Related
Now that the bootloader is unlocked, everyone is asking "WTF do I do now?". Well, here's a bit of help to get you started. I'm assuming you already have adb and fastboot setup and working -- if not, quit reading and get that taken care of. Also, I only run Linux...so I'll try to be transparent and only list the fastboot commands.
I assume that you're not a complete moron and can Google what you don't understand.
Don't use the stock\SDK fastboot binary for flashing /system.
An updated fastboot binary for Lin\Win\Mac can be found here on the Batakang FTP from our local, neighborhood Mattlgroff.
Linux -- Rename the file to moto-fastboot and add it to a directory in your $PATH -- Ubuntu\Debian users can just add it to ~/bin (enabled by default)
Windows -- Rename the file to moto-fastboot and put it somewhere handy...that's on you to decide.
ROOT\ADMINISTRATOR INFO
On Linux, you might have to run as root in order to run some of the fastboot commands. If your system uses sudo for root commands, typing "sudo -i" will bring up an interactive sudo shell so you don't have to type sudo over and over again. If your system uses su for root, well, you already know the command.
On Windows, you have to enable Administrator Privileges to be able to run some of the fastboot commands.
Linux Terminal Hints
~/ means your home directory -- example -- "gedit ~/Documents/file.txt" would open file.txt in gedit easier than /home/yourusername/Documents/file.txt
You can add a * to file names and directories to not type as much -- example -- "gedit ~/Doc*/file.txt" is the same as the command above, only shortened. If two files have similar names, like Documents and Downloads, then you have to type the name up until the firs different character then add *.
Use the command "../" to go up\back one directory. The command is stackable so "../../" would go back 2 directories and so forth and so on.
Use "cd" to change directories. Is an example really needed for this...
Proper Apps to Use
For zip file editing, use 7-zip on Windows and Archive Manager (file-roller) on Linux
For editing text files on Windows use Notepad++ or any text editor that has unix line breaks -- do not use default Notepad or Wordpad -- you've been warned. Use what ever you prefer on Linux. I prefer Gedit myself.
Basic Fastboot Command Syntax
fastboot flash "partition" "image" -- flashes partition image where partition is where to write to and image is the path to the image being written.
example -- fastboot flash system /path/to/system.img
fastboot -w -- does a factory reset; to expedite things, "-w" can be added to "fastboot flash system system.img -w"
fastboot continue -- continue with the boot process
fastboot devices -- list devices fastboot recoginzes
fastboot -s "device model number" -- set the device fastboot will write commands to; use "fastboot devices" to find model number
fastboot reboot bootloader -- reboot phone into fastboot mode (or restart fastboot mode while in fastboot); same as "adb reboot bootloader"
fastboot help -- list all of this & more
Command Info
Not all the fastboot commands work for us. Specifically, the "erase" commands. If a wipe command doesn't work, skip it. I'll mark them with a ! at the end if it might fail.
Install CWM Recovery by Epinter
Read Epinter's RAZR HD CWM Thread
Download the recovery image
On stock rom, navigate to /system/etc and rename install-recovery.sh to install-recovery.sh.bak
Reboot into fastboot -- use "adb reboot bootloader" from Terminal\Command Prompt
Wipe the existing recovery -- "fastboot erase recovery" !
Flash the recovery with "fastboot flash recovery cwmrecovery6028-xt925_20130219-epinter.img"
That's it, CWM is installed.
Install Stock Fastboots JB
Download the respective fastboot zip you want to use
Extract the zip
Open a terminal to the extracted zips directory
Reboot into fastboot
Type the following commands in this order
fastboot flash boot boot.img
fastboot flash devtree device_tree.bin
fastboot erase system -w !
fastboot flash system system.img
fastboot -w
fastboot erase cache !
fastboot reboot
Install Stock Fastboots ICS
Download the respective fastboot zip you want to use
Extract the zip
Open a terminal to the extracted zips directory
Reboot into fastboot
Type the following commands in this order
fastboot flash boot boot.img
fastboot flash devtree device_tree.bin
fastboot erase system -w !
fastboot flash system system.img.ext4
fastboot erase cache !
fastboot -w
fastboot reboot
Install Alternate Radio
Reboot into fastboot
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
NON-HLOS.bin is found inside a fastboot zip.
Easy Kernel Install
Download kernel-flash.zip in the attachments[/URL]
Open the zip
Replace the zips current boot.img and device_tree.bin from the fastboot of your choice
Install the zip with CWM
By default, kernel-flash.zip comes with Mex Retail kernel and devtree
Easy CWM Install
Download recovery-flash.zip in the attachments[/URL]
Install the zip with CWM
Not sure if its SS compatible, but it is CWM compatible (for the lazy Photon Q users).
Obtain root after installing a Stock Firmware
There are two choices for obtaining root after a stock flash. the closed source SuperSu by Chainfire & and the open source Superuser by Koush.
Download SuperSu zip from Chainfire (Closed Source)
Download Superuser from Koush (Open Source)
Download the one of the root zips above.
Reboot into CWM/TWRP -- adb reboot recovery
Locate and flash the zip (see below for an alternative way)
Reboot, that's it. Nice not having to run exploits\hacks\Linux just for root
Install Rom/Zip file with ADB + CWM
CWM has the awesome ability to install zip files without having to manually copy them to the phone first. All's necessary is a PC with working adb.
