Great work KnightCrusader! I have owned HTC phones for years, and this is my first samsung. I am a little experienced with heimdall/odin because I was trying to help a friend flash a fascinate. I bricked it so I had to learn how to recover it fast. I was using 32 bit XP on that computer. My computer is 64 bit W7. Will those tools still work on my computer? If so, I might take a crack at trying to dump the recovery.
Anyone interested in picking one up this Thursday?
- Thread starter rickhamilton620
- Start date
Excellent work KnightCrusader. That's a heck of a lot more than I could do lol. If i get one and you want / need a guinea pig, im game. 
-- Sent from my HP TouchPad using Communities
-- Sent from my HP TouchPad using Communities
All Verizon-based Android phones have locked bootloaders at the behest of Verizon. The main reason for this is the crapware. The crapware vendors pay VZW a lot of money and the agreement is that VZW try their damnedest to make sure nobody removes the crapware for 2 years. In return VZW gets to not only subsidize the cost of the device (meaning you don't have to pay retail for it) but they also make quite a bit of money in the long run.
As far as the attempts to root, this is gonna require a bit more than catch-all roots at the moment. We may even end up with a bootstrapper recovery instead of a normal recovery. I've looked into why Rageagainstthecage didn't work and that was because if the ADBD crashes, it doesn't attempt to restart, it just locks up the phone for the most part until you reboot. Looks like all of the security holes used to gain root previously have been locked up nice and tight.
I'm really hoping the dev of one of those catch-all root solutions (superOneClick, Z4, etc) gets this phone, it would make root so much easier.
As far as the attempts to root, this is gonna require a bit more than catch-all roots at the moment. We may even end up with a bootstrapper recovery instead of a normal recovery. I've looked into why Rageagainstthecage didn't work and that was because if the ADBD crashes, it doesn't attempt to restart, it just locks up the phone for the most part until you reboot. Looks like all of the security holes used to gain root previously have been locked up nice and tight.
I'm really hoping the dev of one of those catch-all root solutions (superOneClick, Z4, etc) gets this phone, it would make root so much easier.
Thanks guys. I am doing what I can to help root this while learning about it in the process. I was hoping ODIN would work like NVFlash does on the Tegra 2 tablets I have, but it doesn't. Which is a shame... if I can dump the boot image, I can change the secure flag over to false and reload it to the phone to get root via adb like we do on the Transformer.
Everything I've learned or read seems to indicate that recovery is flashed when you flash a kernel or boot image, but recovery has its own partition. Is there a way to just "flash" the new recovery right to that partition without messing with boot? This is the part I am unclear of and have a hard time finding answers to. I know on the Captivate to install ClockworkMod you have to flash the boot image, which didn't make sense to me. Maybe I still have a lot of learning to do about this stuff, but the best way for me to do so is with hand-on and experimentation.
Sure, I got the Heimdall software here: Heimdall ? Glass Echidna
Make sure to put the phone in download mode (you might need a jig, that's all I've used so I dunno if there are shortcut keys to press on boot to obtain it that way). Then make sure you install the proper drivers, which some with Heimdall. It won't work until you install them. (I tried before I realized I needed them.)
You can take a look at the software, but DO NOT flash anything from another phone to this one. I am pretty sure nothing of the other Galaxy S phones will help you here, other than make your phone a brick.
I'll let you know if I need people to try things, but unless its safe, I won't ask cause I don't want to think that I had a part in bricking someone's awesome piece of hardware.
Not true. The OG Droid, Incredible, Fascinate, Continuum, and most recently the Charge, Revolution, and Stratosphere are all unlocked as far as bootloader is concerned. All a locked bootloader means is its ability to boot a custom made kernel is turned off (by using a signature to check its integrity). All the phones I listed will boot custom kernels, thus making them unlocked.
I am not sure if Verizon pushed HTC to lock bootloaders, but we all know that they promised to "open" them on new devices. Motorola, on the other hand, I still think they are doing that on their own accord and blaming it on Verizon. Look at the Xoom, that was locked and allowed to be "unlocked", but I have a feeling that ability was there because Google made them do it (since it was a Google Experience Device), otherwise that baby would have been locked up tight too. I guess we have to see what the Xoom2 will be like.
