Search results

o...something long time ago,did i realy do all this?:p 5>i think there is a windows called Modules in ida,it show library path/base and size 7>yes,you are right,manual load and set base may be i done all this in 3.2.1,so if you tab is 4.0.3, you need new gdb server for new ndk does ida have new...

no,no,no:rolleyes: in normal case mmcblk0p6 is empty 1,mount it,will get only "lost+found" dir 2,dump it by dd,it's almost 50M of zero as it's name,mmcblk0p6 is only a staging,when update system,hidden.img(kernel + recovery) will flash to mmcblk0p6, but after reboot,the data will be cut to some...

my tablet will lost some app after restart. that is:every time start up,wandouia will message me to update google now/super user/home screen. those app will install sucess,and function will. but after restart,i need update again:eek: user app have no this problem tablet s(old style)4.0.3...

yes,i think it is possable and there is some flash recovery in official roms,it named as hidden.img and hidden.img have more than one version hidden.img will be flash to partion 6 (mmcblk0p6 UP) by now, we can not decrypt it's content

i got same problem at 4.0 flash stock rom(root-able ver) then root it,the system is ok. i guess aio tool have some bugs with none us regsions(my is china) check your regaion.zip,file content,version and permition

version? name? all frameworks of all version?

you have 2 ways :) *wait r5a tobe root,this may take looong time *ask the sony service flash back to old FW,need much lucky

this is a new idea,but not ok yet,just for suggest (sorry for my poor english :p) precondition:have root BEFORE update to r5a,(and NOT use ""double flash") background:tablet s have 2 system partition,but only one is used.if your first system boot fail,system will try to boot use 2nd one...

encrypt is possible,but signed is almost impossible because rsa sign check,a custom rom never be accept by system you need use aio tool to disable recovery encrypt and sign check,then try custom rom

Does any body try usb disk on sony tablet? what is the default file permission? as we know,system will force change real sd card file permission to sdcard group what about usb disk

rename /system/app/Automagic.apk to other name,eg Automagic.apk.bak

sure! a wipe only clear partition data,cache,log,staging, (system app and user app data save in data) do nothing to system0 and system1,(all system app and config file no change), eg your root will keep after wipe

wipe only clear YOUR data,but do nothing to all system files edit /system/build.prop change ro.build.version.incremental smaller flash you current rom again

you have many thing to do...:D (delete few big wallpaper in IrRemote.apk for smaller size) ├─app │ IrRemote.apk │ IrRemoteApiService.apk │ IrRemoteService.apk ├─etc │ com.sony.nfx.app.irremoteapiserviceif.xml │ com.sony.nfx.app.irremoteserviceif.xml │...

the recovery is in hidden.img in stock rom,but hidden.img is unknow format(aes encrypt maybe) you can get recovery in recovery mode via ADB,if you has old version bootloader and have root but with new bootloader and unroot device,by now,no way to replace recovery bin or sony public key(use to...

because we do NOT have sony's private key file.(can't make real signed rom) and the key checker of R5a/R6a can't be disable,(custom will rom never be accept)

yes,just move them to internal storage

is that meams,xt Z will open bootloader? it's the first tablet of Sony Mobile

kown rootkeeper by spuperuser.apk v3.2,it has a ota survival option, find the ota rootkeeper in xda forms http://forum.xda-developers.com/showthread.php?t=1241517 it can keep root after ota update for rooted device does anybody try this on sony tablet? if it works,no need make preroot rom by...

maybe kernel is not on data patition. kermel is in rootfs.which is split with inner mmc dev(or in a hidden partition)

wow,big trouble, if reset button not works,better send it to sony

since you have root,look here how to use adb shell in recovery mode http://forum.xda-developers.com/showthread.php?t=2081196 once you get shell,check you mmc device,and it's partitions http://forum.xda-developers.com/showthread.php?t=2102704 any way,send your tablet to sony is a good chiose.

recovery filesystem table ========================= 11 /data ext4 /dev/block/mmcblk0p11 (null) -32768 somthing wrong with you data partition. can you reboot to recovery?try wipe again or format that partition by adb shell

just follow allinone help,you can get any contry roms it change temply to us,and chanage back after flash done. only if you system back to org after wipe,not every one need double flash you can make you doubleflash by edit rom\META-INF\com\google\android\updater-script it check blfalg to select...

the package hack_recovery.zip v1 and v2 is part of aio tools it 's used to close system sign check and version limite,use brfore flash custom rom this file is encrypt and signed, it can be decrypt by tablet and pass the sign check! how can condi do this? every rom file is encyrpt and signed by...

note:this is a study log,i'am not sure if blow is all right:cyclops: major minor #blocks dev format name mount note 179 1 2048 mmcblk0p1 ext2 CF /configs 179 2 393216 mmcblk0p2 ext4 A0 /system system.img flash here 179 3 393216...

the recovery log means your rom file is damaged,try download it again ps,if your tablet stop at sony logo or boot animation,try this: 1,long press power button(about 10 s),force shut down, 2,short push power button again at this time system will try to boot up use 2nd system...