Reboot into recovery
Select "install zip from sideload"
On PC, type "adb sideload /path/to/zip" and press enter
The zip will now be copied to the phone's cache & install
Once installed, do any requirements you'd normally do like wipe caches, etc
I have done this numerous times and it still will not boot into recovery. I have read and followed epinter, yours, official cwm, and other various Google found instructions (none of them functionally different) and still the same result. It recognizes the phone, writes, completes, then if I reboot and select recovery it goes to the android with the open chest cover with the exclamation point....
Any ideas how I could be screwing this up?
Sent from my MB886 using Tapatalk 2
miketravis said:
I have done this numerous times and it still will not boot into recovery. I have read and followed epinter, yours, official cwm, and other various Google found instructions (none of them functionally different) and still the same result. It recognizes the phone, writes, completes, then if I reboot and select recovery it goes to the android with the open chest cover with the exclamation point....
Any ideas how I could be screwing this up?
Sent from my MB886 using Tapatalk 2
Click to expand...
Click to collapse
Unless you're not rooted with an unlocked BL, there's really no reason why it shouldn't work?
Sent from my N4'd Atrix HD
I was rooted before unlocking... shouldn't it still be rooted?
Sent from my MB886 using Tapatalk 2
miketravis said:
I have done this numerous times and it still will not boot into recovery. I have read and followed epinter, yours, official cwm, and other various Google found instructions (none of them functionally different) and still the same result. It recognizes the phone, writes, completes, then if I reboot and select recovery it goes to the android with the open chest cover with the exclamation point....
Any ideas how I could be screwing this up?
Sent from my MB886 using Tapatalk 2
Click to expand...
Click to collapse
Did you uninstall safestrap?
Yep. Should I reinstall it and try again?
Sent from my MB886 using Tapatalk 2
---------- Post added at 01:40 PM ---------- Previous post was at 01:30 PM ----------
reinstalled safestrap and tried again, success!!
Not sure why that made a difference but I got it so thank you very much.
miketravis said:
Yep. Should I reinstall it and try again?
Sent from my MB886 using Tapatalk 2
---------- Post added at 01:40 PM ---------- Previous post was at 01:30 PM ----------
reinstalled safestrap and tried again, success!!
Not sure why that made a difference but I got it so thank you very much.
Click to expand...
Click to collapse
Still did not work for me
Did you install recovery inside safestrap? Then fastboot cwm?
Sent from my MB886 using Tapatalk 2
miketravis said:
Did you install recovery inside safestrap? Then fastboot cwm?
Sent from my MB886 using Tapatalk 2
Click to expand...
Click to collapse
Yes, I did. After fastboot, I followed the OP instructions to uninstalling the SS recovery and SS app. Boot into recovery and got the open android.
tvd0405 said:
Yes, I did. After fastboot, I followed the OP instructions to uninstalling the SS recovery and SS app. Boot into recovery and got the open android.
Click to expand...
Click to collapse
same here.
I have the same problem. I was able to flash cwm, uninstall the SS recovery, and uninstall the app. The first time I got the dead android symbol. I restored SS via Titanium Backup, reinstalled the SS recovery, and flashed cwm again. I tried rebooting into recovery and was able to get cwm working. As soon I uninstalled SS and rebooted, I got another dead android.
probably because were all on the XT926 if we were to revert back to XT925 then the recovery should work otherwise we will have to tweak the recovery to get it to work properly witht the XT926 software awesome thing is we can now free up the space that SS used for a rom slot however for noobs you might wana stick with SS once you hardbrick without anything to go back too it will be game over for your phone and then you have to con ATT for another
i got it.....
i was on ICS 404 bootloader unlcoked and rooted
how the hek you go on bootloader menu (power vol.down???????)
right now im accessing evything with boot widget from play market....
everything works i backed up my stock rom.....
can i try a jellybean rom????? and go back to ICS as many times i want???? from cwm recovery???
thanx
htchd2fix said:
i got it.....
i was on ICS 404 bootloader unlcoked and rooted
how the hek you go on bootloader menu (power vol.down???????)
right now im accessing evything with boot widget from play market....
everything works i backed up my stock rom.....
can i try a jellybean rom????? and go back to ICS as many times i want???? from cwm recovery???
thanx
Click to expand...
Click to collapse
From Phone Off, Hold Power and Both Volumes.
If the phone is on, do the above and when the screen goes black, press them all again...I've been doing that for an hour now
I installed MR via fastboot and just now got it booting. I made the mistake of using the SDK fastboot to flash /system.
skeevy420 said:
From Phone Off, Hold Power and Both Volumes.
If the phone is on, do the above and when the screen goes black, press them all again...I've been doing that for an hour now
I installed MR via fastboot and just now got it booting. I made the mistake of using the SDK fastboot to flash /system.
Click to expand...
Click to collapse
What's MR?
yes it works.....thanx
i was used to powr vol.down with atrix4g
ok..now can i install any rom and if dont like it go back to may backup????
still a little scared.....
i mean i wont loose root right?
Markyzz said:
What's MR?
Click to expand...
Click to collapse
Mexican Retail
Install instructions in OP
htchd2fix said:
yes it works.....thanx
i was used to powr vol.down with atrix4g
ok..now can i install any rom and if dont like it go back to may backup????
still a little scared.....
i mean i wont loose root right?
Click to expand...
