Related
I couldn't find any guide for rooting the V40, so I thought I'd write down the steps I took to root my new EUR V40 - LMV405EBW. Maybe it will help others. Sorry if this is somewhat confusing, I didn't have time to make a polished version. It's basically made from my notes during the process with the commands copied from bash history.
-First, unlock the bootloader following LG's instructions here: https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
There's no TWRP for the V40 and the one made for G7 doesn't work. I don't have the time and knowledge to even attempt to compile TWRP for the V40, so I proceeded with just patching an original boot image with Magisk.
You can get the patched boot images that I used from here:
Oreo 10e: boot_a_magisk_patched_10e.img
Oreo 20f: boot_a_magisk_patched_10f.img
Pie 20a: boot_a_magisk_patched_20a.img
Pie 20b: boot_a_magisk_patched_20b.img
Pie 20f: boot_a_magisk_patched_20f.img
Pie 20g: boot_a_magisk_patched_20g.img
Q 30b: boot_a_magisk_patched_30b.img (this requires flashing to the active boot partition).
Q 30c: boot_a_magisk_patched_30c.img (this requires flashing to the active boot partition)
Q 30d: boot_a_magisk_patched_30d.image (this may or may not work with "fastboot boot" and could require flashing to the active boot partition. I haven't tested if live boot still works. I just did fastboot flash boot_x img_file).
You can try to boot it with with fastboot if you have a LNV405EBW and skip the KDZ extraction part.
Installing Magisk:
Flashing this image isn't necessary, just straight boot should be sufficient and safe.
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
Code:
adb reboot bootloader
fastboot boot boot_a_magisk_patched_10e.img
After the phone boots the OS with the external boot image, open Magisk Manager and tap on Install. Select the option to Direct install to the active slot. I played it safe and decided to NOT flash also on the inactive slot. I've left it alone so I can use it in case of need of recovery.
You'll probably notice that you don't have a connection to the carrier. Just ignore it, it will back once the phone is booted normally.
Reboot and you will have permanent root until you switch the A/B slots.
In case my patched boot image doesn't work, you can just make your own.
Tools needed:
Magisk Manager 7.0.0 installed on the phone
LG Bridge installed on a Windows machine.
a Linux machine or VM (I used the latest ubuntu desktop), python3 with the zstandard module installed and kdztools from steadfasterX's repo. Maybe kdztools would work on Windows too, I haven't tried it.
adb, fastboot
You need to procure an original ROM file for your phone model. It can be downloaded easily with LG Bridge. Just connect the phone to a Windows PC, start LG bridge, go to the Software update tab and click on Update error recovery. Wait for the download to start and disconnect the phone. Ignore LG Bridge complains about not being able to flash after the downloading stage is completed. Don't click anything in Bridge and before closing it go to C:\Users\<your_username>\AppData\Local\LG Electronics\LG Bridge\SWUpgrade and copy your KDZ somewhere else. Preferably send it to the Linux VM to the LG work folder, it'll be needed there.
On Linux open a terminal:
Code:
cd ~/Documents
mkdir LG
cd LG
git clone https://github.com/steadfasterX/kdztools.git
cd kdztools
nano undz.py -c
For kdztools to be able to extract the V40 images, I needed to edit undz.py and comment the lines 88-90. So, this block should all be commented or undz will fail to extract the boot partitions.
Code:
#if len(dz_item['pad']) != 0:
# print("[!] Error: pad is not empty", file=sys.stderr)
# sys.exit(1)
To extract, with the KDZ copied to ~/Documents/LG/
Code:
cd ~/Documents/LG/kdztools
./unkdz.py -f ../V405EBW10e_00_OPEN_EU_DS_OP_0109.kdz -x
cd kdzextracted/
List the partitions contents and look for the IDs of boot_a and/or boot_b. In my case they were 44 for boot_a and 63 for boot_b
Code:
../undz.py -f V40510e_00.dz -l
Extract boot_a or boot_b or both, they're identical:
Code:
../undz.py -f V40510e_00.dz -s 44
../undz.py -f V40510e_00.dz -s 63
You can find the extracted boot images in the dzextracted subfolder. Get boot_a.image or boot_b.image or both from there and send them to the phone in a location accessible by Magisk Manager. The Download folder should do fine.
