Related
Prerequisites :
Running Stock OOS
Unlocked Bootloader
Fastboot
Disclaimer : I am not responsible for any damage to your device.
Click to expand...
Click to collapse
Download : [ALL VARIANTS]
OOS Patched Boot Images (Credits : @Bradl79 for maintaining the folder)
9.5.4 Boot Images :
OOS 9.5.4 Patched [EU Version/1913]
OOS 9.5.4 Patched [Global | Indian Version /1917 | 1911]
Want To Maintain Root On New OTAs?:
#171
Patched Boot Image Not Available For Your Model Yet? :
#6
Instructions :
Download the patched boot image
Install the latest version of Magisk Manager
Reboot the phone in fastboot mode
Use the following command via command prompt :
Code:
fastboot flash boot boot_patched.img
fastboot reboot
The phone will reboot into system, this may take some time be patient
Open Magisk & Install it again[Direct Install]
You've got a rooted OnePlus 7 Pro.
Credits :
gururoop (Stock Firmware)
b1czu (Instructions)
Regards,
acervenky
Included the stock as well as patched image.
Link to repository : Github
Regards,
acervenky
Reserved 2
Am Trying To Port OnePlus 6T TWRP Recovery. Just Got My Hands On The Stock Recovery. Will Update If It Works
acervenky said:
It seems that the size difference is vast, so I would request one of you to download the stock boot.img from the repository, patch it and rechceck the file size.
You can try the patched boot.img and inform whether it works, for any issues/help PM me.
Link to repository : Github
Regards,
acervenky
Click to expand...
Click to collapse
I am upgrading the firmware to 9.5.3 right now. As soon as it finishes, I would try and report back
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
You can also patch the boot.img yourself.
Here is how:
.) Download latest Stock OOS
.) Extract boot.img using payload.bin dumper (needs python)
.) Install Magisk Manager on your device
.) Copy boot.img to your device
.) Patch boot.img using Magisk Manager
.) Copy patched boot.img to your pc, reboot your phone to fastmode and use 'fastboot boot patched_boot.img' to boot from patches bootimage.
.) Run Magisk Manager, choose direct install
-> Voila, you have a rooted OP7pro.
Kingmohdarif said:
Am Trying To Port OnePlus 6T TWRP Recovery. Just Got My Hands On The Stock Recovery. Will Update If It Works
Click to expand...
Click to collapse
zanderzone said:
I am upgrading the firmware to 9.5.3 right now. As soon as it finishes, I would try and report back
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
Click to expand...
Click to collapse
Please post the screenshots if you guys have successfully rooted, will update the OP accordingly
GoodSoul said:
You can also patch the boot.img yourself.
Here is how:
.) Download latest Stock OOS
.) Extract boot.img using payload.bin extractor (needs python)
.) Install Magisk Manager on your device
.) Copy boot.img to your device
.) Patch boot.img using Magisk Manager
.) Copy patched boot.img to your pc, reboot your phone to fastmode and use 'fastboot boot patched_boot.img' to boot from patches bootimage.
.) Run Magisk Manager, choose direct install
-> Voila, you have a rooted OP7pro.
Click to expand...
Click to collapse
Yes if you're on another version of OOS, this method works
Regards,
acervenky
acervenky said:
Download: OOS 9.5.3 Patched
Click to expand...
Click to collapse
Your patched boot.img is about 56mb in size while my extracted boot.img is 100mb in size. There might be something wrong with your boot.img ...
zanderzone said:
EDIT : The patched boot image on my phone is 56.32 MB so yes there is substantial size difference. Let me try booting from it
Click to expand...
Click to collapse
Did it work?
GoodSoul said:
Your patched boot.img is about 56mb in size while my extracted boot.img is 100mb in size. There might be something wrong with your boot.img ...
Did it work?
Click to expand...
