Project

General

Profile

Actions

RestoreEfsNvDataBackupFile » History » Revision 9

« Previous | Revision 9/13 (diff) | Next »
Denis 'GNUtoo' Carikli, 07/04/2020 06:32 AM


RestoreEfsNvDataBackupFile

Warning

These instructions are experimental and have not been tested yet.

Introduction

Many devices supported by Replicant have a partition with the modem data (IMEI, etc) which is called EFS.

That partition is used by Replicant to enable the modem to store data, by making files inside that partition available to the modem through a network protocol between Replicant and the modem.

As with every other computer system, files can get corrupted, especially if the power goes away suddenly, while data is being written in some of the files.

The advantage of an architecture like that is that Replicant has more control, and the modem (which runs nonfree software) has less control over the data it uses. That control can be used to fix some level of files corruption.

Files corruptions in that partition can easily happen with batteries that are in very bad conditions: very old batteries can still last several hours, but if the smartphones tries to consume too much power (mA / miliampers) at once, the battery can be unable to provide that much power at the same time, which results in the voltage dropping and the smartphone or the tablet being turned off suddenly, without having the time to properly save any data it may be writing.

In addition to the issue described above, the modem data partition contains data that is crucial (like the IMEI) and we don't know (yet) how to reconstruct the files that are in that partition. And without them, the modem will not work. This is why doing a backup of the data that is in this partition is crucial.

So if you didn't do that backup yet, you can follow the instructions in the BackupTheEFS wiki page.

The BackupTheEFS page has information on which devices have a modem data partition (some devices supported by Replicant don't have a modem for instance).

Warning

If you don't want your device to break, really make sure you have a backup of the modem data partition. The backup can be done with the instruction that are in the BackupTheEFS wiki page.

If all the files in the modem data partition are destroyed for a reason or another, you won't be able to use the modem anymore.

This means that you will not be able to receive SMS, make calls, get 3G data connections, etc. anymore, and we don't know how to repair that (yet).

If you have any information on the structure of the files inside that partition, it would be great to tell us about it (through a bugreport, on the mailing list, etc) so we could progress on that side.

We're mostly interested in finding where are various information needed to reconstruct the files like the IMEI location and format, or other information needed to get the modem working again.

Restoring nv_data.bin

If only the nv_data.bin file is corrupted , you can easily restore it, without having to restore a full backup.

Making a new backup

Before starting, it's a good idea to make a new backup of the modem data partition, and name it in a way that is self-explanatory. For instance you could put it in a directory named 'backup-with-corrupted-nvdata-bin' not to confuse it with other backups that do not contain any corrupted files. As repeated before, you can use the BackupTheEFS instructions to do a backup.

Making a new backup has several advantages:
  • If you lost your old backups you have a new one
  • If you have your old backups somewhere else (like on another computer), you don't risk erasing them by mistake

Make sure not to erase the old backups while making a new one.

At the time of writing, the BackupTheEFS contain the following command:

REPLICANT_EFS_BACKUP_DIR=~/replicant_devices/0123456789abcdef/backup_efs
mkdir -p $REPLICANT_EFS_BACKUP_DIR && cd $REPLICANT_EFS_BACKUP_DIR

This creates a directory named replicant_devices in your home, with inside a directory named 0123456789abcdef, with inside a directory named backup_efs.
Then it makes you go in that directory from the command line. This way the next commands will save the backups in that directory.

We can easily substitute that command with another one:

REPLICANT_EFS_BACKUP_DIR=~/replicant_devices/backup-with-corrupted-nvdata-bin-of-fourth-jully-2020/backup_efs
mkdir -p $REPLICANT_EFS_BACKUP_DIR && cd $REPLICANT_EFS_BACKUP_DIR

Here instead of creating the 0123456789abcdef directory, it will create one named backup-with-corrupted-nvdata-bin-of-fourth-jully-2020. We can change that as we need to make sure that the directory has a name that is self explanatory, not to confuse the half-corrupted backups with ones that are not corrupted at all.

