Roto Backup! UPDATED Dec 5 2010

Search This thread
By:
Advanced…
rotohammer

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
I've been trying to recreate a flashable firmware based on the stock TMobile flash dumps and I have complete success.

Heres how to save your current firmware. It will be saved with all apps and settings except for whats on /sdcard.

I recommend reseting to defaults using "Settings->Privacy->Factory data reset" if you want to give these files to someone else to build a flashable rom for you. That will delete all your personal information.

Note: I just backed up a completely setup AT&T Tab, with tons of apps and customizations and restored it to my stock T-Mobile Tab, perfectly! Every app works, home screen is setup perfect, everything!

Effectively this is equivalent to a nandroid backup.

I'll call it "Roto Backup"!
Code: 
mkdir backup
cd backup
adb shell  su -c "dd if=/dev/block/bml1 of=/sdcard/boot.bin bs=4096"
adb shell  su -c "dd if=/dev/block/bml2 of=/sdcard/pit.pit bs=4096"
adb shell  su -c "dd if=/dev/block/stl3 of=/sdcard/efs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096"
adb shell  su -c "dd if=/dev/block/stl6 of=/sdcard/param.lfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml7 of=/sdcard/zImage bs=4096"
adb shell  su -c "dd if=/dev/block/stl9 of=/sdcard/factoryfs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl10 of=/sdcard/dbdata.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl11 of=/sdcard/cache.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml12 of=/sdcard/modem.bin bs=4096"
adb shell  su -c "tar -czvf /sdcard/data.tar.gz /data"

adb pull /sdcard/param.lfs .
adb pull /sdcard/zImage .
adb pull /sdcard/factoryfs.rfs .
adb pull /sdcard/dbdata.rfs .
adb pull /sdcard/cache.rfs .
adb pull /sdcard/modem.bin .
adb pull /sdcard/efs.rfs .
adb pull /sdcard/boot.bin .
adb pull /sdcard/Sbl.bin .
adb pull /sdcard/pit.pit .
adb pull /sdcard/data.tar.gz .

Note you will be prompted for superuser permissions on the Tabs LCD on every dd command.

If you don't have the tar command on your tab, install Busybox Installer from the market.

I just paste the above commands into my command shell window and when im done all the files are siting in my current (backup) directory.


Roto Restore:
First flash the data back:
Code: 
adb push data.tar.gz /sdcard/data.tar.gz
adb shell su -c "tar -zxvf /sdcard/data.tar.gz"
adb reboot download

Now flash the dumps with Heimdall:
Code: 
heimdall flash --kernel zImage --factoryfs factoryfs.rfs --modem modem.bin --cache cache.rfs --dbdata dbdata.rfs --param param.lfs

Of course you could tar the files right n the Tab and flash via Odin if you really want to:
Code: 
adb shell
cd /sdcard
tar -cf mybackup.tar cache.rfs dbdata.rfs factoryfs.rfs modem.bin param.lfs zImage
exit
adb pull /sdcard/mybackup.tar .
 
Last edited:
  • Like
Reactions: woopdedoda, savie, Deleted member 3219577 and 64 others
alias_neo

alias_neo

Senior Member
Jun 9, 2006
2,081
205
London
Nice

This interesting work, im curious though, what is your ultimate goal?

You want a Tmo firmware dump? to what end?
 
alias_neo

alias_neo

Senior Member
Jun 9, 2006
2,081
205
London
Fair enough. But is the custom recovery being developed (and progressing nicely) not a solid enough solution?
 
rotohammer

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
alias_neo said:
Do you not have other android devices? I know of none where it doesn't function. So there is no reason i wouldn't wait a little longer for this to be ported.
Click to expand...
Click to collapse

A nandroid backup of my rom isn't something I can post publicly on the net. Regardless, I need to create full custom roms that can be flashed using Odin and Heimdall.
 
alias_neo

alias_neo

Senior Member
Jun 9, 2006
2,081
205
London
rotohammer said:
A nandroid backup of my rom isn't something I can post publicly on the net. Regardless, I need to create full custom roms that can be flashed using Odin and Heimdall.
Click to expand...
Click to collapse

Exactly, you post update.zips and then people use clockwork to flash the full ROM. On device recovery is much better than Odin method and more accessible to noobs that have an aneurism when they see the Odin iterface.

As for dumping your ROM to customise, well, yes, either this way using dd or decrypt the Odin flash files.
 
