Here is a zip file containing a modified recovery and boot image, as well as a few other things:
http://rapidshare.com/files/166164961/AndroidMod.zip
http://jf.nyquil.org/AndroidMod.zip
http://android-dls.com/forum/index.php?f=24&t=191&rb_v=viewtopic (see post for actual link to file)
NOTE: if you need a complete RC30 to v1.3 guide, see this page.
The recovery image (recovery_testkeys.img) uses the test keys that are distributed with the android platform source. This means that an OTA update or an update.zip update must be signed with the test key in order for it to install. In other words, it will no longer install OTA updates from t-mobile. You don't want them stealing back root access from you now do you? .
I've also included the test keys and the SignApk.jar tool, so you can sign your own update scripts (for use only with the modified recovery image). You can resign any image, even if it has been signed before. So for example, if you needed to install an "official" t-mobile update, you must re-sign it with the test keys first.
Another bonus in this recovery image is that ADB is enabled while in recovery mode. You can't adb into a shell (no sh binary), but you can at least use it to push and pull files from the device. For example, you could push an update.zip file to the sdcard.
The boot image (boot_nosecure.img) has been modified so that adb has root access by default. So when you do an adb shell, you automatically get a root shell. You can remount the system image using adb, and then push files directly to the system partition.
Finally, the "update - Restore Original RC29 Boot Image.zip" file is an update.zip file signed with the test keys, which will restore your boot partition back to the stock RC29 image. Useful if you accidentally hose your boot partition..
To install the recovery image onto your phone:
Code:
D:\Android\AndroidMod>adb push recovery_testkeys.img /data/local/recovery.img
912 KB/s (0 bytes in 1767424.001s)
D:\Android\AndroidMod>adb shell
$ su
su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# cd /system
cd /system
# cat /data/local/recovery.img > recovery.img
cat /data/local/recovery.img > recovery.img
# flash_image recovery recovery.img
flash_image recovery recovery.img
#
Note: You must place the recovery image at /system/recovery.img. the init.rc boot script automatically flashes the recovery partition with that file every time you boot up the phone.
At this point, it's probably a good idea to reboot the phone into recovery mode, and make sure it loads OK. If the recovery image is corrupt somehow, it will throw you back into SPL mode (the multi-color bootloader screen). If that happens, just boot the phone normally, and reflash recovery image.
Once it boots into recovery mode, press alt+L, and the next to top line of text should say something like "using test keys.". If it doesn't, then you're still using the original recovery image.
Note: If you are planning on installing the modified RC30 update, you can ignore the following - there is no need to install the boot image. The update already has a newer, modified boot image.
Now that you know you have the modified recovery image loaded, you can install the boot image:
Code:
D:\Android\AndroidMod>adb push boot_nosecure.img /data/local/boot.img
939 KB/s (0 bytes in 1533952.001s)
D:\Android\AndroidMod>adb shell
$ su
su
# flash_image boot /data/local/boot.img
flash_image boot /data/local/boot.img
# rm /data/local/boot.img
rm /data/local/boot.img
#
Now reboot the phone and let it boot normally. If the boot image was corrupted, it will boot into recovery mode instead. You can use the included update zip file to reload the original RC29 boot image.
Otherwise, if it boots up normally, open a command prompt however you like (telnet, adb, terminal emulator app, etc.) and type "getprop ro.secure". If it says 0, then you're running the modified boot image. Otherwise, if it says 1, you're still running the original boot image.
Attachement..
Hmm. It doesn't look like the attachment made it.. Does anyone have some space I could throw the file up at? It's around 5mb.
JesusFreke said:
Hmm. It doesn't look like the attachment made it.. Does anyone have some space I could throw the file up at? It's around 5mb.
Click to expand...
Click to collapse
I should have some space let me know
JesusFreke said:
Hmm. It doesn't look like the attachment made it.. Does anyone have some space I could throw the file up at? It's around 5mb.
Click to expand...
Click to collapse
Sent you an email with u/p if you need space.
test
anyway to test and make sure i did this correctly.. other than my phone booted and is not a paperweight
jriley60 said:
anyway to test and make sure i did this correctly.. other than my phone booted and is not a paperweight
Click to expand...
