[Release] Root the Palm phone
- Thread starter deadman96385
- Start date
-
- Tags
- palm-palm
OK one step closer, the 5002 has gone. Thanks!
I'm now stuck on 74% with no further download or action. Has sat there for an hour.
---------- Post added at 09:36 PM ---------- Previous post was at 09:36 PM ----------
OK one step closer, the 5002 has gone. Thanks!
I'm now stuck on 74% with no further download or action. Has sat there for an hour.
I'm now stuck on 74% with no further download or action. Has sat there for an hour.
---------- Post added at 09:36 PM ---------- Previous post was at 09:36 PM ----------
OK one step closer, the 5002 has gone. Thanks!
I'm now stuck on 74% with no further download or action. Has sat there for an hour.
WARNING - 2AGG, Oct 1st 2019
Confirmed
**Breaks APN access (mobile data) for Three network (and others?) in the UK **.
Possibly a bug or a restrictive "feature" to lock to Verizon. Calls & txt's will still work. User doesn't have access to set APN's manually.
Confirmed
**Breaks APN access (mobile data) for Three network (and others?) in the UK **.
Possibly a bug or a restrictive "feature" to lock to Verizon. Calls & txt's will still work. User doesn't have access to set APN's manually.
Last edited:
Can you dump the /vendor/etc/build.prop etc, I'll compare to that on the 2AGG and see if there's something obvious added. At least with having root I should be able to undo whatever they've done, assuming I can find it.
---------- Post added at 01:20 PM ---------- Previous post was at 01:17 PM ----------
Same here, for pvg100c as well. There must be a check to see what version is currently installed.
It might be possible to change the /vendor/etc/build.prop values to 'pvg100e' depending on what the Sugar program is checking? If it didn't work though it could potentially brick the device as Sugar wouldn't allow going back to pvg100. Risky.
I HAVE A COPY OF THE NON-VERIZON U.S. VERSION OF THE FIRMWARE! IT DOESN'T HAVE ANY BLOATWARE OR OTHER STUPID VERIZON RESTRICTIONS! I WANT TO SHARE IT HERE, BUT I DON'T KNOW HOW TO EXTRACT IT!
I can't root it because I don't have a windows computer to use Sugar on. And for some reason, I can't get it to work in Wine on my Mac. Any ideas? I really want to pull this firmware. It's WAY better than 1AMD.
---------- Post added at 09:02 PM ---------- Previous post was at 08:58 PM ----------
No need for empirical proof, I did the analysis here.
The difference is: the early part of boot is Qualcomm code using Qualcomm security. These are the "pbl", "sbl/edl" and "aboot/fastboot" programs (and also "modem", "tz" and other bits). These were the parts that I was looking at in the link above.
When "aboot" completes, it hands over to the late part of boot, which is Android code using Google security. These are the "boot.img/Linux kernel" programs, "recovery", "system", "vendor", "data", etc. They use a different security model. That's what this root method targets. You are correct when you say "Maybe we are just so lucky that boot.img is not checked as rigorously".
It does imply that you can mix the PVG100 Qualcomm partitions for "early boot" with the PVG100E Android partitions for "late boot" and vice-versa. But someone with motivation needs to test this... (No, you can't unlock cellular bands this way; the "modem" partition is from Qualcomm and must match your hardware.)
A good diagram is below; Source (and explanation): https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html -- I recommend studying this article.
![url]](/proxy.php?image=http%3A%2F%2F%5Burl%5Dhttps%3A%2F%2Fblog.quarkslab.com%2Fresources%2F2019-10-15-qualcomm-secure-bootchains%2Fqualcomm_secure_boot_white.png%5B%2Furl%5D&hash=c1193926b44218861eb3716349bfff38)
This should work. Keep in mind that whilst 1AMD seems to be fine, future versions may (permanently) close the vulnerabilities that allow you to get root, modify system partitions or use the current version of SugarQCT. I don't think this will happen but we should all keep the possibility in mind.
I don't know if they will send out any more updates for this phone....since rumor has it they are currently working on the next model!
They are working on the next model for sure, they told me that on Facebook.
I can host the files but I'm unsure how you'd flash them. Since Sugar isn't checking the combined files folder it may be possible to rename them into the same structure as those it downloads and do it that way. I'll try it because without mobile data (since flashing the update) the phone is useless to me now.
I can host the files but I'm unsure how you'd flash them. Since Sugar isn't checking the combined files folder it may be possible to rename them into the same structure as those it downloads and do it that way. I'll try it because without mobile data (since flashing the update) the phone is useless to me now.
Helpful knowledge
I am impressed by the way you have explained this thing. Thankful to you. I am a scholar from one of the and learning these mobile hacks. Thanks for sharing this.