Click to collapse
That extra 44mb is most likely empty space, which patching with Magisk removes like on other devices.
bmg1001 said:
That extra 44mb is most likely empty space, which patching with Magisk removes like on other devices.
Click to expand...
Click to collapse
You might be right since after 56% of the file everything is just blank.
GoodSoul said:
You might be right since after 56% of the file everything is just blank.
Click to expand...
Click to collapse
Same thing happens on the Essential Phone. Extracting the image with dd gives you a ~60mb boot image but Magisk brings it down to 23mb.
bmg1001 said:
Same thing happens on the Essential Phone. Extracting the image with dd gives you a ~60mb boot image but Magisk brings it down to 23mb.
Click to expand...
Click to collapse
Well then the patched image should work without any problems, and others who want to root with TWRP there's an unofficial version out as well
Regards,
acervenky
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
For me this has worked
1. Install Magisk Manager
2.. Reboot device to bootloader
3.. open cmd at the location of the extracted patched_boot.img
4.. In cmd type
Code:
fastboot flash boot_a patched_boot.img
5.. In cmd type
Code:
fastboot flash boot_b patched_boot.img
6.. In cmd type
Code:
fastboot reboot
7.. Open Magisk Manager, it will prompt you with additional files are needed to complete Magisk install, go ahead and download the files.
8. After a few seconds, install will be complete and you will be rooted!
b0uNz said:
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
For me this has worked
1. Install Magisk Manager
2.. Reboot device to bootloader
3.. open cmd at the location of the extracted patched_boot.img
4.. In cmd type
Code:
fastboot flash boot_a patched_boot.img
5.. In cmd type
Code:
fastboot flash boot_b patched_boot.img
6.. In cmd type
Code:
fastboot reboot
7.. Open Magisk Manager, it will prompt you with additional files are needed to complete Magisk install, go ahead and download the files.
8. After a few seconds, install will be complete and you will be rooted!
Click to expand...
Click to collapse
Hey man
Thanks for this, your commands worked but unfortunately I messed up my phone. Kinda new to rooting. Just realized I was on 9.5.4 on a GM1913. The patched boot image on here for 9.5.3 broke my wifi and the settings app completely unstable, it crashes constantly.
Not sure if the problem was that I used the boot image for 9.5.3 on 9.5.4 or because the patched boot image on here was intendend for other versions of the OP7P and not the European GM1913.
Does anyone have a flashable zip for the GM1913? Alternatively a stock or patched boot image intended for 9.5.4 GM1913? Any help would be much appreciated, still no OP7 here https://www.oneplus.com/support/softwareupgrade so I am stuck with a non working phone
b0uNz said:
Thanks for the patched boot.img but this command did not work for me
Code:
fastboot boot patched_boot.img
Click to expand...
Click to collapse
What error did you got when you tried that command? Did you oem unlock first and enabled usb debugging?
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Titokhan said:
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Click to expand...
Click to collapse
Yep, that's the same error I got initially. Do you have any idea as to what went wrong with my phone?
I am wondering if I messed up because I flashed the patched boot.img for 9.5.3 while being on 9.5.4, or if it's because it was for the wrong version, I have a GM1913.
Are boot images unique for each model, like GM1913, GM1917 etc?
Titokhan said:
@acervenky @b0uNz @GoodSoul
Unlike older OnePlus phones, the current bootloader of the OnePlus 7 Pro doesn't allow 'fastboot boot' (also known as tethered booting) command. The situation is same as Essential PH-1 as well some other phones.
You will get something like the following:
Code:
downloading 'boot.img'...
OKAY [ 1.215s]
booting...
FAILED (remote: unknown command)
Click to expand...
Click to collapse
Thanks for reporting, I'll update the OP accordingly.
Regards,
acervenky
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
mingo_mgx said:
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
Click to expand...
Click to collapse
Hey man, thank you! :good::good: You might have just saved my day. Quick question before I flash it though, is this for the GM1913 or GM1917?
