Difference between revisions of "Android old"
Jump to navigation
Jump to search
(Created page with "==Nexus S== ===Versions=== ====under fastboot, stock==== * Product name - HERRING * HW Version - rev 52 * Bootloader version - I9020XXKA3 * Baseband version - I9020XXKB3 * Car...") |
m |
||
| Line 44: | Line 44: | ||
* Kernel 3.0.31-g3b0c5d2 android-build@vpbs1 #1 |
* Kernel 3.0.31-g3b0c5d2 android-build@vpbs1 #1 |
||
* Build JRO03E |
* Build JRO03E |
||
| + | ===Restoring factory ROM (2.3.3)=== |
||
| + | Warning, it will destroy everything, make your backups first!! |
||
| + | * Get firmware [http://www.samfirmware.com/WEBPROTECT-i9023.htm here] for a European Nexus S i9023, mine needs the I9023XXKB3 one. |
||
| + | * Rename tar.md5 as tar |
||
| + | * Get Odin sw from [http://www.samfirmware.com/WEBPROTECT-programandroid.htm here], choose i9023 |
||
| + | ** e.g. I9003_Odin3_v1.82.rar & SAMSUNG_USB.rar |
||
| + | * Run Odin (works in a virtualbox if needed), load the 4 files: |
||
| + | ** bootloader: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/Bootloader_I9023XXKA3.tar |
||
| + | ** PDA: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar |
||
| + | ** Phone: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/MODEM_I9023XXKB3_REV_00_CL912571_SIGNED.tar |
||
| + | ** CSC: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/DGS_I9023_EUR.tar |
||
| + | * Turn phone off |
||
| + | * Plug USB |
||
| + | * Just before battery icon showing, enter download mode by pressing middle of volume up / volume down button for long, you'll get a big yellow warning triangle |
||
| + | * If using virtualbox, bring USB device (Samsung serial) to virtualbox |
||
| + | * Now Odin should show a yellow rectangle with COM0 |
||
| + | * Press "start" in Odin |
||
| + | Sources: |
||
| + | * http://forum.frandroid.com/topic/52144-tuto-flash-via-odin/ (fr) |
||
| + | * http://forum.frandroid.com/topic/51710-astuce-probleme-de-reconnaissance-par-odin-sous-mode-download/ (fr) |
||
| + | * http://www.samfirmware.com/I9023%20Flasghuide%20English.pdf |
||
| + | |||
| + | ===Restoring (most of) factory ROM (2.3.3) with fastboot=== |
||
| + | Ok previous section was about restoring *everything* as genuine but it requires Windows and most of the time all you screwed up was the boot image, the recovery image or the system image so here is how to restore them or part of them provided that you can still enter fastboot: |
||
| + | <pre> |
||
| + | fastboot oem unlock # if needed, WARNING IT DELETES EVERYTHING!!!!! |
||
| + | fastboot flash recovery recovery.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar |
||
| + | fastboot flash system system.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar |
||
| + | fastboot flash boot boot.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar |
||
| + | </pre> |
||
| + | Warning: I got /sdcard content erased, maybe because I tried to enter the native recovery, but anyway, make backups first before trying anything you risk regretting!!! |
||
| + | |||
| + | E.g. to make a backup with clockwordmod: |
||
| + | * Put phone into fastboot mode |
||
| + | * Enter recovery |
||
| + | * Choose backup & restore / backup |
||
| + | * Choose mount / mount USB storage |
||
| + | * From host: copy clockwordmod/backup/* |
||
| + | ===Rooting 2.3.3=== |
||
| + | * copy su-2.3.6.1-ef-signed.zip (from http://forum.xda-developers.com/showthread.php?t=682828) on USB storage |
||
| + | * enter fastboot mode (see above) |
||
| + | * host: fastboot oem unlock '''WARNING IT DELETES EVERYTHING!!!''' |
||
| + | * fastboot flash recovery 3025-i9023.img |
||
| + | !! Don't touch boot image or try CW 3.0.0.0, one of them caused the phone to not start android anymore, I had to perform the full factory restore with Odin !! |
||
| + | * enter recovery mode from fastboot |
||
| + | ** You can make a backup now |
||
| + | ** install zip from sdcard -> choose -> su-2.3.6.1-ef-signed.zip |
||
| + | ** reboot |
||