Click to collapse
To check the boot image, boot the phone normally, and then get a shell with adb. Type "id", and see if you are root
To check the recovery image, boot up the phone into recovery mode. Once you're in recovery mode, Press alt-l to show the text. The next to top line should say something like "using test keys"
JesusFreke said:
To check the boot image, boot the phone normally, and then get a shell with adb. Type "id", and see if you are root
To check the recovery image, boot up the phone into recovery mode. Once you're in recovery mode, Press alt-l to show the text. The next to top line should say something like "using test keys"
Click to expand...
Click to collapse
When will we see the files? Can you just upload to RS and we will mirror?
neoobs said:
When will we see the files? Can you just upload to RS and we will mirror?
Click to expand...
Click to collapse
Look at the original post. I added a link for the zip file..
boot.img is in correct. assuming typing id in telnet returning uid=0(root) gid=0(root) means i'm root then i'm good, thank you so much. looks like i really should install the emulator it might make things a little easier
JesusFreke said:
Look at the original post. I added a link for the zip file..
Click to expand...
Click to collapse
thank you. Sorry
jriley60 said:
boot.img is in correct. assuming typing id in telnet returning uid=0(root) gid=0(root) means i'm root then i'm good, thank you so much. looks like i really should install the emulator it might make things a little easier
Click to expand...
Click to collapse
Well, that does mean you have root, but that doesn't say anything about whether the boot.img was installed correctly. If you're telneting in, then you would have root access regardless of whether you are running a stock boot image or my modified one.
My boot image allows adb to connect to the phone as root. If you don't use adb, there's no reason to install my modified boot image.
Actually, there's an easier way to tell if you're running my boot image. Get to a command prompt (telnet, adb, terminal emulator app, whatever), and type
getprop ro.secure
If it says 0, then you correctly installed my boot image. Otherwise, if it says 1, you're still running the stock image.
Thanks! Was waiting for this.
Now to screw with my phone like crazy
Not that I don't trust you... but...
Ok... I don't trust you implicitly enough to reflash my phone with your stuff
Any chance you can post diffs against the android source tree so I can apply your changes and build it myself?
No offense - I just like to know what's going on...
RyeBrye said:
Ok... I don't trust you implicitly enough to reflash my phone with your stuff
Any chance you can post diffs against the android source tree so I can apply your changes and build it myself?
No offense - I just like to know what's going on...
Click to expand...
Click to collapse
Not at all
The recovery tool is just a stock build (almost) from the android source, using the test keys, which is the default if you don't specify keys of your own. The only change I made was to make it print out "using test keys" when it runs, just to make it easy to tell if it's running. I can give you a diff if you really want.. but it's a simple change though, and doesn't affect the actual functionality.
For the boot image, I replaced the initramfs image in the boot.img included in the official RC29 update, with the initramfs image from a default build of the android source, which has the ro.secure property set to 0.
I first tried the boot.img that was generated by the default android build, but I had issues with getting wifi to work, so I tried merging the initramfs image with the RC29 boot.img, and it seems to work fine.
I suspect you could accomplish the same thing by extracting the initramfs image from the RC29 boot.img, un-gzipping and un-cpioing it, and then modifying the default.prop file to set ro.secure to 0. Then you would have to package it back up and stick it back into the RC29 boot.img.
ro.secure is the property that the adb service looks at to determine if it should use root user, or drop to the shell user. When ro.secure is 0, adb will run as root.
It can be a bit of a pain to get the android source to build though. Make sure you get the dream specific product files (they aren't downloaded by default when you do a "repo sync"). You'll also encounter issues where it can't find libaudio.so or librpc.so. You'll have to copy these from the phone to a couple of output folders in order for the build to proceed.
If you get stuck, feel free to give me a holler and I'll try and help out.
Be warned.. the build takes quite a while.. on the order of an hour or two at least. But then again, I was doing it in a VM.. it may be faster if you do it on a native linux box.
i cant get it to work i know I'm doing something wrong can you(everyone)help me out(i have Vista 64) i get this error
this i what i type# C:\Android\AndroidMod>adb push recovery_testkeys.img /data/local/recovery.img
this is the errorC:AndroidAndroidMod: not found
please and thank you
EDIT: could we do it off the sdcard?
