*insert witty banner here*
LeapFrog Epic: Difference between revisions
No edit summary |
|||
(15 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
*Display: 7-inch capacitive touchscreen with TN LCD display | *Display: 7-inch capacitive touchscreen with TN LCD display | ||
*Resolution: 1024x600 | *Resolution: 1024x600 | ||
*Operating System: Android 4.4.2 "KitKat" (MT8127 models) | *Operating System: | ||
*Processor: Quad-core, 1.3 GHz MediaTek MT8127 | ** Android 4.4.2 "KitKat" (MT8127 models) | ||
** Android 10 (Rockchip models; the Rockchip variant can also boot generic system images up to Android 14) | |||
*Processor: | |||
** Quad-core, 1.3 GHz MediaTek MT8127 | |||
** Later (2021) LeapPad Academy SKUs replace it with a 1.5 GHz Rockchip RK3326 | |||
*Memory: 1GB RAM | *Memory: 1GB RAM | ||
*Storage: 16GB; ~9GB available for /sdcard partition | *Storage: 16GB; ~9GB available for /sdcard partition | ||
Line 66: | Line 70: | ||
===Signed ROM backups=== | ===Signed ROM backups=== | ||
If you're getting a signature error upon flashing, try unticking SEC_RO and then try again. You might also want to flash the whole package in case you get a boot logo loop especially after flashing a TWRP recovery image. | |||
====Epic Academy Edition==== | ====Epic Academy Edition==== | ||
* [https://androidfilehost.com/?fid=6006931924117902657 v1.1.95] | * [https://androidfilehost.com/?fid=6006931924117902657 v1.1.95] | ||
Line 74: | Line 80: | ||
* [https://androidfilehost.com/?fid=4349826312261738402 v1.1.171] | * [https://androidfilehost.com/?fid=4349826312261738402 v1.1.171] | ||
====LeapPad Academy (second-generation)==== | |||
* [https://archive.org/details/leapfrog-epicv4-firmware Internet Archive page] | |||
* [https://www.androidfilehost.com/?fid=9180008750105244111 EPIC4.user.1.7.2109.312280833] ([https://drive.google.com/file/d/13TB0eCUFWSyyq5E0nM4RVBH9hpMxQ2XI/view Google Drive mirror]) | |||
* [https://archive.org/details/leapfrog-epicv4-firmware_MIPI EPIC4.user.2.6.2196.402290923 (MIPI variant)] | |||
===Demo to retail conversion=== | ===Demo to retail conversion=== | ||
Line 81: | Line 90: | ||
===Google Apps and root=== | ===Google Apps and root=== | ||
*[https://www.youtube.com/watch?v=56XdXJbFbjQ Install TWRP, Google Play and SuperSU root on your LeapFrog Epic] | *[https://www.youtube.com/watch?v=56XdXJbFbjQ Install TWRP, Google Play and SuperSU root on your LeapFrog Epic] | ||
*The original MT8127 Epic/LeapPad Academy firmware is vulnerable to the [[wikipedia:Dirty COW|Dirty COW]] exploit where a temporary root shell can be obtained via ADB. | |||
*The Rockchip RK3326 revision LeapPad Academy on the other hand can be rooted by patching the boot image using Magisk, but doing so breaks wireless functionality at least with the latest version. Ditto with the MT8127 version, but in that case the real-time clock seems to be a little sketchy with Magisk enabled, not to mention that they may no longer have support for early Android versions at the time of this writing. | |||
===Useful apps=== | ===Useful apps=== | ||
Line 97: | Line 108: | ||
LeapFrog also [https://fccid.io/G2R-6022 quietly released a hardware revision] of the Epic circa 2021, replacing the MT8127 with a Rockchip RK3326. While this allowed LeapFrog to upgrade the included operating system to Android 10, it also means that the change in hardware rendered most hacks designed for the original Epic obsolete. | LeapFrog also [https://fccid.io/G2R-6022 quietly released a hardware revision] of the Epic circa 2021, replacing the MT8127 with a Rockchip RK3326. While this allowed LeapFrog to upgrade the included operating system to Android 10, it also means that the change in hardware rendered most hacks designed for the original Epic obsolete. | ||
VTech | VTech more or less nerfed the device by disabling features such as ADB and development settings, though USB debugging can be restored by temporarily rooting the device by patching boot.img with Magisk and editing the ADB setting using a settings database editor such as [https://play.google.com/store/apps/details?id=by4a.setedit22&hl=en&gl=US SetEdit]. Bizarrely enough they also dropped Bluetooth, replacing the wireless module with an obscure AltoBeam ATBM6011 wireless LAN controller. | ||