Open Magisk Manager and tap Install, select Patch Boot Image file and patch the image file(s) you extracted. Get the patched_boot.img that Magisk Manager saves in the Download folder and send it to a PC where you have adb and fastboot.
Go to the beginning of the post to the Installing Magisk section.
Damned tempting, but I'll wait until after Pie drops.
Sent from my LM-V405 using Tapatalk
Glad to see this, hopefully it's a start for all of us.
If anything, at least a way to unlock the bootloader via legitimate channels! Gonna be generating that string, next chance I get, to be ready.
Sent from my LM-V405 using Tapatalk
Once runningnak3d gets a hold of this, we should be good with the v40. Cool beans.
Hey do the unlock codes online work for $ 12-15 on sprint? I used to flash phones back in the day and got a great deal on a bad IMEI sprint lg v40, but so far I can see there isn’t a way yet. On top off all that I m in Europe and don’t want to get the error message that I m out of the Region. I would have to go to USA just to unlock the phone.
@runningnak3d
Can't I install the firmware on a different device?
V version can not unlock BL, so envious
Getting a boot image like that works but I find it stupid to not upload it so that the others don't have to do it. Besides only one model can be bl unlocked so there won't be any model mismatch (except firmware versions but keeping up with them is not that hard)
LameMonster82 said:
Getting a boot image like that works but I find it stupid to not upload it so that the others don't have to do it. Besides only one model can be bl unlocked so there won't be any model mismatch (except firmware versions but keeping up with them is not that hard)
Click to expand...
Click to collapse
Or I could find you stupid for not noticing the patched image is in my first post.
DLS123 said:
I find you stupid for not noticing the patched images are in my first post.
Click to expand...
Click to collapse
I recommend labeling the boot images with their firmware since future firmwares won't be able to run the same boot image but other than that I'm really sorry.
LameMonster82 said:
I recommend labeling the boot images with their firmware since future firmwares won't be able to run the same boot image but other than that I'm really sorry.
Click to expand...
Click to collapse
I mentioned in the description 1 line below the link that it's for 10e. There was no other update in a long time. I don't think there can be any confusion for now. I can edit and label the file when there's will be another fw update.
It looks like unlocking the bootloader breaks Widevine L1 on the V40 and downgrades is to L3. No more HD or UHD Netflix.
I couldn't find any other solution than to re-lock the bootloader to restore L1.
This doesn't happen on the V30.
@DLS123
Thank you for all!
I ask you for more details; i'm stuck at flashing first image in adb; it returns an error; have LMV405EBW with 10f. unlocked bootloader of course
Thx again for your support!
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
DLS123 said:
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
Click to expand...
Click to collapse
Thx for answer; i not have too much experience in working with Magisk;
i just folowed your steps:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
when i run fastboot comand for flash, is runing, but is returning "an error at line x"
i suppose is something wrong in this instructions.
daphix said:
Thx for answer; i not have too much experience in working with Magisk;
i just folowed your steps:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
when i run fastboot comand for flash, is runing, but is returning "an error at line x"
Anyway; understand now what to do;
Steps are below:
- first install magisk manager
- download magisk zip from magisk site or from magisk manager himself on phone
- download patched_boot_a.img to phone from our good contributor
- use magisk manager and select inslall image of patched_boot_a.img from phone
- magisk manager will generate a magisk patched image
- transfer this magisk patched image (not patched_boot_a.img) to pc in ADB folder
- flash with Adb this magisk patched image from pc to phone.
Thx to our friend!
---------- Post added at 09:53 AM ---------- Previous post was at 09:21 AM ----------
DLS123 said:
@daphix what do you mean by flashing the first image? You're not supposed to flash my patched boot image. Just boot it without flashing and Direct install Magisk from it with Magisk Manager.
Click to expand...
Click to collapse
Hi;
using Magisk mamanger and your file was generated a file: magisk_patched.img
pls support; trying to flash that image from PC with adb not work:
fastboot flash partition_a magisk_patched.img
Click to expand...
Click to collapse
@daphix
Whatver you're trying to do, is nowhere in the procedure I used. If you already booted with my boot image why are you making another boot image with Magisk and why are you trying to flash that? I never wrote anything of the sort.
if you booted with my patched image you already have temporary root and can use Magisk Manager to Direct install Magisk itself.