Alternatively if the replicant_devices, 0123456789abcdef or backup_efs directories don't exist, you can also follow the BackupTheEFS and rename the directories as you wish once the backup is done.

Or if you have an old backup, you could rename its directories to make sure you don't accidentally overwrite it.

Setup ADB

The BackupTheEFS page has instructions to setup ADB. So if you just did a backup you should be good.

However if you already had an old backup somewhere and didn't do a new one, you will need to make sure that ADB is setup.

To do that, you can follow the setting up ADB on your computer instructions, so that you can access a root shell on your device.

NOTE: when prompted on your Replicant device, make sure that you check the box that says Always allow from this computer when you grant your computer USB debugging permissions. Otherwise, you will be unable to obtain root shell access on your Replicant device when you reboot it into the recovery OS to actually perform the EFS backup.

NOTE: for security reasons, you may want to revoke these non-expiring permissions once the EFS backup is complete.

Reboot into the recovery

You can reboot your device into the recovery by one of the following methods:

Using ADB

Run the following on your computer:

adb reboot recovery

Using your Replicant device's user interface

Do the following:

  1. Make sure that your device is booted under Replicant.
  2. Press the power button until a menu appears.
  3. Press Reboot.
  4. Select Recovery and then press ok.

Ensure that your device's system partition is mounted

In order to get a root shell in the recovery, your devices system partition must be mounted.

On certain devices, the system partition is already mounted, so you might already be able to get a root shell without mounting the system partition again.

In any case, it's still best to do the following to make sure that the system partition is mounted:

  1. Select Advanced.
  2. Select Mount /system.
  3. Press the back key to get back to the general menu.

Copy and pasting commands

The next sections will have commands that you can copy and paste. To ensure that they work correctly it's best to:
  • Type them in the same terminal window
  • Copy/paste one line at the same time. For instance if you copy 10 lines and just paste then, in some cases you could have some issues.

Also to make sure that they are really executed, you can press the 'enter' key after having pasted them.

Pressing 'enter' twice will not hurt as the command will still be executed only once.

How this works

The nv_data.bin file seem to be the file that is corrupted the most, probably because it is more often written to than the other files.

On most devices it can be found at several locations:
  • /efs/nv_data.bin
  • /efs/.nv_data.bak

The second one is a backup file. Note the '.' in front of the nv_data.bak. That dot ('.') is part of the file name. So that file name is '.nv_data.bak'.

When a file name starts with a dot, many tools (like file managers, command line utilities like 'ls', etc) will not list that file by default.

This convention enables to 'hide' some files. In GNU/Linux, this is typically used to 'hide' the configuration files used by graphical programs. Without that, it wound't be very convenient as you would see hundreds of extra files in your home. And in GNU/Linux the graphical programs still need to store their configuration somewhere.

For instance if you want to list all the files in your home in GNU/Linux, including the hidden ones you can use the following command:

ls -a ~

The '~' is a shortcut/alias for your home, and the '-a' switch tells ls to list all files (including the hidden ones). Note that it will also list '.' and '..' which you can ignore in this tutorial (they are special 'shortcuts' to the current directory and the parent directory).

So here we need to replace 'nv_data.bin' with '.nv_data.bak'. And as '.nv_data.bak' is a hidden file, we will use the concept of hidden files later on.

Mount the modem data partition

To do that we first need to mount the modem data partition (named efs) to a directory (here we will use /efs).

Your device should already be in the recovery, ready to accept commands through adb.

Not all the devices have their modem data partition at the same place. Because of that, the mount instructions are device specific.

You can use the following instructions to mount the modem data partition, but make sure that you use the ones that corresponds to your device.

Galaxy S 2 (I9100), Galaxy S 3 (I9300), Galaxy S 3 4G (I9305), Galaxy Note (N7000), or Galaxy Note 2 (N7100)
adb shell "mkdir /efs" 
adb shell "mount /dev/block/platform/*/by-name/EFS /efs" 
Galaxy Nexus (I9250)
adb shell "mkdir /efs" 
adb shell "mount /dev/block/platform/*/*/by-name/efs /efs" 
Galaxy Tab 2 7.0 (P3100)
adb shell "mkdir /efs" 
adb shell "mount /dev/block/platform/*/*/by-name/EFS /efs" 

Actually replace nv_data.bin

Now that the modem data partition is mounted to /efs, we can proceed to replace nv_data.bin.