| + | Sources: |
||
| + | * http://forum.xda-developers.com/showthread.php?t=988686 |
||
| + | * http://nexusshacks.com/nexus-s-hacks/how-to-root-nexus-s/ |
||
| + | Note that apparently there is a technique avoiding the full wiping, described [https://completeandroid.wordpress.com/2011/01/31/complete-guide-to-rooting-the-nexus-s/ here]. Not tested. |
||
| + | <br>'''UPDATE:''' for Windows users, better to follow [http://nexusshacks.com/nexus-s-hacks/how-to-root-nexus-s-or-nexus-s-4g-new/ these instructions] |
||
| + | |||
| + | ===Upgrading to 2.3.4=== |
||
| + | A new version was [http://www.frandroid.com/69196/la-version-dandroid-2-3-4-est-disponible-pour-le-nexus-s announced (fr)] two days ago. |
||
| + | <br>Official way is apparently to type "*#*#2432546#*#*" (*#*#CHECKIN#*#*) while using Wi-Fi but all I got was a "checkin succeeded" notification. Anyway patched won't apply cleanly on my rooted phone so better to do it manually. Some sources say that code works only for HTC. |
||
| + | <br>For GRI54, update.zip is available [http://android.clients.google.com/packages/ota/google_crespo/486786a7fd97.signed-soju-GRJ22-from-GRI54.486786a7.zip here]. |
||
| + | <br>I tried to apply it but there are several caveats given the previous hacks: |
||
| + | * boot.img: to be able to patch it I've to restore the original boot.img, loosing temporarily the ro.secure=0 setting (cf "adb as root" paragraph). And failing to patch it would probably mean non-bootable as we would have missed replacing the kernel! |
||
| + | * radio.img: hash checksum failed, it seems to indicate that expected radio.img is not the one I have. |
||
| + | * recovery.img: we want to keep the clockworkmod one, so we just skip it for now |
||
| + | To apply those change this means: |
||
| + | * fastboot flash boot boot.img (from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar) |
||
| + | * edit update.zip to remove radio.img, recovery/ and edit META-INF/com/google/android/updater-script |
||
| + | ** remove all commands about radio & recovery patch |
||
| + | ** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su"); |
||
| + | ** if that line is not added, patched phone will not be rooted anymore, which can be easily fixed by applying the su..zip again |
||
| + | * upload update.zip to /sdcard and apply zip via clockworkmod recovery, it'll skip signature verification by default |
||
| + | Ok now we got a system & boot images upgraded to 2.3.4 |
||
| + | <br>We can again modify boot.img to restore ro.secure=0: |
||
| + | * Extract patched 2.3.4 boot.img (cf below, or use clockworkmod), modify it & flash it back |
||
| + | |||
| + | I also wanted to patch the stock recovery image, just to get a 2.3.4 stock recovery in case of. |
||
| + | * Install the 2 files from update.zip#recovery/ into /system and chmod 755 /system/etc/install-recovery-sh |
||
| + | * Restore the stock 2.3.3 recovery.img from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar: adb push recovery.img /sdcard/ |
||
| + | * If you've flash_image on the phone you can try: flash_image recovery /sdcard/recovery.img |
||
| + | * Else: |
||
| + | <pre> |
||
| + | fastboot erase recovery |
||
| + | fastboot flash recovery recovery.img |
||
| + | </pre> |
||
| + | * Reboot the phone & start Android |
||
| + | * It should be done, recovery should have been patched, you can remove the 2 files we've put in /system and extract the patched recovery image manually (cp /dev/mtd/mtd3 /sdcard/recovery.img). Hash changed so I assume it's properly patched |
||
| + | * Restore clockworkmod recovery image |
||
| + | |||
| + | '''What's new?''' |
||
| + | <br>I didn't mention it but with 2.3.3 I had two problems I was still busy trying to solve: GPS never fixing, zero satellite! And no way to see I get copy-protected applications (and that's not because of rooting the phone, on a stock phone it failed too). |
||
| + | <br>Now GPS fixed quite fast with 2.3.4 and I could for the first time see & download copy-protected apps \o/ (even when the phone was rooted again). |
