Friday, December 7, 2012

Polaroid PMID4311 Hacking

Well, I was recently thinking about the Polaroid 4.3" Tablets and what other things that I could do to them. They come with Ice Cream Sandwich (4.0.4) already preinstalled and are semi-rooted. However, I considered the fact that since these devices were going to be given to my nieces (little girls), there is always the chance for little fingers to get busy and mess up the device. Therefore, having a Recovery option would be ideal as well as a few additional tools like BusyBox, Android Terminal, and Adaway. So, I then did some research and set out to find information on what hacking is available to this little device.

In this post, you'll see how to use LiveSuit/LiveSuite, root the device, install a functioning version of Clockwork Mod, and install Google Market.

LiveSuit / LiveSuite

The "Official" flashing tool used by this device (as well as other AllWinner A1x devices) is a free product called LiveSuit or LiveSuite (inconsistently used so I will just abbreviate it as "LS"). Because it doesn't have really any real English documentation, we must consult either the "Official Instructions" or find basic instructions elsewhere. For this and other reasons, some people just really don't like this Chinese flashing tool but we will be using it anyway for our purposes due to its convenience. Make sure you do not connect the device to the computer until you have installed the drivers!

Just an aside, the included documentation (opened by pressing the 'help' button) will just open the "LiveSuitEN.chm" file - which looks like this:

Installing LS

(Edit: I found a newer 1.11 version with text!)
  • Extract to your chosen "installation" directory
  • Run "LiveSuitPack_version_1.07_2011026.exe"
  • Install Driver Anyway
LS is now installed!

Flashing a ROM using LS (Stock or Custom)

  • Download and extract the Official Firmware if you don't already have it
  • Run "LiveSuit.exe"

  • Press "No"
  • In the UI, press the cube button to select your firmware.


  • Hold back while connecting cable to PC
  • Driver will install on first use


  • Release back button


  • Press "Yes"


  • Press "Yes"
  • Wait for process to complete


  • Press "OK"
  • Disconnect
  • Restart Tab

To exit program,  use this icon

because just pressing (X) button merely minimizes program

Installing Google Market (Optional)

  • Download Zip File
  • Extract to some location
  • Copy to SD card
  • On tablet, open directory in File Manager
  • Install OneTimeInitializer-signed.apk
  • Install SetupWizard.apk
  • Install vending-3.1.3-signed.apk
  • Press the "Home" button
    • Check the "open always with"
    • Select Launcher
  • Reboot

Rooting


Installing Clockwork Mod

Clockwork Mod 5.5.0.4 beta 15 is installed

How to enter Clockwork Mod
  • Shutdown tablet
  • press and hold Vol+
  • hold Power a few seconds
  • release power
  • release Vol+ when "Polaroid" appears on screen
Vol+ down, Vol- up, Power selects

Note: There is another way to install CWM via KK RomKit 9. This way, though simpler, installs a "Touch" version of CWM 5.5.0.4 that has issues: the touch doesn't work, the backup generated errors, and could not properly access the external sd card. The CWM beta 15 version installed above looks terrible but is completely functional.

CyanogenMod 10

There is a version of CyanogenMod 10 in progress by dolorespark,  though I believe it is not yet ready for daily use. If you want to try it out, you can download and install the LS image then just reinstall the official firmware mentioned earlier to go back to stock. This will install Clockwork Mod 6.0.1.2, CyanogenMod 10, and Google Play. However, I have encountered several problems with its current version (4311-cm10-dopa-20121204.zip)

The screen constantly needs resizing for everything. This is first seen during the initial setup.

Normal


Resized


Again, it appears most prominently on the apps screen.

Normal


Resized


I also had some problems getting into particular parts of the system, and the CyanogenMod 6.0.1.2 works for the most part, but the 5.5.0.4 b15 is still superior in functionality. Bottom line, it is a good start, but not yet ready for prime time.

