Hi,
Normally I would post this question in a developer forum, but I don't have sufficient privileges to do that (I have less than 10 posts), so I'm posting here.
I'm new to Android kernels (and Linux in general) so please bear with me. I'm trying to build a kernel for the AT&T Samsung Note 3 (SM-N900A) on an Ubuntu 14.10 (Linux 3.16) 64 bit VM (VirtualBox on a Windows 7 system). The reason I'm trying to build the kernel is because I wrote a kernel module that I want to install on my rooted phone. Right now it's just a simple "hello world" kernel module to see if it works.
I installed the Android NDK (android-ndk-r10d) and am using the arm-linux-androideabi-4.9 toolchain. I prepended the toolchain path to my PATH variable and set CROSS_COMPILE=arm-linux-androideabi- and ARCH=arm in the Makefile. When I unpacked the toolchain, the symbolic links weren't right (they were unpacked as files, not symlinks) so I made symlinks to point to the proper compiler, assembler, linker and loader. It all seems to be working properly, and the toolchain's stuff is being used (i.e. arm-linux-androideabi-gcc, arm-linux-androideabi-as, arm-linux-androideabi-ld.gold, etc)
I'm using the following commands to build the kernel (according to the documentation supplied by Samsung):
$ make msm8974_sec_defconfig VARIANT_DEFCONFIG=msm8974_sec_hlteatt_defconfig SELINUX_DEFCONFIG=selinux_defconfig TIMA_DEFCONFIG=tima_defconfig
$ make
I'm getting a linker error:
LD init/mounts.o: fatal error: no input files
My understanding is that the input file to the linker is init/mounts.o and it doesn't exist. I looked in init, and mounts.o isn't there. I'm not sure when it's supposed to be generated or what it's used for.
Just for grins and giggles, I went into the Makefile and commented out the part that tries to link init/mounts.o and go this error:
LD init/built-in.o: fatal error: no input files
When I looked in init, built-in.o wasn't there. I don't know when this file is supposed to be generated (but after looking at the Makefile, it looks like it has something to do with vmlinux, with which I'm not familiar...I need to do some Googling).
I'd appreciate and advice or comments anyone has. If you need more details (like the expanded output, exact software version, etc), let me know and I'd be more than happy to supply it.
Thanks for your help,
csi.agent32
I'm not a developer but I've seen enough on the forums to know that it's not possible to flash custom kernels on a locked bootloader, so that may be the problem.
pre4speed said:
I'm not a developer but I've seen enough on the forums to know that it's not possible to flash custom kernels on a locked bootloader, so that may be the problem.
Click to expand...
Click to collapse
Thanks for the response, but I'm not trying to flash my device, I'm just trying to build the kernel. My bootloader isn't locked and my phone is rooted, so if I do decide to install the kernel (after I modify it), I shouldn't have a problem.
csi.agent32 said:
Thanks for the response, but I'm not trying to flash my device, I'm just trying to build the kernel. My bootloader isn't locked and my phone is rooted, so if I do decide to install the kernel (after I modify it), I shouldn't have a problem.
Click to expand...
Click to collapse
If you have at&t variant of note 3 your bootloader is lock. You can root but this dose not mean your bootloader is unlock. If you have lock bootloader you can't flash custom recovery exempt SS and you can't flash custom kernel.
Notes from Note 4
norbarb said:
If you have at&t variant of note 3 your bootloader is lock. You can root but this dose not mean your bootloader is unlock. If you have lock bootloader you can't flash custom recovery exempt SS and you can't flash custom kernel.
Notes from Note 4
Click to expand...
Click to collapse
Hi,
I'm not trying to flash my phone with a custom kernel, I'm just trying to build the kernel. I'm aware that AT&T Samsung phones come with a locked bootloader, but I unlocked my bootloader and I rooted my phone. But the problem I'm having has nothing to do with locked a bootloader. I'm not even at the point where I'm trying to flash my phone with a custom kernel...I'm just trying to build the kernel.
csi.agent32 said:
Hi,
I'm not trying to flash my phone with a custom kernel, I'm just trying to build the kernel. I'm aware that AT&T Samsung phones come with a locked bootloader, but I unlocked my bootloader and I rooted my phone. But the problem I'm having has nothing to do with locked a bootloader. I'm not even at the point where I'm trying to flash my phone with a custom kernel...I'm just trying to build the kernel.
Click to expand...
Click to collapse
Can you please share with all community how did you unlock bootloader on your phone ? Lot of developers trying to unlock bootloader since At&t Samsung galaxy S4 , so please share if you did and help some who do try those who trying to achieve this over 3 years on Samsung phones. . I don't believe you have UNLOCK bootloader on At&t samsung Note 3. Your custom kernel will be useless to any At&t samsung phone Galaxy S4 and newer.