Not going to argue with you there. It also keeps people from installing custom kernels that provide some of the services they charge for as a free service instead. (Tethering, anyone?) However, I don't think its to make up the subsidy, I bet they'd shovel the crap on the phone even if they were still making money on it. It is Verizon we are talking about here, after all.
I'm fine with a bootstrapped recovery like the Motorola Droids use... but we still need root in order to install it.
The problem is, SuperOneClick, Z4, and all the other one-click solutions are just nice GUI/scripts that perform all the other manual exploits, nothing special. SuperOneClick uses psneuter and Gingerbreak (both don't work, manually or otherwise) and I think z4 uses rage.
Everything I've learned or read seems to indicate that recovery is flashed when you flash a kernel or boot image, but recovery has its own partition. Is there a way to just "flash" the new recovery right to that partition without messing with boot? This is the part I am unclear of and have a hard time finding answers to. I know on the Captivate to install ClockworkMod you have to flash the boot image, which didn't make sense to me. Maybe I still have a lot of learning to do about this stuff, but the best way for me to do so is with hand-on and experimentation.
Sure, I got the Heimdall software here: Heimdall ? Glass Echidna
Make sure to put the phone in download mode (you might need a jig, that's all I've used so I dunno if there are shortcut keys to press on boot to obtain it that way). Then make sure you install the proper drivers, which some with Heimdall. It won't work until you install them. (I tried before I realized I needed them.)
You can take a look at the software, but DO NOT flash anything from another phone to this one. I am pretty sure nothing of the other Galaxy S phones will help you here, other than make your phone a brick.
Excellent work KnightCrusader. That's a heck of a lot more than I could do lol. If i get one and you want / need a guinea pig, im game.
I'll let you know if I need people to try things, but unless its safe, I won't ask cause I don't want to think that I had a part in bricking someone's awesome piece of hardware.
Not true. The OG Droid, Incredible, Fascinate, Continuum, and most recently the Charge, Revolution, and Stratosphere are all unlocked as far as bootloader is concerned. All a locked bootloader means is its ability to boot a custom made kernel is turned off (by using a signature to check its integrity). All the phones I listed will boot custom kernels, thus making them unlocked.
I am not sure if Verizon pushed HTC to lock bootloaders, but we all know that they promised to "open" them on new devices. Motorola, on the other hand, I still think they are doing that on their own accord and blaming it on Verizon. Look at the Xoom, that was locked and allowed to be "unlocked", but I have a feeling that ability was there because Google made them do it (since it was a Google Experience Device), otherwise that baby would have been locked up tight too. I guess we have to see what the Xoom2 will be like.
Not going to argue with you there. It also keeps people from installing custom kernels that provide some of the services they charge for as a free service instead. (Tethering, anyone?) However, I don't think its to make up the subsidy, I bet they'd shovel the crap on the phone even if they were still making money on it. It is Verizon we are talking about here, after all.
I'm fine with a bootstrapped recovery like the Motorola Droids use... but we still need root in order to install it.
The problem is, SuperOneClick, Z4, and all the other one-click solutions are just nice GUI/scripts that perform all the other manual exploits, nothing special. SuperOneClick uses psneuter and Gingerbreak (both don't work, manually or otherwise) and I think z4 uses rage.
Weird, it doesn't say that when I look. Maybe it is in your region? Where do you live? I'm in the Cincinnati market.
When I was working with the Fascinate you could flash just a recovery with odin or with heimdall. This may or may not be the case here.
Specifically, do you know if the tools and drivers support windows 7 64 bit? Yes, there is a shortcut key. Power the phone off then hold down volume down and power. This takes you to download mode. If you power down and hold down both volume keys and power you get straight to the recovery. *edit* I stopped being lazy and searched. They do work on 64-bit.
HTC has always been locking bootloaders since the Windows Mobile days. They are just relatively easy to unlock. Motorola bootloaders are encrypted, making it much more difficult. We are lucky that Samsung is staying open.
I am pretty sure since it is unlocked we dont need to settle for bootstrap/2nd init. That is a workaround for the hopelessly locked motorolas. If we can get a dump of the recovery it will go a long way.
From what I have read about the first set of Galaxy S phones, it seems that the 2e recovery they first came with made it easy to replace it with a self-made update.zip. The new 3e recovery - which is on the Stratosphere and all updates for the rest of the line - won't allow it to flash without a signature that matches what Samsung put there.