DLS123 said:
@daphix
Whatver you're trying to do, is nowhere in the procedure I used. If you already booted with my boot image why are you making another boot image with Magisk and why are you trying to flash that? I never wrote anything of the sort.
if you booted with my patched image you already have temporary root and can use Magisk Manager to Direct install Magisk itself.
Click to expand...
Click to collapse
Hi , thank you for reply;
I tried many combinations of your commands;
maybe due that am noob, but succesion below simply is not working:
First install Magisk Manager 7 on the phone then connect the phone to the PC and run:
adb reboot bootloader
fastboot boot patched_boot_a.img
This guide is only for the Fire TV 2 2015 (not stick) codenamed "sloane" with mt8173.
This will flash correct partitions and TWRP into it.
This WILL NOT clean RPMB neither will unlock the device.
I am not responsable of any physical damage in your device, YOU choose to make this modifications.
NOTE: Full unlock has been released, please refer to this thread: https://forum.xda-developers.com/t/unlock-root-twrp-unbrick-firetv-2-sloane.4222331/
NOTE: You will need to open the device so be prepared
NOTE: This will flash 5.6.2.8 images meaning RPMB will be updated.
MATERIAL NEEDED:
Linux based system.
USB A-A Cable.
Something conductive (paperclip, tweezers, etc).
Something to open the device.
- Install python3, PySerial, adb, fastboot:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot
- Uninstall/disable modemmanager:
Code:
sudo apt remove modemmanager
PROCEDURE:
0. Open up the device. You can use a pick or a kinfe or any special tool to open it up.
1. Locate DAT0 in the attatched image. You will need to flip the motherboard.
2. Download amonet-mt8173-sloane from downloads and unpack it.
3. Open the unpacked folder of amonet, open a terminal inside it and type:
Code:
sudo ./bootrom-step.sh
4. Wait until you see something like:
Code:
[2019-02-07 14:35:59.478924] Waiting for bootrom
5. Once that message shows up, connect the A-A cable but not the power supply. After that, prepare the short and at same time you short DAT0 with GND, plug in the power supply to the wall.
6. The script will ask you to remove the short. When this happens, stop shorting DAT0 and then press enter.
7. Wait until it finishes.
8. The device should now reboot into TWRP. Please, consider now flashing a prerooted ROM or LineageOS 12.1 for get full TWRP.
NOTES:
In lsusb boot-rom shows up as:
Code:
Bus 001 Device 009: ID 0e8d:0003 MediaTek Inc. MT6227 phone
If you see:
Code:
Bus 001 Device 013: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
means you're in preloader mode. Try shorting again.
If somehow you have a corrupt gpt (shouldn't happen), just run:
Code:
sudo ./gpt-fix.sh
If TWRP freezes, DON'T UNPLUG THE THE POWER SUPPLY, instead, open an adb shell session and type the following command to restart TWRP:
Code:
killall recovery
Please, your bootloader is still LOCKED. If you flash custom kernels/unsigned boots (i.e: Magisk Manager, etc) the bootloader will refuse to load the boot image and you will be not able to boot in TWRP anymore unless you re-unbrick the device.
THANKS:
- @CFKod for his patience and for test the script
- @retyre & @k4y0z for the initial port to mt8173
- @xyz` for his original exploit for the HD8 2018.
- @Sus_i for locate DAT0, DAT1 and DAT2.
- @rbox for TWRP/Boot menu.
DOWNLOAD:
amonet-sloane-v1.3.zip (Or attachments)
Source Code: https://github.com/R0rt1z2/amonet/tree/mt8173-sloane
Brick no more!!
thank you for your patience and knowledge.
My brick was because I wiped system.
I've added another photo, I simply shorted against the metal hole circled in the picture. This is so useful, it not only unbricks, it allows for downgrade of preloader
Meaning I was then able to resolve my lack of system with @rbox unbrick image.
Also it's so much quicker than flashing via mediatek inject. Wooooo
Rortiz2 said:
8. Now your device should start booting back to FireOS. Mount it and enjoy your unbricked TV.
Click to expand...
Click to collapse
Looks good. :good:
I suppose if step 8 (reboot to system) fails for someone, i.e. something in /system is messed up, the old unbrick solution from @rbox comes handy, in order to flash a system?
