[Q] Is there any way to fool stock recovery to re-flash ota firmware on Xperia S?

[bjanice44]

I am wondering if anyone knows of a way to take the latest ota zip for the Xperia S, decrypt it, edit the version, repack it, then be able to flash it. Right now it will not let me flash over the current version r5 because it is the same version. I am stuck on the blue wave animation perpetually after screwing up my services.jar. I have no adb access and my only hope is to flash in recovery or wait until the next update comes out...

I was told by a Sony tech yesterday the Jelly Bean update for the Xperia S will not be until January...

EDIT: There is a way to fool the recovery. Does anyone have a modified r5 ota for the Xperia edited for a higher incremented version they could share?

 

[stifilz]

I am wondering if anyone knows of a way to take the latest ota zip for the Xperia S, decrypt it, edit the version, repack it, then be able to flash it. Right now it will not let me flash over the current version r5 because it is the same version. I am stuck on the blue wave animation perpetually after screwing up my services.jar. I have no adb access and my only hope is to flash in recovery or wait until the next update comes out...

I was told by a Sony tech yesterday the Jelly Bean update for the Xperia S will not be until January...

EDIT: There is a way to fool the recovery. Does anyone have a modified r5 ota for the Xperia edited for a higher incremented version they could share?

If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)

Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it

 

[bjanice44]

If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)

Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it

Thanks for the response. Yeah I guess I am going to have to send it in or .. the other option is to wait for another update, but not knowing when that will be sucks. The Sony tech told me yesterday (when I called to find out my options..and I can send it in) that the Jelly Bean update is coming in January..So the question is will Sony have another update to ICS before then. Perhaps..

 

[bjanice44]

Thanks for the response. Yeah I guess I am going to have to send it in or .. the other option is to wait for another update, but not knowing when that will be sucks. The Sony tech told me yesterday (when I called to find out my options..and I can send it in) that the Jelly Bean update is coming in January..So the question is will Sony have another update to ICS before then. Perhaps..

The funny thing is that I know which file is corrupted in the system. Its the services.jar. If only there was a way for me to replace that file....It would boot.

 

[stifilz]

The funny thing is that I know which file is corrupted in the system. Its the services.jar. If only there was a way for me to replace that file....It would boot.

Yeh guttered. Can you check if you can get adb shell in recovery??? I know it is late now but this is why the AIO tool changes the incremental to a lower one... So we can flash same update if it turns to custard

 

[bjanice44]

Yeh guttered. Can you check if you can get adb shell in recovery??? I know it is late now but this is why the AIO tool changes the incremental to a lower one... So we can flash same update if it turns to custard

No ADB shell. I guess I'll send it in. Watch.. 2 days after I send it in there will be an update..

 

[stifilz]

No ADB shell. I guess I'll send it in. Watch.. 2 days after I send it in there will be an update..

Lol. That would be awesome

 

[mawnstermew]

If it is the same as Sony Tab S then you would need to disable the signature check to flash a modded update. To add to the bad news, that is no longer able to work with new recovery (that came with r5, for older tab anyway)

Any chance you can take it in under warrantly?? They may not be able to tell that you messed with it

stifilz is there really no other way we can revert back to the old Recovery? I mean like finding someone who is still on HC 3.2? and asking him to prepare the needed stuffs like the decrypt one? sorry but im really desperate on fixing the issue my tab is experiencing. and can we still hope for an updated AIO tool that might even work with the latest recovery mode?

 

[stifilz]

stifilz is there really no other way we can revert back to the old Recovery? I mean like finding someone who is still on HC 3.2? and asking him to prepare the needed stuffs like the decrypt one? sorry but im really desperate on fixing the issue my tab is experiencing. and can we still hope for an updated AIO tool that might even work with the latest recovery mode?

I have tried to flash 11000 (3.2), 0035(3.2.1), 0042(3.2.1R2), ICS, R1A and NONE of these change the recovery back, i also tied NZ and US files, I was lucky enough to locate US files and had the NZ files saved to my PC. I have looked into AIO tool and read through the code, it runs a certain command in adb shell in recovery (WHICH WE NO LONGER HAVE GRR) so it can not be done ATM.

Maybe there is some file we can change on the tab to enable shell in adb again. From memory shell does not work with non-root devices and when we root we can use adb shell. (Can someone verify this, bad memory lol)

Anyway there could be something I am missing, well hoping anyway

You know you can change the incremental in vendor/vendor.prop to a lower one to flash an OLDER OTA.... Right??

Stifilz

 

[mawnstermew]

I have tried to flash 11000 (3.2), 0035(3.2.1), 0042(3.2.1R2), ICS, R1A and NONE of these change the recovery back, i also tied NZ and US files, I was lucky enough to locate US files and had the NZ files saved to my PC. I have looked into AIO tool and read through the code, it runs a certain command in adb shell in recovery (WHICH WE NO LONGER HAVE GRR) so it can not be done ATM.