I am impressed by the way you have explained this thing. Thankful to you. I am a scholar from one of the and learning these mobile hacks. Thanks for sharing this.
Hi there, why don't you install Windows on a virtual machine using VirtualBox on your MAC?
Anyway, if you want to take a live backup (not as reliable as a cold backup taken from outside the operating system, but still hopefully usable), you can do the following (you need ADB and you need a Windows version of NetCat ("nc") if you want to use Windows, as an example=https://eternallybored.org/misc/netcat/):
Imaging the device
Run cmd.exe or use a different terminal (for example, Cygwin). This will be the first shell
session that works with the Android device. Run adb shell. You will receive the root
privileges by default, so running su is not needed.
Launch another instance of cmd.exe or your favorite terminal. This session opens as a shell
on your computer, and will be used to receive the data from the Android device. Navigate
to the folder that will receive the user partition (cd c:\path). Make sure that you're using
an NTFS- or exFAT-formatted hard drive to receive the data; FAT32 volumes will be unable
to save images of more than 4 GB, which is less than the typical storage of most phones
today. In this shell, run adb forward tcp:5555 tcp:5555 (you may use a different port
number if needed). This command enables ADB to communicate via Netcat on port 5555.
Now, once the connection is established, go back to the first shell that goes to your phone.
Type the following command:
dd if=/dev/block/mmcblk0 | busybox nc -l -p 5555
This command images the contents of /dev/block/mmcblk0 and writes it via port 5555
across ADB using Netcat.
Alternatively, you may use the following syntax:
busybox nc -l -p 5555 -e busybox dd if=/dev/block/mmcblk0p12
This command acquires the mmcblk0p12 data block. Note that you will need to figure out
the name of the data block on the device being acquired.
Finally, go back to the second shell (that goes to your computer) and type the following
command:
nc 127.0.0.1 5555 > image.raw
The nc (Netcat) command saves the output of the first shell to your computer across port
5555. The file will be stored in the same folder where you launched the second shell from.
You can change this folder by navigating to the correct place via cd disk:\path. Note that
some Windows folders (for example, C:\Program Files\ and its subfolders) are not
write-accessible.
Are these partition dumps the same as the img files being used by Sugar? It's risky phone flashing wise but if so I can offer a sftp for upload and act as host. My phone is pretty much useless now without mobile data so willing to give it a shot.
I spent much of yesterday trying to modify files so that sugar thinks it's a PVG100e. I grep'ed all non binary files across /system, /vendor etc and changed all references but it's still reading from some place else.
I spent much of yesterday trying to modify files so that sugar thinks it's a PVG100e. I grep'ed all non binary files across /system, /vendor etc and changed all references but it's still reading from some place else.
The model number should be written somewhere else like boot, fota or other partitions, I guess.
There is also another app to get updates, which located in /system/priv-app/Fota/Fota.apk.
you have to install it manually and it can check updates with TCL servers. I think bypassing this app may help to find the right way to modify model number.
Thanks to StormShadow I delta'd the build.prop files from /system and /vendor on v1AGN to v2AGG. The following differences exist in /vendor/build.prop
ro.tct.build.type.sku=standalone
persist.sys.ssr.restart_level=wcnss modem
Unfortunately they weren't the source of the mobile data block added in v2AGG.
ro.tct.build.type.sku=standalone
persist.sys.ssr.restart_level=wcnss modem
Unfortunately they weren't the source of the mobile data block added in v2AGG.
Thank you so much for writing this guide. I followed it last night and have rooted my PVG100 on version 1AMD.
With root, I'm wondering if there are any battery optimizations available now that weren't before. Does anyone have any optimization tips for this phone? Thanks again!
With root, I'm wondering if there are any battery optimizations available now that weren't before. Does anyone have any optimization tips for this phone? Thanks again!
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
16Here is a rooting method for the Plam Phone either the US variant or the Vodafone variant this has not been tested or confirmed working on any other device. This root method may break in the future because it is using a tool that isn't designed for the public i tried getting the firehose packaged with the tool to work in other edl flashing tools but was not able to get it working. So this is all we have for now. There is minimal risk in doing this it just has a lot of steps and it requires a pc running windows.
Note: This will wipe your device so anything stored on it will be lost please backup anything important like photos/contacts/etc
- Download and install Sugar QCT from here (Be sure to install the usb drivers as well)
- Included in the zip is the username and password that you will need to use to run the program please do not post it here.
