Jump to content

Acer Gallant Duo root / hacking tools


Guest PaulOBrien

Recommended Posts

@redviolin83

Thank you for your post. I will take a look to this product, but it seems to be well supported (at least with software, ROM, root, CWM etc...). Also it is convenient for European buyers. Now I have to look in more details about the product specification.

Link to comment
Share on other sites

@adamenko

As far as I understand, you simply use the Flash Tool but not the 'download' tab (which is flashing the phone), but the 'Read' tab (which is save/backup).

So you can backup all partitions.

Other maybe easier way is to go to Acer site, and download their ROM. There is a EUU.exe that takes care of flashing the phone from scratch. So this is not backup the phone, but resetting all the phone to original (up to the released level of the ROM). This should work even if your phone is bricked.

Link to comment
Share on other sites

@lucky76

I am glad that there are people like you working to get a functional CWM recovery for the Liquid Gallant.

I will append more information, but I know (and tested) that Onandroid backup script can backup /boot :

Online Nandroid backup :

http://forum.xda-dev...d.php?t=1620255

Online Nandroid backup

https://play.google....r3t1c.onnandbup

has a patch file for the Gallant, and is having problem backuping recovery too (refer to execution log below).


Command:

'/mnt/sdcard2/MyBackups/scripts/backup_onandroid.sh'

=

onandroid --phone --old --storage /mnt/sdcard2


-------------

##########################################

Online Nandroid Backup v6.12

* A tool to perform a nandroid backup

without booting into recovery.

* It is fully compatible with nandroid.

* Type 'onandroid --help' for usage

instructions.

* Created by Ameer Dawood

##########################################


Aborted

13:57:28 Checking for root permissions...

13:57:28 Root permissions acquired!

13:57:28 Analysing battery level...

/system/bin/onandroid[346]: [: charging: unexpected operator/operand

13:57:28 Sufficient battery available!

13:57:28 Checking version of BusyBox installed...

13:57:28 BusyBox version 1.20 or above installed!

13:57:28 Searching for SD card...

13:57:28 Alternate storage media provided!

13:57:28 Checking for required tools...

13:57:28 All required tools available!

13:57:29 Checking disk space...

13:57:29 SD Card Free Space: 10104 MB

13:57:29 Required Space: 1658 MB

13:57:29 Necessary disk space available!

13:57:29 Detecting mountpoints to exclude...

13:57:30 Backing up to /mnt/sdcard2/clockworkmod/backup/2012-10-26.13.57.28

13:57:30 Backing up /boot...100%

13:57:32 /recovery not found! Skipping backup of /recovery!

13:57:32 Backing up /system...100%

13:58:15 Backing up /data...100%

13:59:50 Backing up /cache...100%

13:59:54 Backing up .android_secure...100%

14:00:49 sd-ext not found! Skipping backup of sd-ext!

14:00:52 Generating md5sum...100%

14:02:35 Verifying md5sum...100%

14:02:35 Online Nandroid Backup Completed in 5 minutes 7 seconds!

---

ls -l /mnt/sdcard2/clockworkmod/backup/2012-10-26.13.57.28

total 2889217

----rwxr-x 1 system sdcard_r 5242880 Oct 26 15:57 boot.img

----rwxr-x 1 system sdcard_r	 11264 Oct 26 15:59 cache.ext4.tar

----rwxr-x 1 system sdcard_r 988898304 Oct 26 15:59 data.ext4.tar

----rwxr-x 1 system sdcard_r	 249 Oct 26 16:02 nandroid.md5

----rwxr-x 1 system sdcard_r 485040640 Oct 26 15:58 system.ext4.tar

~ #

Edited by hapx
Link to comment
Share on other sites

Hi hapx

i tried backup boot.img and i have problem.

----rwxr-x 1 system sdcard_r 5242880 Oct 26 15:57 boot.img -----> not correct.

For my backup i have used cwm 6.0.1.5 and if i use /boot emmc /dev/boot ---> backup on cwm stop here with error of boot.img but save this file same byte 5242880

I have take this file but not correct boot.img. I used tool for boot and recovery and HTC Android kitchen but not chance to open this file.