Ripping the firmware also used to be a challenge due to the uboot binary coded with a deterrent which corrupts the dumped images past a certain point. To be fair this is hardly even unique to LeapFrog as the implementation by Rockchip themselves [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/1b01cf5590f8d0b2270ffff5a656e38c5e3930ee/cmd/rockusb.c#L28 has this] until the [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/6336d2324985831ed766031f91d410d0e587dbc8/cmd/rockusb.c latest commit]. However, an update to RedScorpio's [https://xdaforums.com/t/tool-imgrepackerrk-rockchips-firmware-images-unpacker-packer.2257331/post-89464941 imgRePackerRK] tool now made it possible to patch the stock uboot and enable firmware dumping. | |||
In case of a brick, it is possible to unbrick the LeapPad by forcing it to run in MASKROM mode through shorting two conveniently-located test points on the logic board just beside the eMMC chip, though it may also be rather fiddly to pull off; a small reset switch may be soldered onto the testpoints like those generic TV boxes running off similar Rockchip hardware. | |||
It is also (theoretically) possible to boot from an SD card with a firmware image flashed onto it. Performance with such a setup would be unsurprisingly bad compared to a ROM flashed into internal storage, but it should be fine for testing if the firmware dump works fine or for recovering from a bricked tablet. However, a method to convert a ROM to SD card use is still yet to be devised. | |||
As the second-gen LeapPad Academy supports Project Treble, generic system images (GSIs) are bootable even up to [https://www.youtube.com/watch?v=UWrepWibbtc Android 14], though performance and battery life ''will'' suffer with it; earlier versions such as 10 and 11 should run with fewer issues. | |||
There are also two sub-variants of the EPICv4, with internal and firmware differences that are subtle on the surface but are still enough that firmware for each other isn't cross-compatible. Firmware for the non-MIPI variant bear the <tt>EPIC4.user.1.x.xxxx.xxxxxxxxx</tt> build number, while those on the MIPI variant use <tt>EPIC4.user.2.x.xxxx.xxxxxxxxx</tt> builds. Apparently the display module and driver on the MIPI version is different compared to the non-MIPI units as round objects appear more elongated on the latter due to the display using non-square pixels to force a "16:9" ratio, similar to countless discount Android tablets. | |||
====Gallery==== | ====Gallery==== | ||
Line 103: | Line 124: | ||
File:RK3326 LeapPad.jpg|The LeapPad in action. | File:RK3326 LeapPad.jpg|The LeapPad in action. | ||
File:RK3326 LeapPad internals.jpg|Internals | File:RK3326 LeapPad internals.jpg|Internals | ||
File:LeapPad Academy Treble compatibility.jpg| | File:LeapPad Academy Treble compatibility.jpg|Yup, GSIs should now work on this one, though a dedicated custom ROM would be ideal due to some software issues | ||
File:ATBM 6011.jpg|AltoBeam ATBM6011 wireless LAN module | File:ATBM 6011.jpg|AltoBeam ATBM6011 wireless LAN module | ||
File:RK3326 LeapPad MASKROM testpoints.jpg|Short those two pins beside the eMMC chip to boot into MASKROM mode. | File:RK3326 LeapPad MASKROM testpoints.jpg|Short those two pins beside the eMMC chip to boot into MASKROM mode. | ||
Line 110: | Line 131: | ||
==Misc. notes== | ==Misc. notes== | ||
[[File:Epic DiSA lock.jpg|thumb|200px|right|Trust me, I bought this thing.]] | [[File:Epic DiSA lock.jpg|thumb|200px|right|Trust me, I bought this thing.]] | ||
