[Project Cheesecake] Unlocking the DEFY bootloader! - ABANDONED

Search This thread
By:
Advanced…
NI55AN

NI55AN

Senior Member
Jan 13, 2012
170
64
Hartlepool
would you prefer a backup of recovery?

doesnt bother me just means reflash, could record it like i said earlier when i reflash cm9 after

---------- Post added at 07:32 PM ---------- Previous post was at 07:28 PM ----------

Its a 2.3.4 sbf ergo > no downgrade
i made that error... i have a green lense but it may have proven to be a useful error
 
  • Like
Reactions: overclockthesun, marhensa and m11kkaa
H

Hellmanor

Senior Member
Jan 15, 2011
287
307
So if I restore this system from recovery I'll be able to downgrade? I just dont wanna lose warranty :D
 
NI55AN

NI55AN

Senior Member
Jan 13, 2012
170
64
Hartlepool
right, well just backing up my cm9 installation and then ill flash the sbf, install 2nd init and backup recovery and devtree... this is all yes?

do you know why the stock recovery seems to be innaccessible if i flash through stock recovery?
 
  • Like
Reactions: marhensa, m11kkaa and mellinas314
m11kkaa

m11kkaa

Recognized Dev / Inactive Recognized Contributor
Jan 20, 2011
1,259
2,147
Ok i tried it.
1) flashing the partitions directly(without full-sbf) does work
2) the recovery really contains the test-keys
3) it's not a "normal" recovery. it has a file-chooser like CWM.

I'll write an update.zip which enables adb or starts bootmenu and then the analysis and hacking can BEGIN!!! I really hope, this kernel does NOT contain RIL
 
  • Like
Reactions: kur41, hackergnome, oSandmaNo and 8 others
NI55AN

NI55AN

Senior Member
Jan 13, 2012
170
64
Hartlepool
m11kkaa said:
Ok i tried it.
1) flashing the partitions directly(without full-sbf) does work
2) the recovery really contains the test-keys
3) it's not a "normal" recovery. it has a file-chooser like CWM.

I'll write an update.zip which enables adb or starts bootmenu and then the analysis and hacking can BEGIN!!! I really hope, this kernel does NOT contain RIL
Click to expand...
Click to collapse

Which site would you recommend for uploading the backup of the partitions boot, recovery and devtree?
 
  • Like
Reactions: marhensa and m11kkaa
P

pranks1989

Senior Member
Nov 24, 2011
398
135
34
Ontario
m11kkaa said:
Ok i tried it.
1) flashing the partitions directly(without full-sbf) does work
2) the recovery really contains the test-keys
3) it's not a "normal" recovery. it has a file-chooser like CWM.

I'll write an update.zip which enables adb or starts bootmenu and then the analysis and hacking can BEGIN!!! I really hope, this kernel does NOT contain RIL
Click to expand...
Click to collapse

Wow!! I hope this time we are really very near! You directly flashed the partitions... So I guess though I am in BL7 I could do that too??
 
m11kkaa

m11kkaa

Recognized Dev / Inactive Recognized Contributor
Jan 20, 2011
1,259
2,147
So, it's done!
Here are two file:
flash_unlocked_recovery.zip: Flash this sbf inside CWM. It will replace your boot,recovery and devtree. If you've installed an Froyo-Rom it's possible that you can't boot because this installs a gingerbread-kernel.
Download: http://www.mediafire.com/?jupfdktq54qxahz

start-bootmenu.zip: Reboot into Stock-Recovery and "flash" this zipfile.
It doesn't change anything. It just starts your already installed bootmenu to open the doors.
Download-New(now kills recovery before start to avoid problems):
http://www.mediafire.com/?xt5lo5qerd7c8wy

Download: http://www.mediafire.com/?m273eadwvpz2x6c

I'll inform quarx and epsy about this. If this kernel doesn't have RIL(I don't know how to check this) maybe we'll have custom-kernels via kexec soon.
 
Last edited:
  • Like
Reactions: Sir Flashalot, vinhomn, Tranzior and 19 others
m11kkaa

m11kkaa

Recognized Dev / Inactive Recognized Contributor
Jan 20, 2011
1,259
2,147
The recovery-kernel contains full-description of the NAND-partitions:
Code: 
major minor  #blocks  name      alias