EDIT2: i think i found my own mistake this cant be done in Windows i need to have shell with adb meaning time to whip out VM
JesusFreke said:
For the boot image, I replaced the initramfs image in the boot.img included in the official RC29 update, with the initramfs image from a default build of the android source, which has the ro.secure property set to 0.
I first tried the boot.img that was generated by the default android build, but I had issues with getting wifi to work, so I tried merging the initramfs image with the RC29 boot.img, and it seems to work fine.
Click to expand...
Click to collapse
Can you talk more about this step of the process? How did you do this "merging"? Did you use mkbootimg?
JesusFreke said:
I suspect you could accomplish the same thing by extracting the initramfs image from the RC29 boot.img, un-gzipping and un-cpioing it, and then modifying the default.prop file to set ro.secure to 0. Then you would have to package it back up and stick it back into the RC29 boot.img.
Click to expand...
Click to collapse
And this could be done without going through the whole process of doing an Android build, right? I'm just thinking about how one might build a simple utility to allow editing of the ramdisk.
alansj said:
Can you talk more about this step of the process? How did you do this "merging"? Did you use mkbootimg?
Click to expand...
Click to collapse
I just used the good ol hex-editor. The gzip file starts with a few specific bytes (don't remember them offhand..), so you can search through the image. There are 2 gzip files, the initramfs is the last one. In mine, it starts at offset 0x00154000.
Once you find it, just cut it out and dump the new one in (there is some 00 padding after the gzip file ends.. not sure if you need to keep the padding or not). You also have to update the size of the initramfs, which is at offset 0x00000010.
alansj said:
And this could be done without going through the whole process of doing an Android build, right? I'm just thinking about how one might build a simple utility to allow editing of the ramdisk.
Click to expand...
Click to collapse
Yes.
Anyway to make this using the update.zip sd card method?
JesusFreke, per some requests in #android on freenode I have setup a wiki (not a device wiki like xda's but more like an "information about android/g1 and how to tweak it" wiki) and would like to put this on there. Let me know if you care (unless you would like to add it in your own words), the wiki is http://android-dls.com/wiki and its still very new, but im trying to to get it built up (RyeBrye is doing most of the work).
humble said:
i cant get it to work i know I'm doing something wrong can you(everyone)help me out(i have Vista 64) i get this error
this i what i type# C:\Android\AndroidMod>adb push recovery_testkeys.img /data/local/recovery.img
this is the errorC:AndroidAndroidMod: not found
please and thank you
EDIT: could we do it off the sdcard?
Click to expand...
Click to collapse
First of, you do know that when we refer to "C:\..." we refer to windows via a command prompt (or "cmd") and when you see "# ..." we refer to a shell connection to the Android phone.
Second, you do have the Android SDK right? If not download it HERE. Now extract that to a folder, preferably close to the C: root. (ex. C:\AndroidSDK)
1)Either extract/copy the files from the "AndroidMod.zip" to the Android Tools folder from the SDK (ex. C:\AndroidSDK\Tools) OR copy "adb.exe" and "AdbWinApi.dll" from the Android Tools folder from the SDK (ex. C:\AndroidSDK\Tools)to the folder where you have extracted the "AndroidMod.zip" to.
2)Open up a command prompt. Start -> Run (or Windows key + R) and type "cmd"
3)CD to the directory where the files are.
EXAMPLE:
C:\Users\[your_user_name_here]> cd \
C:> cd androidsdk\tools
C:\AndroidSDK\Tools>
4) Now follow the Instructions.
Call me what ever you want, but it's too late...
I have a US WiFi Zoom and I accidentally deleted the "framework-res.apk" in /system/framework/, but I do have a backup in /mnt/sdcard/
Fastboot is still working, but I can no longer boot in recovery (I have/had CWM installed).
The normal startup get stuck on the boot screen.
As far as I understand you cannot flash a file directly from fastboot, but need a .zip file made in Linux for this purpose.
As I do not have skills, nor a Linux OS to build this, I would very much appreciate if someone could help out here, or direct me how to flash a file directly from fastboot.
Thanks in advance,
arc
Get wifi system image and fastboot flash system system.img
Or if you have USB debugging enabled, just use adb to copy the framework-res
Thanks, sangreal06,
I believe the USB debugging is only getting me into the /mnt/ folder.
