DFP-188, DFP-231, DFP-2311 BL7 Finally Rooted

Search This thread
By:
Advanced…
Chamelleon

Chamelleon

Senior Member
May 16, 2010
779
366
Kraków, Poland
LG G6
LG G7 ThinQ
Finally with help from people from many other forums Defy with BL7 was rooted.
For now we have no script to make it on the phone without wipe but I'm very happy that it's working.

Rooting Procedure

1. Wipe phone twice (2x make Wipe Data/Cache in stock recovery)
2. Flash 4.5.1-134 DFP-231 CN or 4.5.1-134 DFP-231 Retail.en.EU CEE (It doesn't matter what version of this two You flash but it must be the same with version from point 4).
3. Wipe again (Data/Factory Reset)
4. Flash rooted SBF 4.5.1-134 DFP-231 CN Rooted SBF Part.1, 4.5.1-134 DFP-231 CN Rooted SBF Part.2 or 4.5.1-134 DFP-231 Retail.en.EU CEE Rooted SBF

Thanks List:
- People from http://bbs.mfunz.com for ShellRoot and Rooted SBF
- coelho_ from XDA for help and translation ShellRoot procedure
- Joe31 from XDA for CEE Rooted SBF
- Math43 from XDA for links to CN Rooted SBF
- free2livefrom XDA for testing and helping with patching under linux
- and everyone who tried to help in this thread - THANK YOU

Old Post to let everyone know what we worked here.

Code: 
I couldn't find any thread about rooting it and only few posts under roms threads so maybe we can start here. I was making backup of rooted DFP-231 en.EU but after this by mistake I restored 2.3.5 DFP-125 and I needed to reflash my Defy with full sbf of DFP-231 cause to make OTA I had to upgrade to BL7 so any chance to restore my backup is root full sbf DFP-231.

I was trying:
Root Tools:

- (XT800+)ROOT_MOTO_2.3.6
- Defy_2.3.6Root
- DooMLoRD_v4_ROOT-zergRush-busybox-su
- DROID 3 easy root script v7
- ME525 2.3.6 Root
- ROOT_MOTO_2.3.6
- root4defy134
- SuperOneClickv2.3.3-ShortFuse
- ZOC_FlashMasterV1.70
- unlockroot23-eng
- Motofail for Droid 4 and Razr
- SuperOneClick with new Exploit motofail hangs on 5th step

Downgrade to:
Every verion MB525, MB526, ME525, ME525+ starting from early versions of Eclair ending on DFP-2311 but only DFP-188 and DFP-231/DFP-2311 has BL7 and on all other verion phone is dead.

I was trying also modding sbf files by myself and few from Walter79 on DFP-188 thread and trying to force reflash under stock recovery but unfortunately still no luck and every time I had bootloader error or just dead phone.
From last few days I'm monitoring all German, Chinese, Spain and Russian forums about rooting this but still even no clue.
Only thing I learn is that every tool for root has problems with writing su app to phone so I think script to make it is wrong but I'm new in android and I have no idea how to edit it. I tried superuser under Ubuntu 11.04 also but I couldn't mount phone so another fail.

I'm screwed with BL7 so if someone have some ideas I'm opened for most options.
 
Last edited:
  • Like
Reactions: MorochoDeOjosNegros, suekrie, LuckDeluxe and 57 others
royale1223

royale1223

Senior Member
Oct 31, 2011
468
684
Calicut
Someone (walter79 I think) was talking of a tweaked sbf that could do the trick. Basically to create this you need to
1) unpack the bl7 sbf to a folder and get cg39.smg.
2) Mount cg39.smg as ext4 in ubuntu (sudo mkdir /mnt && sudo mount cg39.smg /mnt -o loop).
3) Now place su binary(su) in /mnt/xbin and Superuser.apk in /mnt/app (To find these files look inside superonclick zip archive)
5) Set perm (sudo chmod +x /mnt/xbin/su)
6) Unmount (sudo umount /mnt)
7) Repack sbf.
8) Flash your phone with new sbf using Rsdlite
9) See if it's booting, if yes, let us know.
10) If no, reflash orginal sbf again.