Tuesday, December 4, 2012

Updating the x10i (x10 Mini Pro)

The Xperia x10 mini pro is a cool little phone. Has pretty much everything anyone would every need in a device that's like 4.5"x2"x1". Basically, a block of coolness. Has Bluetooth, 5MP camera, LED Flash, Wifi, sdcard, slide-out keyboard, headphone jack, FM Radio, and a few other goodies. I picked it up in Germany probably around '07/'08 and it has been like a part of me. It's also got a modified QWERTY keyboard (QWERTZ) due to its source location. As an added benefit, it came with an unlocked SIM and it has been used around the world.



Unfortunately, Sony Ericsson (no relation to me) just stopped supporting it. Last version of Android they made available was 2.1 (Eclaire). Even then, there were still problems with the software. Then I remembered the XDA forums that I had used for the hacking of my old T-Mobile MDA. Lo and behold, the x10i had a community group. From there, I was able to root the device, install a custom recovery, unlock the bootloader, and install MiniCM7 (Gingerbread). That's when I became, truly, a XDA member and supporter.

Even with the post-market support, the little genie inside is getting a little past its prime. JB on a quad-core supporting GBs of storage and RAM just blow its little 600 MHz / 2 GB / 256MB configuration out of the water. However, thanks to the dedication of NobodyAtAll (abbrev'd as nAa), there are attempts at bringing the little guy up to standards. Granted, it can't run real JB, but nAa is working on a JB-variant of his ICS implementation that should be close enough.

Necessary Files:


Procedure

Start off by installing Flashtool which will allow us the ability to change firmwares and kernels. You will probably need to install Flash Mode drivers (located in the Flashtool "drivers" directory) so that your device can be accessed from the PC.

Take the U20_nAa-jb-03_2.6.29.6-nAa-jb-03.ftf file and place it into the "firmwares" directory so that we can use it in Flashtool.

Boot phone into "Flash Mode" in this fairly straight-forward fashion:
  • Turn off phone
  • Connect cable to phone
  • Press and Hold Back Button
  • Plug in device to PC
  • Continue holding Back a few seconds (Green LED will turn off)
  • Wait
  • Device should now have orange LED
Start up Flashtool, if not already done.


Press the lightning bolt icon on the top left. In the popup that appears, select "Flashmode" and press ok. Another window will come up for selecting the firmware to install.


Select the nAa-jb-03 option and press ok. Another window will appear, providing instructions on how to begin the flashing process.


This is pretty much what you did before. Unplug, turn off, press and hold back, reinsert, release back. Once this is performed, the flashing process will start and will be done before you know it.



From that point, unplug the phone and turn it on. It will automatically go into Clockwork Mod (which was installed as part of the firmware).



In CWM, perform these actions:
"Mounts & Storage"
  • format /system
  • format /data
  • format /cache.
"Install zip from sdcard"
  • Choose zip from sdcard
  • MiniCM10-4.0.2-mimmi.zip
  • Choose zip from sdcard
  • gapps-jb-nAa-20121119-signed.zip
Now, you merely need to reboot the phone and wait 2 minutes for the initial startup to complete. You'll be presented with a new-fangled snazzy bootup image to greet you.



From there, you can begin the setup process.


Funny point to note: Initially, I thought someone misspelled "Skip Start" as "Skype Start". No, those are actually overlapping buttons. The 'X' is for Skype (and I saw once turn to "Emergency Call"), and the button underneath is "Start". Anyway, hit the "Start" button and do the setup wizard.

Once all of this is done, you'll have [what we can call, anyway] JellyBean on the x10 Mini Pro!



Look at all of that goodness!



Now, remember that our little buddy here doesn't have the resources JB likes. To speed things up a little bit, here's some performance tweaks:

Settings->Performance->Processor
  • Undervolt the CPU
  • Set on Boot
Settings->Performance->Memory Management
  • Kernel samepage merging

Settings->Developer Options
  • Debugging - Android Debugging
  • Debugging - USB debugging notify
  • APPS - Kill app back button
Let's hear it for nAa and his associates for keeping this little guy alive!

