On 11/7/22, ytooR wrote:
>
> Hi Karl - glad you have been able to eat. I no things have been difficult -
>
> Good luck!
good luck, rooty !
Hi Karl - glad you have been able to eat. I no things have been difficult -
Good luck!
--- Original Message ---
On Sunday, November 6th, 2022 at 6:33 AM, Undescribed Horrific Abuse, One
Victim & Survivor of Many wrote:
> things are back to normal. it appears as if it is the same.
things are back to normal. it appears as if it is the same.
while working with the boot partition i discovered the kernel may have
changed :(
i spent some time learning about things
my device’s partitions are all mounted in the ramdisk loaded by the
kernel, completely separate from the system partition i’ve been
reflashing.
the ramdisk is in a partition in another custom android format called
bootimg. there are tools online from the
https://source.android.com/docs/security/features/encryption/file-based#enabling-file-based-encryption
FBE is enabled by adding the option
fileencryption=contents_encryption_mode[:filenames_encryption_mode[:flags]]
to the fs_mgr_flags column of the fstab line for userdata. This option
defines the
missing basic and normative tools:
- dump dirtree from an e2fs filesystem
- extract encryption keys from device and decrypt userdata image
- access device logical partitions via flashing cable
other stuff
the encryption key and decryption situation just looks like a lot of
work to me, more than
i left it alone for a while and returned. after the userdata partition
reflashed it behaves like the battery is busted, only powering when
plugged and then not booting.
given their are two compounding factors (different os release and the
partition could be borked) it makes sense to wipe it and
to figure this stuff out, i used losetup —partscan to process the
partition table of a complete flash image i took using mtkclient
i’m now using that partition map to recover my old userdata partition
and reflash it to get everything back how it was, maybe. this could
restimulate the brick i
meanwhile, phhussonm the dev of the treble builds i was using on this
phone, has apparently left dev work. the last release is now the one i
was running.
i’m planning to downgrade to one more stable.
i flashed the factory super partition, and the phone booted to
recovery and complained of
my phone has bricked and i am trying to reflash it.
unfortunately i have lost copy of the “persist” partition.
while it is bricked, this partition is strangely mutating.
i believe i may have uploaded it to w3.storage, but it doesn’t seem to
be downloading from the ipfs hash i have.
i am still
I'd like to add that I'm not really conscious of the phone misbehaviors. If I
knew they were malicious, I would take my devices to authorities or security
consultants or whatnot, but I can't tell if I'm imagining them or not because I
have amnesia around the intermittent things, neurologic
Phh treble android 12 has been working incredibly on this low end phone for me,
but today misbehaviors began accumulating to the point of notability again.
Although the phone is still incredibly more responsive than on its factory OS.
- popups prevent use of OpenKeychain("ChromeSync" one word,
I found it documented that the HPP-L55B contains this mediatek chipset. It is a
different phone from the L55B that contains a unisoc. The person who suggested
they were the same on a chat made a mistake.
I've been having trouble moving, holding goals, eating food, for many hours
now, ever
android 12 works with temporary permission enabling
i'm jumping through adb hoops to set partitions back up
i got my app working in android 11.
the v313 image has a bug where there is no app switcher. maybe early
dev of a few things.
to make the app work, i had to enable an android permission that i had
not enabled in android 12.
so i'm trying android 12 again.
the android 11 build has this google thing where, if you use google
services framework and the system is not registered with google, it
boms you with constant loud popups about that being the case.
in order to resolve it, i had to navigate the popups to both register
an account with the device,
bf6ebf2485a112e4293db8014a9f9f8ec63f65724856d6c62e7b785d3ad7e3a1f20c098ed510406376387c70799470ccda5fd2c6d10a6ec295dc54df37c3e26f
v313-2022-07-20-system-roar-arm32_binder64-ab-gogapps.img
size=1550332304 boots=true
an app i wanted to use wasn't working in android 12, so i'm trying android 11
from
https://forum.xda-developers.com/t/how-to-decrypt-and-split-adopted-storage.3383666/
# How to partition and to have adopted storage at same time.
You don't need to root your device but the device i done this with is rooted
1. You need to enabled Developer Options.
2. Enable the USB
9bbe800b250d3d80a6b3bfc650ea59154870c5161e8fce7a9c4cb31beb619c8edeb15dd4672adabd7b19fa0905617c3a0e45d907ebb80c40dbb0cf0e6e1a3d5b
v415-2022-07-20-system-squeak-arm32_binder64-ab-gogapps.img
size=1905078272 boots=true
the phone is much slower after boot with the google services framework
and other
before flashing
other roms than vanilla didn't work on my phone, which makes it hard
to activate apps i've purchased in the past, or use google services
when appropriate. i asked in one of the chats and learned that
fastboot will resize my system partition up if i delete the product
partition with fastboot
it is so incredible how responsive this phone is now
previously, i would tap or swipe part of the screen, and it would
register touches elsewhere, and it was impossible to do anything
it just does what i say to do now
it is like having palsy and having it go away
none of the images with, like, an app store on them, fit on the partition
given there is read/write access to the whole flash, it could be
repartitioned. the userdata partition is much larger than the system
partition, and with an open rom userdata could be moved entirely to a
microsd card.