Don't know, don't own that box, but maybe it's possible to add a 'flash TWRP to recovery partition' to your unbrick solution? As last point, instead of boot system, boot to recovery... Then users could flash the latest prerooted rom from @rbox, and skip the old unbrick solution? Just a thought... as I said, I don't know details about that box.
Edit: probably flash TWRP won't work, since the bootloader isn't unlocked?
Sus_i said:
Looks good. :good:
I suppose if step 8 (reboot to system) fails for someone, i.e. something in /system is messed up, the old unbrick solution from @rbox comes handy, in order to flash a system?
Don't know, don't own that box, but maybe it's possible to add a 'flash TWRP to recovery partition' to your unbrick solution? As last point, instead of boot system, boot to recovery... Then users could flash the latest prerooted rom from @rbox, and skip the old unbrick solution? Just a thought... as I said, I don't know details about that box.
Click to expand...
Click to collapse
Sure. I can use MISC flags for boot to recovery.
But the question is: Does the twrp can be loaded with newest preloader?
Also if my memory is OK, I remember it's a ramdisk
Cheers.
Rortiz2 said:
Sure. I can use MISC flags for boot to recovery.
But the question is: Does the twrp can be loaded with newest preloader?
Also if my memory is OK, I remember it's a ramdisk
Cheers.
Click to expand...
Click to collapse
If I remember right, @k4y0z said that the recovery is flashed out of the boot.img at first boot... and if the TWRP solution is a ramdisk like on the first fireTV, then flashing a TWRP image to the recovery partition will probably not work. Don't know.
Sus_i said:
If I remember right, @k4y0z said that the recovery is flashed out of the boot.img at first boot... and if the TWRP solution is a ramdisk like on the first fireTV, then flashing a TWRP image to the recovery partition will probably not work. Don't know.
Click to expand...
Click to collapse
Correct. TWRP is actually a ramdisk.cpio.
rbox flashes it using his 2ndinit script which needs to be runned with "su".
This script, simply put SeLinux in permissive mode and boots TWRP at every boot:
https://github.com/androidrbox/firetv-2ndinit/blob/master/jni/2ndinit.c
As you said, flashing the ramdisk directly into /recovery partition will not work since in needs to be signed.
Cheers.
Rortiz2 said:
Correct. TWRP is actually a ramdisk.cpio.
rbox flashes it using his 2ndinit script which needs to be runned with "su".
This script, simply put SeLinux in permissive mode and boots TWRP at every boot:
https://github.com/androidrbox/firetv-2ndinit/blob/master/jni/2ndinit.c
As you said, flashing the ramdisk directly into /recovery partition will not work since in needs to be signed.
Cheers.
Click to expand...
Click to collapse
Ok. I know that from the 1gen stick/box.
Maybe there is a way to (push and) boot that recovery ramdisk as last step with your script, in order to have the option for flashing the latest prerooted?
Don't know... If you could manage that somehow, you can add the [ROOT] tag into the thread headline
@rbox, what do you think?
Sus_i said:
Ok. I know that from the 1gen stick/box.
Maybe there is a way to (push and) boot that recovery ramdisk as last step with your script, in order to have the option for flashing the latest prerooted?
Don't know... If you could manage that somehow, you can add the [ROOT] tag into the thread headline
@rbox, what do you think?
Click to expand...
Click to collapse
Yeah it will be pretty nice.
If we can't, we can downgrade preloader, run unbrick image via Preloader and then run a second part of the script that restores correct preloader.
Idk, just for throw ideas.
I added source code in the second post for rbox.
Cheers.
Rortiz2 said:
This guide is only for the Fire TV Stick 2 codenamed "sloane" with mt8173.
Click to expand...
Click to collapse
Sloane it's Fire TV 2 Gen, not Stick
Kramar111 said:
Sloane it's Fire TV 2 Gen, not Stick
Click to expand...
Click to collapse
Thanks
@Sus_i I think I have an idea
https://forum.xda-developers.com/fire-tv/orig-development/firetv-2-recovery-installer-t3309785
That installer will help us since it talks with the preloader.
Well, I've a added an argv in the main.py that allows you to downgrade the preloader in order to be able to use rbox tools.
After the downgrade, the scripts reboots the TV and immediatelly it starts with the .sh by rbox that injects the necessary files into the /system/partition.
