EditorDZ Posted July 21, 2015 Report Share Posted July 21, 2015 I appreciate both of your efforts! Quote Link to post Share on other sites
bass_rock Posted July 21, 2015 Report Share Posted July 21, 2015 Ok so update here. I was able to modify the script to break apart and resign the android boot.img. I used this to modify the init.rc to add the sdcard0 logging that AdamOutler recommended. However, that logging never shows up on the sdcard, although it does seem on boot that it is waiting for something. It is good to note that the script below should only be used to modify the 8100 Firmware for now, as it contains the headers for such. Eventually we can make the script more compatible, but we need it to help us fix one deck first. Also to be clear, I used the script to modify the 1.03 8100 firmware, then renamed it to load on the 8000 NEX, where no logging showed up on the sdcard when it should have. #! /bin/bash # AVIC.sh - Unpacks SYSTEM.img from the AVIC firmware for modification, waits for an input, then repackages. # THIS FILE AND DERRIVITIVE WORKS ARE SUBJECT TO ALL TERMS OF LICENSING BELOW! # License: # Term 0: If you modify this file, you must share any changes with the file creators and/or publicly on AVIC411.com # Term 1: If you find a new use, share changes on AVIC411.com # Term 2: If it worked say thanks. # Term 3: IF anyone claims this is black magic, I'm going to flip. # By bass_rock http://avic411.com/index.php?/user/116652-bass-rock/ # Heavily modified by AdamOutler adamoutler@gmail.com # http://avic411.com/index.php?/topic/80945-upgrading-nex4000-to-nex4100-work-in-progress/page-19#entry332704 # Modified by bass_rock to edit the kernel and only to be used on the 8100 for now #this function is called when system is not Linux, user is not root, or user did not specify a file usage() { echo "usage:" echo " AVIC.sh /path_to/firmware.zip [AVIC Model] [AVIC firmware version]" echo "where AVIC Model = 5000, or 8100" echo "where AVIC firmware version = 140 or 150" echo "make sure that mkbootimg is in a folder mkbootimg_tools next to this script" exit } #exit on any error set -e #verify system is Linux and user is root and specifed a file test "$(uname)" = "Linux" || $(echo "this only works on linux" && usage) test $(id -u) -eq "0" || $(echo "you must run as root" && usage) test -z "$1" && $(echo "you must specify a file" && usage) #set variables for use (default AVIC-5000NEX, Version 140) AVICZIP="$1" m=$2 model=${m:="5000"} v=$3 version=${v:="140"} #create absolute paths for reference workdir=$(pwd)"/work" imageDir="$workdir/AVIC${model}NEX/PLATFORM" SYSTEMmount="$workdir/AVIC${model}NEX/PLATFORM/SYSTEM" #set up file and extract properly mkdir -p $workdir/ unzip -o "$AVICZIP" -d $workdir/ cd "$imageDir" #remove header from image dd if=PJ${version}PLT.PRG of=PJ${version}PLT.IMG bs=512 skip=1 dd if=PJ${version}PLT.PRG of=PJ${version}PLT.HEADER bs=512 count=1 #ignore errors while we create a new folder for working with image set +e umount "$SYSTEMmount" 2>&1 test -e "$SYSTEMmount" && rm -rf "$SYSTEMmount" mkdir $SYSTEMmount set -e #mount the image mount PJ${version}PLT.IMG "$SYSTEMmount" echo "You can now modify the img located in" echo "$SYSTEMmount" read -n 1 -p "Press any key to continue" isdone sync #ensure all changes are written to disk defaultheader="00060301010000000100000000000000504A313530504C5402100000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" #get image size # for mac # SIZE="$(stat -f%z PJ${version}PLT.IMG)" #for linux SIZE="$(stat -c%s PJ${version}PLT.IMG)" echo "IMG size is: $SIZE" #We have to swap the hex values from big endian to little endian cause the NEX is arm. UNSWAPPEDHEXSIZE="$(printf '%x\n' $SIZE)" vSIZE="$UNSWAPPEDHEXSIZE" SWAPPEDHEXSIZE="${vSIZE:6:2}${vSIZE:4:2}${vSIZE:2:2}${vSIZE:0:2}" UNSWAPPEDHEXCRC="$(crc32 PJ${version}PLT.IMG)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped size hex is: $UNSWAPPEDHEXSIZE" echo "Swapped size hex is: $SWAPPEDHEXSIZE" echo "Unswapped crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped crc hex is: $SWAPPEDHEXCRC" #create new header perl -e "print pack 'H*', 'A55A5AA5${SWAPPEDHEXSIZE}${SWAPPEDHEXCRC}${defaultheader}'" > PJ${version}PLT.HEADERNEW cat PJ${version}PLT.HEADERNEW PJ${version}PLT.IMG > PJ${version}PLT.PRG rm -rf PJ${version}PLT.IMG rm -rf PJ${version}PLT.HEADERNEW defaultheaderver="A55A5AA5C00000000006030101000000010000002C000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000000100000050004C004100540046004F0052004D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000050004A0031003500300050004C0054002E005000520047000000000000000000000000000000000000000000000000000000000000000000" SIZE="$(stat -c%s PJ${version}PLT.PRG)" echo "PRG size is: $SIZE" UNSWAPPEDHEXSIZE="$(printf '%x\n' $SIZE)" vSIZE="$UNSWAPPEDHEXSIZE" SWAPPEDHEXSIZE="${vSIZE:6:2}${vSIZE:4:2}${vSIZE:2:2}${vSIZE:0:2}" UNSWAPPEDHEXCRC="$(crc32 PJ${version}PLT.PRG)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped prg size hex is: $UNSWAPPEDHEXSIZE" echo "Swapped prg size hex is: $SWAPPEDHEXSIZE" echo "Unswapped prg crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped prg crc hex is: $SWAPPEDHEXCRC" perl -e "print pack 'H*', '${defaultheaderver}${SWAPPEDHEXSIZE}${SWAPPEDHEXCRC}A55A5AA5'" > PJ${version}PLT.VERSTART UNSWAPPEDHEXCRC="$(crc32 PJ${version}PLT.VERSTART)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped verstart crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped verstart crc hex is: $SWAPPEDHEXCRC" perl -e "print pack 'H*', '${SWAPPEDHEXCRC}'" > PJ${version}PLT.VERSTART1 cat PJ${version}PLT.VERSTART PJ${version}PLT.VERSTART1 > PJ${version}PLT.VER rm -rf PJ${version}PLT.VERSTART rm -rf PJ${version}PLT.VERSTART1 rm -rf PJ${version}PLT.HEADER rm -rf ../PJ150PLT.VER mv ./PJ150PLT.VER ../PJ150PLT.VER cd "$workdir" umount "$SYSTEMmount" test -e "$SYSTEMmount" && rm -rf "$SYSTEMmount" #Lets modify the kernel now dd if="$workdir/AVIC${model}NEX/BOOT/PJ${version}BOT.PRG" bs=512 skip=1 of="$workdir/AVIC${model}NEX/BOOT/boot.img" #dd if="$workdir/AVIC${model}NEX/RECOVERY/PJ${version}REC.PRG" bs=512 skip=1 of="$workdir/AVIC${model}NEX/RECOVERY/recovery.img" cd "$workdir/AVIC${model}NEX/BOOT" abootimg -x boot.img echo "Renmove the boot size in bootimg.cfg" read -n 1 -p "Press any key to continue" isdone "$workdir/../mkbootimg_tools/mkboot" ./boot.img ./newUnpack echo "You can now modify the ramdisk in" echo "$workdir/AVIC${model}NEX/BOOT/newUnpack" read -n 1 -p "Press any key to continue" isdone sync #ensure all changes are written to disk "$workdir/../mkbootimg_tools/mkboot" ./newUnpack ./newBootImage.img #Lets work with the boot one first. rm -rf "$workdir/AVIC${model}NEX/BOOT/PJ${version}BOT.PRG" mv newBootImage.img "PJ${version}BOT.IMG" defaultheader="00060301010000000100000000000000504A313530424F5402100000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" #get image size # for mac # SIZE="$(stat -f%z PJ${version}BOT.IMG)" #for linux SIZE="$(stat -c%s PJ${version}BOT.IMG)" echo "IMG size is: $SIZE" #We have to swap the hex values from big endian to little endian cause the NEX is