*Apparently, certain North American SKUs of the Epic especially those made after March 2017, come with a product activation scheme designed to deter shoplifting, i.e. black-market reselling of stolen goods. Upon purchase of the Epic (or any other tablet with such a scheme), users are prompted to enter a code given by the seller, or retrieving an activation code off [https://getyourcode.com/ this site]. One hacker claimed to be offering a workaround for this issue, and this may be defeated through other means, but for legal reasons I may not come up with a workaround for this unless a user with an affected Epic has enough evidence that | *Apparently, certain North American SKUs of the Epic especially those made after March 2017, come with a product activation scheme designed to deter shoplifting, i.e. black-market reselling of stolen goods. Upon purchase of the Epic (or any other tablet with such a scheme), users are prompted to enter a code given by the seller, or retrieving an activation code off [https://getyourcode.com/ this site]. One hacker claimed to be offering a workaround for this issue, and this may be defeated through other means, but for legal reasons I may not come up with a workaround for this unless a user with an affected Epic has enough evidence that their Epic is legitimately purchased. As of {{CURRENTYEAR}} the Get Your Code site is no longer functional, so it may be fair game to activate affected tablets through unconventional means (assuming they weren't shoplifted, that is). | ||
*Also, those on build 1.7.18 (KOT49H.user.1.7.18.20170327.110821) may experience streaming video issues with sites such as YouTube, LeapSearch, Netflix or Vimeo regardless of client. They video may play for a moment, but will eventually glitch out and/or outright stop with an error. No fix has been made by LeapFrog yet as of {{CURRENTMONTHNAME}} {{CURRENTYEAR}}, much to the dismay of irate parents who took to Facebook and expressed their dismay over VTech/LeapFrog's handling of the bug. A workaround would be to [https://www.youtube.com/watch?v=OpUgI8ZSkP4 flash the signed Academy Edition 1.1.95 ROM] using SP Flash Tool. | *Also, those on build 1.7.18 (KOT49H.user.1.7.18.20170327.110821) may experience streaming video issues with sites such as YouTube, LeapSearch, Netflix or Vimeo regardless of client. They video may play for a moment, but will eventually glitch out and/or outright stop with an error. No fix has been made by LeapFrog yet as of {{CURRENTMONTHNAME}} {{CURRENTYEAR}}, much to the dismay of irate parents who took to Facebook and expressed their dismay over VTech/LeapFrog's handling of the bug. A workaround would be to [https://www.youtube.com/watch?v=OpUgI8ZSkP4 flash the signed Academy Edition 1.1.95 ROM] using SP Flash Tool. | ||
[[Category:Android]] | [[Category:Android]] |
Latest revision as of 07:43, 21 November 2024
The LeapFrog Epic (styled as LeapFrog epic) is an Android-based tablet computer produced by LeapFrog Enterprises. Released in 2015, the Epic is LeapFrog's first device to run on Android; most of LeapFrog's mobile computing devices for children run on a customized Ångström Linux distribution.
An overview of the device can be found here on this Wikipedia article.
Tech specs[edit | edit source]
- Display: 7-inch capacitive touchscreen with TN LCD display
- Resolution: 1024x600
- Operating System:
- Android 4.4.2 "KitKat" (MT8127 models)
- Android 10 (Rockchip models; the Rockchip variant can also boot generic system images up to Android 14)
- Processor:
- Quad-core, 1.3 GHz MediaTek MT8127
- Later (2021) LeapPad Academy SKUs replace it with a 1.5 GHz Rockchip RK3326
- Memory: 1GB RAM
- Storage: 16GB; ~9GB available for /sdcard partition
- Micro SD Card Slot: Yes, expandable up to 32GB
- Camera - Rear: 2MP
- Camera - Front: 2MP
- Audio: 3.5mm stereo jack with microphone; rear-mounted loudspeaker
- Wireless: Wi-Fi 802.11 b/g/n
- Bluetooth: Bluetooth 4.0
- Battery Type: Rechargeable lithium-ion
- Battery Life: 7+ hours; results will vary based on usage and settings
- Port: Micro USB
- Sensor(s): Accelerometer
Resources[edit | edit source]
OTA update ZIPs[edit | edit source]
The following files are incremental updates used to update an existing system to the latest build. No known official scatter or flashable ZIP files for a full system image exist; however a signed system ROM is available below.