Find most tools you need here : http://xdaforums.com/showthread.php?t=966537
 
Last edited:
royale1223

royale1223

Senior Member
Oct 31, 2011
468
684
Calicut
Chamelleon said:
Ok, I'll try it and maybe it gonna work but I'm afraid that bootloader error shows after repacking sbf.
Click to expand...
Click to collapse

If this fails with bl error it means that bl7 somehow checks the patency of mmcblk1p31 during boot. If that's the case then rooting these new sbf will be very very very difficult.

---------- Post added at 10:44 PM ---------- Previous post was at 10:36 PM ----------

Edit : use motoandroidepacker 1.3 from http://and-developers.com/sbf
 
J

Joe31

Member
Sep 29, 2008
37
11
royale1223 said:
If this fails with bl error it means that bl7 somehow checks the patency of mmcblk1p31 during boot. If that's the case then rooting these new sbf will be very very very difficult.

---------- Post added at 10:44 PM ---------- Previous post was at 10:36 PM ----------

Edit : use motoandroidepacker 1.3 from http://and-developers.com/sbf
Click to expand...
Click to collapse
Hi.
Yes it is like this,i tried a things above, the result is boot err.
Tried, mount CG39.smg (no moding) umount than flash, Bootloader err.

I could try 1 more thing, from rooted telephone (bl7) you can pull CG39.smg by ADB.
adb shell:
su
dd if=/dev/block/system of=/sdcard/CG39.smg
Edit this, than flash.
Thanks
 
Last edited:
Chamelleon

Chamelleon

Senior Member
May 16, 2010
779
366
Kraków, Poland
LG G6
LG G7 ThinQ
Ok, I did what You said and used files from superuser site (bin su ofc) and unfortunately Bootloader error Err:A5,69,35,00,27 and after simple repack and build again without modification CG39.smg phone booting normally.
 
Chamelleon

Chamelleon

Senior Member
May 16, 2010
779
366
Kraków, Poland
LG G6
LG G7 ThinQ
Joe31 said:
I could try 1 more thing, from rooted telephone (bl7) you can pull CG39.smg by ADB.
adb shell:
su
dd if=/dev/block/system of=/sdcard/CG39.smg
Edit this, than flash.
Thanks
Click to expand...
Click to collapse

Sorry but I don't understand what You just said cause I'm on Ubuntu from yesterday and it's my first contact with this system and to do thing with modding CG39.smg I needed to google how to copy something in Linux console so please explain steb by step what to and I'll try it if You can't.
 
coelho_

coelho_

Senior Member
Oct 28, 2011
708
163
desmond.imageshack.us
Chamelleon said:
Sorry but I don't understand what You just said cause I'm on Ubuntu from yesterday and it's my first contact with this system and to do thing with modding CG39.smg I needed to google how to copy something in Linux console so please explain steb by step what to and I'll try it if You can't.
Click to expand...
Click to collapse

you can always go back and get your phone work with flashing this http://115.com/file/e7z2d0jd

it's a bl7
 
J

Joe31

Member
Sep 29, 2008
37
11
Chamelleon said:
Sorry but I don't understand what You just said cause I'm on Ubuntu from yesterday and it's my first contact with this system and to do thing with modding CG39.smg I needed to google how to copy something in Linux console so please explain steb by step what to and I'll try it if You can't.
Click to expand...
Click to collapse
It is only for people who have rooted phone.
Please who has rooted phone, help. (OTA update)

ADB:
Download sdk:LINK
 
royale1223

royale1223

Senior Member
Oct 31, 2011
468
684
Calicut
Chamelleon said:
Ok, I did what You said and used files from superuser site (bin su ofc) and unfortunately Bootloader error Err:A5,69,35,00,27 and after simple repack and build again without modification CG39.smg phone booting normally.
Click to expand...
Click to collapse

Just to confirm : Did you use MotoAndroidDepacker 1.3? If it was MAD 1.2x, please repeat the steps with MAD 1.3.