Maybe there is some file we can change on the tab to enable shell in adb again. From memory shell does not work with non-root devices and when we root we can use adb shell. (Can someone verify this, bad memory lol)

Anyway there could be something I am missing, well hoping anyway

You know you can change the incremental in vendor/vendor.prop to a lower one to flash an OLDER OTA.... Right??

Stifilz

-.- sadly i dont know how to change such things. can you please tell me how to do it? ive been looking for ways to downgrade to HC but iim getting prohibit basebrand or SKU version or something like that

 

[stifilz]

-.- sadly i dont know how to change such things. can you please tell me how to do it? ive been looking for ways to downgrade to HC but iim getting prohibit basebrand or SKU version or something like that

Use AIO tool. Tweaks and mods then install rescue backdoor

Or

Download root explorer or similar. Open riot exolorer and navigate to vendor folder.
Long click vendor.prop and then select edit with text editor
Change the number to a lower one. Take of the last digit will do.
Click three dots for options and save

All done flash what you like

 

[mawnstermew]

Use AIO tool. Tweaks and mods then install rescue backdoor

Or

Download root explorer or similar. Open riot exolorer and navigate to vendor folder.
Long click vendor.prop and then select edit with text editor
Change the number to a lower one. Take of the last digit will do.
Click three dots for options and save

All done flash what you like

That one needs a rooted tablet right? Im having troubles rootig my tab even with b4narys script. If I choose to downgrade to 3.2 what no should I chane the las t two digits to?

 

[stifilz]

That one needs a rooted tablet right? Im having troubles rootig my tab even with b4narys script. If I choose to downgrade to 3.2 what no should I chane the las t two digits to?

Needs root yes. Just delete the last digit

 

[mawnstermew]

Needs root yes. Just delete the last digit

thanks! BTW im still able to flash to ICS updates right? BTW im not able to install pre rooted ics if i try to reflash to lower versions due to the inability of AIO tool to decrypt?

 

[stifilz]

From AIO you can decrypt and flash anything lol. Except if you have the r5 recovery it wont work at all

 

[mawnstermew]

i tried with B4nary's script again but all im getting is the terminal emulator. did you do something with the backupandrestore.apk? cuz i tried installing it and im getting forced close everytime i try to open it.

BTW im on r5 so i wont be able to downgrade? im still stuck at rooting it

 

[stifilz]

i tried with B4nary's script again but all im getting is the terminal emulator. did you do something with the backupandrestore.apk? cuz i tried installing it and im getting forced close everytime i try to open it.

BTW im on r5 so i wont be able to downgrade? im still stuck at rooting it

You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????

You can change incremental after root and flash a ICS or R1A or even HC if you have the file

Stifilz

 

[mawnstermew]

You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????

You can change incremental after root and flash a ICS or R1A or even HC if you have the file

Stifilz

i just followed the instrucions stated here http://forum.xda-developers.com/showthread.php?t=1886460 i used the normal mode to unlock but then im getting the on the "mount: permission denied and then i tried using special mode to root and finally after everything was done all that was installed in my tablet is a terminal emulator, some applications were lost in the process such as my avast anti virus and play store.

 

[mawnstermew]

You are typing in /data/local/tmp/onload.sh and then /data/local/tmp/onload2.sh????

You can change incremental after root and flash a ICS or R1A or even HC if you have the file

Stifilz

[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ /data/local/tmp/onload.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/mkdevsh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $ data/local/tmp/onload2.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/remount.sh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $


btw stifilz, can you share to me your edited bin4ry's script? the one with the re-signed vpnfaker? it tried signing it but it still doesnt work saying something about the vpnfaker. I think there was something wrong with the way i signed it. it might work if i try to use the one you made.

 

[stifilz]

[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ /data/local/tmp/onload.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/mkdevsh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $ data/local/tmp/onload2.sh
Unable to chmod /data: Operation not permitted
Unable to chmod /data/local/tmp/remount.sh: Operation not permitted
failed on 'property' - Permission denied
mkdir failed for property, File exists
link failed Permission denied
link failed Permission denied
rm failed for property, Permission denied
failed on 'property.org' - Permission denied
255|[email protected]:/ $


btw stifilz, can you share to me your edited bin4ry's script? the one with the re-signed vpnfaker? it tried signing it but it still doesnt work saying something about the vpnfaker. I think there was something wrong with the way i signed it. it might work if i try to use the one you made.

Ok doubt it will work but it is attached. I have zipped it up to add as attachment.

Please unzip it and then replace the file (of same name) in the 'stuff' directory of bin4ry's tool.

Good luck once again