This is what should do the (let's say step-1.sh). When it finishes, the idea is that the user can run bootrom-step.sh to restore new preloader (shorting again obv) and allow the device to boot with the injected TWRP
What do you think?
Best regards!
Rortiz2 said:
@Sus_i I think I have an idea
https://forum.xda-developers.com/fire-tv/orig-development/firetv-2-recovery-installer-t3309785
That installer will help us since it talks with the preloader.
Well, I've a added an argv in the main.py that allows you to downgrade the preloader in order to be able to use rbox tools.
After the downgrade, the scripts reboots the TV and immediatelly it starts with the .sh by rbox that injects the necessary files into the /system/partition.
Click to expand...
Click to collapse
Yeah, sounds good, if the system is in good condition it should work fine.
If system is somewhat corrupt, maybe by an interrupted or failed update or so, I don't know if it will work.
Maybe we think to complex. I assume the amonet script can flash all partitions!? Why not flash a whole new system with that.
Since the prerooted rom is in sparse image format and the updater script does all the rooting stuff after flashing, we can't use that.
But maybe it's possible to write a dd image of a allready rooted /system partition with the amonet script.
Just an idea, don't know if that will work.
Sus_i said:
Yeah, sounds good, if the system is in good condition it should work fine.
If system is somewhat corrupt, maybe by an interrupted or failed update or so, I don't know if it will work.
Maybe we think to complex. I assume the amonet script can flash all partitions!? Why not flash a whole new system with that.
Since the prerooted rom is in sparse image format and the updater script does all the rooting stuff after flashing, we can't use that.
But maybe it's possible to write a dd image of a allready rooted /system partition with the amonet script.
Just an idea, don't know if that will work.
Click to expand...
Click to collapse
/system doesn't need to be ok. We need a working boot.img that loads the 2ndinit.
We can't flash a system with bootROM, it will take 1 day lol.
Take this commit as reference:
https://github.com/R0rt1z2/amonet/commit/339bb4ab2055507f2ed72ebea3861dbdfef67484
Rortiz2 said:
/system doesn't need to be ok. We need a working boot.img that loads the 2ndinit.
We can't flash a system with bootROM, it will take 1 day lol.
Take this commit as reference:
https://github.com/R0rt1z2/amonet/commit/339bb4ab2055507f2ed72ebea3861dbdfef67484
Click to expand...
Click to collapse
lol, as I said, don't know if that is possible with the amonet script
Yeah, if the boot.img will load 2ndinit, i.e. the recovery, that should do the trick fine :good:
Sus_i said:
lol, as I said, don't know if that is possible with the amonet script
Yeah, if the boot.img will load 2ndinit, i.e. the recovery, that should do the trick fine :good:
Click to expand...
Click to collapse
Let's see if we can try today.
Also it will require to copy the ramdisk recovery to an external usb or external sd.
Regards!
Rortiz2 said:
Let's see if we can try today.
Also it will require to copy the ramdisk recovery to an external usb or external sd.
Regards!
Click to expand...
Click to collapse
Yes, have seen it on github, but both is possible with the second gen FireTV box... only the usb port could be a problem, if usb debugging is enabled (but I don't know if debugging is aviable at this early stage?).
Sus_i said:
Yes, have seen it on github, but both is possible with the second gen FireTV box... only the usb port could be a problem, if usb debugging is enabled (but I don't know if debugging is aviable at this early stage?).
Click to expand...
Click to collapse
I don't think usb debugging is aviable at Preloader Stage
Basically would be this:
Format the sdcard/usb and copy the .cpio on it, then insert sdcard/usb into the TV.
Run first step:
Code:
sudo ./step-1.sh
It will downgrade preloader & inject 2ndinit.
After that, you disconnect the tv and run bootrom-step for restore working imgs:
Code:
sudo ./bootrom-step.sh
After that will reboot and since we have 2ndinit as pppd it will boot in TWRP.
From there you flash prerooted ROM and you're done
That's my idea but maybe doesn't work.
Cheers.
Rortiz2 said:
That's my idea but maybe doesn't work.
Cheers.
Click to expand...
Click to collapse
Sounds and looks good. :good:
I'm confident that it will work :fingers-crossed:
only sad thing is that I can't test it
Hey @Rortiz2, thanks for this! My sloane has been bricked for a few months after trying to root - this script ran & uploaded the boot.img to the device, but unfortunately it still won't boot (flashing with amazon logo).