I could see that you used a control to verify if depacker is working properly. That's smart. You could also try this: make a new sbf that only contains the modified cg39.smg. Delete other smg after depackin. Make sure that you use MAD 1.3. Good Luck.
 
Chamelleon

Chamelleon

Senior Member
May 16, 2010
779
366
Kraków, Poland
LG G6
LG G7 ThinQ
OFC I did all on MAD 1.3 but I think that problem isn't in content of package but modding CG39 cause after rebuilding clean sbf everything working fine and as someone said after only mount and unmount CG39 without modding bios shows error.
 
Chamelleon

Chamelleon

Senior Member
May 16, 2010
779
366
Kraków, Poland
LG G6
LG G7 ThinQ
Hi, new update for T-Mobile DFP-188 shows up and it's available here but already edited by uploader. I didn't installed it but I downloaded it and tried to modify it by myself. Added su, Superuser.apk and busybox from root4defy134 and added permissions for update script under rest of bin permissions but ofc after trying flash it by stock recovery, recovery shows error at verification. So maybe someone have any idea how to modify it to add root files and update?? Or maybe there isn't any chance to do it??
 
Tranzior

Tranzior

Senior Member
Feb 16, 2012
128
33
Lviv
I want to talk about his attempt to gain root access. I have a PC installed eclipse and android SDK. If you try to copy any file in the System folder at once shows the error (read only filesystem). Today I tried to use the Kindle Fire Utility. Now, almost enable to copy the file to the section of System (ie it is copied by 99% and then gives an error). It seems to me that it might somehow help.
http://random.kennocha.com/kindle/utility/Kindle_Fire_Utility_v0.9.3.zip
 
You must log in or register to reply here.

Similar threads

walter79
[ROM]Defy+ 2.3.4-134 DFP 74, blur, 720p,panorama, 1%
Replies
378
Views
173K
kryptonitiko
kryptonitiko
O
[SBF] [MB526] DFP-2312 DFP-2311 DFP-231:CN CEE GB IT FR ES DE:Retail Vodafone T-MO O2
Replies
99
Views
111K
Rawwr
Rawwr
walter79
[SBF]4.5.1-134-DFP-132-Android 2.3.6 Defy+ SBF + nandroid backup + APN FIX
Replies
255
Views
168K
Jaocagomez
Jaocagomez
Quarx
[DEV][ROM] CyanogenMod 7.2.0 (Android 2.3.7)
Replies
18K
Views
6M
vai0
vai0
W
[success!]defy bl7 root!
Replies
214
Views
226K
C
cest73

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 60
    Chamelleon
    Chamelleon
    Finally with help from people from many other forums Defy with BL7 was rooted.
    For now we have no script to make it on the phone without wipe but I'm very happy that it's working.

    Rooting Procedure

    1. Wipe phone twice (2x make Wipe Data/Cache in stock recovery)
    2. Flash 4.5.1-134 DFP-231 CN or 4.5.1-134 DFP-231 Retail.en.EU CEE (It doesn't matter what version of this two You flash but it must be the same with version from point 4).
    3. Wipe again (Data/Factory Reset)
    4. Flash rooted SBF 4.5.1-134 DFP-231 CN Rooted SBF Part.1, 4.5.1-134 DFP-231 CN Rooted SBF Part.2 or 4.5.1-134 DFP-231 Retail.en.EU CEE Rooted SBF

    Thanks List:
    - People from http://bbs.mfunz.com for ShellRoot and Rooted SBF
    - coelho_ from XDA for help and translation ShellRoot procedure
    - Joe31 from XDA for CEE Rooted SBF
    - Math43 from XDA for links to CN Rooted SBF
    - free2livefrom XDA for testing and helping with patching under linux
    - and everyone who tried to help in this thread - THANK YOU

    Old Post to let everyone know what we worked here.

