Pledge a Bounty for Unlocked Bootloader for Sony Tablet S [$103 Pledged]

---

BOUNTY FOR UNLOCKED BOOTLOADER FOR SONY TABLET S

$103 PLEDGED!

Following the successful root of our devices, one would expect that more developer support should come to Sony Tablet S. Yet, having root is but one of the two 'holy grails' which will turn our devices into hot properties.

As such, I suggest we begin a second bounty, this time for the first person to successfully unlock the bootloader and provide a working proof of concept for its implementation*. Given that the ICS update will (likely) remove our root, we will still be back to square one unless someone can couple the first success with a working unlocked bootloader which will finally let us install recovery and hopefully install custom ROMs or customized official ROMs.

I hope we can get as many people aboard as possible, and at least some of the usual suspects from the root equivalent bounty topic.

*The Rules:

'Unlocking the bootloader' refers to: An exploit, method or application/software which unlocks the bootloader and allows us to install custom recoveries, kernels or ROMs.

To earn the bounty, you simply have to find the exploit which will allow the above first. You do not have to develop a recovery, or a kernel or a ROM, but you must provide with a working proof of concept, i.e. with a way which allows us to verify that the bootloader has been completely unlocked and that other developers can use this method to install recovery, kernel and ROMs.

Here's hoping there are some who will take this new challenge up with renewed vigour, now that root is here!

The pledgers:

1. grcd: $12
2. condi: $10
4. wintermute000: $10
5. kvssvarma: $10
6. ALF@be: $25
7. eldron: $16 [Pledged via PM]
8. xaviorffviii: $20


NOTE: THIS TOPIC ALSO CONTAINS AN ACTIVE TECHNICAL CONVERSATION REGARDING THE TOPIC. SEE HERE AND FOLLOW ENSUING CONVERSATIONS.

10$ from me

$10 from me too

Is there actually any evidence that the bootloader is locked? Keep in mind there's a difference between a locked bootloader and a bootloader that doesn't support flashing by default.

A truly locked bootloader (like HBOOT on HTC devices or Motorola's MBM bootloader) actually verifies a digital signature on the boot or recovery partition before booting it, so it's not possible to run custom ROMs without using workarounds like 2nd init.

On the other hand, some bootloaders don't allow you to *flash* images by default, but if you manage to get root and flash a new recovery or boot image, it will boot without complaint.

Unless someone has a reason to believe otherwise, it might be possible that the Sony Tablet S falls into the second category. Now that root has been achieved, it's possible to flash custom recovery images by writing to a block device using ADB.

It's definitely worth trying this out. Someone who knows what they're doing should create a full backup of the original recovery partition (using "dd" from a root shell) and flash a custom recovery image to the appropriate block device and see what happens when you try to boot into recovery mode. There's a chance it "just works".

You are right about this. If you could provide a little bit more information I would be willing to try it out myself. Sometimes you have to treat everyone as a complete newbie. I have a degree in Computing -- although I have never professed it and I am now in an entirely different academic field (Sociology/Cultural Anthropology), and to be entirely frank, I am adept at following instructions but not trying things on my own which might brick my device

Well, the first step is easy: make a backup of the existing recovery partition.

Load up an ADB shell and type "su" to assume root privileges. Next, you can make an exact copy of the recovery image by using dd:

dd if=/dev/block/recovery of=/sdcard/recovery.img

This is assuming you have enough room on your SD card to fit the recovery image. At this point, it would be helpful if you could pull that off the phone ("adb pull /sdcard/recovery.img") and get it in the hands of someone who knows what they're doing.

The next step involves flashing a recovery image to the device. Basically just the reverse of the previous step:

dd if=/sdcard/new_recovery.img of=/dev/block/recovery

Where you've placed a new recovery image on the SD card as "new_recovery.img". Of course, this is the part where someone with experience needs to do some work. I doubt most custom recoveries are going to work right off the shelf. You'll have to get someone who's used to developing custom recoveries to get involved to port it to the Sony Tablet S.