---------- Post added at 10:12 PM ---------- Previous post was at 10:03 PM ----------
mingo_mgx said:
Hey guys, for anyone that has OOS 9.5.4. Here is a patched boot image for it! https://www.androidfilehost.com/?fid=1395089523397968832
Click to expand...
Click to collapse
Never mind, I couldn't wait so I tried it and my phone is fixed! I am rooted and wifi and the settings are working again. Thank you so much.
@acervenky, could you add the 9.5.4 boot image to the OP? Just to avoid any other noobs like myself messing up their brand new phone like I did with the wrong boot image..
Also does anyone know if boot images are specific to different models? Are they different on GM1913, 1915, 1917 etc? Would be good to mention that in the OP too if so.
Follow these easy steps
Makes sure you have the GSI image on your sdcard before starting this, if your coming from lineage OS backup your data!
1.Unlock Bootloader
2. Boot into bootloader, check your slot if on B switch to A and vice versa.(fastboot set_active a/b) or you can stay in your current active slot up to you.
3.Download twrp and flash it (fastboot flash boot boot.img)
4.Boot back into boot loader and run "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img" link with b11 vbeta.img
5.Boot into twrp,Format data or in bootloader run this command "fastboot format userdata" to get rid if encryption else gsi wont boot then, go to "install" navigate to your sdcard where you place the gsi , look for 'select image" then flash your gsi.
6.To flash gapps(skip if the gsi includes them) if your using a aosp gsi go to twrp then go into /wipe/advanced wipe/ select system on the options then "repair or change file system" then press on "resize file system" this will resize your system partiton back to 3.X gigs and allow you to flash gapps.
7.Then reboot to system
8. Your gsi "should" boot
Downloads:
http://www.mediafire.com/folder/ha8j5crsdmbmx/ZTE_Axon_10_pro_stuff
https://forum.xda-developers.com/pr...bled-device-development/gsi-havoc-os-t3930030 Havoc OS the gsi ive been using for some weeks.
Fixes and WorkArounds
Volte Fix for GSi
Install the volt-ims.apk as you would normally install an apk, download here http://www.mediafire.com/file/l0x88jx5zxyknhh/volte-ims.apk/file
For root( magisk) and twrp flash http://www.mediafire.com/file/de8tccz7gr93831/twrp-magisked-los-boot.img/file
To pass SafetyNet flash this http://www.mediafire.com/file/867xncq865vvtct/Universal-safetynet-fix-v3.zip/file
Also I created a template for what works on phhusson Treble experiments wiki:
https://github.com/phhusson/treble_experimentations/wiki/ZTE-Axon-10-Pro
CREDITS:
Unjustifieddev for his work on lineage, and the boot.img im using.
All the gsi creators
Screenshots of Havoc OS gsi running on my zte axon 10:
Android Q Gsi works too
you can also use the zte android 9 stock kernel and vendor
That all is great news.....bravooo
Any issues with the havoc gsi?
blcistheking said:
Any issues with the havoc gsi?
Click to expand...
Click to collapse
Only the Fingerprint is broken
noobstyle1337 said:
Only the Fingerprint is broken
Click to expand...
Click to collapse
its only broken if you have a a2020g, works fine if you have a a2020u, current los kernel is missing a2020g fingerprint firmware from what i can gather.
Bliss 12.7 Android 10 gsi on a2020u.
rafyvitto said:
Follow these easy steps
4.Boot back into boot loader and run "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img" link with b11 vbeta.img
==
Click to expand...
Click to collapse
whenever i try this i just get
"fastboot: unknown option -- disable-verity"
Mr. DR. Professor Electro said:
whenever i try this i just get
"fastboot: unknown option -- disable-verity"
Click to expand...