But, if I understand you right, I can grab roebeet's root-prepped and updated HRI66 system.img here:
http://forum.xda-developers.com/showthread.php?t=995785
and flash it by:
Code:
fastboot flash system system.hri66.rootprepped.img
fastboot reboot
After the device reboot, you will need adb to fix su permissions:
Code:
adb remount
adb shell chmod 6755 /system/bin/su
is this correct?
Yes, but that file is for 3G. It is not compatible with wifi model
Thanks, sangreal06, for catching that one, it probably saved me a lot of grief. I guess the one to use will be Scourge1024's:
Stock MZ604 (Xoom Wi-Fi) recovery.img
or, am I better way of waiting for the stock SBF, announced to arrive within short?
Also, will this require that I re-root?
Thanks in advance,
arc
Boot into clockworkmod and flash the zip below.
How to get back into recovery: http://forum.xda-developers.com/showthread.php?t=1041192
File: http://dl.dropbox.com/u/18315605/XDA/Framework.zip
Thanks so much bwcorvus,
I'll d/l the recovery.img at [RECOVERY] ClockworkMod Recovery v3.0.2.5
and....
It worked perfectly, I'm back! I guess that's a mistake I wont do again. I really owe you one, put it on my tab.
arc
Hi, im using cm7 , and just flashed trinity 1.1uv
the boot animation changed for the trinity one.
but the one that comes with cm7 is way better!
how can i change it?
do i need to delete the bootanimation.zip from the kernel before flashing it?
thx for the attention
hamtar0 said:
Hi, im using cm7 , and just flashed trinity 1.1uv
the boot animation changed for the trinity one.
but the one that comes with cm7 is way better!
how can i change it?
do i need to delete the bootanimation.zip from the kernel before flashing it?
thx for the attention
Click to expand...
Click to collapse
Sorry for thanks ^^
1. extract your downloaded cm build and go to system/media copy bootanimation.zip
2. copy to your sdcard
3. push to system/media on phone & delete /system/media/audio/poweron
4. reboot
5. enjoy
Actually, you can extract the bootanimation.zip from the rom, and then directly use adb, skipping the sdcard altogether:
adb remount
adb push bootanimation.zip /system/media/
The above works provided your copy of adb is included in your PATH system variable and that you're running it from the directory you've extracted bootanimation.zip. Otherwise, type bootanimation.zip's full path in the push command, and type the command in the directory where adb is installed.
Voilà!
Now, some extra tips:
You can rename files as you push them with adb, which means you could have multiple boot animations in a directory on your computer, and push whichever one you want on a whim, ie:
adb push bootanimation_somethingelse.zip /system/media/bootanimation.zip
There are many articles out there on making your own animation, I'll just add that 7zip works pretty well to make the archive (use the "store" method), optipng might repair images that don't seem to work otherwise, also make sure you have a text editor that can handle Unix-style line returns for the desc.txt file.
I personally use the stock Nexus boot animation, but with one addition: I put contact information in case the phone is found.
Goodbye,
Darkshado
Darkshado said:
Actually, you can extract the bootanimation.zip from the rom, and then directly use adb, skipping the sdcard altogether:
adb remount
adb push bootanimation.zip /system/media/
The above works provided your copy of adb is included in your PATH system variable and that you're running it from the directory you've extracted bootanimation.zip. Otherwise, type bootanimation.zip's full path in the push command, and type the command in the directory where adb is installed.
Voilà!
Now, some extra tips:
You can rename files as you push them with adb, which means you could have multiple boot animations in a directory on your computer, and push whichever one you want on a whim, ie:
adb push bootanimation_somethingelse.zip /system/media/bootanimation.zip
There are many articles out there on making your own animation, I'll just add that 7zip works pretty well to make the archive (use the "store" method), optipng might repair images that don't seem to work otherwise, also make sure you have a text editor that can handle Unix-style line returns for the desc.txt file.
I personally use the stock Nexus boot animation, but with one addition: I put contact information in case the phone is found.
Goodbye,
Darkshado
Click to expand...