M

miketaylor00

Senior Member
Jul 17, 2009
1,404
0
It sounds like this guy is new to android and iz trying to reinvent the wheel

Sent from my SGH-T849 using XDA App
 
F

foxmeister

Senior Member
Mar 10, 2008
4,035
383
Ealing
miketaylor00 said:
It sounds like this guy is new to android and iz trying to reinvent the wheel

Sent from my SGH-T849 using XDA App
Click to expand...
Click to collapse

No, it sounds like he's trying to do exactly what he says he's doing, and that is to recreate the base TMo firmware from DD dumps!

Why? So that if necessary he could return to complete stock if he wished, and because there is no stock TMo image available.

A Nandroid backup doesn't cut the mustard in this case.

Remember guys - just because you don't see a need for something, it doesn't mean that that need doesn't exist for others!

Regards,

Dave

P.S. If you'd read any of Rotohammers posts in these forums, and looked back over previous activity in other sections, you'd know that he's not new to Android at all! ;)
 
  • Like
Reactions: fosormic and KarlMarsh
alias_neo

alias_neo

Senior Member
Jun 9, 2006
2,081
205
London
foxmeister said:
No, it sounds like he's trying to do exactly what he says he's doing, and that is to recreate the base TMo firmware from DD dumps!

Why? So that if necessary he could return to complete stock if he wished, and because there is no stock TMo image available.

A Nandroid backup doesn't cut the mustard in this case.

Remember guys - just because you don't see a need for something, it doesn't mean that that need doesn't exist for others!

Regards,

Dave

P.S. If you'd read any of Rotohammers posts in these forums, and looked back over previous activity in other sections, you'd know that he's not new to Android at all! ;)
Click to expand...
Click to collapse

I forgot entirely that the Tab some people have might be carrier customised, mines a generic one so I can flash any of the generic dumps to put it back to "stock".

So yes, a Tmo stock firmware is useful for you guys.
 
M

maniac3389

Senior Member
Jan 30, 2007
102
12
rotohammer: I've been looking for the ways to dump the firmware like you are suggesting for the AT&T version, mainly because the only available dump is an older version that stock. So far all I've found is this from another post by you:
I would like to get various Vibrant radio dumps if someone would be so kind to do so. The command from adb shell is:

Code: 
dd if=/dev/block/bml12 of=/sdcard/bml12.dump bs=4096

Lets discuss what we've tried in this thread.
Click to expand...
Click to collapse

The instructions seem straightforward enough for anyone who has used dd before. How were you able to ascertain the location of this (and other) pieces of the firmware? (Interested to know prior to trying to enable voice on my Tab by swapping modems and reflashing. I'm familiar with Samsung devices since I have a Captivate, but not too reassured that the newest firmware available to restore to is older than launch date.)
 
rotohammer

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
The instructions seem straightforward enough for anyone who has used dd before. How were you able to ascertain the location of this (and other) pieces of the firmware? (Interested to know prior to trying to enable voice on my Tab by swapping modems and reflashing. I'm familiar with Samsung devices since I have a Captivate, but not too reassured that the newest firmware available to restore to is older than launch date.)
Click to expand...
Click to collapse

The Tab follows the flash layout of other previous Samsung phones, so just google them, the info is out there. I stare at hexdumps to identify/prove what each partition contains, no big deal.

I feel that once some more official firmware is released all the need for reconstruction of dumps will eliminated.
 
D

DRockstar

Retired Recognized Developer
Sep 30, 2010
309
561
Pasadena, CA
Figured I'd chime in here from my experience, since I've gone through it with the Epic 4G....

The .rfs files and .lfs files won't restore with redbend... and don't touch bml1 and bml4... that's the boot.bin and sbl.bin... screwing with those can lead to brick...

Current roms for the Epic 4g use update-script or updater-script (different formats, updater-script requires update-binary. The scripts get flashed with clockworkmod... first, system is formatted, then the system files copied over, then permissions given to the files. The kernel is flashed using redbend, along with modem (ours require updater-scripts and a modem_delta file if not using odin).

I browse .rfs system images by first creating a /mnt folder on the sd card. With busybox, use the following command:

Code: 
Busybox mount /sdcard/factoryfs.rfs /sdcard/mnt
[/card]

I've gotten the factoryfs.rfs from the stock tars...

Maybe this is reinventing the wheel, but maybe it'll help.