'ls' od /dev/block:

loop0
loop1
loop2
loop3
loop4
loop5
loop6
loop7
mmcblk0
mmcblk0p1
mmcblk0p10
mmcblk0p11
mmcblk0p2
mmcblk0p3
mmcblk0p4
mmcblk0p5
mmcblk0p6
mmcblk0p7
mmcblk0p8
mmcblk0p9
mmcblk1
mmcblk1p1
platform
svold
vold;

Detailed structure:
# find
find
.
./vold
./vold/179:11
./vold/179:10
./vold/179:9
./vold/179:8
./vold/179:7
./vold/179:6
./vold/179:5
./vold/179:4
./vold/179:3
./vold/179:2
./vold/179:1
./vold/179:0
./svold
./svold/179:17
./svold/179:16
./loop7
./loop6
./loop5
./loop4
./loop3
./loop2
./loop1
./loop0
./mmcblk1p1
./mmcblk1
./mmcblk0p11
./mmcblk0p10
./mmcblk0p9
./mmcblk0p8
./mmcblk0p7
./mmcblk0p6
./mmcblk0p5
./mmcblk0p4
./mmcblk0p3
./mmcblk0p2
./mmcblk0p1
./platform
./platform/sdhci-tegra.2
./platform/sdhci-tegra.2/mmcblk1p1
./platform/sdhci-tegra.2/by-num
./platform/sdhci-tegra.2/by-num/p1
./platform/sdhci-tegra.2/by-name
./platform/sdhci-tegra.2/mmcblk1
./platform/sdhci-tegra.3
./platform/sdhci-tegra.3/mmcblk0p11
./platform/sdhci-tegra.3/mmcblk0p10
./platform/sdhci-tegra.3/mmcblk0p9
./platform/sdhci-tegra.3/mmcblk0p8
./platform/sdhci-tegra.3/mmcblk0p7
./platform/sdhci-tegra.3/mmcblk0p6
./platform/sdhci-tegra.3/mmcblk0p5
./platform/sdhci-tegra.3/mmcblk0p4
./platform/sdhci-tegra.3/mmcblk0p3
./platform/sdhci-tegra.3/mmcblk0p2
./platform/sdhci-tegra.3/mmcblk0p1
./platform/sdhci-tegra.3/by-num
./platform/sdhci-tegra.3/by-num/p11
./platform/sdhci-tegra.3/by-num/p10
./platform/sdhci-tegra.3/by-num/p9
./platform/sdhci-tegra.3/by-num/p8
./platform/sdhci-tegra.3/by-num/p7
./platform/sdhci-tegra.3/by-num/p6
./platform/sdhci-tegra.3/by-num/p5
./platform/sdhci-tegra.3/by-num/p4
./platform/sdhci-tegra.3/by-num/p3
./platform/sdhci-tegra.3/by-num/p2
./platform/sdhci-tegra.3/by-num/p1
./platform/sdhci-tegra.3/by-name
./platform/sdhci-tegra.3/mmcblk0
./mmcblk0


Unfortunatelly:
# dd if=/dev/block/recovery of=/sdcard/recovery.img
dd if=/dev/block/recovery of=/sdcard/recovery.img
/dev/block/recovery: cannot open for read: No such file or directory

Ah, some devices have a "recovery" symlink and others don't. Process of elimation it is. :)

Try typing "mount", or "cat /proc/mounts". This will list all currently mounted filesystems and which block devices are mounted. That way we can eliminate which block devices *aren't* the recovery partition.

For the record, in case this wasn't clear, I don't own a Tablet S and have never actually physically touched one. Otherwise I'd just do it myself. ;)

10 bucks USD pledged from me

Quote:

Originally Posted by djrbliss

Ah, some devices have a "recovery" symlink and others don't. Process of elimation it is. :)

Try typing "mount", or "cat /proc/mounts". This will list all currently mounted filesystems and which block devices are mounted. That way we can eliminate which block devices *aren't* the recovery partition.

For the record, in case this wasn't clear, I don't own a Tablet S and have never actually physically touched one. Otherwise I'd just do it myself. ;)

if you need djrbliss i mounted QuickSSHD on my tablet!!!