I tried using your twrp test, but that results in terminal hanging at the below:
I was hoping I could get twrp running & then flash a pre-rooted image so that it clears whatever's wrong with the unit, but as above, I don't seem to be able to get it to boot
Any ideas?
Edit: welp, after cancelling the terminal command she now won't boot at all, lol... no signs of life but I'll keep this updated if I get can resurrect her.
I have a OnePlus 7T, which I rooted by booting to magisk_patched_boot.img (since there is no TWRP for OnePlus 7T yet).
I installed some module which caused bootloop. I recovered from bootloop by dirty flashing stock rom (just the boot.img).
Bootloop resolved. Root gone.
Now if I boot into magisk_patched_boot.img, it gets stuck on bootloop again. So I am assuming the magisk module files are still present.
How do I get rid of those modules?
Try here:
https://didgeridoohan.com/magisk/Ma...agisk_functionality_bootloop_loss_of_root_etc
Didgeridoohan said:
Try here:
https://didgeridoohan.com/magisk/Ma...agisk_functionality_bootloop_loss_of_root_etc
Click to expand...
Click to collapse
Worked like a charm, thank you so much!!
If anyone else is suffering through the same issue, while in bootloop, enter the following command in command prompt (in adb directory)
Code:
adb wait-for-device shell magisk --remove-modules
mihir24 said:
Worked like a charm, thank you so much!!
If anyone else is suffering through the same issue, while in bootloop, enter the following command in command prompt (in adb directory)
Code:
adb wait-for-device shell magisk --remove-modules
Click to expand...
Click to collapse
I have the same problem. I dirty flashed the stock rom and now i reflashed the patched rom in order to enter the command.
nothing happens for me. i just copy and pasted that command. is that wrong?
thanks
so yea i need to uninstall modules so i can root and not format wipe the phone. i have tried the whole adb wait-for-device shell magisk --remove-modules when its sitting on the g with the line under it. it reboots but then just goes back to the g with a line under it. i have read up on other ways to do it one involving twrp but unfortunately twrp isn't out for 3xl. any help would be appreciated thanks in advance.
DrUnkeN_TiGeR said:
so yea i need to uninstall modules so i can root and not format wipe the phone. i have tried the whole adb wait-for-device shell magisk --remove-modules when its sitting on the g with the line under it. it reboots but then just goes back to the g with a line under it. i have read up on other ways to do it one involving twrp but unfortunately twrp isn't out for 3xl. any help would be appreciated thanks in advance.
Click to expand...
Click to collapse
were u able to find any solution? I'm in the same boat as u
mihir24 said:
Worked like a charm, thank you so much!!
If anyone else is suffering through the same issue, while in bootloop, enter the following command in command prompt (in adb directory)
Code:
adb wait-for-device shell magisk --remove-modules
Click to expand...
Click to collapse
thank you :good::good::good::good:
Hi, I would like to run adb on my Galaxy S10+ but if I plug any usb cable on my phone, it starts. How to disable this behavior please?
I tried the same for my Pixel 3a. I can't get adb to recognize it. Fastboot does and if I boot to stock bootloader it at least boots and recognizes it but of course it doesn't snow magisk installed..
mihir24 said:
Worked like a charm, thank you so much!!
If anyone else is suffering through the same issue, while in bootloop, enter the following command in command prompt (in adb directory)
Code:
adb wait-for-device shell magisk --remove-modules
Click to expand...
Click to collapse
Holy crap, thanks for the clarification!! I found the original instructions but could not get it to work, this got it working!
You have to be in the bootloop and then enter the command above!
This worked on my Huawei P20 Pro.
Doesn't work for me, adb Devices doesn't show anything. I can boot to rescue mode or into adb sideload and it finds it. Really want to get this working
GrandMstrBud said:
Doesn't work for me, adb Devices doesn't show anything. I can boot to rescue mode or into adb sideload and it finds it. Really want to get this working
Click to expand...
Click to collapse
You can try this. It is for the Pixel 3a only.
fastboot boot image-new.img
image-new.img
https://www.androidfilehost.com/?fid=8889791610682920432
You should boot up with root but modules disabled. Remove your modules with root explorer located here (data/adb/modules) then remove the .disable_magisk file that is in the cache/ folder. It is a hidden file (starts with a dot) so your root file explorer will need to be set to show hidden files.