Specifically, do you know if the tools and drivers support windows 7 64 bit? Yes, there is a shortcut key. Power the phone off then hold down volume down and power. This takes you to download mode. If you power down and hold down both volume keys and power you get straight to the recovery. *edit* I stopped being lazy and searched. They do work on 64-bit.
Sorry, yeah, they do work on x64 Windows 7, as I use that at work and had to use the tools a few times for this and for my boss' Captivate.
..And that Captivate is the reason I made a jig, cause the boot key combination doesn't work worth a crap on it. I found the jig easier and stuck with it on other Samsung phones, but I am glad to know there is another option for those of us that can't get the required parts. I tried it out and it does in fact work, and it gives you a warning screen to push up to get to the same screen the usb jig gets you to, or press down to reboot the phone normally.
Yeah, I didn't think about the unlockable ones. When I said locked, I meant encrypted and no hope of ever unlocking them to use custom kernels. I know Sony Ericson bootloaders are unlockable as well. It seems like Motorola and some HTC are the only ones so far that have *encrypted* them.
Yeah, I would like a real solution as well.
I wanted to chime in again... I think I am going about this a little wrong. We may have the tool we need already to do this - the kernel source.
After doing some research on the SG2 (since it has the same bootloader), it seems they obtained root by compiling the stock kernel source, setting it to insecure, and then flashing it via odin. This is along the lines of what I was trying to do, instead I was trying to extract the kernel already on the phone with heimdall dump instead of compiling it.
I don't have any experience with kernel compiling, but I plan to try it out using my linux server (the building of the stock kernel at least). If that works, that should give me what is one the phone now and I can flash it back with secure set to false. The only thing I am afraid of is I don't have a copy of the stock working kernel already so if it doesn't work, my phone will be bricked until I can fix it.
Does anyone have any experience with kernel compilation that could help or chime in?
After doing some research on the SG2 (since it has the same bootloader), it seems they obtained root by compiling the stock kernel source, setting it to insecure, and then flashing it via odin. This is along the lines of what I was trying to do, instead I was trying to extract the kernel already on the phone with heimdall dump instead of compiling it.
I don't have any experience with kernel compiling, but I plan to try it out using my linux server (the building of the stock kernel at least). If that works, that should give me what is one the phone now and I can flash it back with secure set to false. The only thing I am afraid of is I don't have a copy of the stock working kernel already so if it doesn't work, my phone will be bricked until I can fix it.
Does anyone have any experience with kernel compilation that could help or chime in?
Sorry, no such experience here.
On the other hand I am currently dumping the ROM with odin. I think it is dumping all partitions because I did not specify the ID. Judging by the PIT you posted, multiplying block size by number of blocks for each partition, the partitions could total up to 500 MB. Its been going for three hours and is only up to 290 MB so far. Ive been out of a Stratosphere for a little while but I'd rather not stop it and have the same problem you did lol. I dont know how useful the output would be. It is a .dmp file. I am trying to search online how I can pull out the individual parts from it. Perhaps if I can extract recovery.bin, factoryfs.rfs, and zImage it would be useful.
Yeah, I was wondering what would happen if I played around with the ID numbers on that command. Good idea trying it without specifying, it didn't even occur to me.
My dump got to exactly 290MB and then crapped out. I changed the .dmp to a .tar and WinRAR opened it to show a bunch of garbage and a few xml files, so I think that fact it has an xml file in there correctly means its gonna make a tar file with the dump. (Plus I think odin/heimdall uses tar files so it only makes sense it would make one.)
If yours finishes, try renaming to dump.tar and see what you get inside. If you get zImage, then I think we'll be in business. I'm still going to pursue the compilation route as well.
Oh yeah, wanted to also make a side note: for those of us that are upgrading from one of the other 4G phones - Thunderbolt, Charge, Revolution, or Bionic (did I miss any?) - the MicroSIM WILL work with an adapter in these phones... at least it does in my Thunderbolt.
Now, when I am working on my Stratosphere, flashing or dumping, I can have my SIM in the 'bolt to receive any calls or messages.