||
| + | |||
| + | '''UPDATE''' |
||
| + | <br>[http://android.clients.google.com/packages/ota/google_crespo/da8206299fe6.signed-soju-ota-121341.da820629.zip here] is the full ROM update, apparently with a new radio which should be ok for all phones... |
||
| + | <br>Seen in [http://forum.xda-developers.com/showthread.php?t=1056062 this thread]. |
||
| + | |||
| + | ===Upgrading to 2.3.6=== |
||
| + | I saw there was also newer versions of ClockworkMod, probably better than the preview release I was still using. |
||
| + | <br>Latest ClockworkMod recoveries are [http://download.clockworkmod.com/recoveries/ here]. |
||
| + | <br>For Nexus S, look for "crespo" img |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy all /sdcard content to PC |
||
| + | * Reboot -> enter fastboot again |
||
| + | * On PC: fastboot flash recovery recovery-clockwork-5.0.2.0-crespo.img |
||
| + | |||
| + | For GRJ22, upgrade.zip is available [http://android.clients.google.com/packages/data/ota/google_crespo/7d11404284c0.signed-soju-GRK39F-from-GRJ22.7d114042.zip here] |
||
| + | * fastboot flash boot boot.img (from stock GRJ22) |
||
| + | * edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script |
||
| + | ** remove all commands about recovery |
||
| + | ** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su"); |
||
| + | ** because I've mangled cacerts.bks to add CACert stuff, I had also to remove stuffs about cacerts.bks in the script, then make a separate zip where I first restore the previous stock cacerts.bks from GRJ22 then apply the patch. And finally mangle the new cacerts.bks again. |
||
| + | * In updater-script, check also which radio version it's able to patch. Look for line similar to this one: |
||
| + | apply_patch("MTD:radio:12583040:2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958:12583040:213c2022516ba651f62064e4379487af1e8499a2", |
||
| + | "-", 213c2022516ba651f62064e4379487af1e8499a2, 12583040, |
||
| + | 2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, package_extract_file("radio.img.p")); |
||
| + | Here it expects a radio.img from GRJ22 with SHA1 = 2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, ok |
||
| + | <br>In case you don't have the right radio img in place, or don want to patch it, remove radio.img from the zip and all commands about radio in updater-script. |
||
| + | * upload update.zip to /sdcard and "apply update from sdcard" via clockworkmod recovery, it'll skip signature verification by default |
||
| + | * Backup & Restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy new backup to PC |
||
| + | Ok now we got a system & boot images upgraded to 2.3.6 |
||
| + | <br>We can again modify boot.img to restore ro.secure=0: |
||
| + | * Extract patched 2.3.6 boot.img (cf below, or use clockworkmod), modify it & flash it back |
||
| + | ===Upgrading to 4.0.3=== |
||
| + | OTA update is available [http://android.clients.google.com/packages/ota/google_crespo/VQ8PQk_V.zip here] |
||
| + | |||
| + | ====Preparation==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy all /sdcard content to PC |
||
| + | * Reboot -> enter fastboot again |
||
| + | ====Preparation bis==== |
||
| + | As I've already modified the system before, I'm rollbacking some changes to ease the update |
||
| + | * dd if=boot.img of=boot2.img bs=262144 count=30 #(with boot.img from 2.3.6, see below) |
||
| + | * fastboot flash boot boot.img (from stock 2.3.6) |
||
| + | * restore cacerts.bks from 2.3.6. As I had only a 2.3.4 version I used bspatch to apply the 2.3.6 update on that file offline then prepared an update.zip with only /system/etc/security/cacerts.bks |
||
| + | * edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script |
||
| + | ** remove all commands about recovery |
||
| + | This time we won't preserve su because we'll have to restore a new one anyway |
||
| + | ====Upgrade==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Mount USB |
