Originally Posted by r2beta0
Second attempt failed. It may have nothing to do with format or system file. I'm really clueless :P Jut the M logo again. Maybe the /system protection checks for some date/time on some random file? Will reflash with RSD and 'touch' everything in /system to see if the damned thing still boots.
The odd thing is the logwrapper hack DOES get iniated and you are able to boot the defy's bootmenu, and if you enable the ADB Deamon, you ARE able to get a logcat output, I tried this yesterday.
This proves roms will boot for a little bit. I'm not sure about the formatting though. Known facts are this:
Stock rom > nandroid backup > nandroid restore
ApeX (uses some odd ways of flashing, like FS timeout, delete_recursive FOLLOWED by format)
Stock rom > nandroid backup > pack as update.zip (using known methods) > flash update.zip
Flashing nandroid backups from update.zip's from other device's roms.
This means that our way of flashing is incorrect and Apex's is.
There is NO signature check going on, replacing (minor) files from Apex' update.zip will still flash okay. Replacing ApeX with a stock rom won't work though.
Which gives us the question again, what does ApeX have that we don't have?
Nandroids will only flash from (lightly) modified system images
Update.zip's will only flash using apex's package with light modifications
Investigate the ApeX rom for clues
Boot custom roms from a partition other than /system.
I have had basic succes with this approach:
mount (data partition) /dataold
symlink /dataold/rom/system /system
symlink /dataold/rom/data /data
2nd-init booting with init scripts found in /data/rom/system/etc/rootfs, which is now /system/etc/rootfs
These commands are from the top of my head, I'm not at home and don't have the milestone with me. These commands should work, but I don't know where to put them. I have had an issue with unmounting /system, but I'm sure a fix would be possible. If there is no fix, we can mount the new /system (/data/rom/system) onto /system2 and change init.rc's scripts to run the rom from /system2, just like with the AOSP rom.
I hope anyone can follow this and can try. This method works on other devices, so should as well on ours. But then again, there were many other exploits that "should work" and left us with the need to re-sbf..