Mod: can you please close this thread unless OP really find way to unlock bootloaders on At&t Samsung phones.
norbarb said:
Can you please share with all community how did you unlock bootloader on your phone ? Lot of developers trying to unlock bootloader since At&t Samsung galaxy S4 , so please share if you did and help some who do try those who trying to achieve this over 3 years on Samsung phones. . I don't believe you have UNLOCK bootloader on At&t samsung Note 3. Your custom kernel will be useless to any At&t samsung phone Galaxy S4 and newer.
Mod: can you please close this thread unless OP really find way to unlock bootloaders on At&t Samsung phones.
Click to expand...
Click to collapse
Why would it be closed? You're the one who's off-topic. OP has a valid question about kernel compilation. (P.S. OP if you have an unlocked bootloader on the AT&T model share it with us in a new thread)
benwaffle said:
Why would it be closed? You're the one who's off-topic. OP has a valid question about kernel compilation. (P.S. OP if you have an unlocked bootloader on the AT&T model share it with us in a new thread)
Click to expand...
Click to collapse
He have valid question, but threat is useless unless he really have way to unlock bootloader on At&t samsung phones like Note 3. What we can do with custom kernels for note 3 if we can't use them. This way is road to nowhere.
Notes from Note 4
@csi.agent32 I think you don't need a compiled kernel to compile a module
Related
Hey guys, I am fairly new to the android phones, (recently came from an iPhone) but I had heard so much about the freedoms with the Android os so I decided to switch.
I purchased the Sony Xperia T (LT30a) locked on the Bell mobility LTE network. I have really wanted to unlock the bootloader, so when I went in to check it said "Bootloader Unlock Allowed: NO". after some searching I read that it was my carrier preventing the bootloader from being unlocked, and that if I followed the following simple steps, it would change the message to :"Bootloader Unlock Allowed: YES". so here is what I did:
1. Flashed a Generic firmware to my phone (ICS it was a uk generic) which then changed my model number in "About phone" from LT30a to LT30p and removed all the bell branding.
2. Using an IMEI number, i was able to get an unlock code and unlocked the phones sim card to work on any network, and have tested and it does work.
the problem I am having is that even after doing this, the bootloader is still "locked" and can not be unlocked. I have taken a look at the methods for the test pin, but that involves removing the battery to view the motherboard, which sucks because this phone the battery is not removable. if anyone know a free or paid way to unlock the bootloader on the Xperia T LT30a or LT30p models, please let me know! thanks.
I dont know where you read that, but it is wrong and there is no way to change that message.
If it says no, then your bootloader can not be unlocked.
Its not Sony's fault, its not googles fault, its Bells fault for being a dev unfriendly provider.
Test point method will not work even if we could remove the battery, that loophole has been closed in 2012 devices.
gregbradley said:
I dont know where you read that, but it is wrong and there is no way to change that message.
If it says no, then your bootloader can not be unlocked.
Its not Sony's fault, its not googles fault, its Bells fault for being a dev unfriendly provider.
Test point method will not work even if we could remove the battery, that loophole has been closed in 2012 devices.
Click to expand...
Click to collapse
ok well thank you very much! I guess my next question is.. is there any way at all to install a custom ROM such as cyanogen mod 10 ? or if you know of any better ones while my bootloader is locked?
Robe8691 said:
ok well thank you very much! I guess my next question is.. is there any way at all to install a custom ROM such as cyanogen mod 10 ? or if you know of any better ones while my bootloader is locked?
Click to expand...
Click to collapse
You can only install stock based custom roms because you wony be able to flash a custom kernel with a locked bootloader. Therefore there is no hope for cyanogenmod, AOKP or MUIU
There are several in the Dev section to choose from, ranging from early ICS firmwares to the latest JB firmware.
I dont recommend Roms (Even my own) as choosing a rom should be a personal thing, but the I am currently on Timin8rs rooted and deodexed JB rom which you can flash.
You will need to root your phone in order to flash a recovery, then flash the .zip for the rom using that recovery.
Find all instructions for doing that in the All in one thread. Its the first thread in the Q&A section.
good luck and if you need extra help after reading up on what you need to do then ask. But remember to read up first!
gregbradley said:
You can only install stock based custom roms because you wony be able to flash a custom kernel with a locked bootloader. Therefore there is no hope for cyanogenmod, AOKP or MUIU
There are several in the Dev section to choose from, ranging from early ICS firmwares to the latest JB firmware.
I dont recommend Roms (Even my own) as choosing a rom should be a personal thing, but the I am currently on Timin8rs rooted and deodexed JB rom which you can flash.
You will need to root your phone in order to flash a recovery, then flash the .zip for the rom using that recovery.
Find all instructions for doing that in the All in one thread. Its the first thread in the Q&A section.
good luck and if you need extra help after reading up on what you need to do then ask. But remember to read up first!
Click to expand...
Click to collapse
thank you very much! hopefully sometime in the near future they come out with a way to fix this problem, and believe me, I do not blame sony at all for this
Sorry for the double post! But I just wanted to say, that if anyone needs help testing different roms and/or ways of unlocking a locked bootloader, I do have a sim unlocked xperia T and just wanted to throw this out, but if sony does not "perma lock" the bootloader, and if it is infact the carrier, then would this not prove that it is sonething in the firmware? I spoke with my sister who is a manager for a bell store here, acording to her, Bell is not authorized to open, or attempt to fix this phone, it is simply sent to sony for repairs.. Just makes me wonder because if Bell can not open the phone, then they must have used some sort of software.. I have always thought of software as "semi-permenant" that it can be reversed , and that its only a matter of figuring out how to reverse it?
Sent from my LT30p using xda app-developers app
Hello community, recently I did the procedure to get the lollipop version in my S4 active i537 keeping root, but after many searches I can't find how to upgrade to marshmallow or nougat version and I wondering why.
I think it have to be because at this moment doesn't exist any way to intall a custom recovery as TWRP or CWM, if this is true, why nobody found the way to unlock the bootloader yet? in order to manage the custom recovery.
And why is so difficult to unlock it?
Which are the differences between this s4 version with the others? And how can I help to unlock the bootloader, thanks in advance.
I'm going to try to answer your questions one at a time:
m44nu33l said:
Hello community, recently I did the procedure to get the lollipop version in my S4 active i537 keeping root, but after many searches I can't find how to upgrade to marshmallow or nougat version and I wondering why.
Click to expand...
Click to collapse
There is not and never will be marshmallow or nougat for the i537. This is because it is outside the "2-year" update cycle of Samsung/AT&T. If you look at other phones from Samsung and AT&T, there are very rarely updates to phones 2 years after the initial release of the phone. There's not really a good reason for this other than Samsung and AT&T want you to buy a new phone to get the latest updates. In the past you would need to get a new phone in order to have new hardware that is able to run the latest version of Android. But we're now at a point that nearly any phone released in the last 2-3 years can run nougat with minor lag. Manufacturers and carriers are holding on to the 2-year upgrade cycle and forcing you to buy new phones in order to get updates.
m44nu33l said:
I think it have to be because at this moment doesn't exist any way to intall a custom recovery as TWRP or CWM, if this is true, why nobody found the way to unlock the bootloader yet? in order to manage the custom recovery.
Click to expand...
Click to collapse
The i537 has a locked bootloader while the i9295 does not have a locked bootloader. Nobody has figured out how to unlock the bootloader on any variant of the S4.
m44nu33l said:
And why is so difficult to unlock it?
Click to expand...
Click to collapse
It's a very long read, but this thread explains exactly why it is so hard to unlock the bootloader. (http://forum.xda-developers.com/showthread.php?t=2500826)
m44nu33l said:
Which are the differences between this s4 version with the others?
Click to expand...
Click to collapse
As I stated above the only difference between the two versions of the Samsung Galaxy S4 Active (i537 vs i9295) is that the i537 has a locked bootloader and the i9295 does not. The i537 was sold exclusively through AT&T (US), Telcel (Mexico), and Claro (Uruguay), while the i9295 was sold internationally. Neither device will get official versions of marshmallow or nougat, but since the i9295 has an unlocked bootloader you can flash marshmallow and soon nougat custom ROMs. Other than the bootloader, the i537 and i9295 have identical hardware.
m44nu33l said:
And how can I help to unlock the bootloader, thanks in advance.
Click to expand...
Click to collapse
Honestly, unless you have a deep understanding of kernels, Linux, and cryptology, I'm not sure there's much help you can provide. The link I provided above explains all the effort that has been put into unlocking the bootloader. If you truly want to help I would read through that thread and see if there's anything meaningful you can provide.
Finally, if you don't ever want to have this problem again, always do your research and but a phone that has an unlockable bootloader. I purchased the i537 when it first came out only to find that the bootloader was locked and because of that I will never buy another phone with a locked bootloader again. Good luck.
Devo7v said:
I'm going to try to answer your questions one at a time:
There is not and never will be marshmallow or nougat for the i537. This is because it is outside the "2-year" update cycle of Samsung/AT&T. If you look at other phones from Samsung and AT&T, there are very rarely updates to phones 2 years after the initial release of the phone. There's not really a good reason for this other than Samsung and AT&T want you to buy a new phone to get the latest updates. In the past you would need to get a new phone in order to have new hardware that is able to run the latest version of Android. But we're now at a point that nearly any phone released in the last 2-3 years can run nougat with minor lag. Manufacturers and carriers are holding on to the 2-year upgrade cycle and forcing you to buy new phones in order to get updates.
The i537 has a locked bootloader while the i9295 does not have a locked bootloader. Nobody has figured out how to unlock the bootloader on any variant of the S4.
It's a very long read, but this thread explains exactly why it is so hard to unlock the bootloader. (http://forum.xda-developers.com/showthread.php?t=2500826)
As I stated above the only difference between the two versions of the Samsung Galaxy S4 Active (i537 vs i9295) is that the i537 has a locked bootloader and the i9295 does not. The i537 was sold exclusively through AT&T (US), Telcel (Mexico), and Claro (Uruguay), while the i9295 was sold internationally. Neither device will get official versions of marshmallow or nougat, but since the i9295 has an unlocked bootloader you can flash marshmallow and soon nougat custom ROMs. Other than the bootloader, the i537 and i9295 have identical hardware.
Honestly, unless you have a deep understanding of kernels, Linux, and cryptology, I'm not sure there's much help you can provide. The link I provided above explains all the effort that has been put into unlocking the bootloader. If you truly want to help I would read through that thread and see if there's anything meaningful you can provide.
Finally, if you don't ever want to have this problem again, always do your research and but a phone that has an unlockable bootloader. I purchased the i537 when it first came out only to find that the bootloader was locked and because of that I will never buy another phone with a locked bootloader again. Good luck.
Click to expand...
Click to collapse
Thanks for the explanation, what I will do is change my S4 for the international version in order to get the nougat custom rom.
m44nu33l said:
Thanks for the explanation, what I will do is change my S4 for the international version in order to get the nougat custom rom.
Click to expand...
Click to collapse
well my questions has really been answered , i guess we are never going to get an update , best option is to get a new phone
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
_ibis said:
I looked into using SamDunk for unlocking the bootloader for my AT&T galaxy s5 but noticed that the code posted on the git was Verizon-specific (in that the bits it writes over in the cid of the phone is verizon-specific). This makes it to where running the code does not unlock the bootloader on a AT&T galaxy s5.
I wrote some python code parsing my original cid and the cid resulting from the current exploit code and noticed that the only difference pertained to the product's serial number (bits 47-16 of the cid). Even then, only certain bits within the product serial number are different. I suspect that some bits within product serial pertain to carrier, and some bits pertain to the bootloader, but I could be wrong.
My hunch is that if I can figure out which bits from the original cid's product serial number correspond to developer bootloader access then I may be able to modify the SamDunk code to allow for unlocking AT&T bootloaders. Or provide some method of calculating a dev bootloader cid from an original.
Has anyone else looked into this, and is this worth pursuing?
edit: looking further through SamDunk code. It appears that there is a dev signature associated with the cid (?) that gets written to aboot. Not sure if this is different between phones... If so then experimenting with only the cid may be futile.
product serial numbers are different for the first 12 bits then bits 25-32. I could post a link to my git if anyone is interested in experimenting with their cids
Click to expand...
Click to collapse
I wouldn't mind taking a look.
NavSad said:
I wouldn't mind taking a look.
Click to expand...
Click to collapse
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
_ibis said:
Thanks man, I appreciate all the help I can get.
I read further into the Verizon S5 bootloader unlock thread and it appears that only changing the cid may not work. If I remember correctly (looked at it yesterday) the cid is hashed/compared to the aboot somehow to determine whether its a developer edition or not. If we could get a regular cid/aboot and compare it to the verizon regular cid/aboot, then cross compare to the verizon dev edition cid/aboot then we may have a shot at possibly re-creating a at&t dev edition cid/aboot
Click to expand...
Click to collapse
If the bootloader uses SHA1 it may be easier.
Meanwhile us CID 11s over here just watching you guys from the distance..lol
AptLogic said:
Meanwhile us CID 11s over here just watching you guys from the distance..lol
Click to expand...
Click to collapse
I'm CID 11 too.
NavSad said:
I'm CID 11 too.
Click to expand...
Click to collapse
Oh okay lol.. really wish we could unlock all of the S5 bootloaders instead of just CID 15... what if we try doing like MultiROM with the "no-hardboot" thing like they do on HTC devices? We wouldn't need to patch the Kernel so we'd be able to flash other ROMs.
I know we have Odin mode instead of fastboot and we can not do the "OEM Unlock" in the Developer Options as it does not show up in there. I found this thread (https://www.xda-developers.com/how-to-discover-hidden-fastboot-commands/) on how to discover hidden fastboot commands.
So I followed the instructions there to extract the aboot.img (bootloader) and then "read" the contents of that to see what fastboot commands are available. To my surprise, it has "oem unlock" listed and a few other oem options, see attached image. Although, back to the beginning of my post, we can not fastboot in.
I would assume we could unlock the bootloader via fastboot commands if we only had a way in for it. I am not that experienced with Odin but I think that is only to flash images. I spent most of this weekend searching for any way to alternately try to fastboot in or use Odin but came up with nothing feasible. I used ADB to reboot the phone into all modes and tried doing "fastboot devices" in all modes but it just came back with nothing.
I just wanted to post this in the case of being useful in our attempt to unlock the bootloader.
What do you mean by a way in ?
There is no way, that I know of, to put the s5 in fastboot mode. I was thinking that if there is a way to boot to fastboot, or at least have the phone listed as a fastboot device in ADB, we could possibly run the oem unlock command.
Ok that's what I thought u had meant .... I used to have a few HTC devices I believe was the my touch 4g I'm thinking about ...Anyway some of the roms I had to use ADB and fastboot to flash a kernal sometimes ADB wouldn't pick up device to communicate with fastboot someone had found that by installing PDA.net (I think this was name of app for Windows) it enabled ADB to see the device at any rate .... I no it's a long shot but something to look into if your bored sometime lol I'm not sure why or how it worked or if wouldn't help us at all but I no for a fact it worked on a HTC device so felt was worth mentioning
I'll have a look at that when I get a chance. Anything is worth mentioning as you never know what little piece completes the puzzle!
sorry guys, been out of it for the last two weeks. Projects got crazy but should be able to begin working on this again soon.
I'm fairly certain Thier is still a bounty on this .... I no I pledged 100 bux to whoever unlocks my bootloader and saves me from having to buy a new phone lol but been waiting damn near 4 years not gonna start holding my breath now lol
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Guicrith said:
Towelroot gives kernel memory access, downgrade, use kexec.
This is the easiest way and only one that is guaranteed to work since all exploits have already been made.
Click to expand...
Click to collapse
If, of course, we could get kexec to WORK. Any modification of the Kernel breaks the chain of trust and the phone goes into a bootloop.
We dont need to modify the kernel, TowelRoot would write kexec from a file(/system/userlandbootloader.img) into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being modified is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Guicrith said:
We dont need to modify the kernel, TowelRoot would write kexec from a file into the kernel after boot, then the kernel would boot a new kernel from /system/oskernel.img (which is writable on rooted 4.4-5.0)
The only kernel being mdifyed is the one running in ram and that is deleted and replaced every reboot so trust chain is never broken.
Click to expand...
Click to collapse
But for everything to work correctly we need to be able to hardboot to the new kernel, so we need to patch the existing one to support it.
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Guicrith said:
Why?
If you have kernel access you can just set all values to there boot time default.(unless there is hardware locked values like the gameboy color bootloader)
Clear the mmu mappings.
memset((void*)0x00000000, 0x00, sizeof(systemram));
Now it is in a pre boot state.
If that does not work triggering a crash that does not reload the kernel from rom but hardboots the system may work too.
Click to expand...
Click to collapse
If we can code this and get consistent successful results we'd basically have a workaround for most locked BL devices to boot a custom ROM.
Of course the only theoretical hurdle left would be to actually code something like this.
I have been searching the forums for about 2 weeks new and haven't found any clear answers. I have the Prime variant XT1775. All i want to be able to do is remove the ads. It seems based on my searches that rooting is not an option at this point, but i do see that TWRP may be an option. Is it possible to just install the ROM from the stock version without the ads? If it is, can any post a link to the ROM and thread with instructions please? Any information is greatly appreciated even if it cannot be done.
just download any qualcomm version of moto e4 plus and install
RJMason said:
I have been searching the forums for about 2 weeks new and haven't found any clear answers. I have the Prime variant XT1775. All i want to be able to do is remove the ads. It seems based on my searches that rooting is not an option at this point, but i do see that TWRP may be an option. Is it possible to just install the ROM from the stock version without the ads? If it is, can any post a link to the ROM and thread with instructions please? Any information is greatly appreciated even if it cannot be done.
Click to expand...
Click to collapse
If you an unlock the bootloader and install twrp, you can remove most bloatwear, and root. If not, the only way is to disable it with adb/fastboot. I think someone described how to do this in the E4 Perry forums. I can make an Amazon version stock flashable ROM and debloated oem, but if you can't unlock the bootloader, they won't be of any use.
ROGGGER3G said:
just download any qualcomm version of moto e4 plus and install
Click to expand...
Click to collapse
That is not a good idea. Have you tried this, and know it works? The firmwares are device specific. Sprint variants firmware are all the same and compatible with other Sprint models I believe, but may not work so good on the Amazon variant. They all have differences mainly in the oem.img. It is always best to flash only the correct firmware for your model/carrier.
GetOffMyLawn&!+ยข#{$ said:
If you an unlock the bootloader and install twrp, you can remove most bloatwear, and root. If not, the only way is to disable it with adb/fastboot. I think someone described how to do this in the E4 Perry forums. I can make an Amazon version stock flashable ROM and debloated oem, but if you can't unlock the bootloader, they won't be of any use.
That is not a good idea. Have you tried this, and know it works? The firmwares are device specific. Sprint variants firmware are all the same and compatible with other Sprint models I believe, but may not work so good on the Amazon variant. They all have differences mainly in the oem.img. It is always best to flash only the correct firmware for your model/carrier.
Click to expand...
Click to collapse
Thanks for the info the thread below actually sounds like a custom version of TWRP and root is possible.
https://forum.xda-developers.com/moto-e4-plus/development/twrp-twrp-moto-e4-plus-qualcomm-t3697154
The Amazon variant does not seems to be carrier specific and is unlocked. Will just have to try it out and hopefully not brick it. I will be using on T-Mobile. Will report back with the results.
You're using words interchangeably that should not be used and create confusion. The phone is carrier unlocked yes: meaning you can use any service for phone, att, T-Mobile, Verizon, Sprint, boost, etc etc. The add version with Amazon offers however is not bootloader unlocked, meaning you can NOT throw on a custom recovery (twrp) and then flash whatever ROM is appropriate. It's also NOT rootable, meaning: it doesn't give access to the higher most level of the OS so that can attempt to root and other things. While you don't need root to attempt to see if you can flash a recovery, you do need an unlocked bootloader to successfully flash one.
Amazon has been extremely successful in locking down the Amazon version of most phones to where you Cannot do anything other than use them unfortunately. Some have been successful at blocking adds but that's about it. There are rare instances of exploits to get you places but the key word is rare. As for this phone, I just started searching to see what I can do so I have no answers for you.
Background: I am writing this short guide for people like me that want all the info about the T-Mobile 6T unlock capabilities. None of this is my work. I wanted to have a central thread where T-Mobile users can discuss the T-Mobile specifics of this device.
When you purchase a T-Mobile branded OP 6T the device will be SIM and Bootloader locked. Many great people here on XDA found ways around the SIM and bootloader lock. I am simply compiling it all here in one simple thread to be a resource for us T-Mobile users. In this guide you will be directed to the proper resources to SIM and bootloader unlock your T-Mobile 6T and return to T-Mobile software fully unlocked. It doesnt matter if your device is paid off or not. You are bypassing the 40 day wait for a paid off device to SIM unlock!
This is a high level overview for someone that wants quick info and links. All of the info is on XDA but scattered in various threads. I found bits and pieces here and there in those threads so I decided to make a dedicated T-Mobile thread for any T-Mobile user that needs help with the complete process in one simple thread.
So here goes...
Step 1: Convert device to international ROM and unlock the bootloader. Thanks to @AnonymousTipster for this thread! Follow the steps here: T-Mobile 6T to International Conversion (WITHOUT unlocked bootloader/SIM unlock!) NOTE: You MUST use version 9.0.11 to unlock the bootloader (If you flash a newer version make sure you use the patched exe files). After converting to the International version (and going through the set up process) go to Developer options and select OEM Unlocking and turn it on. Now reboot to bootloader and issue the command "fastboot oem unlock" to unlock the bootloader. You are now on the international ROM with your bootloader unlocked.
Step 2: Root and Recovery: Thanks to @mauronofrio for this thread! Now you can root and install recovery on your device following the steps here: [RECOVERY][3.3.0-2][fajita]Official/Unofficial TWRP recovery for OnePlus 6T (Stable).
Step 3: Unlock the SIM . Thanks to @nika_bego for this thread. Follow the steps here: Guide SIM UNLOCK T-MOBILE version all type of IMEI supported.
---NOTE: At this point you can call it quits and keep device as is which is now both bootloader and SIM unlocked on the international firmware (I recommend updating to the latest beta's) or you can continue on with the guide to return to T-Mobile firmware while maintaining SIM unlock (which will lead to boot loader unlock)...
Step 4: Convert back to T-Mobile Device: Thanks to @Dark Nightmare for this thread. Now use the MSM Tool to revert back to the original T-Mobile firmware from here: [TOOL] T-Mobile OnePlus 6T MSMDownloadTool [Firmware 9.0 v1 & v2] This will RE-LOCK your bootloader but not the SIM. You only need to do this if you want to keep the T-Mobile firmware for the updated RCS app, etc. Once the bootloader is re-locked it will take 7 days to get the unlock token shown in the next step. There will be a few security updates once you flash the original firmware back. I would update before unlocking bootloader.
Step 5: Legit Unlock Bootloader Thank OnePlus for this NOTE: Take all OTA's before unlocking. Once unlocked you will no longer receive OTA Updates. You are now on T-Mobile firmware and SIM unlocked. You can proceed to unlock the bootloader the legit way now. Simply follow the steps here: How to unlock bootloader for OnePlus 6T (T-Mobile edition). NOTE: It does take an entire 7 days for the unlock token.
Thats it, your done! You are now fully unlocked and running t-Mobile version of the software (or moved on to other ROMS all together). You can now have root on the latest T-Mobile ROM or stick with a custom ROM.
Feel free to discuss all things T-Mobile in this thread.
Big thanks to the following people for posting all original work: @AnonymousTipster, @mauronofrio, @nika_bego, @Dark Nightmare
Reserved
@Scott You still on the stock kernel after unlocking everything or have you flashed a custom kernel on it?
the.emilio said:
@Scott You still on the stock kernel after unlocking everything or have you flashed a custom kernel on it?
Click to expand...
Click to collapse
Im running stock kernel.
Scott said:
Im running stock kernel.
Click to expand...
Click to collapse
Cool beans. From a technical standpoint flashing a custom kernel would still be possible right?
the.emilio said:
Cool beans. From a technical standpoint flashing a custom kernel would still be possible right?
Click to expand...
Click to collapse
100%
I just choose to run stock because I want to keep the device as close to stock as possible. I am pretty happy with this phone the way it is out the box. The only reason I rooted was to install AdAway.
the.emilio said:
Cool beans. From a technical standpoint flashing a custom kernel would still be possible right?
Click to expand...
Click to collapse
Custom kernels can be great and all. But the stock ones are still very well optimized overall and this phone is constantly giving me 7-8 hours SOT with both custom kernels and stock. Sure, there's the argument of debloating and lightening. But I think stock provides a decent enough experience that doesn't lose out on much important stuff
Nice work but step 2 isn't required. After giving the fastboot OEM unclock command, let it wipe as normal, then before letting it reboor, force it back to bootloader mode by holding vol up, down, and power till it reboots, then just hold power and volume down and it enters bootloader aka fastboot mode. Then give fastboot erase modemst1 and then fastboot erase modemst2. Then reboot. It is also worth mentioning msm 9.0.12 can be used now as long as u run it with the factory patched exe file from the intl conversion thread that was posted with 9.0.11.. Gets you all up to date, a bit faster. Take anonymous tipsters patched exe and copy to msm 12 directory. FYI,.every kernel and ROM for both the intl op6 and op6t work for our phone. Identical. Pixel experience by markash and treskmod actually run better on the phone than stock oos, with about 9-10 hrs sot. .. one plus dropped the ball on ram MGMT, especially with 8gbs of ram and them not utilizing it. Lastly if u stay on TMO firmware, I have a giant list of hacks I'll put together for the strictly stock users. Build prop edits that should be included to begin with.
Scott said:
Background: I am writing this short guide for people like me that want all the info about the T-Mobile 6T unlock capabilities. When you purchase a T-Mobile branded OP 6T the device will be SIM and Bootloader locked. Many great people here on XDA found ways around the SIM and bootloader lock. I am simply compiling it all here in one simple thread to be a resouce for others looking to do the conversion to an unlocked device.
In this guide you will be directed to the proper resources to SIM and bootloader unlock your T-Mobile 6T and return to T-Mobile software fully unlocked. It doesnt matter if your device is paid off or not. You are bypassing the 40 day wait for a paid off device to sim unlock.
This is a high level overview for someone that wants quick info and links. All of the info is on XDA but scattered in various threads.
Step 1: Convert device to international ROM and unlock the bootloader. Follow the steps here: T-Mobile 6T to International Conversion (WITHOUT unlocked bootloader/SIM unlock!)
Step 2: You will need to root your device with Magisk using TWRP. Follow the steps here: [RECOVERY][3.3.0-2][fajita]Official/Unofficial TWRP recovery for OnePlus 6T (Stable)
Step 3: Unlock the SIM by erasing modemst1 and modemst2. Follow the steps here: Guide SIM UNLOCK T-MOBILE version all type of IMEI supported
Step 4: At this point you can call it quits and keep device as is. Or... You can MSM Tool back to the T-Mobile firmware from here: [TOOL] T-Mobile OnePlus 6T MSMDownloadTool [Firmware 9.0 v1 & v2] This will RE-LOCK your bootloader but not the SIM.
Step 5: You are now on T-Mobile firmware and SIM unlocked. You can proceed to unlock the bootloader the legit way now. Simply follow the steps here: How to unlock bootloader for OnePlus 6T (T-Mobile edition)
. NOTE: It does take an entire 7 days for the unlock token.
Thats it, your done! You are now fully unlocked and running t-Mobile version of the software. You can now have root on the latest T-Mobile ROM with RCS capabilities.
Feel free to discuss all things T-Mobile in this thread.
Click to expand...
Click to collapse
Thanks for posting this! Definitely easier to have all info in one place ??
fullofhell said:
Lastly if u stay on TMO firmware, I have a giant list of hacks I'll put together for the strictly stock users. Build prop edits that should be included to begin with.
Click to expand...
Click to collapse
Step two isnt required unless that is all you plan on doing is rooting. This guide just tries to link to the others guides. Just a high level overview.
Also, great idea. Great idea on creating a list of hacks. Definitely post a link to the thread when you create one.
Just followed this. Windows 8 was being a PITA for adb and fastboot so I upgraded it to Windows 10. BUT.. once I fixed the quirks with my laptop these steps went smoothly with no hiccups. Just gotta wait the 7 days now so I can use the Swift themer and make it look the way I like. Let's see how well this works completely stock for a week. When I first got this phone I immediately switched to international so I've never been able to experience the TMO firmware.
Thanks again for sharing this!
the.emilio said:
Just followed this. Windows 8 was being a PITA for adb and fastboot so I upgraded it to Windows 10. BUT.. once I fixed the quirks with my laptop these steps went smoothly with no hiccups. Just gotta wait the 7 days now so I can use the Swift themer and make it look the way I like. Let's see how well this works completely stock for a week. When I first got this phone I immediately switched to international so I've never been able to experience the TMO firmware.
Thanks again for sharing this![/QU
Emilio are you speak Spanish ??? I need some help
Click to expand...
Click to collapse
eapo15 said:
Emilio are you speak Spanish ??? I need some help
Click to expand...
Click to collapse
What is the problem?
eapo15 said:
the.emilio said:
Just followed this. Windows 8 was being a PITA for adb and fastboot so I upgraded it to Windows 10. BUT.. once I fixed the quirks with my laptop these steps went smoothly with no hiccups. Just gotta wait the 7 days now so I can use the Swift themer and make it look the way I like. Let's see how well this works completely stock for a week. When I first got this phone I immediately switched to international so I've never been able to experience the TMO firmware.
Thanks again for sharing this![/QU
Emilio are you speak Spanish ??? I need some help
Click to expand...
Click to collapse
En realidad no, pero tengo Google Translate jaja
Click to expand...
Click to collapse
Maybe I'm seeing things.....so even though T-Mobile devices are locked (mainly because you're still paying for the device) you can still get root on the device?
Sent from my ONEPLUS A6013 using Tapatalk
JodyBreeze901 said:
Maybe I'm seeing things.....so even though T-Mobile devices are locked (mainly because you're still paying for the device) you can still get root on the device?
Click to expand...
Click to collapse
U have been able to do that, u can just bypass having to convince customer care to sim unlock it which gives you access to oem unlock which then allows u to flash twrp/ magisk and thus root...this is possible by unlocking the bootloader.
In overview..
Can sim unlock
Can unlock bootloader
Or just flash patched msm and bypass all of this
Can have dual SIM capability
Can run any software op6, op6t intl.
Can get unlock bin to legitimately and fully unlock device without needing TMobile to unlock anything.
JodyBreeze901 said:
Maybe I'm seeing things.....so even though T-Mobile devices are locked (mainly because you're still paying for the device) you can still get root on the device?
Sent from my ONEPLUS A6013 using Tapatalk
Click to expand...
Click to collapse
Yep, just follow the links in the guide and you can unlock a fully locked device and root it.
Oh yeah..... I've been away for way too long.
Sent from my ONEPLUS A6013 using Tapatalk
JodyBreeze901 said:
Oh yeah..... I've been away for way too long.
Sent from my ONEPLUS A6013 using Tapatalk
Click to expand...
Click to collapse
Thats why I made this guide for T-Mo users. Not enough T-Mo users know you can unlock and root with the methods listed in this thread and other threads linked to.
Thanks for this guide. Just dropped my OP6 in my pool and need to get another phone asap. Was going to go to a TMO store tomorrow to get the 6T. If I pay for the phone in full and then follow steps 1-4 (I want root) and to leave it unlocked, will it be the same firmware/state as if I purchased from OnePlus directly?
Update: TMO is saying I need to have the phone for 60 before I can unlock it. Is that correct?
Thanks!!!