    Code: 
    I couldn't find any thread about rooting it and only few posts under roms threads so maybe we can start here. I was making backup of rooted DFP-231 en.EU but after this by mistake I restored 2.3.5 DFP-125 and I needed to reflash my Defy with full sbf of DFP-231 cause to make OTA I had to upgrade to BL7 so any chance to restore my backup is root full sbf DFP-231.

I was trying:
Root Tools:

- (XT800+)ROOT_MOTO_2.3.6
- Defy_2.3.6Root
- DooMLoRD_v4_ROOT-zergRush-busybox-su
- DROID 3 easy root script v7
- ME525 2.3.6 Root
- ROOT_MOTO_2.3.6
- root4defy134
- SuperOneClickv2.3.3-ShortFuse
- ZOC_FlashMasterV1.70
- unlockroot23-eng
- Motofail for Droid 4 and Razr
- SuperOneClick with new Exploit motofail hangs on 5th step

Downgrade to:
Every verion MB525, MB526, ME525, ME525+ starting from early versions of Eclair ending on DFP-2311 but only DFP-188 and DFP-231/DFP-2311 has BL7 and on all other verion phone is dead.

I was trying also modding sbf files by myself and few from Walter79 on DFP-188 thread and trying to force reflash under stock recovery but unfortunately still no luck and every time I had bootloader error or just dead phone.
From last few days I'm monitoring all German, Chinese, Spain and Russian forums about rooting this but still even no clue.
Only thing I learn is that every tool for root has problems with writing su app to phone so I think script to make it is wrong but I'm new in android and I have no idea how to edit it. I tried superuser under Ubuntu 11.04 also but I couldn't mount phone so another fail.

I'm screwed with BL7 so if someone have some ideas I'm opened for most options.
    View
    4
    J
    Joe31
    Hi.
    I created CEE 2.3.6 (BL7) Rooted version.
    1. flash original CEE 2.3.6 (BL7) ROM: Link
    2.Wipe
    3. flash CEE 2.3.6 (BL7) Rooted version: Link
    View
    3
    Chamelleon
    Chamelleon
    Ok I updated first post for everyone who is searching for root.
    View
    3
    coelho_
    coelho_
    djkail said:
    It looks like chinese forum succeded in root BL7! I was reading a spanish forum and someone posted it.

    Original source:

    http://bbs.mfunz.com/forum.php?mod=viewthread&tid=381759&highlight=


    BL7SHELLROOT.zip:

    http://www.mediafire.com/?ilkf2a6hf7jannb

    ddsystem.zip:

    http://www.mediafire.com/?isjd6n8fl46zg73

    Thanks to manuelamadeo from htcmania and people from chinese forum mfunz. Hope it helps!!!

    EDIT: Can someone translate for english users, please? It looks like you have to follow some steps...
    Click to expand...
    Click to collapse
    TRANSLATION
    The vid190 2012-4-11 14:43

    Let me talk in front, there is no effective solution, but I have an idea,
    theoretically feasible, but some adventure and have to put a machine into The BL7 special emphasis on Do not try.
    Theoretically possible does not necessarily mean you can row. Not bad money, or want to cure except Brush Syndrome. If you must dare to try to act early to report findings and is extracted mirror up for the benefit of Ha. Here Xianxie. One, first prepare a can BL6 at the end of the ROOT package, personal recommendations Asia-Pacific BL6. Wipe after brushing about two, and then the methods we might have seen, I ROOT BNM Bl6 the method is the so-called normally speak OTAROOT, scientific name of the SHELL ROOT restarts for the second brush into BL7 the ROOT The features are: If your current machine can be a key ROOT, but the new brush into the versions (including the OTA update or the end of the package) can not be a key ROOT. And brush into the in WIPE old version of the new version you can start, then the new version of the brush into the same ROOT , Sounds like a mathematical formula.
    Brief the SHELL ROOT, known MOTO one of the SHELL ROOT parameter in order to develop their own convenience, as long as the prop file by adding this parameter can be directly mount partition to reading and writing skills. 2.3 parameters ro.sys.atvc_allow_all_adb = 1, 4.0, parameters ro.kernel.qemu = 1 three, but there is to say, even if your own new brush BL7ROOT of which how to make already BL7 students ROOT it depends on this step. First be prepared to busybox, complete extraction of the dd function that you have ROOT BL7. This extract is a key own BL7ROOT 50% success, which this step is an additional 50%. This extract has the integrity of the risk point is extracted. I had success on the 2.2 so in theory the same can be successful. Basic first is the busybox push to the data / local / tmp, and then change the permissions 755. Then the command adb shell the data / local / tmp, / the busybox dd if = / dev/block/mmcblk1p21 of = / sdcard/mmcblk1p21-system.img ensure that not a usb mass model to ensure that the sd card. Open usb debugging necessary. Then extracted img mirror packaged the sbf brush into those who have bl7 students inside the machine can. Later took this as the end of the package.