Updating the TF700

Ok, I've had this device for a while now and so far have only rooted it with DebugFS and unlocked the Bootloader with the ASUS Bootloader Unlocker Tool. I have never updated and haven't done any hacking. What I plan to do now is get NVFlash, CWM, and a new ROM installed.

A few notes before getting started:

  • Left Volume = Volume Down
  • Right Volume = Volume Up
  • Power + Left Volume = Menu with Fastboot option (USB symbol). Left changes, Right selects.
  • Power + Right Volume = APX mode (screen stays blank)
  • Sequence for booting modes
    • Push button (Left or Right volume) and hold
    • Push Power and hold
    • Device vibrates
    • Release Power
    • Release Button at appropriate time
  • APX Mode is a super low-level diagnostics mode that can allow NVFlash to write to any partition.
  • NVFlash is a program that allows primitive access to the system. It can only be used on the TF700 if the bootloader is ICS-based (that means pre-9.4.5.30).
  • Recovery Mode is a mode that allows for the manipulation of the system fom outside of the operating system. This can be used to backup the current system, restore the system, or install ROMs.
  • Fastboot Mode is a mode that allows for flashing files via USB.
  • Instructions for installing NVFlash was found at AndroidRoot.mobi (most files are from there)
  • Important! Rom Manager does not work on the TF700 and can brick the device!
  • It's best to have a microSD installed for backups and for ROM zips.

Necessary Files

Device Drivers (modified Universal Naked Drivers to support the TF700)
Fastboot (to perform device modifications via USB)
NVFlash Binaries (Program to get our device backup files)
TF700 NVFlash pack (NVFlash Support files for TF700)
Clockwork Mod Recovery (Recovery to allow install of new ROMs)
Stock Root ODEX ROM (Transitional ROM to update Bootloader)
Any Custom ROM

APX Drivers

Starting off, I needed to extract the drivers from the zip file. Doesn't really matter where, just that they need to be easily found for the installation. After that put the TF700 into APX Mode (Power + Right Volume) then plug it into the computer. The computer will see the device and not find drivers for it so select the contents of the extracted zip and install those. Windows will show a notification that the drivers aren't signed but install them anyway.

Fastboot Drivers

Restart the device but this time go into Fastboot Mode. This requires the use of the Power + Left Volume combination. Hold the Left Volume until messages start appearing ("Checking RCK Image") and then release the button. Wait a few seconds and a small menu will come up. There will be 10 seconds to select the USB Symbol (press left volume, then right volume) or it will just boot normally. This will place the device into Fastboot Mode and the computer will see it as a different device to which is does not have drivers. Install the same drivers as those done for APX mode.

Flashing Modified ICS Bootloader With NVFlash

Extract the fastboot files somewhere then copy the contents of the NVFlash pack into that directory. Start a commandline session as Administrator (Start -> Accessories -> Right-Click "Command Prompt" and "Run as Administrator"), then change to that fastboot directory.

Use the command to replace the bootloader
fastboot -i 0x0b05 flash staging ebtblob.bin

Then run this command to reboot the device
fastboot -i 0x0b05 reboot



The "The Device is UnLocked" message will be replaced by "AndroidRoot 9.4.3.30r01" and the ASUS Logo will be fractured and distorted. This indicates that the bootloader has been properly replaced and NVFlash accessibility is now available.


Backing Up Device

Go back into APX Mode and make sure there is still a command prompt session for fastboot.
fastboot -i 0x0b05 boot nvfblobgen.img



The process is very short, but it will return an error quickly. It can take between 20-30 seconds but when completed, the device will restart on its own. The generated files are in /sdcard/AndroidRoot/ and all of them are necessary. For some reason, my PC just showed them as little drives but when I copied the files to the microSD, I could then see the files correctly. The error resolved itself after restarting the device again. No idea why the issue nor why the resolution.

