Posts

Something I'd like to say about Android modding.

This will be a rather brief post, but let me just explain and ask you guys something. I do this stuff for free, and will be doing so for as much as I can, but if you really do like what I did, would you guys mind if I ask for a voluntary donation to defray costs (e.g. electricity, hosting bills, etc.) and for me to purchase devices, e.g. if someone has let's say a Nokia smartphone and as such I need a similar unit to test things on?
I think some compensation would be nice so I can continue on this hobby, but after seeing countless "GSM" blogs by folks in developing countries asking $$$ for every single firmware they bragged about dumping off various devices, I felt a more voluntary and open revenue system would be better than be greedy and earn the ire of those asking for a quick fix like the parents whom I talked to earlier.

Modded demo ROM for LeapFrog Epic (MT8127)

Image
...or as what I call it, KermitMod. :P

My previous post about the Epic was quite a mouthful, but here's a link to the edited ROM for ex-demo units to be converted to retail. I basically had to edit the demo firmware to work around the issue of the bootloader being locked, preventing ROM backups from other Epics to be flashed through normal means.
https://mega.nz/#!cuhHFYTC!GC6wU1MxDybNX_tU50aMpHbFnb3TjAh5dVaWn_cNj8Y

As what I wrote earlier, this ROM has to be flashed using a feature tucked away in SP Flash Tool, i.e. Write Memory. You can't flash this as you would with any MediaTek device, as it would give out an authentication error. A bonus feature I added for this is support for Google Play services, allowing owners of ex-demo units to download content off Google Play Store like YouTube Kids and whatnot.
SCREENSHOTS:


Let me know if you run into problems with this ROM - I know, the instructions I wrote were a little unclear, but I'll get into that as soon as I can. ;)

Spe…

May I interest you in yet another LeapFrog Epic post? :P

Image
I've been getting a lot of inquiries lately from parents asking how does one convert a store demo unit to a retail one. Apparently a number of Epics, mine included, were sold on eBay, Craigslist and other classifieds, are programmed with a demo ROM meant for displays on Toys R Us, Best Buy, Fry's or whatever outlet these things are sold.
The real caveat here is this: the boot loader is locked, making straightforward ROM flashing mostly impossible (hence why I wrote an open letter to LF asking if they can provide an unlocked bootloader). Now before you lose hope and say "Oh this is a waste of $50! Why did I even buy this crappy toy?", there is actually a way around this and as what some of those who inquired me can attest, it works well unimpaired.
To back up the old ROM and flash the newly-modified system.img back to the device, you'll need to download SP Flash Tool and the stock firmware image (said image can be found on this post). Load up the original retail …

LeapFrog Epic part 2: An open letter to the company (bootloader and ROM development)

Image
OK, so a bit of a rant, though for one I gotta give LeapFrog some credits to this. Sure, repairs are a service centre away, and the main market for this device are kids and their parents, but what about the more tech-savvy parents (e.g. geeks or tinkerer types) who'd certainly re-purpose or service their kids' Epics either because it broke down or gone on a boot loop for some reason?
You see the main thing with this is the preloader, or other words the bootloader, is locked from tampering, making it next to impossible to use custom ROMs or kernels. You can somehow subvert this by editing just the system.img offline assuming you extracted it off your device, or in the case of backups, backing up the whole ROM image, boot/recovery and other images included, to a single ROM_0 file, and flashing it back using the hidden Write Memory feature in SP Flash Tool.
The problem is when you need to replace boot.img with a different one - you simply can't. Flashing unsigned images give…

LeapFrog Epic part 1: The hidden Lock Screen.

Image
So I got my hands on a pair of these units from a friend of mine who was generous enough to donate for free. While getting these in-store demo units to work as a retail device is a pain and a half to do (more on that in a later post), I've had fun modding and poking into the internals to see what can be done with it. There are actually a LOT of hidden and/or dummied out features in the tablet, most of which can be accessed through the open-source Activity Launcher.
For instance, LeapFrog dummied out access to the lock screen settings by removing menu references to said options in Settings. They disabled the AOSP lock screen presumably to save children the (supposed) frustration of having to unlock their device upon using it. It is however possible to re-enable it and add a lock pattern or a simple slide to unlock prompt in case you need one:
On the home screen or the parental controls menu, go to your browser and download this APK: https://f-droid.org/repo/de.szalkowski.activityla…

Stock ROM for Galaxy S7/G930FD MT6580 clone (Z6U030; 512MB RAM/8GB ROM)

Image
Felt like sharing this as most of them South Asian GSM bloggers are, suffice it to say, being scrooges or something, asking for $$$ to have the firmware package's password to be unlocked as a rather low-brow way to earn money. Not that I have anything against them, mind you, but as I said on my previous post, this business model of theirs only serves to inconvenience both clients and technicians alike.
I dumped this off my Galaxy S7 clone, a few weeks or so after I got the phone off the service centre when they repaired it as I made the unfortunate mistake of flashing the wrong ROM. It should work with certain Galaxy S7 replicas using preloader_gxq6580_weg_l.bin as the preloader; mine's the one with the plastic frame and the microphone pin on the wrong side of the device.
Firmware info:
CPU: MT6580 SW:0000 Ver: CA00
Downloading Boot8 ...
EMMC Size: 0x01C3000000
Flash Type: EMMC
INT/EXT RAM  Size: 0x0+0x0
Reading infr(EMMC)...
id:Z6U030HA_V105En
version:5.1
model:gxq6580_weg_l
brand:alp…

An angry rant at the "paid firmware" business model

OK, this isn't to say that I have anything against those who maintain "GSM" repair sites and such, nor am I going to be too sour at them either. It's that if there's anything that truly grinds my gears when it comes to smart device servicing, it's the practise of locking down most if not all firmware RAR/ZIP files with a password, and charging people a fee to have that particular SP Flash Tool package unlocked.
Let's say you, or your client, has an obscure Xperia clone bought off some flea market stall or on DHGate (assuming you managed to troll the Customs bureau or DHL). You, or that client of yours, forgot to back up the stock firmware, and out of haste managed to mess it up royally and ended up with a non-functional device. In the case of a name-brand, legitimate handset, it's only the matter of googling for "Lenovo A369i stock ROM" or something like that. Some lesser-known phones or tabs would understandably be harder to find firmware-…