nick.breen.kiwi

Continuing on from earlier and still using these tools…

I know have a better idea of what’s happening.

1. Boot the device in APX mode, it will now wait for a bootloader to be downloaded and executed…
2. wheelie has the SBK’s compiled in, so it can:
   1. applies the device’s BCT (Board Configuration Table)
   2. configures the magic ODM number
   3. encrypts the specified bootloader, downloads it to the device, and runs it.
3. that bootloader.bin runs and provides a “Nv3p” protocol server that nvflash can talk to.
4. nvflash can now do all sorts of stuff to the device!

So, TWRP is still a far superior recovery to ASUS’ crappy recovery so let’s install that.

1. Boot to APX (Volume Up+Power)
2. Run wheelie as usual:

   ./wheelie -2 --bl bootloader.bin --bct transformer.bct --odm 0x300d8011
   

3. unpack the partition from the blob

   blobunpack twrp-2.3.2.3-tf101.blob
   

4. download to the device’s SOS partition (partition 5 in the default partition table) using nvflash

   ./nvflash -r --download 5 twrp-2.3.2.3-tf101.blob.SOS --sync
   ./nvflash -r --go
   

5. Reboot into TWRP (Volume Down+Power)

Nice, that means we can boot into TWRP and sideload or do anything we like.