Click to collapse
Skip that step not needed, just flahs the disable encryption zip file in twrp to disable encryption.
i have bootloader unlocked ive wiped everything even flashed disable encryption but whenever i try to install the zip for lineage 17 i get an "error installing zip file' am i doing something wrong?
honestly i cant even flash any rom zip i have i just get error 1s , i even wipe data/format before flashing am i doing something wrong am i supposed to be on a or b while doing this or what
Futility's Forgotten Soldier said:
i have bootloader unlocked ive wiped everything even flashed disable encryption but whenever i try to install the zip for lineage 17 i get an "error installing zip file' am i doing something wrong?
Click to expand...
Click to collapse
Lineage 17 is very broken right now, i would suggest flashing bliss 2.7 gsi, check my telegram channel for more info.
cant escape bootloop hell and error 255
rafyvitto said:
Follow these easy steps
Makes sure you have the GSI image on your sdcard before starting this, if your coming from lineage OS backup your data!
1.Unlock Bootloader
2. Boot into bootloader, check your slot if on B switch to A and vice versa.(fastboot set_active a/b) or you can stay in your current active slot up to you.
3.Download twrp and flash it (fastboot flash boot boot.img)
4.Boot back into boot loader and run "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img" link with b11 vbeta.img
5.Boot into twrp,Format data or in bootloader run this command "fastboot format userdata" to get rid if encryption else gsi wont boot then, go to "install" navigate to your sdcard where you place the gsi , look for 'select image" then flash your gsi.
6.To flash gapps(skip if the gsi includes them) if your using a aosp gsi go to twrp then go into /wipe/advanced wipe/ select system on the options then "repair or change file system" then press on "resize file system" this will resize your system partiton back to 3.X gigs and allow you to flash gapps.
7.Then reboot to system
8. Your gsi "should" boot
Downloads:
http://www.mediafire.com/folder/ha8j5crsdmbmx/ZTE_Axon_10_pro_stuff
https://forum.xda-developers.com/pr...bled-device-development/gsi-havoc-os-t3930030 Havoc OS the gsi ive been using for some weeks.
Fixes and WorkArounds
Volte Fix for GSi
Install the volt-ims.apk as you would normally install an apk, download here http://www.mediafire.com/file/l0x88jx5zxyknhh/volte-ims.apk/file
For root( magisk) and twrp flash http://www.mediafire.com/file/de8tccz7gr93831/twrp-magisked-los-boot.img/file
To pass SafetyNet flash this http://www.mediafire.com/file/867xncq865vvtct/Universal-safetynet-fix-v3.zip/file
Also I created a template for what works on phhusson Treble experiments wiki:
https://github.com/phhusson/treble_experimentations/wiki/ZTE-Axon-10-Pro
CREDITS:
Unjustifieddev for his work on lineage, and the boot.img im using.
All the gsi creators
Click to expand...
Click to collapse
rafyvitto said:
Lineage 17 is very broken right now, i would suggest flashing bliss 2.7 gsi, check my telegram channel for more info.
Click to expand...
Click to collapse
having trouble
Steps I followed:
(bootloader been unlocked but double checked to be sure)
Started from LineageOS 16 clean flashed based
booted rom made sure Debug was enable in settings did nothing else
booted to bootloader
>fastboot set_active a
>fastboot boot "D:\Android\Flash\Recovery.img"
In Recovery:
Installed Twrp zip
install zip DisableForcedEncryption.zip
-reboot bootloader
>fastboot flash vbmeta "C:\Users\chris\Downloads\ZTE_Flash\vbmeta.img"
>fastboot format userdata
boot to recovery:
Installed GSI Image of Havoc OS to System image
Flashing system image......
simg2ing '/sdcard1/Havoc-OS-v2.9-20190914-phhgsi_arm64_ab-offical.img' 'dev/block/bootdevice/by-name/system_a'process
ended with ERROR: 255
got creative because nothing i was doing was fixing the problem so i went into fast boot and
>fastboot flash system "location/of/Havoc.img"
now no longer can acess the recovery not even but fastboot boot img command and back in a bootloop hell
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot boot "D:\Android\Flash\Recovery.img"
downloading 'boot.img'...