Sent from my SPH-D700 using Tapatalk
 
M

maniac3389

Senior Member
Jan 30, 2007
102
12
rotohammer said:
The Tab follows the flash layout of other previous Samsung phones, so just google them, the info is out there. I stare at hexdumps to identify/prove what each partition contains, no big deal.

I feel that once some more official firmware is released all the need for reconstruction of dumps will eliminated.
Click to expand...
Click to collapse

Gotcha. Thanks. So, for restores, do you use redbend_ua or does a simple reversal of the dd command work? (admittedly this is an area where I haven't quite dug into yet)
 
rotohammer

rotohammer

Senior Member
Jan 2, 2007
1,386
1,066
New Jersey
maniac3389 said:
Gotcha. Thanks. So, for restores, do you use redbend_ua or does a simple reversal of the dd command work? (admittedly this is an area where I haven't quite dug into yet)
Click to expand...
Click to collapse

You must use redbend_ua, Odin or Heimdall (theres others too). You can't write to these partitions with dd alone, although there is an app that allows you to use dd too.
 
M

maniac3389

Senior Member
Jan 30, 2007
102
12
DRockstar said:
Figured I'd chime in here from my experience, since I've gone through it with the Epic 4G....

The .rfs files and .lfs files won't restore with redbend... and don't touch bml1 and bml4... that's the boot.bin and sbl.bin... screwing with those can lead to brick...

Current roms for the Epic 4g use update-script or updater-script (different formats, updater-script requires update-binary. The scripts get flashed with clockworkmod... first, system is formatted, then the system files copied over, then permissions given to the files. The kernel is flashed using redbend, along with modem (ours require updater-scripts and a modem_delta file if not using odin).

I browse .rfs system images by first creating a /mnt folder on the sd card. With busybox, use the following command:

Code: 
Busybox mount /sdcard/factoryfs.rfs /sdcard/mnt
[/card]

I've gotten the factoryfs.rfs from the stock tars...

Maybe this is reinventing the wheel, but maybe it'll help.

Sent from my SPH-D700 using Tapatalk[/QUOTE]

I'll give that a look, don't know why it didn't dawn on me to give a look at the ROMs for my Captivate again.  I've looked inside an update.zip file before, but didn't really delve into the script inside.

As for the actual dumping of the images, when dumping the .rfs files, what's the difference between using, say, /dev/block/stl9 versus /dev/block/bml9?  Will one work and not the other?

What I'd like to be able to do is dump a current stock AT&T ROM since the one posted is older (and possibly an engineering ROM from what I recall reading.)

My current resources are:
[URL="http://xdaforums.com/wiki/index.php?title=Samsung_Galaxy_S_Series#Partitions"]http://xdaforums.com/wiki/index.php?title=Samsung_Galaxy_S_Series#Partitions[/URL]
[URL="http://xdaforums.com/showthread.php?t=794425&page=2"]http://xdaforums.com/showthread.php?t=794425&page=2[/URL]
[URL="http://androidforums.com/behold-2-all-things-root/54424-creating-custom-roms-backups-odin.html"]http://androidforums.com/behold-2-all-things-root/54424-creating-custom-roms-backups-odin.html[/URL]
Click to expand...
Click to collapse
 
M

maniac3389

Senior Member
Jan 30, 2007
102
12
rotohammer said:
Why the failure?
Probably because the file systems were still mounted at the time the dumps were made, the zImage partition and the modem partition are not mounted at runtime.
Click to expand...
Click to collapse

Here is a thought, although I may be completely off base:
I noticed that you can access the ADB shell if you boot into stock recovery, perhaps you can mount the SD and dump a few more RFS images?
 
You must log in or register to reply here.

Similar threads

stimpz0r
  • Poll
[ROM] [ICS|MTD] [GSM/CDMA] AOKP SGT7 - Milestone #6 (19/09/2012)
Replies
3K
Views
1M
A
agustincordoba
alterbridge86
  • Locked
[7.July.2011][ROM][GSM][2.3.3] ◄► Overcome ROM v3.0.0-ICARUS ◄► Kernel v3.2.0 ◄►
Replies
5K
Views
930K
alterbridge86
alterbridge86
rotohammer
[ROM] Roto JME Pre-Rooted Firmware v4 [Jan 9, 2011]
Replies
966
Views
248K
D
dannyogolo
alterbridge86
[3.MAY.2011][ROM/KERNEL][GSM] ♫ Overcome ROM v1.6.4 ♫ Overcome Kernel v2.1.6 ♫
Replies
5K
Views
882K
F
fresxcv
erezak
[ROM][CM10][4.1.2][GSM][07-Dec-2012] Sapir - CM10 based + tablet mode +++
Replies
698
Views
257K
V
vegh_mark97

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 67
    rotohammer
    rotohammer
    I've been trying to recreate a flashable firmware based on the stock TMobile flash dumps and I have complete success.