- Boot the device into recovery by turning the device off and then holding the power button until it restarts 3-4 times and boots to recovery
- Select the option to go into emergency download mode
- Now plug the device into your computer and open Sugar QCT
- From the list select pepito/PVG100 (US) or pepito_vdf (Vodafone)
- Now select Upgrade this will download the palms firmware package and flash it to the device
- When it finishes do not close sugar
- Unplug your device and hold the power button for a few minutes so it will restart out of EDL mode, use a rubber band or something to apply pressure to it so you don't have to hold it
- Go to where Sugar QCT is installed (C:\Program Files (x86)\SUGAR QCT_SP_Gotu2\bin\)
- In there you should see a folder called PVG100-xxxx (The x's are your serial number)
- Copy that to your desktop or anywhere else that you like
- In the folder, there should be some random looking mbn files these are actually the firmware files just names are randomized to make using them harder.
- There should be a file called B1AMD0D0CV00.mbn if not look for a file that starts with a B it will be the boot.img
- You will need to push that to an android device and patch it with magisk manager.
- Once that is done replace the B1AMD0D0CV00.mbn in your copy of the firmware with the patched boot.img
- Boot it back into emergency download mode as previously stated
- Close and reopen sugar
- Copy your firmware copy back into C:\Program Files (x86)\SUGAR QCT_SP_Gotu2\bin\ be sure it is the same folder structure
- Now select your model again and then press the upgrade button in sugar this will now flash your modified firmware to the device.
- Once it finishes hold the power button for a few minutes so it will restart out of EDL mode, use a rubber band or something to apply pressure to it so you don't have to hold it
- When it restarts and powers up then go through setting the phone up and install magisk manager and you're rooted.
Thanks to @StormSeeker1 for telling me about holding the power button for a few minutes to get out of EDL previously you had to let the phone die to get out of it which is a pain.43Well thanks first to @deadman96385 for sharing this root method.
Next, huge thanks to @rainydaze for his quick response last night to my questions. With his help I was able to finally get my Verizon Palm PVG100 rooted!
So for anyone still interested I'd like to add some tips that helped me get this done along with some troubleshooting.
My main issue was when I had the Palm in edl mode the Sugar app asks to download drivers but then times out with a server error and never downloads them.
But @rainydaze was able to send me a link to the Qualcomm drivers needed for the phone to be recognized while in edl mode (otherwise widows just says unrecognized and the sugar app can't communicate with the phone.)
Here is the link he sent me:
How-to install Qualcomm USB Driver (Easy Guide)
Step-by-step guidelines to install the...gsmusbdriver.com
Once the drivers installed it immediately found my device and started installing them on my old Windows 7 laptop.
Next I chose pvg100 from the drop down and clicked update. This took a very long time (I'm guessing they are not prioritizing their servers to complete these downloads very quickly!)
So it took almost an hour before it finally downloaded and installed the firmware, and the phone rebooted automatically.
The reason you want to leave the Sugar app open once it says finished and "successes"
is because the firmware that it just took an hour to download gets deleted right when the app is closed. So that's why you want to copy to your desktop or somewhere else first.
I saw some questions on renaming the "B" mbn file (which is the stock boot image). So this might be helpful:
1)Copy the "B".mbn file to any android phone that has magisk installed (even if it's not rooted that's fine, you are just using the patch feature of Magisk).
2) Click the Magisk install button (the first one, not the app one)
3)Choose Select and patch a file (it can patch a file with the extension of mbn and doesn't need to be renamed yet)
4)The magisk patched file will have an "img" extension instead of mbn. So on your computer you have to enable the option to see the file extension on all files (this is usually hidden by default and there are different ways to do this depending on your computer so you will have to Google that)
5)Now you take the magisk patched file and rename it to the exact name it was before with the mbn extension instead of the img extension.
6)Paste that over top of the original one in the firmware folder you saved.
7)Then paste that entire folder back into the bin directory (the original one should have disappeared because you closed Sugar).
8)Now put your phone back in edl and reconnect it and when you click update instead of it taking an hour to download from their servers it will think that the downloading is already done because there is a new firmware folder in it's bin.
9)This update process should be much faster (mine jumped from 2% to 45% right away). But even though it's using your new firmware it still needs an internet connection on your computer to work (I tried turning off the internet to make sure it didn't download the same firmware again, but the connection fails and won't work).
10)Use a USB jump drive or Google Drive to get the Magisk Manager apk onto the Palm and then install (you probably should use the same Magisk Manager version that you used to make the patch).
DONE!
Hopefully that helps out anyone else who is stuck. And thanks again to members like @rainydaze who helped someone out that they've never met just to be nice! That's what makes XDA great!2Patched for you with Magisk 20.3
https://we.tl/t-Wjc9J0UpqO
Let me know if root succeeded , my experience 1Axx fw not rootable
Good luck2
Hold down the power button for a few and it will reboot and then let off. If you need to get back into EDL just hold down the power button until it reboots to recovery normally 4 reboots and then you can go back into EDL.