||
| + | * Upload update.zip to /sdcard |
||
| + | * Unmount USB |
||
| + | * "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy new backup to PC |
||
| + | * Reboot |
||
| + | ====Rooting again==== |
||
| + | Infos (fr): http://forum.frandroid.com/topic/84048-romandroid-ice-cream-sandwich-40x-ota/ |
||
| + | * Upgrade recovery by flashing the one available in [http://www.multiupload.com/SOHUEIO5EI ClockWorkMod_5.0.2.7_Orange_by_IT4ALii3EN.zip] |
||
| + | * Install via recovery the root.zip available in [http://www.multiupload.com/BZ5A87HYIG ics+root-fastboot-recovery.zip], which restored su, Superuser.apk and busybox |
||
| + | ** Launch Superuser and update su binary from the prefs |
||
| + | |||
| + | <br>We can then restore ro.secure=0 in the boot.img |
||
| + | * Extract new 4.0.3 boot.img (cf below, or use clockworkmod), modify it & flash it back, see [[Android#adb_as_root|below]] |
||
| + | * Note that apparently boot img needs to be even smaller than before: |
||
| + | dd if=boot.img of=boot2.img bs=262144 count=28 |
||
| + | |||
| + | ====CAcert==== |
||
| + | Much easier in ICS: |
||
| + | * drop certs on /sdcard/ |
||
| + | * go to settings / personal: security / credential storage: install from storage & select both certs |
||
| + | ====Failures==== |
||
| + | * Currently, viber does not work on ICS |
||
| + | * Avast anti-theft failed (the renamed app was crashing at startup), I removed it manually by deactivating then removing it from /system/app/com.avast.android.antitheft.apk. After proper reinstallation from Avast app itself it worked again. |
||
| + | ===Upgrading to 4.0.4=== |
||
| + | OTA update is available and the phone proposed me to start upgrade process based on a file of about 17.8Mb |
||
| + | <br>File is probably available somewhere but this time I did the exercice to find it on the phone. |
||
| + | <br>=> searching for files between 16Mb and 19Mb (/512 as apparently busybox find uses 512b sectors) |
||
| + | android# find / -size +31250 -size -37109 |
||
| + | /cache/hR7QFEtn.zip |
||
| + | pc$ adb pull /cache/hR7QFEtn.zip . |
||
| + | ====Preparation==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy all /sdcard content to PC |
||
| + | * Reboot -> enter fastboot again |
||
| + | ====Preparation bis==== |
||
| + | As I've already modified the system before, I'm rollbacking some changes to ease the update |
||
| + | * dd if=boot.img of=boot-fit.img bs=262144 count=30 #(with original boot.img from 4.0.3) |
||
| + | * fastboot flash boot boot-fit.img |
||
| + | * edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script |
||
| + | ** remove all commands about recovery |
||
| + | ** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su"); |
||
| + | ** cacerts.bks is not used anymore (see above) and radio image don't seem to be affected by update, nothing to do here |
||
| + | ====Upgrade==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Mount USB |
||
| + | * Upload myupdate.zip to /sdcard |
||
| + | * Unmount USB |
||
| + | * "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy new backup to PC |
||
| + | * Reboot |
||
| + | ====Rooting again==== |
||
| + | Our mangled update kept the rooting active but the boot was overwritten so we can then restore ro.secure=0 in the boot.img |
||
| + | * Extract new 4.0.4 boot.img (e.g. using clockworkmod backup), modify it & flash it back, see [[Android#adb_as_root|below]] |
||
| + | * Note that apparently boot img needs to be even smaller than before: |
||
| + | dd if=boot.img of=boot-fit.img bs=262144 count=28 |
||
| + | |||
| + | ===Upgrading to 4.1.1=== |
||
| + | OTA update is available [http://android.clients.google.com/packages/ota/google_crespo/9ZGgDXDi.zip here] (114Mb) for upgrading IMM76D to JRO03E ([http://www.android.com/about/jelly-bean/ changelog]). |
||
| + | ====Preparation==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy all /sdcard content to PC |
||
| + | * Reboot -> enter fastboot again |