Regular[edit | edit source]
Latest version: "KOT49H.user.1.9.88.20190521.111253"
Academy Edition[edit | edit source]
Latest version: "KOT49H.user.1.8.160.20190530.103948"
LeapPad Academy[edit | edit source]
Latest version: "KOT49H.user.1.1.171.20190530.155308"
LeapPad Academy (second-generation)[edit | edit source]
Custom recovery images[edit | edit source]
Sideloading APKs[edit | edit source]
A guide for enabling Unknown Sources can be found here. Note that you need to update your Epic to a later build to be able to access the App Center settings directly from the Parents menu.
There are two ways to install APKs, one through downloading stuff off the Browser, and the more advanced method being ADB.
For the latter, you'll need to download the latest ADB and Fastboot binaries, install the necessary drivers, and enable USB debugging. You can access developer options using this guide I wrote, but instead of tapping on Unlock selection, look for the Developer options menu item and tap it, then tick USB debugging to enable ADB mode.
Now plug your Epic to a computer, then using a command prompt, run the following command:
adb devices
You should get an authorisation screen, and make sure to tick the checkbox so it would be authorised the next time you plug your device in. The command prompt should also display something along the lines of this:
1111111111111111 device
Once that's done, you may now install APKs using this method. To do so, key in the following:
adb install foobar.apk
where foobar.apk could be any APK file you have lying around. If done correctly, it should show up on the application menu.
Signed ROM backups[edit | edit source]
If you're getting a signature error upon flashing, try unticking SEC_RO and then try again. You might also want to flash the whole package in case you get a boot logo loop especially after flashing a TWRP recovery image.
Epic Academy Edition[edit | edit source]
LeapPad Academy[edit | edit source]
LeapPad Academy (second-generation)[edit | edit source]
- Internet Archive page
- EPIC4.user.1.7.2109.312280833 (Google Drive mirror)
- EPIC4.user.2.6.2196.402290923 (MIPI variant)
Demo to retail conversion[edit | edit source]
See this blog post for details.
Google Apps and root[edit | edit source]
- Install TWRP, Google Play and SuperSU root on your LeapFrog Epic
- The original MT8127 Epic/LeapPad Academy firmware is vulnerable to the Dirty COW exploit where a temporary root shell can be obtained via ADB.
- The Rockchip RK3326 revision LeapPad Academy on the other hand can be rooted by patching the boot image using Magisk, but doing so breaks wireless functionality at least with the latest version. Ditto with the MT8127 version, but in that case the real-time clock seems to be a little sketchy with Magisk enabled, not to mention that they may no longer have support for early Android versions at the time of this writing.
Useful apps[edit | edit source]
- F-Droid: FOSS (Free and Open Source Software) app store
- File Manager Pro: Useful for accessing files and apps on your Epic; the device lacks a file manager other than a simple gallery, so this is a must-have especially for parents who frequently sideload content on their children's devices.
- Activity Launcher: There's more to it than what's on your home screen. ;)
- NewPipe: Not as polished as the official YouTube client, but hey, 'tis better than nothing, right?
- /r/Android App store: Yet another Google Play Store alternative
- Pollywog: A small control panel for the Epic, of which I aim to be an all-in-one utility some day.
- Developer Options: LeapFrog locked out access to the hidden developer options by default; this allows access to ADB mode amongst other things with just one click. Make sure to hide it from your child's home screen though.
- Play Services Patcher: Is your son or daughter begging you to install YouTube (Kids) on their Epic? Just patch the YT Kids client using the tool, sideload it, and enjoy.
- Recent Apps Button: Another day, another dummied out feature waiting to be re-enabled. :p
- Xposed Installer is also a must-have when rooted, as it allows you to do all sorts of neat stuff like restoring lost functionality as described here.