   7        7       4096 loop7
 179       32    1912832 mmcblk1
 179       33        128 mmcblk1p1      mbmloader
 179       34        512 mmcblk1p2      mbm
 179       35        512 mmcblk1p3      mbmbackup
 179       36          1 mmcblk1p4      ebr
 179       37        512 mmcblk1p5      bploader
 179       38        512 mmcblk1p6      cdt.bin
 179       39       4096 mmcblk1p7      pds
 179       40        512 mmcblk1p8      lbl
 179       41        512 mmcblk1p9      lbl_backup
 179       42       1024 mmcblk1p10     logo.bin
 179       43       2048 mmcblk1p11     sp
 179       44        512 mmcblk1p12     devtree
 179       45        512 mmcblk1p13     devtree_backup
 179       46       4096 mmcblk1p14     bpsw
 179       47       8192 mmcblk1p15     boot
 179       48       8192 mmcblk1p16     recovery
 179       49      14336 mmcblk1p17     cdrom
 179       50        512 mmcblk1p18     misc
 179       51        512 mmcblk1p19     cid
 179       52       4096 mmcblk1p20     kpanic
 179       53     334848 mmcblk1p21     system
 179       54        512 mmcblk1p22     prek
 179       55        512 mmcblk1p23     pkbackup
 179       56     204800 mmcblk1p24     cache
 179       57    1319936 mmcblk1p25     userdata
 179        0   15558144 mmcblk0
 179        1   15557120 mmcblk0p1

and there is an additional bootparam: omap3_die_id
 
  • Like
Reactions: hackergnome, fiskenigaten, hrk and 3 others
espaciosalter20

espaciosalter20

Senior Member
Jun 12, 2011
1,536
895
Bogotá, Colombia, Colombia
Samsung Galaxy S23
m11kkaa said:
So, it's done!
Here are two file:
flash_unlocked_recovery.zip: Flash this sbf inside CWM. It will replace your boot,recovery and devtree. If you've installed an Froyo-Rom it's possible that you can't boot because this installs a gingerbread-kernel.
Download: http://www.mediafire.com/?jupfdktq54qxahz

start-bootmenu.zip: Reboot into Stock-Recovery and "flash" this zipfile.
It doesn't change anything. It just starts your already installed bootmenu to open the doors.
Download: http://www.mediafire.com/?m273eadwvpz2x6c

I'll inform quarx and epsy about this. If this kernel doesn't have RIL(I don't know how to check this) maybe we'll have custom-kernels via kexec soon.
Click to expand...
Click to collapse

can you explain how it's that a "normal" stock recovery can flash zip files may be related with unsigned kernel?

Enviado desde mi MB525 usando Tapatalk 2
 
Last edited:
  • Like
Reactions: marhensa
m11kkaa

m11kkaa

Recognized Dev / Inactive Recognized Contributor
Jan 20, 2011
1,259
2,147
espaciosalter20 said:
can you explain how it's that a "normal" stock recovery can flash zip files may be related with unsigned kernel?

Enviado desde mi MB525 usando Tapatalk 2
Click to expand...
Click to collapse
Maybe you know that there is a way to reload the running kernel: kexec
The problem is that its impossible/really hard to reinitialize RIL(all the phone stuff). Recovery-kernels normally are very minimal. They don't contain any drivers which aren't needed etc.
So if the RIL wasn't initialized before you boot a kernel via kexec, ther will be no problems with that.

But FIRST we must confirm that this recovery-kernel doesn't contain RIL-drivers. I don't know how to do that but I informed quarx and epsilon. I'm sure they know how todo that.

So we'll just have to wait for their report.


yodawg said:
Amazing! One little noob question, though: Could this work on BL7-Defy+ too?
Click to expand...
Click to collapse
In theory yes, just backup everything and try it :D
But currently these files are only good for devs. So wait until we can do something useful with it.
 
Last edited:
  • Like
Reactions: vinhomn, hackergnome, fiskenigaten and 4 others
zyxwvut

zyxwvut

Senior Member
Jun 4, 2008
294
111
wow this is an amazing find. Who would have ever tried flashing custom roms through stock recovery and discover this! This could be a breakthrough!
 
  • Like
Reactions: marhensa
NI55AN

NI55AN

Senior Member
Jan 13, 2012
170
64
Hartlepool
i'd flashed my sbf after a soft brick and went into recovery and thought... oh crap need CWM but i thought I'd try it anyway and it worked.
Kinda did it out of laziness =]

Edit: I'm not doing further development work... i'm no developer so credits should, as always, be to the developers
 
  • Like
Reactions: UncleDan, kur41, tonialzola and 12 others
You must log in or register to reply here.

Similar threads

A
  • Locked
[ICS][CM9] Defy/Defy+ [Froyo kernel: 16/05 Epsylon3][GB kernel: 16/05 Epsylon3]
Replies
6K
Views
2M
Step666
Step666
K
[ABANDONED] Bootloader unlock - discuss bootloader matters here
Replies
1K
Views
422K
turffe
turffe
Zephyrot
  • Sticky
[GUIDE] All-in-One Defy Beginner's guide
Replies
761
Views
506K
Y
yogrt+
cdlq456
[FAQ] [JB] [2ndBoot] CM10 for Defy/Defy+ (UPDATED 10-Nov)
Replies
1K
Views
373K
H
hb9slm
nidhish91
Defy Custom Kernel Thread[2nd boot source released][Test Kernel released]
Replies
1K
Views
249K
A
americanpittbull

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 24
    samcripp
    samcripp
    So we just got the Atrix unlocked, and i dont own a defy, but i think the method could work for you guys as well.