arm. UNSWAPPEDHEXSIZE="$(printf '%x\n' $SIZE)" vSIZE="$UNSWAPPEDHEXSIZE" SWAPPEDHEXSIZE="${vSIZE:6:2}${vSIZE:4:2}${vSIZE:2:2}${vSIZE:0:2}00" UNSWAPPEDHEXCRC="$(crc32 PJ${version}BOT.IMG)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped size hex is: $UNSWAPPEDHEXSIZE" echo "Swapped size hex is: $SWAPPEDHEXSIZE" echo "Unswapped crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped crc hex is: $SWAPPEDHEXCRC" #create new header perl -e "print pack 'H*', 'A55A5AA5${SWAPPEDHEXSIZE}${SWAPPEDHEXCRC}${defaultheader}'" > PJ${version}BOT.HEADERNEW cat PJ${version}BOT.HEADERNEW PJ${version}BOT.IMG > PJ${version}BOT.PRG rm -rf PJ${version}BOT.HEADERNEW rm -rf PJ${version}BOT.IMG rm -rf boot.img rm -rf bootimg.cfg rm -rf initrd.img rm -rf zImage rm -rf newUnpack #lets work on the ver file defaultheaderver="A55A5AA5C00000000006030101000000010000002C000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000000100000042004F004F00540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000050004A0031003500300042004F0054002E005000520047000000000000000000000000000000000000000000000000000000000000000000" SIZE="$(stat -c%s PJ${version}BOT.PRG)" echo "PRG size is: $SIZE" UNSWAPPEDHEXSIZE="$(printf '%x\n' $SIZE)" vSIZE="$UNSWAPPEDHEXSIZE" SWAPPEDHEXSIZE="${vSIZE:6:2}${vSIZE:4:2}${vSIZE:2:2}${vSIZE:0:2}00" UNSWAPPEDHEXCRC="$(crc32 PJ${version}BOT.PRG)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped prg size hex is: $UNSWAPPEDHEXSIZE" echo "Swapped prg size hex is: $SWAPPEDHEXSIZE" echo "Unswapped prg crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped prg crc hex is: $SWAPPEDHEXCRC" perl -e "print pack 'H*', '${defaultheaderver}${SWAPPEDHEXSIZE}${SWAPPEDHEXCRC}A55A5AA5'" > PJ${version}BOT.VERSTART UNSWAPPEDHEXCRC="$(crc32 PJ${version}BOT.VERSTART)" vCRC="$UNSWAPPEDHEXCRC" SWAPPEDHEXCRC="${vCRC:6:2}${vCRC:4:2}${vCRC:2:2}${vCRC:0:2}" echo "Unswapped verstart crc hex is: $UNSWAPPEDHEXCRC" echo "Swapped verstart crc hex is: $SWAPPEDHEXCRC" perl -e "print pack 'H*', '${SWAPPEDHEXCRC}'" > PJ${version}BOT.VERSTART1 cat PJ${version}BOT.VERSTART PJ${version}BOT.VERSTART1 > PJ${version}BOT.VER rm -rf PJ${version}BOT.VERSTART rm -rf PJ${version}BOT.VERSTART1 rm -rf ../PJ150BOT.VER mv ./PJ150BOT.VER ../PJ150BOT.VER Quote Link to post Share on other sites
bass_rock Posted July 22, 2015 Report Share Posted July 22, 2015 Also so that work is not duplicated. I am working on simplifying this script and allowing more modifications to the recovery partition as well. I think that it is possible the recovery overwrites the boot partition on each boot. Quote Link to post Share on other sites
AdamOutler Posted July 22, 2015 Report Share Posted July 22, 2015 I can't get my device working without an 8100 SDCard and it's just not proper to RMA the device. I'm really hoping an employee with access to the raw SD Image is reading this and can help. I can keep things anonymous.I'm also exploring JTAG but I've really screwed with the firmware on my unit so JTAGing a broken firmware will only get us so far and won't allow me to restore my device. If it comes to JTAG, does someone have an x1xx unit or SDCard I can use to pull a pristine 8gb image? Quote Link to post Share on other sites
bass_rock Posted July 22, 2015 Report Share Posted July 22, 2015 @AdamOutler here is an SDCard part on Pioneer's site that is supposed to the the 8100. http://parts.pioneerelectronics.com/part.asp?productNum=CXX7606 If we can get the sdcard password, I could then get image my sdcard (from an 8000 but should work since they can update each other) and hand off. Did the SDCard from the 5000 not work? Quote Link to post Share on other sites
