Working Bootable recovery for the KFFOWI (Ford)

[Vlasp]

As you know, root has been achieved on this device. Now, let's move on to recovery. The recovery.img is a lot like the boot.img, in the way that you can boot from it. In theory, if we make a 3e recovery.bin for this device (TWRP/CWM), and we boot from it, we will be able to install any rom. Let's let the Recovery.bin development start!

THIS DEVICE DOES NOT SUPPORT FLASHING RECOVERIES. YOU HAVE TO BOOT FROM THEM IN FASTBOOT.​

This device now has 2 custom recoveries, those 2 being TWRP (Team Win Recovery Project) and CM (CyanogenMod) Recovery. CyanogenMod recovery is much like the stock recovery, with the only difference being that CM Recovery can install files that don't have the Amazon ZIP Signature. TWRP, on the other hand, has a touchscreen display, and is much more user friendly than CM Recovery. The links to both are here:

• CM Recovery
• TWRP

You can do many things in a Custom Recovery, such as:

• Install custom ROMs (Found here)
• Install modifications to your current OS (XPosed Framework, Root, etc.)
• Install GAPPS (Google Applications, including Play Store and Play Services)
• Wipe your current ROM
• Backup your current ROM
• Restore a backup of a previous ROM

If you have any questions, ask them here.
Now, press the thank button here and thank the developers that made these recoveries and ROMs possible, and you are good to go.
Good Luck!

 

[Awesomeslayerg]

Im dumping the recovery partition right now as well as the boot as well and the other two extra bootloader stuff that may help us

 

[Awesomeslayerg]

I have attached the images we can use. I dont know if we need the system image file but if we do just let me know hopefully ill be able to upload it or someone else might cause its 1 GB it may take some time.

 

[Vlasp]

I have attached the images we can use. I dont know if we need the system image file but if we do just let me know hopefully ill be able to upload it or someone else might cause its 1 GB it may take some time.

Well, we just need someone to build a recovery for this device. Once that is bootable, we can install roms. Also, since we will most likely not be able to unlock the bootloader, Safestrap might be our best bet.

 

[Awesomeslayerg]

True.. it's a mediatek soc so there's gotta be a way to unlock the bootloader because most of the mediatek devices have unlocked bootloader I think. And besides it gives us an unlock code so we need to see what that deal is

 

[csolanol]

Just leaving here partitions structure:

Model: MMC 8GND3R (sd/mmc)
Disk /dev/block/mmcblk0: 7818MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB KB
2 2097kB 3146kB 1049kB DKB
3 3146kB 21.4MB 18.2MB EXPDB
4 21.4MB 22.4MB 1049kB UBOOT
5 22.4MB 39.2MB 16.8MB boot
6 39.2MB 56.0MB 16.8MB recovery
7 56.0MB 56.5MB 524kB MISC
8 56.5MB 60.2MB 3670kB LOGO
9 60.2MB 65.4MB 5243kB TEE1
10 65.4MB 70.6MB 5243kB TEE2
11 70.6MB 1329MB 1258MB ext4 system
12 1329MB 1591MB 262MB ext4 cache
13 1591MB 7818MB 6227MB ext4 userdata

 

[Awesomeslayerg]

Hmm it looks like the MTK Droid Root and Tools V2.5.3 works now so we can flash images via that as well as recovery AND boot. But someone should get a 2nd fire and try it out because we have no scatter file.

We could possibly install a 2nd bootloader

 

[diegocr]

Hmm it looks like the MTK Droid Root and Tools V2.5.3 works now so we can flash images via that as well as recovery AND boot. But someone should get a 2nd fire and try it out because we have no scatter file.

We could possibly install a 2nd bootloader

I have made this one and test ro readback partitions bug gets error 2004
Partition lists
storage, boot_channel & block_size maybe not good

Model: MMC 8GND3R (sd/mmc)

storage: SDMMC ????

Sometimes tablet wont boot and have to remove battery connector

Last SP Flash TOOL, linux version have much errors and force to remove battery
http://firmware.su/51343-sp-flash-tool.html
DO NO USE TO DOWNLOAD ANYTHING
UNDER CONSTRUCTION

scatter updated, UNTESTED

 

[Harry44]

Lets go recovery!

 

[diegocr]

idme print as su

unlock_code:

---------- Post added at 12:09 PM ---------- Previous post was at 11:52 AM ----------

There are 2 boads type and 2 preloaders......
Mine have preloader_prod.img board_id: 0025001040000015

# check if production device
if ("0025001000000015" == read_file_str("/proc/idme/board_id") ||
    "0025001000010015" == read_file_str("/proc/idme/board_id") ||
    "0025001010000015" == read_file_str("/proc/idme/board_id") ||
    "0025001010010015" == read_file_str("/proc/idme/board_id") ||
    "0025001020000015" == read_file_str("/proc/idme/board_id"))
then
    ui_print("Copying preloader.img to boot partition 0 for unsecure device...");
    package_extract_file("images/preloader.img", "/dev/block/platform/mtk-msdc.0/mmcblk0boot0");
else
    ui_print("Copying preloader_prod.img to boot partition 0 for secure device...");
    package_extract_file("images/preloader_prod.img", "/dev/block/platform/mtk-msdc.0/mmcblk0boot0");
endif;

 

[killerhippy]

my /proc/idme/board_id reads 0025001040000015

 

[Vlasp]

Can anyone try this: http://forum.xda-developers.com/showthread.php?t=2798257?

Sent from my KFFOWI using Tapatalk

 

[Awesomeslayerg]

I did yesterday didn't work

 

[Vlasp]

I did yesterday didn't work

Did you try Fastboot boot recovery.img with the one it gave?

Sent from my XT912 using Tapatalk

 

[Awesomeslayerg]

No I'll try today

 

[Awesomeslayerg]

Okay i used the MTK-TWRP thing right now and used it to unpack the recovery image and it looks like we can use this to our advantage to flash unverified files by editing some of the prop settings.

 

[Vlasp]

Can someone try this: http://xda-university.com/as-a-developer/porting-clockworkmod-recovery-to-a-new-device? It might work.

 

[Awesomeslayerg]

How would we flash it?

 

[ldeveraux]

How would we flash it?

Zips are flashable in flashfire...

 

[ggow]

How would we flash it?

Use the following commands to flash the recovery

adb shell
su
dd if=/sdcard/recovery.img of=/dev/block/platform/mtk-msdc.0/by-name/recovery

- I have Cyanogenmod Recovery working except a few minor niggles
- Let you know once it's fully working
- It looks like we can't boot unsigned images that are flashed to the recovery partition
- If I boot the image from fastboot rather than flashing it then it works
- CVE-2014-0973 is patched in the bootloader