First we can list all the files in /efs to make sure everything is good so far:

adb shell "ls -a /efs/" 

Here with a Galaxy SIII (GT-I9300), it gives the following output:

.                .nv_data.bak         FactoryApp    h2k.dat     nv_data.bin.md5 
..               .nv_data.bak.md5     bluetooth     imei        wifi            
.nv_core.bak     .nv_state            drm           nv.log      wv.keys         
.nv_core.bak.md5 00000000.authtokcont gyro_cal_data nv_data.bin 

So we can clearly see the nv_data.bin and .nv_data.bak

We will then proceed to replace /efs/nv_data.bin by /efs/.nv_data.bak. This can be done with the following command:

adb shell "cp /efs/.nv_data.bak /efs/nv_data.bin" 

It's a good idea to verify that everything went fine. This can be done with the following command:

adb shell "cmp /efs/.nv_data.bak /efs/nv_data.bin" 

If everything went fine, it shound't print anything.

If not, it will print an error similar to this one:

/efs/.nv_data.bak /efs/nv_data.bin differ: char 1, line 1

Note that the 'char 1, line 1' might differ.

So now we finally replaced nv_data.bin, however we need to do the exact same operation to replace nv_data.bin.md5 with .nv_data.bak.

The nv_data.bin.md5 file contains something called a checksum : it's a short sequence of numbers and letters that can be used to matematically verify if nv_data.bin wasn't accidentally corrupted by verifying if all the data in nv_data.bin match the checksum in nv_data.bin.md5

As we replaced nv_data.bin by the content of .nv_data.bak, we need to also replace nv_data.bin.md5 by the content of .nv_data.bak.md5, otherwise the modem will think that nv_data.bin is corrupted.

To do that we can use the following command:

adb shell "cp /efs/.nv_data.bak.md5 /efs/nv_data.bin.md5" 

Then we can also verify like before that evertyhign went fine:

adb shell "cp /efs/.nv_data.bak.md5 /efs/nv_data.bin.md5" 

If not, we might have an output that looks like that:

/efs/.nv_data.bak.md5 /efs/nv_data.bin.md5 differ: char 1, line 1

Umount / Unmount the modem data partition

We're now mostly done. We still need to properly umount the modem filesystem partition to prevent corruptions.

We can do it with the following command:

adb shell "umount /efs" 
adb shell "rmdir /efs" 

Reboot your device

Once the the umount is done, you can finally reboot your device into Replicant by one of two ways.

You can reboot by running the following command on your computer:

adb reboot

Or alternatively you can use the Replicant recovery graphical user interface to reboot by selecting Reboot system now.

Revoke USB debugging permissions

If you are concerned about security, you may want to revoke the non-expiring USB debugging permissions that you granted to your computer earlier (which you may of course grant again at any time, as desired). This control is located at Settings > Developer options > Revoke USB debugging authorizations.

That's it! Your device's EFS partition is now backed up. Your device should be running Replicant normally again.

See also

If you are looking for more advanced information on the EFS partition, here are some links:
  • XMMBoot: This has research on the modem firmware partitions. The 'NV' partition is interesting as it probably contains a template information to recreates files like nv_data.bin
  • We have a tool named nv_data-md5 that can compute the non-standard md5 checksums used for nv_data.bin. That tool is part of libsamsung-ipc .
  • We have a bug report on the issue (#2025 :Enable to recreate the EFS partition completely from scratch) however we need more information to continue working on it. We're mostly interested in the offset and format of any information needed to transform a template nv_data.bin file into a working one, like the IMEI location, the modem firmware version if needed, etc.

Updated by Denis 'GNUtoo' Carikli over 3 years ago · 9 revisions

Also available in: PDF HTML TXT