bass_rock Posted July 22, 2015 Report Share Posted July 22, 2015 Ok created a much nicer script here: https://code.casual-dev.com/xCwa It works for all firmware versions and models. It will open up the android recovery, boot, and system folders; wait for edits, and then it will repackage the rom up into a flushable firmware with the correct checks. Quote Link to post Share on other sites
bass_rock Posted July 22, 2015 Report Share Posted July 22, 2015 So sadly, I modified init.rc with a command that fails and now causes my unit to boot loop. (put a simple touch logs.txt for each storage device, a bit stupidly so when it fails the system reboots) However the above script works perfectly to start us in the direction of custom firmware. And if someone has knowledge of bsp and android we can add to the init.rc scripts to dump the sd password. I am working on an idea I have to hopefully recover my unit. Hopefully will have news soon. Quote Link to post Share on other sites
gotofbi Posted July 22, 2015 Report Share Posted July 22, 2015 Before considering about password, we dont even have proper way to dump SD card with password. fail0verflow used Novena with custom kernel to get over this problem. I dont think anybody in this forum has Novena. So as I mentioned previously, making Raspberry Pi to support CMD42 is necessary to dump SD card (Not sure it will work or not though) Quote Link to post Share on other sites
bass_rock Posted July 22, 2015 Report Share Posted July 22, 2015 Agreed. My plan was to use Novena, but first we must get the password. Also here is some modifications to AdamOutlers Mapping: common name - associated ver file - location in update boot.img - BOT.VER - BOOT/BOT.PRG bootloader - BTL.VER - n/a UNKNOWN - BT.VER GPS/GPS.PRG userdata - DAT.VER - USERDATA/DAT.PRG UNKNOWN - DTV.VER - DTV/DTV.PRG 2nd recovery.img - ERY.VER - RECOVERYEASY/ERY.PRG (runs if the deck cannot read the sdcard and is loaded into some memory) UNKNOWN - GPS.VER - GPS/GPS.PRG UNKNOWN - OPN.VER - PG150OPN/OPN.PRG system.img - PLT.VER - PLATFORM/PLT.PRG recovery.img - REC.VER - RECOVERY/REC.PRG UNKNOWN - WWR.VER - WWR/WWR.PRG UNKNOWN - SNAPSHOT.VER SNAPSHOT/SNAPSHOT.PRG HIBENDIR HIBENDIR (Special partition) Based on the fail0verflow blog the sd card for a 5000NEX partition should look like this: Disk /dev/mmcblk1: 8069MB Sector size (logical/physical): 512B/512B Partition Table: msdos Number Start End Size Type File system MY Findings: 1 538MB 548MB 10.5MB primary android boot A BOOT/BOT.PRG 2 548MB 559MB 10.5MB primary android boot B 3 559MB 1830MB 1271MB extended 5 559MB 590MB 31.5MB logical android recovery A RECOVERY/REC.PRG 6 590MB 622MB 31.5MB logical android recovery B RECOVERYEASY/ERY.PRG ? 7 622MB 1159MB 537MB logical ext4 /system PLATFORM/PLT.PRG 8 1159MB 1293MB 134MB logical ext4 /cache 9 1293MB 1830MB 537MB logical ext4 /data USERDATA/DAT.PRG 4 1830MB 7702MB 5872MB primary ext4 /extdata Also, I have modified the code to now also open the USERDATA PRG and the EASYRECOVERY for editing. https://code.casual-dev.com/5nP3 From what I can tell, the PRGS basically contain images that get flashed to the partitions of the SDCard. So if we can map those partitions to a PRG file we SHOULD be able to basically build sdcards from the update files. At least this is my theory based on what I can tell. I can not tell what SNAPSHOT or OPN are. They do not appear to be ANDROID images and SNAPSHOT will not mount like a ext partition. I think that HIBENDIR is the LineoWARP http://www.lineo.co.jp/modules/products/warp2.htmland it is possible the SNAPSHOT file goes with this. Quote Link to post Share on other sites
