If you have no custom recovery installed and no nandroid backup, what would you do? Use your phone as a paperweight perhaps?
    it is often a problem for many people
    as I experienced, the tablet can not boot but enable to enter the fastboot mode and can be detected by the computer as android adb interface but adb can't communicated with the tablet.
    I have a backup file but how to flash it ? Tablet chipset is wonder media 8980 OS android 4.2.2
    I can not flash it by adb/fastboot.
    Maybe someone here can give me a little guide for how to....
    I really appreciate for your kindness
    06-04-2015 06:27 AM

Tags for this Thread

LINK TO POST COPIED TO CLIPBOARD