If i use partlayout4nandroid of onlinebackup i see this:

dev: size erasesize name

mmcblk0p1: 000020 000002 "ebr1"

mmcblk0p2: 10f720 100000 "cache"

mmcblk0p3: 20ff20 200000 "userdata"

mmcblk0p4: 410720 3328e0 "emmc"

mmcblk0p5: 009f00 002800 "boot"

mmcblk0p6: 00ef20 100000 "system"

But for me mmcblk0p5 is ----> emmc@sec_ro -> /dev/block/mmcblk0p5

Link to comment
Share on other sites

Hello,

Some ideas and comments:

1) If at least we have a CWM allowing execution of unsigned zip, has busybox and su, and access to shell,

this would help a lot.

2) Then for backuping the whole system, maybe then inside the CWM we can invoke script (.sh) using something

similar to this : MTK-6573-BakUpTool.rar

http://forum.xda-developers.com/showthread.php?t=1683883

3) With point 1), at least backup and restore with 'dd' should be possible.

4) Maybe with the scatter file, the vold.fstab in recovery mode, the mount command result,

the updater-script and shell sccript (\recovery\etc\install-recovery.sh), boot.img and recovery.img from official ACER ROM,

developers would arrive to a working solution by studying them. Since the ROM shell scripts contain script instructions to update/format

boot and recovery 'partition'.

Link to comment
Share on other sites

Hi hapx

I see this

shell@android:/ # cat /proc/dumchar_info

Part_Name	Size	StartAddr	Type	MapTo

preloader	0x0000000000040000 0x0000000000000000 2 /dev/misc-sd

dsp_bl	 0x00000000005c0000 0x0000000000040000 2 /dev/misc-sd

mbr		 0x0000000000004000 0x0000000000000000 2 /dev/block/mmcblk0

ebr1		 0x000000000005c000 0x0000000000004000 2 /dev/block/mmcblk0p1

pmt		 0x0000000000400000 0x0000000000060000 2 /dev/block/mmcblk0

nvram		0x0000000000300000 0x0000000000460000 2 /dev/block/mmcblk0

seccfg	 0x0000000000020000 0x0000000000760000 2 /dev/block/mmcblk0

uboot		0x0000000000060000 0x0000000000780000 2 /dev/block/mmcblk0

bootimg	 0x0000000000600000 0x00000000007e0000 2 /dev/block/mmcblk0

recovery	 0x0000000000600000 0x0000000000de0000 2 /dev/block/mmcblk0

sec_ro	 0x0000000000600000 0x00000000013e0000 2 /dev/block/mmcblk0p5

misc		 0x0000000000060000 0x00000000019e0000 2 /dev/block/mmcblk0

logo		 0x0000000000300000 0x0000000001a40000 2 /dev/block/mmcblk0

expdb		0x00000000000a0000 0x0000000001d40000 2 /dev/block/mmcblk0

ebr2		 0x0000000000004000 0x0000000001de0000 2 /dev/block/mmcblk0

android	 0x0000000020100000 0x0000000001de4000 2 /dev/block/mmcblk0p6

cache		0x0000000020100000 0x0000000021ee4000 2 /dev/block/mmcblk0p2

usrdata	 0x0000000040100000 0x0000000041fe4000 2 /dev/block/mmcblk0p3

fat		 0x00000000662fc000 0x00000000820e4000 2 /dev/block/mmcblk0p4

bmtpool	 0x0000000000a00000 0x00000000ff9f0050 2 /dev/block/mmcblk0

Part_Name:Partition name you should open;

Size:size of partition

StartAddr:Start Address of partition;

Type:Type of partition(MTD=1,EMMC=2)

MapTo:actual device you operate
I think we have boot and recovery into /dev/block/mmcblk0 For backup boot.img on recovery.fstab i think have : /boot emmc /dev/block/mmcblk0 bs=4096 count=1536 skip=2016 /recovery emmc /dev/block/mmcblk0 bs=4096 count=1536 skip=3552 bs=block-size count=number-of-blocks skip=input-offset bootimg:

Exadecimal Value				 Decimal Value

0x0000000000600000 -----> 6291456 / 4096 = 1536 ---> count

0x00000000007e0000 -----> 8257536 / 4096 = 2016 ---> skip
dd if=/dev/block/mmcblk0 of=/sdcard/boot.img bs=4096 count=1536 skip=2016 Recovery:

Exadecimal Value				 Decimal Value

0x0000000000600000 -----> 6291456 / 4096 = 1536 ---> count

0x0000000000de0000 -----> 14548992 / 4096 = 3552 ---> skip

dd if=/dev/block/mmcblk0 of=/sdcard/recovery.img bs=4096 count=1536 skip=3552

Bye

Edited by Guest
Link to comment
Share on other sites

@lucky76

Wow, it looks like you have the knowledge and have made big progression.

I try to follow your discovery but I am confused.

From scatter file:

(name) (start address)

boot.img 0xde0000

recovery.img 0x13E0000 diff 0x13E0000 - 0xde0000 = 0x60000 = size of boot.img = 393,216 bytes

sec_ro 0x19E0000 diff 0x19E0000 - 0x13E0000 = 0x560000 = size of recovery.img = 5,636,096 bytes

boot.img and recovery.img have different size.

From your # cat /proc/dumchar_info

Part_Name Size StartAddr Type MapTo

boot 0x0000000000600000 0x00000000007e0000 2 /dev/block/mmcblk0

recovery 0x0000000000600000 0x0000000000de0000 2 /dev/block/mmcblk0

boot and recovery have the same size 0x600000?

What are the size (ls -l) of the boot.img and recovery.img got with dd command? (1536 * 4096 bytes?).

dd if=/dev/block/mmcblk0 of=/sdcard/boot.img bs=4096 count=1536 skip=2016

dd if=/dev/block/mmcblk0 of=/sdcard/recovery.img bs=4096 count=1536 skip=3552

Are these 2 img files correct (got from mkyaff2image)?

Do you have the tool to extract the image from mkyaffs2image ( yaffs2utils unyaffs2 unspare2 ?)

http://code.google.c...es/detail?id=22

then check that you can exploit the yaffs file system?

Link to comment
Share on other sites

@lucky76

Wow, it looks like you have the knowledge and have made big progression.

I try to follow your discovery but I am confused.

From scatter file:

(name) (start address)

boot.img 0xde0000

recovery.img 0x13E0000 diff 0x13E0000 (20.840.448) - 0xde0000 (14.548.992) = 0x60000 (600000)= size of boot.img = 393,216 bytes (6.291.456 bytes for me)

sec_ro 0x19E0000 diff 0x19E0000 (27.131.904 v.decimal for me) - 0x13E0000 (20.840.448) = 600000 (6.291.456) = size of recovery.img = 5,636,096 bytes (6.291.456 bytes for me)

Ok.... for me is same bytes 6.291.456 recovery and boot

0x13E0000 ---> decimal is 20.840.448

0xde0000 ---> decimal is 14.548.992

20.840.448 -14.548.992 = 6.291.456 ---> 600000 esadecimal ---> same of my dumchar_info

0x19E0000 ---> decimal is 27.131.904

0x13E0000 ---> decimal is 20.840.448

27.131.904 - 20.840.448 = 6.291.456 ---> 600000 esadecimal ---> same of my dumchar_info

boot.img and recovery.img have different size.

From your # cat /proc/dumchar_info

Part_Name Size StartAddr Type MapTo

boot 0x0000000000600000 0x00000000007e0000 2 /dev/block/mmcblk0

recovery 0x0000000000600000 0x0000000000de0000 2 /dev/block/mmcblk0

boot and recovery have the same size 0x600000?

What are the size (ls -l) of the boot.img and recovery.img got with dd command? (1536 * 4096 bytes?).---->1536 x 4096 = 6.291.456 decimal ----> esadecimal 600000

dd if=/dev/block/mmcblk0 of=/sdcard/boot.img bs=4096 count=1536 skip=2016

dd if=/dev/block/mmcblk0 of=/sdcard/recovery.img bs=4096 count=1536 skip=3552

Are these 2 img files correct (got from mkyaff2image)?