||
| + | ====Preparation bis==== |
||
| + | As I've already modified the system before, I'm rollbacking some changes to ease the update |
||
| + | * dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.0.4) |
||
| + | * fastboot flash boot boot-fit.img |
||
| + | * edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script |
||
| + | ** remove all commands about recovery |
||
| + | ** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su"); |
||
| + | ** radio image don't seem to be affected by update, nothing to do here |
||
| + | ====Upgrade==== |
||
| + | * Go to fastboot (vol-up + power) |
||
| + | * Go to recovery |
||
| + | * Mount USB |
||
| + | * Upload myupdate.zip to /sdcard |
||
| + | * Unmount USB |
||
| + | * "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default |
||
| + | * Backup & restore / Backup |
||
| + | * Mount USB |
||
| + | * Copy new backup to PC |
||
| + | * Reboot |
||
| + | ====Rooting again==== |
||
| + | Our mangled update kept the rooting active but the boot was overwritten so we can then restore ro.secure=0 in the boot.img |
||
| + | * Extract new 4.1.1 boot.img (e.g. using clockworkmod backup), modify it & flash it back, see [[Android#adb_as_root|below]] |
||
| + | * Note that apparently boot img needs to be even smaller than before: |
||
| + | dd if=boot.img of=boot-fit.img bs=262144 count=28 |
||
| + | |||
| + | ===Extracting manually images from phone=== |
||
| + | On root shell on the phone: |
||
| + | <pre> |
||
| + | # cat /proc/mtd |
||
| + | dev: size erasesize name |
||
| + | mtd0: 00200000 00040000 "bootloader" |
||
| + | mtd1: 00140000 00040000 "misc" |
||
| + | mtd2: 00800000 00040000 "boot" |
||
| + | mtd3: 00800000 00040000 "recovery" |
||
| + | mtd4: 1d580000 00040000 "cache" |
||
| + | mtd5: 00d80000 00040000 "radio" |
||
| + | mtd6: 006c0000 00040000 "efs" |
||
| + | # cat /dev/mtd/mtd5 > /sdcard/radio.img |
||
| + | </pre> |
||
| + | etc |
||
| + | ===Battery=== |
||
| + | Interesting links: |
||
| + | * https://ghost301tech.wordpress.com/2011/04/04/day-10-with-nexus-s-battery-mystery-10-battery-power-saving-tips-maxis10/ |
||
| + | * http://www.androidpolice.com/2010/12/14/your-battery-gauge-is-lying-to-you-everything-you-need-to-know-about-bump-charging-and-inconsistent-battery-drain/ |
||
| + | ===Google Wallet=== |
||
| + | '''NOT TESTED''' |
||
| + | <br>See [http://forum.xda-developers.com/showthread.php?t=1311072 here] |
||
Revision as of 22:01, 28 June 2013
Nexus S
Versions
under fastboot, stock
- Product name - HERRING
- HW Version - rev 52
- Bootloader version - I9020XXKA3
- Baseband version - I9020XXKB3
- Carrier info - EUR
- Serial number - xxxxxxx
under fastboot, after upgrade to 2.3.4
- Baseband version - I9020XXKD1
- Carrier info - EUR
under fastboot, after upgrade to 4.0.4
- Bootloader version - I9020XXKL1
- Baseband version - I9020XXKI1
- Carrier info - EUR
under fastboot, after upgrade to 4.1.1
- Bootloader version - I9020XXCL2
- Baseband version - I9020XXKI1
- Carrier info - EUR
under 'About phone' from the settings, stock 2.3.3
- Android 2.3.3
- Baseband I9023XXKB3
- Kernel 2.6.35.7-g1d030a7
- Build GRI54
under 'About phone' from the settings, after upgrade to 2.3.4
- Android 2.3.4
- Baseband I9023XXKD1
- Kernel 2.6.35.7-ge382d80 android-build@apa28 #1
- Build GRJ22
under 'About phone' from the settings, after upgrade to 4.0.3
- Android 4.0.3
- Baseband I9023XXKI1
- Kernel 3.0.8-gb55e9ac android-build@apa28 #1
- Build IML74K
under 'About phone' from the settings, after upgrade to 4.0.4
- Android 4.0.4
- Baseband I9023XXKI1
- Kernel 3.0.8-g6656123 android-build@vpbs1 #1
- Build IMM76D
under 'About phone' from the settings, after upgrade to 4.1.1
- Android 4.1.1
- Baseband I9023XXKI1
- Kernel 3.0.31-g3b0c5d2 android-build@vpbs1 #1
- Build JRO03E
Restoring factory ROM (2.3.3)
Warning, it will destroy everything, make your backups first!!
- Get firmware here for a European Nexus S i9023, mine needs the I9023XXKB3 one.
- Rename tar.md5 as tar
- Get Odin sw from here, choose i9023
- e.g. I9003_Odin3_v1.82.rar & SAMSUNG_USB.rar
- Run Odin (works in a virtualbox if needed), load the 4 files:
- bootloader: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/Bootloader_I9023XXKA3.tar
- PDA: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
- Phone: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/MODEM_I9023XXKB3_REV_00_CL912571_SIGNED.tar
- CSC: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/DGS_I9023_EUR.tar
- Turn phone off
- Plug USB
- Just before battery icon showing, enter download mode by pressing middle of volume up / volume down button for long, you'll get a big yellow warning triangle
- If using virtualbox, bring USB device (Samsung serial) to virtualbox
- Now Odin should show a yellow rectangle with COM0
- Press "start" in Odin
Sources:
- http://forum.frandroid.com/topic/52144-tuto-flash-via-odin/ (fr)
- http://forum.frandroid.com/topic/51710-astuce-probleme-de-reconnaissance-par-odin-sous-mode-download/ (fr)
- http://www.samfirmware.com/I9023%20Flasghuide%20English.pdf
Restoring (most of) factory ROM (2.3.3) with fastboot
Ok previous section was about restoring *everything* as genuine but it requires Windows and most of the time all you screwed up was the boot image, the recovery image or the system image so here is how to restore them or part of them provided that you can still enter fastboot:
fastboot oem unlock # if needed, WARNING IT DELETES EVERYTHING!!!!! fastboot flash recovery recovery.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar fastboot flash system system.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar fastboot flash boot boot.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
Warning: I got /sdcard content erased, maybe because I tried to enter the native recovery, but anyway, make backups first before trying anything you risk regretting!!!
E.g. to make a backup with clockwordmod:
- Put phone into fastboot mode
- Enter recovery
- Choose backup & restore / backup
- Choose mount / mount USB storage
- From host: copy clockwordmod/backup/*
Rooting 2.3.3
- copy su-2.3.6.1-ef-signed.zip (from http://forum.xda-developers.com/showthread.php?t=682828) on USB storage
- enter fastboot mode (see above)
- host: fastboot oem unlock WARNING IT DELETES EVERYTHING!!!
- fastboot flash recovery 3025-i9023.img
!! Don't touch boot image or try CW 3.0.0.0, one of them caused the phone to not start android anymore, I had to perform the full factory restore with Odin !!
- enter recovery mode from fastboot
- You can make a backup now
- install zip from sdcard -> choose -> su-2.3.6.1-ef-signed.zip
- reboot
Sources:
- http://forum.xda-developers.com/showthread.php?t=988686
- http://nexusshacks.com/nexus-s-hacks/how-to-root-nexus-s/
Note that apparently there is a technique avoiding the full wiping, described here. Not tested.
UPDATE: for Windows users, better to follow these instructions
Upgrading to 2.3.4
A new version was announced (fr) two days ago.
Official way is apparently to type "*#*#2432546#*#*" (*#*#CHECKIN#*#*) while using Wi-Fi but all I got was a "checkin succeeded" notification. Anyway patched won't apply cleanly on my rooted phone so better to do it manually. Some sources say that code works only for HTC.
For GRI54, update.zip is available here.
I tried to apply it but there are several caveats given the previous hacks:
- boot.img: to be able to patch it I've to restore the original boot.img, loosing temporarily the ro.secure=0 setting (cf "adb as root" paragraph). And failing to patch it would probably mean non-bootable as we would have missed replacing the kernel!
- radio.img: hash checksum failed, it seems to indicate that expected radio.img is not the one I have.
- recovery.img: we want to keep the clockworkmod one, so we just skip it for now
To apply those change this means:
- fastboot flash boot boot.img (from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar)
- edit update.zip to remove radio.img, recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about radio & recovery patch
- add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
- if that line is not added, patched phone will not be rooted anymore, which can be easily fixed by applying the su..zip again
- upload update.zip to /sdcard and apply zip via clockworkmod recovery, it'll skip signature verification by default
Ok now we got a system & boot images upgraded to 2.3.4
We can again modify boot.img to restore ro.secure=0:
- Extract patched 2.3.4 boot.img (cf below, or use clockworkmod), modify it & flash it back
I also wanted to patch the stock recovery image, just to get a 2.3.4 stock recovery in case of.
- Install the 2 files from update.zip#recovery/ into /system and chmod 755 /system/etc/install-recovery-sh
- Restore the stock 2.3.3 recovery.img from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar: adb push recovery.img /sdcard/
- If you've flash_image on the phone you can try: flash_image recovery /sdcard/recovery.img
- Else:
fastboot erase recovery fastboot flash recovery recovery.img
- Reboot the phone & start Android
- It should be done, recovery should have been patched, you can remove the 2 files we've put in /system and extract the patched recovery image manually (cp /dev/mtd/mtd3 /sdcard/recovery.img). Hash changed so I assume it's properly patched
- Restore clockworkmod recovery image
What's new?
I didn't mention it but with 2.3.3 I had two problems I was still busy trying to solve: GPS never fixing, zero satellite! And no way to see I get copy-protected applications (and that's not because of rooting the phone, on a stock phone it failed too).
Now GPS fixed quite fast with 2.3.4 and I could for the first time see & download copy-protected apps \o/ (even when the phone was rooted again).
UPDATE
here is the full ROM update, apparently with a new radio which should be ok for all phones...
Seen in this thread.
Upgrading to 2.3.6
I saw there was also newer versions of ClockworkMod, probably better than the preview release I was still using.
Latest ClockworkMod recoveries are here.
For Nexus S, look for "crespo" img
- Go to fastboot (vol-up + power)
- Go to recovery
- Backup & restore / Backup
- Mount USB
- Copy all /sdcard content to PC
- Reboot -> enter fastboot again
- On PC: fastboot flash recovery recovery-clockwork-5.0.2.0-crespo.img
For GRJ22, upgrade.zip is available here
- fastboot flash boot boot.img (from stock GRJ22)
- edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about recovery
- add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
- because I've mangled cacerts.bks to add CACert stuff, I had also to remove stuffs about cacerts.bks in the script, then make a separate zip where I first restore the previous stock cacerts.bks from GRJ22 then apply the patch. And finally mangle the new cacerts.bks again.
- In updater-script, check also which radio version it's able to patch. Look for line similar to this one:
apply_patch("MTD:radio:12583040:2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958:12583040:213c2022516ba651f62064e4379487af1e8499a2",
"-", 213c2022516ba651f62064e4379487af1e8499a2, 12583040,
2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, package_extract_file("radio.img.p"));
Here it expects a radio.img from GRJ22 with SHA1 = 2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, ok
In case you don't have the right radio img in place, or don want to patch it, remove radio.img from the zip and all commands about radio in updater-script.
- upload update.zip to /sdcard and "apply update from sdcard" via clockworkmod recovery, it'll skip signature verification by default
- Backup & Restore / Backup
- Mount USB
- Copy new backup to PC
Ok now we got a system & boot images upgraded to 2.3.6
We can again modify boot.img to restore ro.secure=0:
- Extract patched 2.3.6 boot.img (cf below, or use clockworkmod), modify it & flash it back
Upgrading to 4.0.3
OTA update is available here
Preparation
- Go to fastboot (vol-up + power)
- Go to recovery
- Backup & restore / Backup
- Mount USB
- Copy all /sdcard content to PC
- Reboot -> enter fastboot again
Preparation bis
As I've already modified the system before, I'm rollbacking some changes to ease the update
- dd if=boot.img of=boot2.img bs=262144 count=30 #(with boot.img from 2.3.6, see below)
- fastboot flash boot boot.img (from stock 2.3.6)
- restore cacerts.bks from 2.3.6. As I had only a 2.3.4 version I used bspatch to apply the 2.3.6 update on that file offline then prepared an update.zip with only /system/etc/security/cacerts.bks
- edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about recovery
This time we won't preserve su because we'll have to restore a new one anyway
Upgrade
- Go to fastboot (vol-up + power)
- Go to recovery
- Mount USB
- Upload update.zip to /sdcard
- Unmount USB
- "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default
- Backup & restore / Backup
- Mount USB
- Copy new backup to PC
- Reboot
Rooting again
Infos (fr): http://forum.frandroid.com/topic/84048-romandroid-ice-cream-sandwich-40x-ota/
- Upgrade recovery by flashing the one available in ClockWorkMod_5.0.2.7_Orange_by_IT4ALii3EN.zip
- Install via recovery the root.zip available in ics+root-fastboot-recovery.zip, which restored su, Superuser.apk and busybox
- Launch Superuser and update su binary from the prefs
We can then restore ro.secure=0 in the boot.img
- Extract new 4.0.3 boot.img (cf below, or use clockworkmod), modify it & flash it back, see below
- Note that apparently boot img needs to be even smaller than before:
dd if=boot.img of=boot2.img bs=262144 count=28
CAcert
Much easier in ICS:
- drop certs on /sdcard/
- go to settings / personal: security / credential storage: install from storage & select both certs
Failures
- Currently, viber does not work on ICS
- Avast anti-theft failed (the renamed app was crashing at startup), I removed it manually by deactivating then removing it from /system/app/com.avast.android.antitheft.apk. After proper reinstallation from Avast app itself it worked again.
Upgrading to 4.0.4
OTA update is available and the phone proposed me to start upgrade process based on a file of about 17.8Mb
File is probably available somewhere but this time I did the exercice to find it on the phone.
=> searching for files between 16Mb and 19Mb (/512 as apparently busybox find uses 512b sectors)
android# find / -size +31250 -size -37109 /cache/hR7QFEtn.zip pc$ adb pull /cache/hR7QFEtn.zip .
Preparation
- Go to fastboot (vol-up + power)
- Go to recovery
- Backup & restore / Backup
- Mount USB
- Copy all /sdcard content to PC
- Reboot -> enter fastboot again
Preparation bis
As I've already modified the system before, I'm rollbacking some changes to ease the update
- dd if=boot.img of=boot-fit.img bs=262144 count=30 #(with original boot.img from 4.0.3)
- fastboot flash boot boot-fit.img
- edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about recovery
- add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
- cacerts.bks is not used anymore (see above) and radio image don't seem to be affected by update, nothing to do here
Upgrade
- Go to fastboot (vol-up + power)
- Go to recovery
- Mount USB
- Upload myupdate.zip to /sdcard
- Unmount USB
- "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default
- Backup & restore / Backup
- Mount USB
- Copy new backup to PC
- Reboot
Rooting again
Our mangled update kept the rooting active but the boot was overwritten so we can then restore ro.secure=0 in the boot.img
- Extract new 4.0.4 boot.img (e.g. using clockworkmod backup), modify it & flash it back, see below
- Note that apparently boot img needs to be even smaller than before:
dd if=boot.img of=boot-fit.img bs=262144 count=28
Upgrading to 4.1.1
OTA update is available here (114Mb) for upgrading IMM76D to JRO03E (changelog).
Preparation
- Go to fastboot (vol-up + power)
- Go to recovery
- Backup & restore / Backup
- Mount USB
- Copy all /sdcard content to PC
- Reboot -> enter fastboot again
Preparation bis
As I've already modified the system before, I'm rollbacking some changes to ease the update
- dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.0.4)
- fastboot flash boot boot-fit.img
- edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about recovery
- add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
- radio image don't seem to be affected by update, nothing to do here
Upgrade
- Go to fastboot (vol-up + power)
- Go to recovery
- Mount USB
- Upload myupdate.zip to /sdcard
- Unmount USB
- "install zip from sdcard" via clockworkmod recovery, it'll skip signature verification by default
- Backup & restore / Backup
- Mount USB
- Copy new backup to PC
- Reboot
Rooting again
Our mangled update kept the rooting active but the boot was overwritten so we can then restore ro.secure=0 in the boot.img
- Extract new 4.1.1 boot.img (e.g. using clockworkmod backup), modify it & flash it back, see below
- Note that apparently boot img needs to be even smaller than before:
dd if=boot.img of=boot-fit.img bs=262144 count=28
Extracting manually images from phone
On root shell on the phone:
# cat /proc/mtd dev: size erasesize name mtd0: 00200000 00040000 "bootloader" mtd1: 00140000 00040000 "misc" mtd2: 00800000 00040000 "boot" mtd3: 00800000 00040000 "recovery" mtd4: 1d580000 00040000 "cache" mtd5: 00d80000 00040000 "radio" mtd6: 006c0000 00040000 "efs" # cat /dev/mtd/mtd5 > /sdcard/radio.img
etc
Battery
Interesting links:
- https://ghost301tech.wordpress.com/2011/04/04/day-10-with-nexus-s-battery-mystery-10-battery-power-saving-tips-maxis10/
- http://www.androidpolice.com/2010/12/14/your-battery-gauge-is-lying-to-you-everything-you-need-to-know-about-bump-charging-and-inconsistent-battery-drain/
Google Wallet
NOT TESTED
See here