Click to collapse
You won't lose root
And with an unlocked bootloader, all you gotta do is flash an updater zip with the su binary and app for Stock roms that don't have root
I'll link to a root zip in the op once I find one (or just make it; depends on how quick I find it in a search)
thanx again..
ahahahha...what a beautifullll day....
skeevy420 said:
Mexican Retail
Install instructions in OP
Click to expand...
Click to collapse
is there a point to flash a different firmware? is it required by any means?
I had SS and was backed up, I booted up the "stock ROM" and was successful in unlocking the BL and flashing CWM. I made a new backup of the stock ROM and restored it with success in CWM. In the video it show he has MR , but im confused as to why.
Also, I cant seem to get rid of safestrap....how in the hell do you uninstall it???
I was searching the internet for ways on how to retrieve logo.bin for our device. I've tried using the adb shell to retrieve the logo.bin but there seems to be no "logo" file exisiting on /dev/. I've also tried "Readback" from SPFT but it says that the Start address and length are not aligned. Is there any other way for me to retrieve the logo.bin from my device? I'm just a newbie TIA
GigaByte568 said:
I was searching the internet for ways on how to retrieve logo.bin for our device. I've tried using the adb shell to retrieve the logo.bin but there seems to be no "logo" file exisiting on /dev/. I've also tried "Readback" from SPFT but it says that the Start address and length are not aligned. Is there any other way for me to retrieve the logo.bin from my device? I'm just a newbie TIA
Click to expand...
Click to collapse
Goto to fastboot mode and type this command in adb
fastboot flash logo logo.bin
Important- copy logo.bin in the root of adb folder where all the files of adb .
Rajaks said:
Goto to fastboot mode and type this command in adb
fastboot flash logo logo.bin
Important- copy logo.bin in the root of adb folder where all the files of adb .
Click to expand...
Click to collapse
I believe what op wants to know is how he can get the logo.bin from his device.
/dev/block/platform/mtk-msdc.0/by-name/logo
Run this command as root through adb shell, or terminal emulator
Code:
cd /dev/block/platform/mtk-msdc.0/by-name
dd if=logo of=/sdcard/logo.bin
You'll get a fastboot flashable logo.bin on the root of your sdcard
You can get the logo file in the SP flash Tools firmware of your device.
why would you need it
Here's the link for logo zip flashable
https://drive.google.com/file/d/0B5wsXNzlO7M1U09aZmRhTGE4aUU/view?usp=docslist_api
thanks you are right my phone boot loop
yogeshrockzzz said:
Plz tell me its a stock micromax logo
---------- Post added at 12:15 PM ---------- Previous post was at 11:19 AM ----------
plz do not done with twrp recovery boot loop problem
do with stock recovery for custom logo
Click to expand...
Click to collapse
thanks you are right
yogeshrockzzz said:
Plz tell me its a stock micromax logo
---------- Post added at 12:15 PM ---------- Previous post was at 11:19 AM ----------
plz do not done with twrp recovery boot loop problem
do with stock recovery for custom logo
Click to expand...
Click to collapse
It's official stock logo
I couldn't find any guide for rooting the V40, so I thought I'd write down the steps I took to root my new EUR V40 - LMV405EBW. Maybe it will help others. Sorry if this is somewhat confusing, I didn't have time to make a polished version. It's basically made from my notes during the process with the commands copied from bash history.
-First, unlock the bootloader following LG's instructions here: https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
There's no TWRP for the V40 and the one made for G7 doesn't work. I don't have the time and knowledge to even attempt to compile TWRP for the V40, so I proceeded with just patching an original boot image with Magisk.
You can get the patched boot images that I used from here:
Oreo 10e: boot_a_magisk_patched_10e.img
Oreo 20f: boot_a_magisk_patched_10f.img
Pie 20a: boot_a_magisk_patched_20a.img
Pie 20b: boot_a_magisk_patched_20b.img
Pie 20f: boot_a_magisk_patched_20f.img
Pie 20g: boot_a_magisk_patched_20g.img
Q 30b: boot_a_magisk_patched_30b.img (this requires flashing to the active boot partition).
Q 30c: boot_a_magisk_patched_30c.img (this requires flashing to the active boot partition)
Q 30d: boot_a_magisk_patched_30d.image (this may or may not work with "fastboot boot" and could require flashing to the active boot partition. I haven't tested if live boot still works. I just did fastboot flash boot_x img_file).
You can try to boot it with with fastboot if you have a LNV405EBW and skip the KDZ extraction part.
Installing Magisk:
Flashing this image isn't necessary, just straight boot should be sufficient and safe.
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
Code:
adb reboot bootloader
fastboot boot boot_a_magisk_patched_10e.img
After the phone boots the OS with the external boot image, open Magisk Manager and tap on Install. Select the option to Direct install to the active slot. I played it safe and decided to NOT flash also on the inactive slot. I've left it alone so I can use it in case of need of recovery.
You'll probably notice that you don't have a connection to the carrier. Just ignore it, it will back once the phone is booted normally.
Reboot and you will have permanent root until you switch the A/B slots.
In case my patched boot image doesn't work, you can just make your own.
Tools needed:
Magisk Manager 7.0.0 installed on the phone
LG Bridge installed on a Windows machine.
a Linux machine or VM (I used the latest ubuntu desktop), python3 with the zstandard module installed and kdztools from steadfasterX's repo. Maybe kdztools would work on Windows too, I haven't tried it.
adb, fastboot
You need to procure an original ROM file for your phone model. It can be downloaded easily with LG Bridge. Just connect the phone to a Windows PC, start LG bridge, go to the Software update tab and click on Update error recovery. Wait for the download to start and disconnect the phone. Ignore LG Bridge complains about not being able to flash after the downloading stage is completed. Don't click anything in Bridge and before closing it go to C:\Users\<your_username>\AppData\Local\LG Electronics\LG Bridge\SWUpgrade and copy your KDZ somewhere else. Preferably send it to the Linux VM to the LG work folder, it'll be needed there.
On Linux open a terminal:
Code:
cd ~/Documents
mkdir LG
cd LG
git clone https://github.com/steadfasterX/kdztools.git
cd kdztools
nano undz.py -c
For kdztools to be able to extract the V40 images, I needed to edit undz.py and comment the lines 88-90. So, this block should all be commented or undz will fail to extract the boot partitions.
Code:
#if len(dz_item['pad']) != 0:
# print("[!] Error: pad is not empty", file=sys.stderr)
# sys.exit(1)
To extract, with the KDZ copied to ~/Documents/LG/
Code:
cd ~/Documents/LG/kdztools
./unkdz.py -f ../V405EBW10e_00_OPEN_EU_DS_OP_0109.kdz -x
cd kdzextracted/
List the partitions contents and look for the IDs of boot_a and/or boot_b. In my case they were 44 for boot_a and 63 for boot_b
Code:
../undz.py -f V40510e_00.dz -l
Extract boot_a or boot_b or both, they're identical:
Code:
../undz.py -f V40510e_00.dz -s 44
../undz.py -f V40510e_00.dz -s 63
You can find the extracted boot images in the dzextracted subfolder. Get boot_a.image or boot_b.image or both from there and send them to the phone in a location accessible by Magisk Manager. The Download folder should do fine.
Open Magisk Manager and tap Install, select Patch Boot Image file and patch the image file(s) you extracted. Get the patched_boot.img that Magisk Manager saves in the Download folder and send it to a PC where you have adb and fastboot.
Go to the beginning of the post to the Installing Magisk section.
Damned tempting, but I'll wait until after Pie drops.
Sent from my LM-V405 using Tapatalk
Glad to see this, hopefully it's a start for all of us.
If anything, at least a way to unlock the bootloader via legitimate channels! Gonna be generating that string, next chance I get, to be ready.
Sent from my LM-V405 using Tapatalk
Once runningnak3d gets a hold of this, we should be good with the v40. Cool beans.
Hey do the unlock codes online work for $ 12-15 on sprint? I used to flash phones back in the day and got a great deal on a bad IMEI sprint lg v40, but so far I can see there isn’t a way yet. On top off all that I m in Europe and don’t want to get the error message that I m out of the Region. I would have to go to USA just to unlock the phone.
@runningnak3d
Can't I install the firmware on a different device?
V version can not unlock BL, so envious
Getting a boot image like that works but I find it stupid to not upload it so that the others don't have to do it. Besides only one model can be bl unlocked so there won't be any model mismatch (except firmware versions but keeping up with them is not that hard)
LameMonster82 said:
Getting a boot image like that works but I find it stupid to not upload it so that the others don't have to do it. Besides only one model can be bl unlocked so there won't be any model mismatch (except firmware versions but keeping up with them is not that hard)
Click to expand...
Click to collapse
Or I could find you stupid for not noticing the patched image is in my first post.
DLS123 said:
I find you stupid for not noticing the patched images are in my first post.
Click to expand...
Click to collapse
I recommend labeling the boot images with their firmware since future firmwares won't be able to run the same boot image but other than that I'm really sorry.
LameMonster82 said:
I recommend labeling the boot images with their firmware since future firmwares won't be able to run the same boot image but other than that I'm really sorry.
Click to expand...
Click to collapse
I mentioned in the description 1 line below the link that it's for 10e. There was no other update in a long time. I don't think there can be any confusion for now. I can edit and label the file when there's will be another fw update.
It looks like unlocking the bootloader breaks Widevine L1 on the V40 and downgrades is to L3. No more HD or UHD Netflix.
I couldn't find any other solution than to re-lock the bootloader to restore L1.
This doesn't happen on the V30.
@DLS123
Thank you for all!
I ask you for more details; i'm stuck at flashing first image in adb; it returns an error; have LMV405EBW with 10f. unlocked bootloader of course
Thx again for your support!
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
DLS123 said:
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
Click to expand...
Click to collapse
Thx for answer; i not have too much experience in working with Magisk;
i just folowed your steps:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
when i run fastboot comand for flash, is runing, but is returning "an error at line x"
i suppose is something wrong in this instructions.
daphix said:
Thx for answer; i not have too much experience in working with Magisk;
i just folowed your steps:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
when i run fastboot comand for flash, is runing, but is returning "an error at line x"
Anyway; understand now what to do;
Steps are below:
- first install magisk manager
- download magisk zip from magisk site or from magisk manager himself on phone
- download patched_boot_a.img to phone from our good contributor
- use magisk manager and select inslall image of patched_boot_a.img from phone
- magisk manager will generate a magisk patched image
- transfer this magisk patched image (not patched_boot_a.img) to pc in ADB folder
- flash with Adb this magisk patched image from pc to phone.
Thx to our friend!
---------- Post added at 09:53 AM ---------- Previous post was at 09:21 AM ----------
DLS123 said:
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
Click to expand...
Click to collapse
Hi;
using Magisk mamanger and your file was generated a file: magisk_patched.img
pls support; trying to flash that image from PC with adb not work:
fastboot flash partition_a magisk_patched.img
Click to expand...
Click to collapse
@daphix
Whatver you're trying to do, is nowhere in the procedure I used. If you already booted with my boot image why are you making another boot image with Magisk and why are you trying to flash that? I never wrote anything of the sort.
if you booted with my patched image you already have temporary root and can use Magisk Manager to Direct install Magisk itself.
DLS123 said:
@daphix
Whatver you're trying to do, is nowhere in the procedure I used. If you already booted with my boot image why are you making another boot image with Magisk and why are you trying to flash that? I never wrote anything of the sort.
if you booted with my patched image you already have temporary root and can use Magisk Manager to Direct install Magisk itself.
Click to expand...
Click to collapse
Hi , thank you for reply;
I tried many combinations of your commands;
maybe due that am noob, but succesion below simply is not working:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
Prerequisites :
Running Stock OOS
Unlocked Bootloader
Fastboot
Disclaimer : I am not responsible for any damage to your device.
Click to expand...
Click to collapse
Download : [ALL VARIANTS]
OOS Patched Boot Images (Credits : @Bradl79 for maintaining the folder)
9.5.4 Boot Images :
OOS 9.5.4 Patched [EU Version/1913]
OOS 9.5.4 Patched [Global | Indian Version /1917 | 1911]
Want To Maintain Root On New OTAs?:
#171
Patched Boot Image Not Available For Your Model Yet? :
#6
Instructions :
Download the patched boot image
Install the latest version of Magisk Manager
Reboot the phone in fastboot mode
Use the following command via command prompt :
Code:
fastboot flash boot boot_patched.img
fastboot reboot
The phone will reboot into system, this may take some time be patient
Open Magisk & Install it again[Direct Install]
You've got a rooted OnePlus 7 Pro.
Credits :
gururoop (Stock Firmware)
b1czu (Instructions)
Regards,
acervenky
Included the stock as well as patched image.
Link to repository : Github
Regards,
acervenky
Reserved 2
Am Trying To Port OnePlus 6T TWRP Recovery. Just Got My Hands On The Stock Recovery. Will Update If It Works
acervenky said:
It seems that the size difference is vast, so I would request one of you to download the stock boot.img from the repository, patch it and rechceck the file size.
You can try the patched boot.img and inform whether it works, for any issues/help PM me.
Link to repository : Github
Regards,
acervenky
Click to expand...
Click to collapse
I am upgrading the firmware to 9.5.3 right now. As soon as it finishes, I would try and report back
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
You can also patch the boot.img yourself.
Here is how:
.) Download latest Stock OOS
.) Extract boot.img using payload.bin dumper (needs python)
.) Install Magisk Manager on your device
.) Copy boot.img to your device
.) Patch boot.img using Magisk Manager
.) Copy patched boot.img to your pc, reboot your phone to fastmode and use 'fastboot boot patched_boot.img' to boot from patches bootimage.
.) Run Magisk Manager, choose direct install
-> Voila, you have a rooted OP7pro.
Kingmohdarif said:
Am Trying To Port OnePlus 6T TWRP Recovery. Just Got My Hands On The Stock Recovery. Will Update If It Works
Click to expand...
Click to collapse
zanderzone said:
I am upgrading the firmware to 9.5.3 right now. As soon as it finishes, I would try and report back
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
Click to expand...
Click to collapse
Please post the screenshots if you guys have successfully rooted, will update the OP accordingly
GoodSoul said:
You can also patch the boot.img yourself.
Here is how:
.) Download latest Stock OOS
.) Extract boot.img using payload.bin extractor (needs python)
.) Install Magisk Manager on your device
.) Copy boot.img to your device
.) Patch boot.img using Magisk Manager
.) Copy patched boot.img to your pc, reboot your phone to fastmode and use 'fastboot boot patched_boot.img' to boot from patches bootimage.
.) Run Magisk Manager, choose direct install
-> Voila, you have a rooted OP7pro.
Click to expand...
Click to collapse
Yes if you're on another version of OOS, this method works
Regards,
acervenky
acervenky said:
Download: OOS 9.5.3 Patched
Click to expand...
Click to collapse
Your patched boot.img is about 56mb in size while my extracted boot.img is 100mb in size. There might be something wrong with your boot.img ...
zanderzone said:
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
Click to expand...
Click to collapse
Did it work?
GoodSoul said:
Your patched boot.img is about 56mb in size while my extracted boot.img is 100mb in size. There might be something wrong with your boot.img ...
Did it work?
Click to expand...
Click to collapse
That extra 44mb is most likely empty space, which patching with Magisk removes like on other devices.
bmg1001 said:
That extra 44mb is most likely empty space, which patching with Magisk removes like on other devices.
Click to expand...
Click to collapse
You might be right since after 56% of the file everything is just blank.
GoodSoul said:
You might be right since after 56% of the file everything is just blank.
Click to expand...
Click to collapse
Same thing happens on the Essential Phone. Extracting the image with dd gives you a ~60mb boot image but Magisk brings it down to 23mb.
bmg1001 said:
Same thing happens on the Essential Phone. Extracting the image with dd gives you a ~60mb boot image but Magisk brings it down to 23mb.
Click to expand...
Click to collapse
Well then the patched image should work without any problems, and others who want to root with TWRP there's an unofficial version out as well
Regards,
acervenky
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
For me this has worked
1. Install Magisk Manager
2.. Reboot device to bootloader
3.. open cmd at the location of the extracted patched_boot.img
4.. In cmd type
Code:
fastboot flash boot_a patched_boot.img
5.. In cmd type
Code:
fastboot flash boot_b patched_boot.img
6.. In cmd type
Code:
fastboot reboot
7.. Open Magisk Manager, it will prompt you with additional files are needed to complete Magisk install, go ahead and download the files.
8. After a few seconds, install will be complete and you will be rooted!
b0uNz said:
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
For me this has worked
1. Install Magisk Manager
2.. Reboot device to bootloader
3.. open cmd at the location of the extracted patched_boot.img
4.. In cmd type
Code:
fastboot flash boot_a patched_boot.img
5.. In cmd type
Code:
fastboot flash boot_b patched_boot.img
6.. In cmd type
Code:
fastboot reboot
7.. Open Magisk Manager, it will prompt you with additional files are needed to complete Magisk install, go ahead and download the files.
8. After a few seconds, install will be complete and you will be rooted!
Click to expand...
Click to collapse
Hey man
Thanks for this, your commands worked but unfortunately I messed up my phone. Kinda new to rooting. Just realized I was on 9.5.4 on a GM1913. The patched boot image on here for 9.5.3 broke my wifi and the settings app completely unstable, it crashes constantly.
Not sure if the problem was that I used the boot image for 9.5.3 on 9.5.4 or because the patched boot image on here was intendend for other versions of the OP7P and not the European GM1913.
Does anyone have a flashable zip for the GM1913? Alternatively a stock or patched boot image intended for 9.5.4 GM1913? Any help would be much appreciated, still no OP7 here https://www.oneplus.com/support/softwareupgrade so I am stuck with a non working phone
b0uNz said:
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
Click to expand...
Click to collapse
What error did you got when you tried that command? Did you oem unlock first and enabled usb debugging?
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Titokhan said:
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Click to expand...
Click to collapse
Yep, that's the same error I got initially. Do you have any idea as to what went wrong with my phone?
I am wondering if I messed up because I flashed the patched boot.img for 9.5.3 while being on 9.5.4, or if it's because it was for the wrong version, I have a GM1913.
Are boot images unique for each model, like GM1913, GM1917 etc?
Titokhan said:
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Click to expand...
Click to collapse
Thanks for reporting, I'll update the OP accordingly.
Regards,
acervenky
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
mingo_mgx said:
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
Click to expand...
Click to collapse
Hey man, thank you! :good::good: You might have just saved my day. Quick question before I flash it though, is this for the GM1913 or GM1917?
---------- Post added at 10:12 PM ---------- Previous post was at 10:03 PM ----------
mingo_mgx said:
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
Click to expand...
Click to collapse
Never mind, I couldn't wait so I tried it and my phone is fixed! I am rooted and wifi and the settings are working again. Thank you so much.
@acervenky, could you add the 9.5.4 boot image to the OP? Just to avoid any other noobs like myself messing up their brand new phone like I did with the wrong boot image..
Also does anyone know if boot images are specific to different models? Are they different on GM1913, 1915, 1917 etc? Would be good to mention that in the OP too if so.
This guide is only for the Fire TV 2 2015 (not stick) codenamed "sloane" with mt8173.
This will flash correct partitions and TWRP into it.
This WILL NOT clean RPMB neither will unlock the device.
I am not responsable of any physical damage in your device, YOU choose to make this modifications.
NOTE: Full unlock has been released, please refer to this thread: https://forum.xda-developers.com/t/unlock-root-twrp-unbrick-firetv-2-sloane.4222331/
NOTE: You will need to open the device so be prepared
NOTE: This will flash 5.6.2.8 images meaning RPMB will be updated.
MATERIAL NEEDED:
Linux based system.
USB A-A Cable.
Something conductive (paperclip, tweezers, etc).
Something to open the device.
- Install python3, PySerial, adb, fastboot:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot
- Uninstall/disable modemmanager:
Code:
sudo apt remove modemmanager
PROCEDURE:
0. Open up the device. You can use a pick or a kinfe or any special tool to open it up.
1. Locate DAT0 in the attatched image. You will need to flip the motherboard.
2. Download amonet-mt8173-sloane from downloads and unpack it.
3. Open the unpacked folder of amonet, open a terminal inside it and type:
Code:
sudo ./bootrom-step.sh
4. Wait until you see something like:
Code:
[2019-02-07 14:35:59.478924] Waiting for bootrom
5. Once that message shows up, connect the A-A cable but not the power supply. After that, prepare the short and at same time you short DAT0 with GND, plug in the power supply to the wall.
6. The script will ask you to remove the short. When this happens, stop shorting DAT0 and then press enter.
7. Wait until it finishes.
8. The device should now reboot into TWRP. Please, consider now flashing a prerooted ROM or LineageOS 12.1 for get full TWRP.
NOTES:
In lsusb boot-rom shows up as:
Code:
Bus 001 Device 009: ID 0e8d:0003 MediaTek Inc. MT6227 phone
If you see:
Code:
Bus 001 Device 013: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
means you're in preloader mode. Try shorting again.
If somehow you have a corrupt gpt (shouldn't happen), just run:
Code:
sudo ./gpt-fix.sh
If TWRP freezes, DON'T UNPLUG THE THE POWER SUPPLY, instead, open an adb shell session and type the following command to restart TWRP:
Code:
killall recovery
Please, your bootloader is still LOCKED. If you flash custom kernels/unsigned boots (i.e: Magisk Manager, etc) the bootloader will refuse to load the boot image and you will be not able to boot in TWRP anymore unless you re-unbrick the device.
THANKS:
- @CFKod for his patience and for test the script
- @retyre & @k4y0z for the initial port to mt8173
- @xyz` for his original exploit for the HD8 2018.
- @Sus_i for locate DAT0, DAT1 and DAT2.
- @rbox for TWRP/Boot menu.
DOWNLOAD:
amonet-sloane-v1.3.zip (Or attachments)
Source Code: https://github.com/R0rt1z2/amonet/tree/mt8173-sloane
Brick no more!!
thank you for your patience and knowledge.
My brick was because I wiped system.
I've added another photo, I simply shorted against the metal hole circled in the picture. This is so useful, it not only unbricks, it allows for downgrade of preloader
Meaning I was then able to resolve my lack of system with @rbox unbrick image.
Also it's so much quicker than flashing via mediatek inject. Wooooo
Rortiz2 said:
8. Now your device should start booting back to FireOS. Mount it and enjoy your unbricked TV.
Click to expand...
Click to collapse
Looks good. :good:
I suppose if step 8 (reboot to system) fails for someone, i.e. something in /system is messed up, the old unbrick solution from @rbox comes handy, in order to flash a system?
Don't know, don't own that box, but maybe it's possible to add a 'flash TWRP to recovery partition' to your unbrick solution? As last point, instead of boot system, boot to recovery... Then users could flash the latest prerooted rom from @rbox, and skip the old unbrick solution? Just a thought... as I said, I don't know details about that box.
Edit: probably flash TWRP won't work, since the bootloader isn't unlocked?
Sus_i said:
Looks good. :good:
I suppose if step 8 (reboot to system) fails for someone, i.e. something in /system is messed up, the old unbrick solution from @rbox comes handy, in order to flash a system?
Don't know, don't own that box, but maybe it's possible to add a 'flash TWRP to recovery partition' to your unbrick solution? As last point, instead of boot system, boot to recovery... Then users could flash the latest prerooted rom from @rbox, and skip the old unbrick solution? Just a thought... as I said, I don't know details about that box.
Click to expand...
Click to collapse
Sure. I can use MISC flags for boot to recovery.
But the question is: Does the twrp can be loaded with newest preloader?
Also if my memory is OK, I remember it's a ramdisk
Cheers.
Rortiz2 said:
Sure. I can use MISC flags for boot to recovery.
But the question is: Does the twrp can be loaded with newest preloader?
Also if my memory is OK, I remember it's a ramdisk
Cheers.
Click to expand...
Click to collapse
If I remember right, @k4y0z said that the recovery is flashed out of the boot.img at first boot... and if the TWRP solution is a ramdisk like on the first fireTV, then flashing a TWRP image to the recovery partition will probably not work. Don't know.
Sus_i said:
If I remember right, @k4y0z said that the recovery is flashed out of the boot.img at first boot... and if the TWRP solution is a ramdisk like on the first fireTV, then flashing a TWRP image to the recovery partition will probably not work. Don't know.
Click to expand...
Click to collapse
Correct. TWRP is actually a ramdisk.cpio.
rbox flashes it using his 2ndinit script which needs to be runned with "su".
This script, simply put SeLinux in permissive mode and boots TWRP at every boot:
https://github.com/androidrbox/firetv-2ndinit/blob/master/jni/2ndinit.c
As you said, flashing the ramdisk directly into /recovery partition will not work since in needs to be signed.
Cheers.
Rortiz2 said:
Correct. TWRP is actually a ramdisk.cpio.
rbox flashes it using his 2ndinit script which needs to be runned with "su".
This script, simply put SeLinux in permissive mode and boots TWRP at every boot:
https://github.com/androidrbox/firetv-2ndinit/blob/master/jni/2ndinit.c
As you said, flashing the ramdisk directly into /recovery partition will not work since in needs to be signed.
Cheers.
Click to expand...
Click to collapse
Ok. I know that from the 1gen stick/box.
Maybe there is a way to (push and) boot that recovery ramdisk as last step with your script, in order to have the option for flashing the latest prerooted?
Don't know... If you could manage that somehow, you can add the [ROOT] tag into the thread headline
@rbox, what do you think?
Sus_i said:
Ok. I know that from the 1gen stick/box.
Maybe there is a way to (push and) boot that recovery ramdisk as last step with your script, in order to have the option for flashing the latest prerooted?
Don't know... If you could manage that somehow, you can add the [ROOT] tag into the thread headline
@rbox, what do you think?
Click to expand...
Click to collapse
Yeah it will be pretty nice.
If we can't, we can downgrade preloader, run unbrick image via Preloader and then run a second part of the script that restores correct preloader.
Idk, just for throw ideas.
I added source code in the second post for rbox.
Cheers.
Rortiz2 said:
This guide is only for the Fire TV Stick 2 codenamed "sloane" with mt8173.
Click to expand...
Click to collapse
Sloane it's Fire TV 2 Gen, not Stick
Kramar111 said:
Sloane it's Fire TV 2 Gen, not Stick
Click to expand...
Click to collapse
Thanks
@Sus_i I think I have an idea
https://forum.xda-developers.com/fire-tv/orig-development/firetv-2-recovery-installer-t3309785
That installer will help us since it talks with the preloader.
Well, I've a added an argv in the main.py that allows you to downgrade the preloader in order to be able to use rbox tools.
After the downgrade, the scripts reboots the TV and immediatelly it starts with the .sh by rbox that injects the necessary files into the /system/partition.
This is what should do the (let's say step-1.sh). When it finishes, the idea is that the user can run bootrom-step.sh to restore new preloader (shorting again obv) and allow the device to boot with the injected TWRP
What do you think?
Best regards!
Rortiz2 said:
@Sus_i I think I have an idea
https://forum.xda-developers.com/fire-tv/orig-development/firetv-2-recovery-installer-t3309785
That installer will help us since it talks with the preloader.
Well, I've a added an argv in the main.py that allows you to downgrade the preloader in order to be able to use rbox tools.
After the downgrade, the scripts reboots the TV and immediatelly it starts with the .sh by rbox that injects the necessary files into the /system/partition.
Click to expand...
Click to collapse
Yeah, sounds good, if the system is in good condition it should work fine.
If system is somewhat corrupt, maybe by an interrupted or failed update or so, I don't know if it will work.
Maybe we think to complex. I assume the amonet script can flash all partitions!? Why not flash a whole new system with that.
Since the prerooted rom is in sparse image format and the updater script does all the rooting stuff after flashing, we can't use that.
But maybe it's possible to write a dd image of a allready rooted /system partition with the amonet script.
Just an idea, don't know if that will work.
Sus_i said:
Yeah, sounds good, if the system is in good condition it should work fine.
If system is somewhat corrupt, maybe by an interrupted or failed update or so, I don't know if it will work.
Maybe we think to complex. I assume the amonet script can flash all partitions!? Why not flash a whole new system with that.
Since the prerooted rom is in sparse image format and the updater script does all the rooting stuff after flashing, we can't use that.
But maybe it's possible to write a dd image of a allready rooted /system partition with the amonet script.
Just an idea, don't know if that will work.
Click to expand...
Click to collapse
/system doesn't need to be ok. We need a working boot.img that loads the 2ndinit.
We can't flash a system with bootROM, it will take 1 day lol.
Take this commit as reference:
https://github.com/R0rt1z2/amonet/commit/339bb4ab2055507f2ed72ebea3861dbdfef67484
Rortiz2 said:
/system doesn't need to be ok. We need a working boot.img that loads the 2ndinit.
We can't flash a system with bootROM, it will take 1 day lol.
Take this commit as reference:
https://github.com/R0rt1z2/amonet/commit/339bb4ab2055507f2ed72ebea3861dbdfef67484
Click to expand...
Click to collapse
lol, as I said, don't know if that is possible with the amonet script
Yeah, if the boot.img will load 2ndinit, i.e. the recovery, that should do the trick fine :good:
Sus_i said:
lol, as I said, don't know if that is possible with the amonet script
Yeah, if the boot.img will load 2ndinit, i.e. the recovery, that should do the trick fine :good:
Click to expand...
Click to collapse
Let's see if we can try today.
Also it will require to copy the ramdisk recovery to an external usb or external sd.
Regards!
Rortiz2 said:
Let's see if we can try today.
Also it will require to copy the ramdisk recovery to an external usb or external sd.
Regards!
Click to expand...
Click to collapse
Yes, have seen it on github, but both is possible with the second gen FireTV box... only the usb port could be a problem, if usb debugging is enabled (but I don't know if debugging is aviable at this early stage?).
Sus_i said:
Yes, have seen it on github, but both is possible with the second gen FireTV box... only the usb port could be a problem, if usb debugging is enabled (but I don't know if debugging is aviable at this early stage?).
Click to expand...
Click to collapse
I don't think usb debugging is aviable at Preloader Stage
Basically would be this:
Format the sdcard/usb and copy the .cpio on it, then insert sdcard/usb into the TV.
Run first step:
Code:
sudo ./step-1.sh
It will downgrade preloader & inject 2ndinit.
After that, you disconnect the tv and run bootrom-step for restore working imgs:
Code:
sudo ./bootrom-step.sh
After that will reboot and since we have 2ndinit as pppd it will boot in TWRP.
From there you flash prerooted ROM and you're done
That's my idea but maybe doesn't work.
Cheers.
Rortiz2 said:
That's my idea but maybe doesn't work.
Cheers.
Click to expand...
Click to collapse
Sounds and looks good. :good:
I'm confident that it will work :fingers-crossed:
only sad thing is that I can't test it
Hey @Rortiz2, thanks for this! My sloane has been bricked for a few months after trying to root - this script ran & uploaded the boot.img to the device, but unfortunately it still won't boot (flashing with amazon logo).
I tried using your twrp test, but that results in terminal hanging at the below:
I was hoping I could get twrp running & then flash a pre-rooted image so that it clears whatever's wrong with the unit, but as above, I don't seem to be able to get it to boot
Any ideas?
Edit: welp, after cancelling the terminal command she now won't boot at all, lol... no signs of life but I'll keep this updated if I get can resurrect her.