    ( It should be noted, the brush into the re-packaged sbf students of bl7 of the end of the package must be the same BL7 end of the package )     The following is a complete process. -------------------------------------------------- ------------- a brush into the the MB526 Asia-Pacific's BL6ROM. Is Blur_Version.45.0.1321.MB526.AsiaRetail.en.03, brushing do not forget to wipe about http://sbf.droid-developers.org/umt...RDNGIBRIRD15_P014_A026_HWp3_Service1FF.sbf.gz two and then download the reform OTAROOT tool, open the USB debugging. The run ROOT.bat. Note that if the adb remount steps to remount failed: or the following script is not read error please check the end of the package, the first not to brush BL7. The BL7 end of the package is the same as the Asia-Pacific BL7ROM: http://sbf.droid-developers.org/. the .. 0_Service1FF.sbf.gz OTAROOT script for the:










    1- @echo off
    2- cls
    3- adb kill-server
    4-adb wait-for-device
    5- adb.exe shell mv / data/local/12m / data/local/12m.bak (12mGet rid of the front building soft connection12m.bak)
    6- adb.exe shell ln-s / data / data/local/12m (Get rid of the front building soft connection date)
    7- adb.exe reboot
    8- adb.exe wait-for-device
    9- adb shell rm -r /data/local/tmp
    10 adb shell mkdir /data/local/tmp
    11- adb push zergRush / data / local / tmp (the zergRush 一 ( ROOT tmp In this directory )
    12- adb shell chmod 755 /data/local/tmp/zergRush (Permissions assigned to it 755)
    13- adb shell / data / local / tmp / zergRush (执行 zergRush)
    14- adb wait-for-device
    15- the adb remount (executed zergRush do not have to restart the system can be mounted directly to, and then be free)
    16- adb.exe shell rm / data/local/12m (Get rid of the front building soft connection12m)
    17- adb.exe shell mv / data/local/12m.bak / data/local/12m (Restoring a normal directory 12m)
    18- adb.exe shell mv / data / local.prop / data / local.prop.bak (把 local.prop A name change .)
    19- adb.exe shell "echo 'ro.sys.atvc_allow_netmon_usb=0' >> /data/local.prop" (n this document below gives the values )
    20 adb.exe shell "echo 'ro.sys.atvc_allow_netmon_ih=0' >> /data/local.prop" (It will generate a new file )
    21- adb.exe shell "echo 'ro.sys.atvc_allow_res_core=0' >> /data/local.prop"
    22- adb.exe shell "echo 'ro.sys.atvc_allow_res_panic=0' >> /data/local.prop"
    23-adb.exe shell "echo 'ro.sys.atvc_allow_all_adb=1' >> /data/local.prop"
    24 adb.exe shell "echo 'ro.sys.atvc_allow_all_core=0' >> /data/local.prop"
    25 adb.exe shell "echo 'ro.sys.atvc_allow_efem=0' >> /data/local.prop"
    26 adb.exe shell "echo 'ro.sys.atvc_allow_bp_log=0' >> /data/local.prop"
    27 adb.exe shell "echo 'ro.sys.atvc_allow_ap_mot_log=0' >> /data/local.prop"
    28 adb.exe shell "echo 'ro.sys.atvc_allow_gki_log=0' >> /data/local.prop"
    29- adb.exe reboot recovery (And then restart it to Mount Note that it is. shellroot)
    30- echo machine into Recovery Mode, see the exclamation point and the robot (after restart only one opportunity, and then restart no)
    31- echo While pressing the volume up or down not only the Android system recovery (So we have to restart to the shellroot Seize the opportunity before switching off the system )
    32- echo and then select the first restart, and then immediately press and hold the volume, the faster (but do not wipe out the data partition, because before all)
    33- echo can enter the Bootloader after, if not please quickly remove the battery (operating on this partition, remember)
    34- echo re-boot a battery pack to hold the volume
    35- echo Purpose is to go to bootloader,
    36- echo If you have to enter the whole process of the wave animation please start over
    37- echo 进入BootloaderAfter the brush in the Asia-Pacific BL 7 bottom bag
    38- echo the brushing automatically restart after waiting for ROOT to complete the word
    39- adb wait-for-device
    40- the adb remount (mount system here, restart and then root out BL7 system ha)
    41- adb push su / system / bin
    42 adb shell chmod 4755 /system/bin/su
    43- ADB push Superuser.apk / system / app
    44- adb push busybox / system / bin
    45-adb shell chmod 666 /system/app/Superuser.apk
    46- adb shell chmod 755 /system/bin/busybox
    47- adb shell rm -r /data/local/tmp
    48- adb shell mkdir /data/local/tmp
    49- the echo ROOT, Congratulations, Congratulations! Now you can be evil!
    50- PAUSE