the
b2sums
71ad9faaef18ceb973c527db29cb1fc3f27ab2286b49e7f4238645f4048815d6ad18773ed52455aecfae7d7221daaab183b9f55a92e545cc36601d1970dda26f
v415-2022-07-19-system-squeak-arm32_binder64-ab-vanilla.img
size=1308471296 boots=true
my partitions from the image i took:
this worked. the phone is now running the open source treble OS, android 12.
i did not have to change the secure boot partition.
- unlock the phone using mtkclient da seccfg unlock [link for details
a couple posts back]
- reboot into fastbootd, the graphical fastboot, and flash the system
image
ok, there are two different fastboots.
the userspace fastboot, fastbootd, can look inside the super
partition. when this one is running, there is a graphical menu on the
phone saying "fastbootd" and `fastboot getvar is-userspace` returns
"yes". the simpler one doesn't look inside super and returns
fastboot is giving me 'this partition doesn't exist' even when updated
to latest version :/
i can see 'system' listed in the header of super.bin
so
unlocking bootloader: https://www.hovatek.com/forum/thread-40300.html
flashing treble_experimentations:
https://www.xda-developers.com/flash-generic-system-image-project-treble-device/
the system partition is inside the extended super partition
it has secure boot enabled, so there are more
the 'super' partition had about the same size and i tried to flash it.
this made it bootloop into fastboot.
it turns, websearching, that 'super' is an extended partition, that
contains 'system' inside it as a logical partition.
i reflashed my imaged super and the phone works again, AND ! it
i don't know what partition to flash it onto !
the dance of
$ mtk e metadata,userdata,md_udc
$ mtk da seccfg unlock
ran without error
and i'm trying out
https://github.com/phhusson/treble_experimentations/releases/download/v415/system-squeak-arm32_binder64-ab-vanilla.img.xz
i expect i have more to do, though, before a gsi image will just run
this page appears to enumerate the commands to unlock mediatek phones:
https://www.droidwin.com/unlock-bootloader-on-mediatek-devices-using-mtkclient
there are 3 fastboot commands to try, and then some mtk downloadagent tricks
totally just imaged every partition in my phone with mtk rl
mtkclient actually works without the kernel patch !
$ mtk printgpt
DA_handler - Device is unprotected.
DA_handler - Device is in Preloader-Mode :(
DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2152.bin
xflashext - Patching da2 ...
DAXFlash - Successfully uploaded stage 1, jumping ..
totally a unisoc-branded mediatek 6739
$ adb shell getprop
[Build.BRAND]: [MTK]
[camera.disable_zsl_mode]: [1]
[dalvik.vm.appimageformat]: [lz4]
[dalvik.vm.dex2oat-Xms]: [64m]
[dalvik.vm.dex2oat-Xmx]: [512m]
[dalvik.vm.dex2oat-max-image-block-size]: [524288]
[dalvik.vm.dex2oat-minidebuginfo]:
if you're using gcc 9 on a system designed for gcc 4, you'd better do
PATH=/bin:/usr/bin:/sbin:/usr/sbin before building your 3.10 kernel
sources.
i added the patch to my specfile and am building a new rpm
i canceled the unihertz titan build. the host had been running for 6
hours. i'm just a little confused.
haha the patches are for linux 5.x and i have linux 3.x
might not be as big as it sounds since the versioning changed, but it
sounds ridiculously big
successful reboot
i'm installing a free kernel from centos 7 to try it out.
of course, this is probably a different kind of phone, it might be
interesting, and at least might give me an error i can websearch for.
my system may fail to reboot, in which case it could be a while ;p i'm
thinking maybe for working
unfortunately i don't presently have access to my kernel sources to
try any mtk exploits that come with mtkclient. mediatek wrote a linux
kernel driver that engages the boot loader, and mtkclient patches it.
i'm on a redhat enterprise linux system that has expired.
mtkclient]$ python3 mtk
i'm thinking i could probably make this phone work by just treating it
like a mediatek phone.
i'm wondering if when spreadtrum rebranded to unisoc, they outsourced
some of their stuff to mediatek or whatever mediatek uses, like other
companies do as other companies grow bigger faster than they
there are a lot more bootloader commands at
https://github.com/bkerler/mtkclient/blob/main/mtkclient/Library/mtk_preloader.py#L48
i'm thinking it would make sense to dump the ram and look for OEM
commands in it.