4.0.3 r5a is not root able yet...

recovery is rev.30,don't know which it is.have adb in recovery select replace hiden.img in aio. when make custom rom,system.img is mount ok,su/superuser is copy to bin but after unmount,ther is no su/superuser in system.img:crying: some thing like img file not saved

i made custom 5.0.3 r5a rom by aio 5.3 and flash it after flash,system is 4.0.3,ther is superuserin app list, but i can get su from any app:crying: so i boot to recovery,select wipe user data then i find the system back to 3.2.1!:o what's wrong with my tablet?:confused: ps,recovery is old...

there is a app name markt enabler,can cheat as at&t user.and you need proxy such as vpn1click or goagent and a fix version of markt is inside aio package.it not filte app by regaion

i mean replace recovery inside rom file!not the tablet one so you mean after update to custom 4.2.3 r5a,it's not possible to downgrade system(exclude recovery)to hc again? still not know how to add r1a's recovery to r5a rom :( condi say don't dir update to r5a,then how to make a useable CHINA...

i want make a pre-rooted custom rom of CHINA 4.0.3 r5a pre-root can be done by aio, but how to replace recovery? i want leave a way to downgrade if ics is not fit me. my current version is 3.2.1 root, have 4.0.3 r1a and 4.0.3 r5a downloaded

there are 2 important certificate in ota rom file 1:com.sony.tablet this is sony's ket to sign rom files,you can get it this way unzip file rom\META-INF\CERT.RSA rename to cert.rsa.p7b double click to open in system certmgr,you can find certificate file this file only have public key,use to...

Finish! the decrypt tool is READY! decrypt rom in windows,no need link to tablet! USE: just unzip the file to any dir, drag ota rom to the exe icon output will same dir as rom file,name append "_desklunvr" can set output name by cmd line,no param for help build win32 exe source code(vc6)

:fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed: after condi great help,my code success decode the first 4 byte of stock rom! will fix code to final publish good night!:cowboy:

wow,thanks candi! your tool is real cooooool i can trace recovery now!

no,i'm at 3.2.1 how to open adb shell?

how to enable adb shell in recovery mode? when i try "adb shell" in recovery mode,it says sh not find somthing does this means can't use adb in recovery mode? i want trace recovery bin by ida pro,sames i have 2 chose: 1,enable adb shell and gdb server in recovery mode 2,or run recovery bin in...

here is is newer version.the code goes well, automagic run same as in tablet(the begain 16 loop) descramble not got error. but function ok is only half.i don't know the param for it so no right input,no right output... is it possable to trace in recovery mode?

aio already use test key to signe custom rom,you can find testkey in aio/files/. stock rom is BOTH scramble AND signed. so we need descramble(desklunvr)it first.

Update 1/6:New version,faster and smaller Download win32 exe: Download source code ------------------------------------------ since sill not find key to decrypt rom, i'am try to port that code to c++,so it can be run on windows 1,de-compile code to asm code by ida pro get code like this...

auto setting is only useful AFTER you update to new rom it read your new setting,and guess url if you have not update,try my way: install a net sniffer,shark for root just capture when checking update, open resault by shark reader,find string ".zip" something like this No. Time...

sames the descramble work done in this: recovery read 0x400 byte from rom,run this function,and write to desklunvr.zip not sure what this func do... .text:000224F4 .text:000224F4 ; =============== S U B R O U T I N E ======================================= .text:000224F4 .text:000224F4...

woow,inline patch apps! i just a begainer of ida,trace is already hard work…

what kind of reasdable? in arm platform,it can only decode to asm code(win-tel can decode to c code) it can show code in graphic view,and youc can ref to the string and variable name. for automagic.so,ida can get most function name show relationship of functions xref from xref to when...

ok,we know file info.xm is encrypt with aes 128(eaid:ENC0003) so i set 2 break point in function "amclAesDecrypt" as image 1 stop at break 1, R0 is address of crypt,first 16 byte of info.xml,0x0DE80978... R1 is output buffer,fill with 0 R2 is 3,for(eaid) R3 is 0x10,for key/clip length stop...

haha,goood lucking:victory: sony update app stop at MY brekpoint!!!! here is how: 1,push both ida debug server(android_server) and gdbserver to sony tablets 2,run android_server first,forward port 23946 to pc(android_server can't change port) 3,ida attach to app com.sony.autoupdate.ui(android...

thanks condi! i have some qustions: 1,my tab region is china,so i need change region then can use this rom? 2,if i want use china r5a rom,how to replace recovery for custom pre-root rom?

seems debug andriod by ida is easy to start: 1,make adb work 2,push file android_server to device(include in ida 6.1) adb push android_server /data/local/tmp/ 3,change file attrib and run it adb shell chmod 755 android_server su ./android_server here will display IDA Android 32-bit remote debug...