USE AT YOUR OWN RISK! YOU MAY BRICK YOUR DEVICE!
This is just a proof of concept. It will allow you to start any custom recovery. Sadly no completely working custom recovery is available. You can either try seraph's or vache's.
NOTE: Do not flash your kernel from recovery without calling itsmagic! Otherwise you will not be able to boot your device anymore.
How it works:
Checksums for all partitions are stored on mmcblk0p7. During boot, the actual checksums for boot.img and recovery.img are calculated and compared to the values stored in p7.
If a special pattern is applied to p7, the bootloader is triggered to recalculate the checksums and store them to p7. This pattern is also written when using normal recovery after installation of update.zip was succesful.
itsmagic does the same. It just applies the pattern, bootloader does the rest.
Backup:
Automatic method:
1. Download backup_tool
2. Extract somewhere on your PC.
3. Connect Iconia to your PC and ensure that USB debugging is enabled on your Iconia.
4. Execute 01_backup.bat and follow the instructions. The tool will take some time (~10 min), so be patient.
5. As soon as the batch file finished, check the backup folder for the following files:
6. Check if uid.txt contains a number like:
If UID is empty then obtain your USB serial number as described at the end of this post.
Manual method:
1. Get your UID (= USB Serial number, has up to 16 chars) (see at the end of this post how to get). If you brick your device and do not know the UID, you are lost.
2. Backup all partitions (except cache + data) with dd:
3. Backup the first 0x680000 bytes of mmcblk0:
4. Store them somewhere outside of your device.
Install itsmagic:
1. Copy itsmagic somewhere to /data or /cache, and set chmod 755 to it.
Flash a custom recovery:
1. dd the new recovery to mmcblk0p1:
e.g.
2. Call itsmagic
3. Reboot. Bootloader will do the rest
4. Boot into recovery and see if it works
5. Every time you change mmcblk0p1 or mmcblk0p2, itsmagic must be called again.
Restore stock recovery:
Same as flashing a custom recovery but flash "p1" of you backup to mmcblk0p1 and call itsmagic.
Note:
Some devices seem to have a /system/etc/install-recovery.sh script. This will reflash the stock recovery every time you boot into normal kernel.
How to get the USB serial number:
1. Connect Iconia to your PC
2. Simple method (Window/Linux/Max), thx @daveid
Call:
It will output something like this:
The number is the UID. Save it somewhere. You will need it if you ever brick your device.
Alternative methods (complicated):
2.b Linux
- call lsusb -v
- read the value of iSerial for Iconia
2.c Windows
- Open Device manager
- Goto Properties of Android USB Devices->Acer Composite ADB Interface
- Goto "Details" Tab
- Select "Parent" from the property selection.
- Read the value. It looks like this:
USB\VID_0502&PID_3325\370014740c00594
- The number after the last "/" is the UID.
2.d Windows (alternative method)
Download this tool (download link is nearly at the end of the page):
http://www.nirsoft.net/utils/usb_devices_view.html
- Open the tool
- Sort after VendorID
- Check all devices with VendorID = 0502 and ProductID = 3325 . There is also a "Serial Number" column.
Thanks
Thanks @vache + @rayman for their help.
Thanks to all testers of this tool.
What next
We need a working custom recovery. Sadly I'm quite busy the next few days so I don't have enough time to work on it. But there are enough experienced devs around.
Video
Here's the "faked" video again
http://www.youtube.com/watch?v=6IOayJUvvQI
This is just a proof of concept. It will allow you to start any custom recovery. Sadly no completely working custom recovery is available. You can either try seraph's or vache's.
NOTE: Do not flash your kernel from recovery without calling itsmagic! Otherwise you will not be able to boot your device anymore.
How it works:
Checksums for all partitions are stored on mmcblk0p7. During boot, the actual checksums for boot.img and recovery.img are calculated and compared to the values stored in p7.
If a special pattern is applied to p7, the bootloader is triggered to recalculate the checksums and store them to p7. This pattern is also written when using normal recovery after installation of update.zip was succesful.
itsmagic does the same. It just applies the pattern, bootloader does the rest.
Backup:
Automatic method:
1. Download backup_tool
2. Extract somewhere on your PC.
3. Connect Iconia to your PC and ensure that USB debugging is enabled on your Iconia.
4. Execute 01_backup.bat and follow the instructions. The tool will take some time (~10 min), so be patient.
5. As soon as the batch file finished, check the backup folder for the following files:
Code:
p1, p2, p3, p5, p6, p7, mmcblk0_start, md5sums, uid.txt6. Check if uid.txt contains a number like:
Code:
0x123456789abcdef0If UID is empty then obtain your USB serial number as described at the end of this post.
Manual method:
1. Get your UID (= USB Serial number, has up to 16 chars) (see at the end of this post how to get). If you brick your device and do not know the UID, you are lost.
2. Backup all partitions (except cache + data) with dd:
Code:
dd if=/dev/block/mmcblk0p1 of=/mnt/external_sd/dumps/p1
dd if=/dev/block/mmcblk0p2 of=/mnt/external_sd/dumps/p2
dd if=/dev/block/mmcblk0p3 of=/mnt/external_sd/dumps/p3
dd if=/dev/block/mmcblk0p5 of=/mnt/external_sd/dumps/p5
dd if=/dev/block/mmcblk0p6 of=/mnt/external_sd/dumps/p6
dd if=/dev/block/mmcblk0p7 of=/mnt/external_sd/dumps/p73. Backup the first 0x680000 bytes of mmcblk0:
Code:
dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/mnt/external_sd/dumps/mmcblk0_startInstall itsmagic:
1. Copy itsmagic somewhere to /data or /cache, and set chmod 755 to it.
Flash a custom recovery:
1. dd the new recovery to mmcblk0p1:
e.g.
Code:
dd if=/mnt/external_sd/cwm.bin of=/dev/block/mmcblk0p13. Reboot. Bootloader will do the rest
4. Boot into recovery and see if it works
5. Every time you change mmcblk0p1 or mmcblk0p2, itsmagic must be called again.
Restore stock recovery:
Same as flashing a custom recovery but flash "p1" of you backup to mmcblk0p1 and call itsmagic.
Note:
Some devices seem to have a /system/etc/install-recovery.sh script. This will reflash the stock recovery every time you boot into normal kernel.
How to get the USB serial number:
1. Connect Iconia to your PC
2. Simple method (Window/Linux/Max), thx @daveid
Call:
Code:
adb devicesIt will output something like this:
Code:
List of devices attached
370014740c00594 deviceThe number is the UID. Save it somewhere. You will need it if you ever brick your device.
Alternative methods (complicated):
2.b Linux
- call lsusb -v
- read the value of iSerial for Iconia
2.c Windows
- Open Device manager
- Goto Properties of Android USB Devices->Acer Composite ADB Interface
- Goto "Details" Tab
- Select "Parent" from the property selection.
- Read the value. It looks like this:
USB\VID_0502&PID_3325\370014740c00594
- The number after the last "/" is the UID.
2.d Windows (alternative method)
Download this tool (download link is nearly at the end of the page):
http://www.nirsoft.net/utils/usb_devices_view.html
- Open the tool
- Sort after VendorID
- Check all devices with VendorID = 0502 and ProductID = 3325 . There is also a "Serial Number" column.
Thanks
Thanks @vache + @rayman for their help.
Thanks to all testers of this tool.
What next
We need a working custom recovery. Sadly I'm quite busy the next few days so I don't have enough time to work on it. But there are enough experienced devs around.
Video
Here's the "faked" video again
http://www.youtube.com/watch?v=6IOayJUvvQI
Last edited:
