OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

2 Pages V  < 1 2  
Reply to this topicStart new topic
> Rooting the Cosmo Communicator
v3ritas
post Nov 18 2019, 04:37 AM
Post #16





Group: Members
Posts: 3
Joined: 22-June 18
Member No.: 824,869



QUOTE(ZimbiX @ Nov 17 2019, 06:23 PM) *
QUOTE(v3ritas @ Nov 18 2019, 08:13 AM) *
I forget how I was getting root on my Gemini while using stock firmware, but may be similar to this.


For the Gemini, Planet provided a pre-rooted boot.img for us to flash with the SP Flash Tool. Unless you're saying you might have done something else.

QUOTE(v3ritas @ Nov 18 2019, 08:13 AM) *
Do we have recovery images yet for the Cosmo? May need those (either for root or when I inevitably break something while trying to root).


Not that I know of. I did come across this last night though: 'Mediatek (MTK) Auto TWRP recovery porter by Team Hovatek' - https://forum.hovatek.com/thread-21839.html. It looks recently developed enough that it might just work once we extract the stock recovery image biggrin.gif These Hovatek people are champs.

Good luck! And let us know what you learn


It's using the "new" unlocking commands (`fastboot flashing unlock`), but currently hung at the prompt because I can't find out what's bound as the volume keys on the device. Going to try to play around with it while I'm at work today.

Here's some info from `fastboot getvar all` though:
? ~ fastboot getvar all
(bootloader) max-download-size: 0x8000000
(bootloader) variant:
(bootloader) logical-block-size: 0x200
(bootloader) erase-block-size: 0x80000
(bootloader) hw-revision: ca00
(bootloader) battery-soc-ok: yes
(bootloader) battery-voltage: 3734mV
(bootloader) partition-size:flashinfo: 1000000
(bootloader) partition-type:flashinfo: raw data
(bootloader) partition-size:otp: 2b00000
(bootloader) partition-type:otp: raw data
(bootloader) partition-size:userdata: 1be53f8000
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:cache: 1b000000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:system: c0000000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:vendor: 35800000
(bootloader) partition-type:vendor: ext4
(bootloader) partition-size:tee2: c00000
(bootloader) partition-type:tee2: raw data
(bootloader) partition-size:tee1: 500000
(bootloader) partition-type:tee1: raw data
(bootloader) partition-size:dtbo: 800000
(bootloader) partition-type:dtbo: raw data
(bootloader) partition-size:logo: 800000
(bootloader) partition-type:logo: raw data
(bootloader) partition-size:boot: 2000000
(bootloader) partition-type:boot: raw data
(bootloader) partition-size:lk2: 100000
(bootloader) partition-type:lk2: raw data
(bootloader) partition-size:lk: 100000
(bootloader) partition-type:lk: raw data
(bootloader) partition-size:nvram: 4000000
(bootloader) partition-type:nvram: raw data
(bootloader) partition-size:gz2: 1000000
(bootloader) partition-type:gz2: raw data
(bootloader) partition-size:gz1: 1000000
(bootloader) partition-type:gz1: raw data
(bootloader) partition-size:cam_vpu3: f00000
(bootloader) partition-type:cam_vpu3: raw data
(bootloader) partition-size:cam_vpu2: f00000
(bootloader) partition-type:cam_vpu2: raw data
(bootloader) partition-size:cam_vpu1: f00000
(bootloader) partition-type:cam_vpu1: raw data
(bootloader) partition-size:sspm_2: 100000
(bootloader) partition-type:sspm_2: raw data
(bootloader) partition-size:sspm_1: 100000
(bootloader) partition-type:sspm_1: raw data
(bootloader) partition-size:scp2: 600000
(bootloader) partition-type:scp2: raw data
(bootloader) partition-size:scp1: 600000
(bootloader) partition-type:scp1: raw data
(bootloader) partition-size:spmfw: 100000
(bootloader) partition-type:spmfw: raw data
(bootloader) partition-size:md1dsp: 1000000
(bootloader) partition-type:md1dsp: raw data
(bootloader) partition-size:md1img: 6400000
(bootloader) partition-type:md1img: raw data
(bootloader) partition-size:proinfo: 300000
(bootloader) partition-type:proinfo: raw data
(bootloader) partition-size:sec1: 200000
(bootloader) partition-type:sec1: raw data
(bootloader) partition-size:persist: 3000000
(bootloader) partition-type:persist: ext4
(bootloader) partition-size:seccfg: 800000
(bootloader) partition-type:seccfg: raw data
(bootloader) partition-size:protect2: 978000
(bootloader) partition-type:protect2: ext4
(bootloader) partition-size:protect1: 800000
(bootloader) partition-type:protect1: ext4
(bootloader) partition-size:metadata: 2000000
(bootloader) partition-type:metadata: raw data
(bootloader) partition-size:nvdata: 4000000
(bootloader) partition-type:nvdata: ext4
(bootloader) partition-size:nvcfg: 2000000
(bootloader) partition-type:nvcfg: ext4
(bootloader) partition-size:frp: 100000
(bootloader) partition-type:frp: raw data
(bootloader) partition-size:expdb: 1400000
(bootloader) partition-type:expdb: raw data
(bootloader) partition-size:para: 80000
(bootloader) partition-type:para: raw data
(bootloader) partition-size:recovery: 2000000
(bootloader) partition-type:recovery: raw data
(bootloader) partition-size:boot_para: 100000
(bootloader) partition-type:boot_para: raw data
(bootloader) partition-size:preloader: 80000
(bootloader) partition-type:preloader: raw data
(bootloader) serialno: << Redacted >>
(bootloader) off-mode-charge: 1
(bootloader) warranty: yes
(bootloader) unlocked: no
(bootloader) secure: yes
(bootloader) kernel: lk
(bootloader) product: k71v1_64_bsp
(bootloader) slot-count: 0
(bootloader) version-baseband: MOLY.LR12A.R3.MP.V66.11
(bootloader) version-bootloader: k71v1_64_bsp-7c4ca86-20191029135153-201
(bootloader) version-preloader:
(bootloader) version: 0.5
all: Done!!
Finished. Total time: 0.015s
? ~


EDIT: Added the unlocking command above: `fastboot flashing unlock`

EDIT2: Okay, got the bootoader unlocked -- it looks like the button(s) in the fingerprint sensor are bound to volume. After hitting that I was able to actually get it through the unlock process. Now to see about getting a boot image to modify with Magisk for root.
? ~ fastboot getvar all
...
(bootloader) unlocked: yes
(bootloader) secure: no
...
? ~
Go to the top of the page
 
+Quote Post
v3ritas
post Nov 18 2019, 06:02 PM
Post #17





Group: Members
Posts: 3
Joined: 22-June 18
Member No.: 824,869



I'm pretty much stuck. Tried a few different things I found online related to getting a dump of the current firmware, but wasn't successful. Trying to avoid using any app I come across (also running Linux), but through one of the tutorials I have a template for the scatter file. I'm attaching it here in case it helps anyone else out.

Going to keep trying, but don't think I'll be able to accomplish anything before Planet releases the firmware or a way for us to root themselves.

EDIT: Might have the wrong chip there -- the MT6771 appears to be for MediaTek P60, not the Cosmo's P70.
Attached File(s)
Attached File  MT6771_Android_scatter.txt ( 1.01K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
ZimbiX
post Today, 04:51 AM
Post #18





Group: Members
Posts: 12
Joined: 22-December 18
From: Melbourne, Australia
Member No.: 838,517



Good news, everyone!

I've managed to make decent progress with WwR. The UI in the latest version is a bit different from the tutorial I linked, but I've managed to generate a full scatterfile, and have commenced a full readback of the device! It looks like that's going to take a very long time to finish, so I thought I'd update here in the meantime.

Next up would be to use WwR to split the backup into individual image files.

Given it seems so easy to do that, I think I'll do a factory reset of my Cosmo and upload a full stock backup so no one else has to go through the same process. That way it'll be easy for anyone to use the SP Flash Tool to do a factory reset cool.gif

The blocking two-minute donation prompt on launching WwR is pretty annoying, haha. I would donate to get rid of it - plus they really deserve the money - but the PayPal form's loaded in the app, which is pretty dodgy. I think I'd prefer the delays than risk having my payment details stolen via man-in-the-middle tongue.gif

Actually, I've just realised I could have simply readback only the boot image partition now that I know the partition layout from the scatterfile laugh.gif I think I'll do that next before working out the splitting.

Going at 29.53MB/s, it's 32% done as I post this! I'm excited, haha.

I've attached the scatterfile for anyone else interested in playing around biggrin.gif
Attached File(s)
Attached File  MT6771_Android_scatter__cosmo_full_stock.txt ( 17.63K ) Number of downloads: 8
 
Go to the top of the page
 
+Quote Post
ZimbiX
post Today, 06:46 AM
Post #19





Group: Members
Posts: 12
Joined: 22-December 18
From: Melbourne, Australia
Member No.: 838,517



Ok, I've extracted the boot image from the partition called 'boot' (using WwR on my full device backup), and patched it in Magisk Manager on the Cosmo. Here are the original and Magisk'd images:

boot.img: https://mega.nz/#!x8lXTKjT!kXjEjYGD...36v2Tbht3a4n1yQ
boot-magisk.img: https://mega.nz/#!U8sFVACI!J-TS3q11...V1YIVDipez05BvE

Flashing the Magisk'd image (with Sp Flash Tool v5.1916 using the scatterfile I uploaded), I'm unfortunately seeing this message on top of the splash screen:

QUOTE
Bad State

Your device has failed verification and may not
work properly.
Please download boot image with correct signature
or disable verified boot.
Your device will reboot in 5 seconds.


Flashing the original boot image back at least gets the Cosmo working again.

I'm terribly late for bed, so sadly I'll have to wait until the weekend to continue. We're so close now!

I'm guessing this error is where the bootloader unlocking comes in - @v3ritas: your turn!
Attached thumbnail(s)
Attached Image
 
Go to the top of the page
 
+Quote Post
peter
post Today, 07:56 AM
Post #20





Group: Members
Posts: 7
Joined: 18-March 18
Member No.: 819,369



QUOTE(ZimbiX @ Nov 21 2019, 10:46 AM) *
Ok, I've extracted the boot image from the partition called 'boot' (using WwR on my full device backup), and patched it in Magisk Manager on the Cosmo. Here are the original and Magisk'd images:

boot.img: https://mega.nz/#!x8lXTKjT!kXjEjYGD...36v2Tbht3a4n1yQ
boot-magisk.img: https://mega.nz/#!U8sFVACI!J-TS3q11...V1YIVDipez05BvE

Flashing the Magisk'd image (with Sp Flash Tool v5.1916 using the scatterfile I uploaded), I'm unfortunately seeing this message on top of the splash screen:

QUOTE
Bad State

Your device has failed verification and may not
work properly.
Please download boot image with correct signature
or disable verified boot.
Your device will reboot in 5 seconds.


Flashing the original boot image back at least gets the Cosmo working again.

I'm terribly late for bed, so sadly I'll have to wait until the weekend to continue. We're so close now!

I'm guessing this error is where the bootloader unlocking comes in - @v3ritas: your turn!


Last night I had success unlocking the bootloader using adb and fastboot per the instructions here: https://www.thecustomdroid.com/unlock-bootl...fastboot-guide/

This morning I installed the boot-magisk.img file using fastboot starting at step 12 of Method 2 here: https://www.thecustomdroid.com/install-magi...ndroid-devices/

Successfully booted, and Magisk is now installed, so I've got root? Maybe? I've always used SuperSU, so I need to learn how Magisk works.
Go to the top of the page
 
+Quote Post

2 Pages V  < 1 2
Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st November 2019 - 12:07 PM