    Im gonna need a few things from you guys to check servers, and once i figure out whats up i will be handing out more perfect instructions.

    I would like to give credit to navalynt for creating the files use to search the test -clouds for updates.

    Anyways. all i need to begin with is a build.prop from your current most up to date stock build.

    i will come back in a few hours and check the thread.

    also if you guys have a good irc i could use to comunicate with devs i apreciate it.

    EDIT: i would like to add that im not promising anything, nor am i asking for donations or devices. i just want everyone to have an unlock.
    View
    22
    m11kkaa
    m11kkaa
    So, it's done!
    Here are two file:
    flash_unlocked_recovery.zip: Flash this sbf inside CWM. It will replace your boot,recovery and devtree. If you've installed an Froyo-Rom it's possible that you can't boot because this installs a gingerbread-kernel.
    Download: http://www.mediafire.com/?jupfdktq54qxahz

    start-bootmenu.zip: Reboot into Stock-Recovery and "flash" this zipfile.
    It doesn't change anything. It just starts your already installed bootmenu to open the doors.
    Download-New(now kills recovery before start to avoid problems):
    http://www.mediafire.com/?xt5lo5qerd7c8wy

    Download: http://www.mediafire.com/?m273eadwvpz2x6c

    I'll inform quarx and epsy about this. If this kernel doesn't have RIL(I don't know how to check this) maybe we'll have custom-kernels via kexec soon.
    View
    22
    marhensa
    marhensa
    wrap-up

    Summoning Gods of Motorola DEFY
    Quarx, Epsylon3, maniac103, ga1axy, m11kkaa, walter79.

    (ga1axy is the one who invented bootmenu for our Defy)


    Finally... :highfive:
    Once more there's a ray of light towards our legendary Defy to use custom kernel.
    custom kernel : better custom rom experience.
    locked bootloader : no custom kernel.
    but there's another way, Kexec, kernel execution. :fingers-crossed:

    Previously, last year, Kexec method was abandoned,
    due to when RIL (it's about call, sms) reinitialized, it forces the whole system to reboot.. :(

    For those of you missing the exciting news,
    you should start reading it from here, page 53. :D
    http://xdaforums.com/showthread.php?t=1169557&page=53

    NI55AN, with his normal Defy (not eng-version one),
    realize that he could flash unsigned custom zip from stock recovery.
    thanks to m11kkaa who guide and help to do it.. ;)

    It's about "special" stock recovery which could flash custom unsigned zip (not came from motorola).
    this could pave the way for kexec boots from stock recovery. :eek:

    If this thing doesn't have RIL, kexec will do first init,
    and kernel doesn't crash, and could work properly. :good:
    View
    18
    Quarx
    Quarx
    Code: 
    [15:09:16] <kholk> I've got an OMAP3 device
[15:09:18] <kholk> Motorola Milestone
[15:10:25] <Quarx> you will not do kexec for ML?
[15:12:25] <kholk> Milestone has already got 2ndboot
[15:13:33] <Quarx> 2ndboot is useless..
[15:13:53] <Quarx> radio part/usb/audio doesn't work
[15:14:09] <kholk> even if I port kexec on Milestone
[15:14:16] <kholk> that basically does the same job 2ndboot is doing
[15:14:28] <kholk> I could get USB and audio to work
[15:14:32] <kholk> but radio will never work
[15:14:48] <Quarx> but kexec is not 2ndboot...
[15:15:18] <kholk> yeah, but radio will never work
[15:15:23] <Quarx> why?
[15:15:34] <kholk> TI Wrigley 3G can't be rebooted
[15:15:42] <kholk> and it will panic when reinitialized from nothing
[15:15:51] <kholk> and instead of rebooting itself, it will reboot the entire device
[15:17:03] <Quarx> that's sad:(
[15:18:35] <kholk> yeah
[15:18:43] <kholk> Milestone and Defy users
[15:18:50] <kholk> will never get nothing more than that
[15:19:24] <kholk> sad enough
[15:19:36] <Quarx> no other ways?
[15:19:50] <kholk> probably not
    View
    15
    NI55AN
    NI55AN
    i'd flashed my sbf after a soft brick and went into recovery and thought... oh crap need CWM but i thought I'd try it anyway and it worked.
    Kinda did it out of laziness =]

    Edit: I'm not doing further development work... i'm no developer so credits should, as always, be to the developers
    View

New posts