Rockchip hardware revision (EPICv4; 2021)[edit | edit source]
LeapFrog also quietly released a hardware revision of the Epic circa 2021, replacing the MT8127 with a Rockchip RK3326. While this allowed LeapFrog to upgrade the included operating system to Android 10, it also means that the change in hardware rendered most hacks designed for the original Epic obsolete.
VTech more or less nerfed the device by disabling features such as ADB and development settings, though USB debugging can be restored by temporarily rooting the device by patching boot.img with Magisk and editing the ADB setting using a settings database editor such as SetEdit. Bizarrely enough they also dropped Bluetooth, replacing the wireless module with an obscure AltoBeam ATBM6011 wireless LAN controller.
Ripping the firmware also used to be a challenge due to the uboot binary coded with a deterrent which corrupts the dumped images past a certain point. To be fair this is hardly even unique to LeapFrog as the implementation by Rockchip themselves has this until the latest commit. However, an update to RedScorpio's imgRePackerRK tool now made it possible to patch the stock uboot and enable firmware dumping.
In case of a brick, it is possible to unbrick the LeapPad by forcing it to run in MASKROM mode through shorting two conveniently-located test points on the logic board just beside the eMMC chip, though it may also be rather fiddly to pull off; a small reset switch may be soldered onto the testpoints like those generic TV boxes running off similar Rockchip hardware.
It is also (theoretically) possible to boot from an SD card with a firmware image flashed onto it. Performance with such a setup would be unsurprisingly bad compared to a ROM flashed into internal storage, but it should be fine for testing if the firmware dump works fine or for recovering from a bricked tablet. However, a method to convert a ROM to SD card use is still yet to be devised.
As the second-gen LeapPad Academy supports Project Treble, generic system images (GSIs) are bootable even up to Android 14, though performance and battery life will suffer with it; earlier versions such as 10 and 11 should run with fewer issues.
There are also two sub-variants of the EPICv4, with internal and firmware differences that are subtle on the surface but are still enough that firmware for each other isn't cross-compatible. Firmware for the non-MIPI variant bear the EPIC4.user.1.x.xxxx.xxxxxxxxx build number, while those on the MIPI variant use EPIC4.user.2.x.xxxx.xxxxxxxxx builds. Apparently the display module and driver on the MIPI version is different compared to the non-MIPI units as round objects appear more elongated on the latter due to the display using non-square pixels to force a "16:9" ratio, similar to countless discount Android tablets.
Gallery[edit | edit source]
-
The LeapPad in action.
-
Internals
-
Yup, GSIs should now work on this one, though a dedicated custom ROM would be ideal due to some software issues
-
AltoBeam ATBM6011 wireless LAN module
-
Short those two pins beside the eMMC chip to boot into MASKROM mode.
Misc. notes[edit | edit source]
- Apparently, certain North American SKUs of the Epic especially those made after March 2017, come with a product activation scheme designed to deter shoplifting, i.e. black-market reselling of stolen goods. Upon purchase of the Epic (or any other tablet with such a scheme), users are prompted to enter a code given by the seller, or retrieving an activation code off this site. One hacker claimed to be offering a workaround for this issue, and this may be defeated through other means, but for legal reasons I may not come up with a workaround for this unless a user with an affected Epic has enough evidence that their Epic is legitimately purchased. As of 2024 the Get Your Code site is no longer functional, so it may be fair game to activate affected tablets through unconventional means (assuming they weren't shoplifted, that is).
- Also, those on build 1.7.18 (KOT49H.user.1.7.18.20170327.110821) may experience streaming video issues with sites such as YouTube, LeapSearch, Netflix or Vimeo regardless of client. They video may play for a moment, but will eventually glitch out and/or outright stop with an error. No fix has been made by LeapFrog yet as of December 2024, much to the dismay of irate parents who took to Facebook and expressed their dismay over VTech/LeapFrog's handling of the bug. A workaround would be to flash the signed Academy Edition 1.1.95 ROM using SP Flash Tool.