This all should be done while in bootloop after flashing your magisk_patched.img
Just boot to fastboot and boot the image.
https://forum.xda-developers.com/pixel-3a/how-to/magisk-modules-disabler-booting-magisk-t3976621
Tulsadiver said:
You can try this. It is for the Pixel 3a only.
fastboot boot image-new.img
image-new.img
https://www.androidfilehost.com/?fid=8889791610682920432
You should boot up with root but modules disabled. Remove your modules with root explorer located here (data/adb/modules) then remove the .disable_magisk file that is in the cache/ folder. It is a hidden file (starts with a dot) so your root file explorer will need to be set to show hidden files.
This all should be done while in bootloop after flashing your magisk_patched.img
Just boot to fastboot and boot the image.
https://forum.xda-developers.com/pixel-3a/how-to/magisk-modules-disabler-booting-magisk-t3976621
Click to expand...
Click to collapse
Hey there, I'm using a Pixel 4a and I've run into the exact same issue unfortunately. While in the boot loop I ran the adb command but it just keeps on waiting to detect my device. There seems to be no modified magisk_patched.img defaulting to Magisk core-only mode on XDA for the Pixel 4a (only for older devices), and I've also tried your other tutorial using the AIK to build a custom one for myself, which did not work unfortunately. What should I do to restore root while preventing the problematic module from loading? Thank you!!!:crying:
mihir24 said:
Worked like a charm, thank you so much!!
If anyone else is suffering through the same issue, while in bootloop, enter the following command in command prompt (in adb directory)
Code:
adb wait-for-device shell magisk --remove-modules
Click to expand...
Click to collapse
just replying to say this helped me!!
With magisk, after flashing the patched boot.img (generated from magisk) via fastboot and receiving a bootloop, i ran this code, which then restarted my phone and got me to my homescreen
using oneplus7 and android 11, thanks, now i have root with magisk (rip twrp?)
tThank you so much this saved my device from getting flashing the ROM again
For future readers, you should boot into safe mode (Google to find the key press combination for safe mode) and then reboot again. This will disable all magisk modules so you can go into the manager and remove the module/s causing the bootloop
CerealKiiller said:
For future readers, you should boot into safe mode (Google to find the key press combination for safe mode) and then reboot again. This will disable all magisk modules so you can go into the manager and remove the module/s causing the bootloop
Click to expand...
Click to collapse
Thank You So So Much. I already thought i'd have completely re set up every module and setting.
I don't have the original boot.img. I want to unroot temporarily. But want to re-root afterward.
I was wondering if I can save a modified_boot.img somehow and flash that later once I am done. Is it possible?
devsk said:
I don't have the original boot.img. I want to unroot temporarily. But want to re-root afterward.
I was wondering if I can save a modified_boot.img somehow and flash that later once I am done. Is it possible?
Click to expand...
Click to collapse
What ROM and device are you using?
How did you root it in the first place?
What OS are you running?
Heres my 30 second version of how id do it on my Pixel 2 XL an a/b device....ymmv, depending on device
Download latest platform tools from Google for your OS, if necessary: https://developer.android.com/studio/releases/platform-tools
Next you'll need dd, if you're on Linux, you can skip ahead
For Windows....go to http://gnuwin32.sourceforge.net/packages/coreutils.htm
Download Binaries & Dependencies zips
Extract dd.exe from coreutils-5.3.0-bin.zip /bin to platform tools path
Extract all .dll's from coreutils-5.3.0-dep.zip /bin to platform tools path
Enable USB Debugging & ABD access on device
Boot device to recovery (usually TWRP)
on PC and prompt in platform tools folder:
if you have recovery (usually TWRP) installed:
adb reboot recovery
if you DONT have recovery (usually TWRP) installed, but instead fastboot it via bootloader (as i do on my Pixel 2XL):
adb reboot bootloader
fastboot boot twrp-xxx.img
swipe into twrp
back to PC prompt:
adb shell
dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot.img
adb pull /sdcard/boot.img magisk_boot.img
Uninstall magisk
When you need to flash magisk boot image back:
Boot to bootloader..
on PC and prompt in platform tools folder:
adb reboot bootloader
fastboot flash boot magisk_boot.img
fastboot reboot
Note: You can of course use the same first process to backup (and extract) the stock boot.img before rooting ....and the latter to reflash it if needed if rooting goes wrong
Sorry, I should update my profile. My device is OnePlus 8 Pro.
> dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/magisk_boot.img
@73sydney why would this not work from within a rooted device? Its not like some process is holding a read lock on that partition or something else is also writing to it. Its a partition persisted in the NAND, which is not being touched by anything.
The only thing is that there are 2 partitions on the NAND: boot_a and boot_b. I need to know which one is the current one.
And this tells me slot B:
cat /proc/cmdline | tr ' ' '\n' | grep --color slot
androidboot.slot_suffix=_b
For flashing back, I obviously need to be in bootloader because I won't have the root to write to the partition.
Hi, I installed an incompatible Magisk module in the past, which cause bootloop of my phone. Co I dirty flashed my ROM (Pixel Experience) to get my phone work again. My current situation is that I cannot flash Magisk because an incompatible module is still on my phone. How to disable this module without root and TWRP? TWRP is not yet available for my phone
Phone: Xiaomi Mi 9 (cepheus)
ROM: Pixel Experience (PixelExperience_cepheus-12.0-20220123-1916-OFFICIAL.zip)
Magisk 23 or 24
Recovery: PixelExperience Recovery
Enter in TWRP.
Advanced > File Manager.
Go to "/data/adb" and delete the folders of the specific magisk module.
Reboot.
I cannot use TWRP on my phone, it is not available yet for Android 12.
Download latest twrp, try first fastboot boot image to test it, then flash with fastboot and delete broken module from /data/adb
OK, I tried boot latest twrp. The touchscreen was not working, so I plugged in a USB mouse. But now I cannot mount data partition in TWRP
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
Hi Martin, could you elaborate on how you did this?
I made the mistake of installing non-zygisk module amd now my phone won't boot. I can boot to TWRP but there's nothing in /data/adb.
Thanks in advanced!
Nevermind, I figured out the process but still get stuck in boot up screen after installing magisk 24.1.
I ended up reinstalling the ROM again.
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
What do you mean by "while booting"? I tried here and got "adb is out of data. killing"
Try to enter safe mode on your device. Magisk will disable all modules if detected the safe mode enable. Reboot and remove the problem modules, and reboot again.
I have an Xperia 10 III (XQ-BT52) only rooted with Magisk (no RTWP) in which I tried to install the Magisk module wfd_pie_magisk_20_4.zip which ended up in a bootloop. Having the unit connected whilst booting I bombarded the command line with
adb shell
and lo and behold it did connect for a few (8-10) seconds giving me a prompt, before rebooting again.
Realising these few seconds could be enough to delete the module, i went for:
adb shell
XQ-BT52:/ $
su
XQ-BT52:/ #
rm -rf /data/adb/modules/WFD_PIE
and the unit rebooted. It did loop again twice, but the second time it all came up nicely.
Conclusion, if you get into a boot loop you might be able to recover if being quick enough to erase the module. First you need to identify what the directory name of the module is by simply do:
ls /data/adb/modules
hosts
WFD_PIE
Once knowing the name of the directory (WFD_PIE in my case) get the prompt whilst booting, quickly write (or simply prepare the rm command by putting it into the terminals cut/paste buffer).
su
rm -rf /data/adb/modules/[directory name]
hit enter, and hope for the best. The system will hopefully get up and running again after a few boots (one more boot than expected).
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
Thank you, it worked!
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
Thank you. This is a lifesaver!
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
Thank you for this, you saved my phone.
If anyone else has this issue, go to recovery first and then boot to normal core mode without Magisk enabled, then restart your phone again with however you enable Magisk and then enter the code at the splash screen on CMD.
You also can just flash the stock boot img (or init_boot.img for Pixel 7 and maybe some other devices) and then wipe magisk app data then flash the patched img again
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
Thank you for saving my phone
For future reference, if you have a incompatible module, boot into safe mode, then boot back normally, and it will be disabled. No need to uninstall magisk.
martin131 said:
I found the solution!
Flash Magisk
Reboot
adb wait-for-device shell magisk --remove-modules while booting
Click to expand...
Click to collapse
This worked!!! Saved me from having to flash off my data!!! Thanks, Martin.