Same exact thing happened to me. 290,816 KB. Left it for hours but nothing more came. And I got the error. And I was able to use heimdall to bail out. If any of you are trying to pry a little and get stuck at the screen saying ROM update failed, just use heimdall to print the PIT and that will get it out of that stuck mode. I tried opening it as a tar but WinRAR wanted nothing to do with it. It said the archive is in an unknown format or damaged. Did you do your dump with heimdall or odin3? I was using odin3.
I was using Heimdall. I guess dump really is broke in the protocol... that, or sabotaged.
From what I am still reading up about zImages and the initramfs (where default.prop has ro.secure set - what we need to change), the best thing to do is compile the kernel from source and load it up.
I may contact Chainfire on xda and see if he can give me some insight as to the steps he used to compile the SG2's source into an insecure kernel. This is within our reach, I can feel it...
From what I am still reading up about zImages and the initramfs (where default.prop has ro.secure set - what we need to change), the best thing to do is compile the kernel from source and load it up.
I may contact Chainfire on xda and see if he can give me some insight as to the steps he used to compile the SG2's source into an insecure kernel. This is within our reach, I can feel it...
This is intriguing. I've compiled kernels before, but I have no idea how to do it 'insecure.' I think I'll talk to some devs I know and see if they know.
There might be an easier method. (I really wish there was a better place to store all this android development information in one place, cause its confusing having it scattered everywhere!)
I am reading and analyzing the post about how the T-Mobile SGII was rooted, and they did it by just flashing CWM straight to the phone via Odin without messing the kernel. This is what I was originally wanting to do but I got conflicting information about flashing the zImage to get clockworkmod, etc.
The T-Mo SGII root is claimed not to mess up anything boot wise, so if I hose my recovery in the process of this, that I can care less about than hosing my boot image. I'm going to see if I can get some guidance from Slayher on RootzWiki on how to do this, and plan my attack for when I get home tonight.
I am sure that CWM won't run on this phone unmodified, but maybe I can figure out what I need to change in order to get it to work. Once we can get CWM mod running on it, flashing root is one step away!
So the plan is get CWM. To issues are a.) can we get a backup of the original recovery/complete NAND backup to restore incase something gets screwed up and b.) how do we make a build of CWM that will work for the stratosphere. Do we need to build CWM from the source with whatever modification is necessary?There might be an easier method. (I really wish there was a better place to store all this android development information in one place, cause its confusing having it scattered everywhere!)
I am reading and analyzing the post about how the T-Mobile SGII was rooted, and they did it by just flashing CWM straight to the phone via Odin without messing the kernel. This is what I was originally wanting to do but I got conflicting information about flashing the zImage to get clockworkmod, etc.
The T-Mo SGII root is claimed not to mess up anything boot wise, so if I hose my recovery in the process of this, that I can care less about than hosing my boot image. I'm going to see if I can get some guidance from Slayher on RootzWiki on how to do this, and plan my attack for when I get home tonight.
I am sure that CWM won't run on this phone unmodified, but maybe I can figure out what I need to change in order to get it to work. Once we can get CWM mod running on it, flashing root is one step away!
Yeah, that's the problem. Recovery would be gone until we can find a way to flash over a rooted filesystem from one phone to the other and then pull a standard recovery from it. Which should be doable, after the first person can root and dump their file system.
As for CWM, I am looking into that too.
If I find anything else, I'll post it here.
Actually, I may be able to dump the recovery through adb and compile a new kernel for it from stock and set it as insecure, and then package it all back up. ADB works through recovery and if its set insecure, then we might be able to mount system and root it through that. Then we keep the standard recovery after all.
My server is barfing on the ARM toolchain needed for the kernel since I don't have X11 installed. (Seriously, its a remote server... who needs a GUI?) So, I am going to have to get a machine at home running on an Ubuntu Live CD and try it out there tonight.
I'll let you know if anything else develops.
My server is barfing on the ARM toolchain needed for the kernel since I don't have X11 installed. (Seriously, its a remote server... who needs a GUI?) So, I am going to have to get a machine at home running on an Ubuntu Live CD and try it out there tonight.
I'll let you know if anything else develops.
Similar threads
Trending Posts
-
-
Post your case choices here.- Started by Chex313
- Replies: 75
-
-
Let's see your Pixel 10 and 10 Pro photos!- Started by atliens
- Replies: 104
-
Don't buy the snap ring!!- Started by 0078265317
- Replies: 7
Facebook
Twitter
Instagram