    Copy the code

    Your current the BL7 already ROOT a brushing this script. And then check whether the root, to install a RE manager or something. The ROOT exhausted not to restart and maintain shellroot. This script, I finally start ddsystem.bat. To ensure that the SD card and only charge mode script:





    1- @echo off
    2- cls
    3- adb kill-server
    4- adb wait-for-device
    5- adb remount
    6- adb push busybox /data/local/tmp
    7- adb shell chmod 755 /data/local/tmp/busybox
    8- adb shell data/local/tmp/busybox dd if=/dev/block/mmcblk1p21 of=/sdcard/mmcblk1p21-system.img
    9- echo extraction, about 3 minutes later, the finished check the SD card root directory of the extracted img image!
    10 PAUSE

    Copy the code

    The last issued by the mirror, or they would be hands-on. Use MotoAndroidDepacker unpack the Asia-Pacific BL7, then mmcblk1p21-system.img renamed CG39.smg replace the original, then re-packaged to. To get the package to modify the end of bl7 students to brush under the original Asia-Pacific bl7 painted this replacement system bl7 SBF on the paste has been synchronized to vid190 microblogging http://sbf.droid-developers.org/umt...RDNGIBRIRD15_P014_A026_HWp3_Service1FF.sbf.gz
    View
    3
    Chamelleon
    Chamelleon
    From last few days I was collecting almost all roms to Defy including extremely rare and I tried to mix it with DFP-231/DFP-188 and only roms that can be mixed with it is DFP-125, DFP-132 and DFP-146.
    I working on Linux also trying to find the way to edit CG39 (from clean rom and my nandroid backup extracted from phone) without signature fail but even after mounting CG39 as ext3/ext4 without any modification signature was broke.
    I tried also make something with update for DFP-188 but I was reading that to make update.zip working on stock recovery every bin and apk must be signed by motorola and there is no way to just repack update.zip and flash it on stock recovery.
    I tried to make something with shadow DFP-112 witch as I understood is rooted or able to patch CG39 so it must be without CDT in CG31 (I'm not sure) but ofc it can't be mixed with DFP-231. I'm interesting how it's in some roms that they can be patched or something to make it work without bootloader error.
    I'm afraid that I'm out of new ideas. Maybe someone have any clue.
    View

New posts