Do you have the tool to extract the image from mkyaffs2image ( yaffs2utils unyaffs2 unspare2 ?)

http://code.google.c...es/detail?id=22

then check that you can exploit the yaffs file system?

I see scatter file and not same my dumchar_info .... <_< but for flash recovery i use this scatter file.

i have try use with linux:

adb shell

su

dd if=/dev/block/mmcblk0 of=/sdcard/boot.img bs=4096 count=1536 skip=2016

Now i have backup on my internal sdcard boot.img with 6144.0 kb ----> 6291456 bytes

dd if=/dev/block/mmcblk0 of=/sdcard/recovery.img bs=4096 count=1536 skip=3552

Now i have backup recovery.img with same kb 6144.0kb ---> 6291456 bytes

For open this files.img i use tools in first post:

The Gallant images are not a format we are used to, however scripts for unpacking and repacking have been created by bgcngm and are available to download on GitHub. I used these to create the SuperRecovery and they work great. :) ----> "Paul"

I have unpacking files with this tools of bgcngm and i have original boot.img and my recovery.img twrp flashed.

Because you have take ----> sec_ro 0x19E0000 diff 0x19E0000 - 0x13E0000 = 0x560000 = size of recovery.img = 5,636,096 bytes ---> no correct

but sec_ro is into other block ----> mmcblk0p5 ?????

I have extracted boot and recovery from same block mmcblk0 ..... is correct?

I hope is all clear and if you have other question i will try to answer and i'm happy see other person into this.

Thank you.

Edited by Guest
Link to comment
Share on other sites

@lucky76

Thank you for your explanations. To summarize, does this mean that now you have a working CWM or equivalent, with capability to backup/restore boot, recovery, system, data, cache, .android_secure and internal SD? If yes, how to apply this new CWM? By a signed zip to apply from current recovery? Does this new CWM accept unsigned zip?

Link to comment
Share on other sites

Not have in this moment cwm full working........

EDIT:

Clockworkmod 6.0.1.5 Lucky76 Beta 1

Link Download only file image of recovery

md5 ---> 30022fcc55440c784bae7746f5a8f6fb

Link Download Pack R2 -----> Here

md5 ---> 4a055ab7ab0ff9d51647c77961886fbc

Pack R2 is Pack1 of PaulOBrien + my clockworkmod into Images.

Thank's Paul for his pack.

For install use same guide in first post of PaulOBrien........ with flash tool

Backup of Boot.img / Recovery.img / System / Data / Cache

Restore Idem

Wipe Ok

Mount USB microSD ok for Windows and Linux.

Please report me bug if you find. I hope no ehehehe :P :D

Bye

Edited by Guest
Link to comment
Share on other sites

  • 3 weeks later...
Guest ozfunghi

Just ordered the gallant duo for €199 (incl transportation) as a successor to my Liquid S100. I'll be testing it first, but maybe i'll root it and install a custom ROM.

Can we expect a stock upgrade to Jellybean? Or do we have to resort to custom ROMs for that? Are there many apps taking up lots of space, which can't be removed? And can these be removed just by rooting, or do i need to install a custom ROM to get rid of those? Or is installing superuser enough to get the job done?

Thanks! I'm very excited. I hope i get it in the mail tomorrow, but most likely i'll have to wait til monday :(

Link to comment
Share on other sites

  • 2 weeks later...
Guest leopesto

How can I flash a recovery.img if I've root access but flash tool isn't working???

should a reverse dump work?

I mean, should "dd of=/dev/block/mmcblk0 if=/sdcard/recovery.img bs=4096 count=1536 seek=3976" work? is it safe?

Thanks in advance

Leo

Link to comment
Share on other sites

  • 2 weeks later...

Hi all!

Brilliant first post, very precise. Unfortunately I'd like to go further but I'm stuck at the first step.. If someone could help me... I've made a long research that but apparently no-one has the same problem as I. :(

When I connect my phone (without the battery), I don't see a 'unknown device' in the Device Manager. I see something named "MT65xx Preloader" (very briefly, it keeps appearing and disappearing every seconds). I've tried to use the driver found on Acer site but Windows say it's not proper ("can't install driver).