$ fastboot getvar all
(bootloader) max-download-size: 0x800
(bootloader) variant:
(bootloader) logical-block-size: 0x200
(bootloader) erase-block-size: 0x8
(bootloader) hw-revision: cb00
(bootloader) battery-soc-ok: yes
(bootloader) battery-voltage: 3823mV
(bootloader) partition-size:sgpt:
i'm realising that i can figure out the sizes and orders of partitions
without needing root access
the other phone used a gpt partition table
i might be able to make a partition map by hand, to try the factory tools
i tried to search xda for mt6739 information and am getting this
error: "The forums are currently offline while we are performing
system maintenance. Be back soon!"
google shows that there is indeed discussion around the mt6739
given the use of hw_code and separate use of platform, there is
this hardware code is actually in the mediatek platform table
0x0699: 0x6739
this unisoc chipset might be an MT6739
i found you can try to compare the two chipsets at phonedb.net
unisoc chipset:
https://phonedb.net/index.php?m=processor=769=spreadtrum_sc9832e
mediatek chipset:
these lines explain a lot of how the mediatek exploit i was reviewing
a session or two on these phones worked:
CMD_READ16 0xa2Read data from the SoC memory (16 bit length parameter)
CMD_WRITE16 0xd2Write data into SoC memory (16 bit length parameter)
CMD_READ32 0xd1Read
these commands are apparently documented for the mediatek preloader
here:
http://www.lieberbiber.de/2015/07/04/mediatek-details-partitions-and-preloader/
!
i'm not certain yet whether that means that this unisoc chipset is
based on mediatek, or if it is some shared thing that both use.
so, i tried booting up the mediatek flasher, to see if it would do
anytihng, and ran into the same issue i ran into with the unisoc
flasher: it refuses to run unless you provide it with a partition map
in advance, and i haven't found a factory image for this phone yet.
_however_, i know from
left out: i could also look harder for ways to root the phone, or to
access its flash storage internally [it would be great to pick up the
flash reads with a near-field radio but i have separate inhibition
around that goal, so it seems a separate thing]
the oem command does not work on this phone. i did find at
https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/
that oem commands are likely sent as strings straight to the device,
and can usually be enumerated by grepping for strings in the boot
loader.
the device has a
On 7/19/22, Undiscussed Horrific Abuse, One Victim of Many
wrote:
> this link seems helpful, if untrustworthy:
> https://romprovider.com/xiaomi-qin2-pro-unlock-bootloader/ it contains
> a google drive link to android_device_unlock.rar
i've uploaded the version of the .rar at that website to
after rebooting my system back to linux, it actually unhibernated!
often it will just boot up again, fscking the disk to handle nothing
having been cleanly closed. it is great to have the
hibernation-resuming working this time.
this link seems helpful, if untrustworthy:
https://romprovider.com/xiaomi-qin2-pro-unlock-bootloader/ it contains
a google drive link to android_device_unlock.rar
the original post seems helpful, but most of the primary material
seems to be in russian, a language i have not myself learned yet. my
it looks like there is a modified fastboot binary being used, that can
extract a special code from the phone that can be used to unlock it
it seems like it makes sense to try to get ahold of that binary, run
it, and figure out what its secret protocol is
i websearched for some time. the chipset is SC9832E, and looking for
that chipset i found similar experiences to mine, where oem unlocking
can be enabled but fastboot still fails.
there's some documentation of working around this for the qin 2 pro at
so, the windows flasher i tried needs a .pac file for the phone . it
needs two partitions from it, and won't do much of anything without
them, including apparently downloading data from the phone. i'm not
sure where to find this factory image for this phone, but could look
more places.
another
but i'll at least reboot into windows and try a factory flasher out!
there are at least 3 different factory flashers
i'm imagining there's a good chance an exploit or opening the hardware
would be needed to reflash the phone. this is likely increasing my
dissociated discouragement.
the unisoc chipset is SC9832E
not sure how long i'll be able to keep doing this atm
"Reboot to bootloader" places it into the same-looking system as the
unihertz titan, where it is waiting for commands from fastboot.
unfortunately, when i do "fastboot flashing unlock", it says "unlock failed" :(
so flashing this phone may be a long-term adventure in learning the
bootloaders and
i did an `adb reboot fastboot` and it completely worked.
takes me to a fastbootd menu on the phone
one of the entries says "Secure boot - yes", which could be discouraging
options include "Enter recovery" and "Reboot to bootloader"
then with usb debugging enabled:
[3974182.695809] usb 1-4: new high-speed USB device number 42 using xhci_hcd
[3974182.819725] usb 1-4: New USB device found, idVendor=0e8d,
idProduct=201c, bcdDevice= 2.23
[3974182.819732] usb 1-4: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
dmesg when running and plugged in:
[3974073.464782] usb 1-4: New USB device found, idVendor=0e8d,
idProduct=2008, bcdDevice= 2.23
[3974073.464790] usb 1-4: New USB device strings: Mfr=1, Product=2,
SerialNumber=3
[3974073.464795] usb 1-4: Product: HPP-L55B
[3974073.464799] usb 1-4: Manufacturer:
65 matches
Mail list logo