AdamOutler Posted July 22, 2015 Report Share Posted July 22, 2015 Very good work. that's the entire android system, there. We just need a fool-proof way to recover devices. If you can figure out how to deodex your SYSTEM.img (/system/framework and /system/app), and test it to verify your device boots up properly, I can rewrite the code to remove the warning screen. @AdamOutler here is an SDCard part on Pioneer's site that is supposed to the the 8100. http://parts.pioneerelectronics.com/part.asp?productNum=CXX7606 If we can get the sdcard password, I could then get image my sdcard (from an 8000 but should work since they can update each other) and hand off. Did the SDCard from the 5000 not work? I ordered this SDCard. it's on back order. I requested that it come without encryption/sdcard lock in the special requests field. They obviously need to make new ones anyway, maybe they could just not lock the SDCard before sending it. I'd hope I don't have to send my device out for JTAG. I have something lined up, but it's expensive and I'm not earning money on this. Quote Link to post Share on other sites
AdamOutler Posted July 22, 2015 Report Share Posted July 22, 2015 On the SDCard image. please check these locations "0x250000 (and 0x260000)". When opened with a Hex Editor, you should see " a bunch of zeroes … and a 16-byte ASCIIstring hiding there. This is our password." https://fail0verflow.com/blog/2014/enhancing-the-avic-5000nex.html Quote Link to post Share on other sites
WhatIsWhatIsWhatIsWhat Posted July 22, 2015 Report Share Posted July 22, 2015 [deleted post] Quote Link to post Share on other sites
AdamOutler Posted July 22, 2015 Report Share Posted July 22, 2015 He said password stored in flash, not in SD card. How CPU can access SD card to read password without having SD card password? I thought SDCard was the flash on this device. There is a second storage? Quote Link to post Share on other sites
WhatIsWhatIsWhatIsWhat Posted July 22, 2015 Report Share Posted July 22, 2015 [deleted post] Quote Link to post Share on other sites
gotofbi Posted July 22, 2015 Report Share Posted July 22, 2015 I thought SDCard was the flash on this device. There is a second storage? https://fail0verflow.com/media/img/avic/cpu-top-large.jpg MX29LV640ETTI is 64Mbit NOR flash that contains U-Boot Very good work. that's the entire android system, there. We just need a fool-proof way to recover devices. If you can figure out how to deodex your SYSTEM.img (/system/framework and /system/app), and test it to verify your device boots up properly, I can rewrite the code to remove the warning screen. I ordered this SDCard. it's on back order. I requested that it come without encryption/sdcard lock in the special requests field. They obviously need to make new ones anyway, maybe they could just not lock the SDCard before sending it. I'd hope I don't have to send my device out for JTAG. I have something lined up, but it's expensive and I'm not earning money on this. Not sure if Pioneer going to lock it or not, but make sure to dump before you insert into 8100 I remember that reading post that NEX automatically locks SDCard with the password that stored inside flash. So, make sure to try dump first, otherwise you would not be able to dump it anymore (unless you have password) Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.