    Heres how to save your current firmware. It will be saved with all apps and settings except for whats on /sdcard.

    I recommend reseting to defaults using "Settings->Privacy->Factory data reset" if you want to give these files to someone else to build a flashable rom for you. That will delete all your personal information.

    Note: I just backed up a completely setup AT&T Tab, with tons of apps and customizations and restored it to my stock T-Mobile Tab, perfectly! Every app works, home screen is setup perfect, everything!

    Effectively this is equivalent to a nandroid backup.

    I'll call it "Roto Backup"!
    Code: 
    mkdir backup
cd backup
adb shell  su -c "dd if=/dev/block/bml1 of=/sdcard/boot.bin bs=4096"
adb shell  su -c "dd if=/dev/block/bml2 of=/sdcard/pit.pit bs=4096"
adb shell  su -c "dd if=/dev/block/stl3 of=/sdcard/efs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096"
adb shell  su -c "dd if=/dev/block/stl6 of=/sdcard/param.lfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml7 of=/sdcard/zImage bs=4096"
adb shell  su -c "dd if=/dev/block/stl9 of=/sdcard/factoryfs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl10 of=/sdcard/dbdata.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl11 of=/sdcard/cache.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml12 of=/sdcard/modem.bin bs=4096"
adb shell  su -c "tar -czvf /sdcard/data.tar.gz /data"

adb pull /sdcard/param.lfs .
adb pull /sdcard/zImage .
adb pull /sdcard/factoryfs.rfs .
adb pull /sdcard/dbdata.rfs .
adb pull /sdcard/cache.rfs .
adb pull /sdcard/modem.bin .
adb pull /sdcard/efs.rfs .
adb pull /sdcard/boot.bin .
adb pull /sdcard/Sbl.bin .
adb pull /sdcard/pit.pit .
adb pull /sdcard/data.tar.gz .

    Note you will be prompted for superuser permissions on the Tabs LCD on every dd command.

    If you don't have the tar command on your tab, install Busybox Installer from the market.

    I just paste the above commands into my command shell window and when im done all the files are siting in my current (backup) directory.


    Roto Restore:
    First flash the data back:
    Code: 
    adb push data.tar.gz /sdcard/data.tar.gz
adb shell su -c "tar -zxvf /sdcard/data.tar.gz"
adb reboot download

    Now flash the dumps with Heimdall:
    Code: 
    heimdall flash --kernel zImage --factoryfs factoryfs.rfs --modem modem.bin --cache cache.rfs --dbdata dbdata.rfs --param param.lfs

    Of course you could tar the files right n the Tab and flash via Odin if you really want to:
    Code: 
    adb shell
cd /sdcard
tar -cf mybackup.tar cache.rfs dbdata.rfs factoryfs.rfs modem.bin param.lfs zImage
exit
adb pull /sdcard/mybackup.tar .
    View
    2
    F
    foxmeister
    miketaylor00 said:
    It sounds like this guy is new to android and iz trying to reinvent the wheel

    Sent from my SGH-T849 using XDA App
    Click to expand...
    Click to collapse

    No, it sounds like he's trying to do exactly what he says he's doing, and that is to recreate the base TMo firmware from DD dumps!

    Why? So that if necessary he could return to complete stock if he wished, and because there is no stock TMo image available.

    A Nandroid backup doesn't cut the mustard in this case.

    Remember guys - just because you don't see a need for something, it doesn't mean that that need doesn't exist for others!

    Regards,

    Dave

    P.S. If you'd read any of Rotohammers posts in these forums, and looked back over previous activity in other sections, you'd know that he's not new to Android at all! ;)
    View
    2
    rainbow ng
    rainbow ng
    Hey. claim down, you now need to study the topic from Chainfire about "Don't flash JMxx....the signed bootloader ), to removed the protected bootloader issue first.
    Next time use Roto pre-rooted firmware. Rotohammer is so kind that he removed the signed bootloader for us in his custom rom.

    Congulation!!!!

    but u still have much to do. see you.
    Thank You for you to trust me!

    Sent from my GT-P1000 using XDA App
    View
    1
    designgears
    designgears
    This will get you going...