Click to collapse
My Version is more noob like so see what he will choose D
Hey guys,
i've found another 'very' good kernel which, i think, does not change your boot animation. It has bln-support and voodoo, it works for both 9020 and 9023 users. Just check it out:
http://forum.xda-developers.com/showthread.php?t=1100448
thank you guys!
i just bought a xoom today and i have obtained root. i am looking to use my microSD slot and update to 3.1 and over clock using tiamat 1.4.4. i am no even able to find out how im suppose to flash the 1.3 kernel so i can use the sd slot to update to 3.1. i copied th kernel to the xoom using a drag and drop in "my computer" and then use rom manager to flash it but it says "update aborted". i dont know what to do. i know how to use adb so i dont fear it but can someone help with this problem? maybe a walkthrough? thanks for your time.
hi
do you have clock recovery then reboot in to recovery then install zip from sdcard then choose zip from sdcard and there you go choose the zip file and you done....
TRY THAT
Install Instructions:
***Prior to flashing you must create a folder named sdcard2 inside of the existing sdcard folder.***
Download and unzip the file below. Make sure you place all 6 files in the path you are running commands from.
The following install instruction are to be executed in adb. The red text represent the command that needs to be entered.
adb reboot bootloader
Xoom will reboot into bootloader screen
fastboot flash boot boot.img
fastboot reboot
Xoom will then reboot into homescreen
adb remount
adb push bcm4329.ko /system/lib/modules/bcm4329.ko
adb push tun.ko /system/lib/modules/tun.ko
adb push scsi_wait_scan.ko /system/lib/modules/scsi_wait_scan.ko
adb push cifs.ko /system/lib/modules/cifs.ko
adb push vold.fstab /system/etc/vold.fstab
adb reboot
Xoom will then reboot and if all went well, you can now overclock to 1504 via Droid Overclock or SetCPU.
Please note- After you have flashed the kernel you must insert the SD card and reboot for files to appear.
i did....that's why I'm trying to figure it out. Its saying the update is aborted. I don't have access to the SD slot because its disabled so I camt put it on the SD card.
where do i get the 6 files that i should be downloading for that walkthrough?
I am desperately trying flash an insecure boot image on my TF300T, and I am just about at my wit's end. I have gone through the following process. (this is on a .29 TF300T btw)
Unlocked my TF300T with the ASUS tool, and then flashed CWM and got root using this guide.
Obtained .29 US firmware zip from the ASUS website.
Unzipped the "blob" file and then extracted all of the firmware components from it using BlobTools.
Renamed blob.LNX (one of the extracted files which is apparently the boot image) to boot.img for convenience.
Split boot.img into kernel and ramdisk using this set of scripts made for that purpose.
Changed the ro.secure=1 line in default.prop to ro.secure=0.
Packed everything back up again using that set of scripts.
flashed my new boot.img using the line fastboot -i 0x0B05 flash boot boot_new.img (boot_new.img is generated upon repacking)
and finally, I run fastboot -i 0x0B05 reboot only to find upon booting that absolutely nothing has changed! adbshell getprop ro.secure still gives a 1! I'm almost positive that I've done this all correctly, as I was able to get an insecure boot image onto a kindle fire just a few days ago. Could anyone tell me if I'm doing something wrong? Please
One thing to note, for some reason I could not run fastboot -i 0x0B05 boot boot_new.img to try out the new boot image as it would cause fastboot to give me an error and a red line of text to appear on the TF300T's screen detailing something about it being unable to find the command. Perhaps that is related to my problem?
I'd try taking the 'boot.img' file and putting back to simply 'blob' with no extension, then flashing via ADB or terminal emulator with root.
Code:
adb push blob /sdcard/ (Just place on root of Internal Storage if using term emulator or have easy MTP access. )
adb shell (Don't need if using emulator)
su (Give ROOT permission)
dd if=/sdcard/blob of=/dev/block/mmcblk0p4
reboot
See if that'll flash it for you.
"dd if=/sdcard/blob of=/dev/block/mmcblk0p4" This part I am NOT 100% sure about, you'll need the TF300's partition table, I know mmcblk0p4 is the Staging partition on the TF101, but not sure if it's the same on the TF300, just replace mmcblk0p4 with the STAGING partition label
Hope it helped.
Needs Root and BusyBox installed.