So I bet it's different from you guys with this MT65xx preloader-something which needs another driver maybe?

Thanks a lot for your help ;)

Windows 7 Ultimate. Dell mini 10

Link to comment
Share on other sites

  • 2 weeks later...
Guest vendeur21

thanks Paul, it WORK !

I was looking on internet hours and days for a solution to root this mobil phone, but nothing workin, today I found your topic and IT WORK VERY WELL THANKS VERY MUCH,

concerning the Acer Galant Duo itself, video recording with sound is far the worst mobil on the market, i wonder how they put this bullshit on sale, i have a old celular 10 years old and work beter for video sound recording than this Acer Galant Duo

Link to comment
Share on other sites

Guest vendeur21

Hi all!

Brilliant first post, very precise. Unfortunately I'd like to go further but I'm stuck at the first step.. If someone could help me... I've made a long research that but apparently no-one has the same problem as I. :(

When I connect my phone (without the battery), I don't see a 'unknown device' in the Device Manager. I see something named "MT65xx Preloader" (very briefly, it keeps appearing and disappearing every seconds). I've tried to use the driver found on Acer site but Windows say it's not proper ("can't install driver).

So I bet it's different from you guys with this MT65xx preloader-something which needs another driver maybe?

Thanks a lot for your help ;)

Windows 7 Ultimate. Dell mini 10

don't worry dude, myself i meet the same probleme, in fact that is not a problem, when you see the device MT65xx Preloader make a speed clik on it before disepear and make the second step, choose the folder of driver and IT WORK,

you will have the same probleme on 7 step when you plug in your device for second time after you clik download, if download flash don't work first time, make ... etc

Link to comment
Share on other sites

  • 3 weeks later...
Guest siuxoes

Thank you for this guide. I have rooted my e350. But i have a problem when I try to install the recovery. I pull out the battery. I connect the device via usb to the PC. But the e350 vibrates every X seconds. In windows appears the new device but it disappears every X seconds. I dont know what to do. Any idea?

Sorry for my english

Link to comment
Share on other sites

  • 1 month later...
Guest Kataryno

Hello. First of all let me thank to all users for this information sharing, very useful for newbies like me.

I have a Gallant Duo and the widget of weather is overusing the CPU. Tested factory resets even sent it out to warranty but the problem still there. The only solution is to root the phone and delete that weather widget.

I already connected the phone to PC following the tutorial on first page, but not complete the root because first of all i wanted to do a full backup of the phone, in case of something can wrong.

How i could make that backup?

Thanks

Link to comment
Share on other sites

  • 7 months later...

Guys, I have a sort of bricked Gallant Duo with me, that I just can't root no matter what I try.

 

The phone seems to restore itself on every boot. Any preferences changed or any apps installed pior to reboot disappear.

 

When I use flash tool, everything goes fine, green light... but after reboot its all the same. When I go into default recovery mode and do a wipe, everything goes fine, but it doesn't wipe anything!!

 

I can adb push, i can adb install stuff... but after a while the permissions change to read only on every directory, even /data/local/tmp. And of course, after reboot.. everything gone.

 

Is this a virus? Any help apreciated... Im going nuts!

Link to comment
Share on other sites

  • 1 month later...

Guys, I have a sort of bricked Gallant Duo with me, that I just can't root no matter what I try.

 

The phone seems to restore itself on every boot. Any preferences changed or any apps installed pior to reboot disappear.

 

When I use flash tool, everything goes fine, green light... but after reboot its all the same. When I go into default recovery mode and do a wipe, everything goes fine, but it doesn't wipe anything!!

 

I can adb push, i can adb install stuff... but after a while the permissions change to read only on every directory, even /data/local/tmp. And of course, after reboot.. everything gone.

 

Is this a virus? Any help apreciated... Im going nuts!

 

I have the same problem...I try all stuff but nothing works...HELP ME!!Thanks!!

Link to comment
Share on other sites

  • 4 years later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.