    Make any changes you want on the phone...

    You can dump any BML like this;
    dd if=/dev/block/bml1 of=/sdcard/boot.bin bs=4096
    dd if=/dev/block/bml2 of=/sdcard/pit.pit bs=4096
    dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096
    dd if=/dev/block/bml6 of=/sdcard/param.lfs bs=4096
    dd if=/dev/block/bml7 of=/sdcard/zImage bs=4096
    dd if=/dev/block/bml9 of=/sdcard/factoryfs.rfs bs=4096
    dd if=/dev/block/bml10 of=/sdcard/dbdata.rfs bs=4096
    dd if=/dev/block/bml11 of=/sdcard/cache.rfs bs=4096
    dd if=/dev/block/bml12 of=/sdcard/modem.bin bs=4096

    Once you have all of those you can make an odin flashable tar.

    Create Flashable Tar
    tar --format=ustar -cf PDA.tar boot.bin cache.rfs dbdata.rfs factoryfs.rfs modem.bin param.lfs Sbl.bin zImage dbdata.rfs

    Load up the PDA.tar into the PDA slot in odin, load up the pit in the pit slot, flash.
    View
    1
    S
    Solaris_irc
    rotohammer said:
    I've been trying to recreate a flashable firmware based on the stock TMobile flash dumps and I have complete success.

    Heres how to save your current firmware. It will be saved with all apps and settings except for whats on /sdcard.

    I recommend reseting to defaults using "Settings->Privacy->Factory data reset" if you want to give these files to someone else to build a flashable rom for you. That will delete all your personal information.

    Note: I just backed up a completely setup AT&T Tab, with tons of apps and customizations and restored it to my stock T-Mobile Tab, perfectly! Every app works, home screen is setup perfect, everything!

    Effectively this is equivalent to a nandroid backup.

    I'll call it "Roto Backup"!
    Code: 
    mkdir backup
cd backup
adb shell  su -c "dd if=/dev/block/bml1 of=/sdcard/boot.bin bs=4096"
adb shell  su -c "dd if=/dev/block/bml2 of=/sdcard/pit.pit bs=4096"
adb shell  su -c "dd if=/dev/block/stl3 of=/sdcard/efs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096"
adb shell  su -c "dd if=/dev/block/stl6 of=/sdcard/param.lfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml7 of=/sdcard/zImage bs=4096"
adb shell  su -c "dd if=/dev/block/stl9 of=/sdcard/factoryfs.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl10 of=/sdcard/dbdata.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/stl11 of=/sdcard/cache.rfs bs=4096"
adb shell  su -c "dd if=/dev/block/bml12 of=/sdcard/modem.bin bs=4096"
adb shell  su -c "tar -czvf /sdcard/data.tar.gz /data"

adb pull /sdcard/param.lfs .
adb pull /sdcard/zImage .
adb pull /sdcard/factoryfs.rfs .
adb pull /sdcard/dbdata.rfs .
adb pull /sdcard/cache.rfs .
adb pull /sdcard/modem.bin .
adb pull /sdcard/efs.rfs .
adb pull /sdcard/boot.bin .
adb pull /sdcard/Sbl.bin .
adb pull /sdcard/pit.pit .
adb pull /sdcard/data.tar.gz .

    Note you will be prompted for superuser permissions on the Tabs LCD on every dd command.

    If you don't have the tar command on your tab, install Busybox Installer from the market.

    I just paste the above commands into my command shell window and when im done all the files are siting in my current (backup) directory.


    Roto Restore:
    First flash the data back:
    Code: 
    adb push data.tar.gz /sdcard/data.tar.gz
adb shell su -c "tar -zxvf /sdcard/data.tar.gz"
adb reboot download

    Now flash the dumps with Heimdall:
    Code: 
    heimdall flash --kernel zImage --factoryfs factoryfs.rfs --modem modem.bin --cache cache.rfs --dbdata dbdata.rfs --param param.lfs

    Of course you could tar the files right n the Tab and flash via Odin if you really want to:
    Code: 
    adb shell
cd /sdcard
tar -cf mybackup.tar cache.rfs dbdata.rfs factoryfs.rfs modem.bin param.lfs zImage
exit
adb pull /sdcard/mybackup.tar .
    Click to expand...
    Click to collapse

    Hi, will this also work in a Galaxy Tab Wifi only (P1010)?:confused: I really would like to make a Backup to flash if needed of my stock Froyo.

    Thanks in advance.
    View

New posts