Backup the resulting files and then copy them into the fastboot directory.
Extract the NVFlash binaries zip then start NVFlash with the following command.
wheelie --blob blob.bin



Now we can generate a few other files that will complete our brick-prevention archive.
nvflash --resume --rawdeviceread 0 2944 bricksafe.img

nvflash --resume --read 14 factory-config.img

nvflash --resume --read 7 unlock-token.img



These files will be saved into the nvflash directory. Copy them into the place the original blob files are archived.

Clockwork Mod Recovery

Put the recovery image (recovery-jb-touch.img) into the fastboot directory then run the following command.
fastboot -i 0x0B05 flash recovery recovery-jb-touch.img


After rebooting, CWM can now be accessed via Power + Left Volume, then click Right Volume during "Check RCK image". From there, it's best to make a backup just in case things go awry.



Now that there are NVFlash backups and CWM backups, pretty much anything can be installed without worry. Before continuing, I'll add a little reminder here to backup whatever you want to keep. Some things to consider:

Back up SMS stuff
Create an App List
Backup contacts via Sync with Google or onto SD
Titanium Backup is not really an option because it doesn't make the ICS -> JB transition well

Updating the Bootloader (Optional and Dependent on ROM)

Since many of the available custom ROMs are dependent on Jelly Bean, that means changing Bootloaders because the version that was installed earlier for allowing NVFlash is an ICS Bootloader (thus, unable to run those ROMs). To do this update, we need to install a ROM that actually contains the update for the Bootloader. Otherwise, any ROMs that require the Bootloader update will fail. Just to test this, I went ahead and tried to install CleanROM. All went swimmingly until something was installed that didn't work for whatever the reason, CWM choked, device restarted, and I entered a bootloop. Thanks to the backup I had made, I was able to restore that and went back to a functional system - but still the same old ICS Bootloader.

Copy the Stock Root ODEX zip file to the microSD card. then in CWM, perform a Wipe Data/Factory Reset. This will clear off all data from the system so make sure anything you want saved is properly backed up. Go to "Install zip from sdcard", "Choose zip from sdcard", then select the Stock Root ODEX zip file and confirm. When it first starts the installation, it will appear to hang for some seconds. Just let it be and then magic will start happening.



After some time, it will finish its install and go back to the CWM menu. Select "Reboot system now" and go through the entire setup process because this update does more than merely update the bootloader. When that is done, we can now install any JB ROM we like - even the fabled Cyanogenmod. Just like before, merely copy the appropriate zip to the memory card, wipe the data, and install from sdcard.

Additional note, to go back to the stock OS, one can merely download the ASUS Firmware update, extract the zip file, take that internal zip file, place it onto the card, and install via CWM. Pretty handy!

Monday, December 3, 2012

Christmas presents for the nieces

Big Lots had a sale on Polaroid 4.3" Tablets on Sunday for $50. Also, HP 16GB microSD cards (class 4) were $10. There's also a Duracell USB charger that was $5.

The tablets are pretty nice: 480x272 screen, multitouch, 512 MB RAM, 4 GB internal, bgn Wifi, microSD card slot (up to 32 GB), headphone jack, External speaker, VGA front-facing camera, Android 4.0.4. The battery lasts pretty long - watched all of Snow White and the Seven Dwarves (1:30) and it took up 16% of the battery. The movie was downconverted using AVC Free to 480x270 with a bitrate 768 encoded with x264: 534 MB.

I tested the tablets' features (wifi, speaker, USB, touch response, etc), put some Disney movies on the memory cards (8 GB was ~30min), charged tablets and put chargers in with the tablets.

Hopefully, these will give the girls (ages 6 & 5) a reason to not play with my sister's and brother-in-law's new phones.

Blog Test

Starting a blog o' crap. Testing how stuff works.