OKAY [ 0.605s]
booting...
FAILED (remote: Failed to load/authenticate boot image: Load Error)
finished. total time: 0.640s
also i have no way to return to the original 10 pro rom whenever i flash it via the EDL tool with one of the US edl
Zips you provided i have boot loop but it gives me enough so i can have bootloader mode accessible but i have to rerun
the bootloader unlock. but flashing Lineage 16 seems to be the only thing to make my phone functional without giving it boot loop hell
ill try do it with bliss later but if there's anywhere i went wrong or how to solve the 255 let me know i really want to try out one of those GSIs
but im running on the US rom and using the TWRP for my pro from the fourms so i just really confused here idk if i could possibly give you anymore details
ok update i got it working
1. the 255 i fixed by
"
Reboot into recovery, TWRP
Go to the terminal in "Advanced"
Type cd /system to change the path to the system folder
Type rm addon.d to remove the addon file
Type exit to quit from the terminal
Now back to TWRP home, try backup/restore again, it should works.
Further adjustment: do check the use rm -f to format disk settings of TWRP, to make sure TWRP won't mess up the filesystem."
secondly what was ruining me was a big dumb mistake on my part you HAVE to do " --disable-verity --disable-verification flash vbmeta vbmeta.img" with the latest ADB tool kit I was using minimal adb and fastboot then got it to work
In step 5,i can not boot into TWRP and phone displays ZTE crashdump mode.
Please help.
Thanks.
Edit: I fixed it and can flashed this rom but it has some bugs.
I submitted on ( in deep tool ) still application approved
Can I open bootloader now ?
I need rom for my device and all file to root it
V ( RMX3241_11_A.15 )
do you still want to root smartphone?
Please don't root , useless as no custom ROM is available or you might brick your device
I have rooted my smartphone, on realme 8 5G
Rzk09 said:
I have rooted my smartphone, on realme 8 5G
Click to expand...
Click to collapse
Hello, can you tell me how you got root access, thanks
frenon76 said:
Hello, can you tell me how you got root access, thanks
Click to expand...
Click to collapse
has your device been unlocked bootloader?
Not yet, I'm working on it
frenon76 said:
Not yet, I'm working on it
Click to expand...
Click to collapse
what version of the firmware build is on your device?
RMX3241VF_11_A_23
frenon76 said:
RMX3241VF_11_A_23
Click to expand...
Click to collapse
Global or India?
Global
frenon76 said:
Global
Click to expand...
Click to collapse
if you have unlocked your device, follow these steps
1.donwload boot.img and vbmeta.img, if your firmware version is A.23 global version you can download it in Attachments
2. Patch the boot.img that you downloaded earlier in the magisk manager, when it's finished you can change the name to "boot.img" to make it easier to patch
3. Copy the boot.img patch to your laptop/PC in "adb and fastboot" folder, together with vbmeta.img (don't patch the vbmeta.img file in magisk manager)
4. turn on usb debugging option
5. enter fastboot mode (turn off your device and hold vol up and power)
6. if you have entered fastboot, plug your devices into your laptop/pc and type in adb "fastboot devices" (make sure your devices are connected)
7. And now start patching the boot.img file that you patched earlier and disable boot verification (vbmeta.img)
8. Ok,Patch the boot.img file with the command "fastboot flash boot boot.img"
9. and finally disable vbmeta copy this command "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
10. and restart your device
I hope this can help you
Muchas gracias, voy a intentar
Rzk09 said:
if you have unlocked your device, follow these steps
1.donwload boot.img and vbmeta.img, if your firmware version is A.23 global version you can download it in Attachments
2. Patch the boot.img that you downloaded earlier in the magisk manager, when it's finished you can change the name to "boot.img" to make it easier to patch
3. Copy the boot.img patch to your laptop/PC in "adb and fastboot" folder, together with vbmeta.img (don't patch the vbmeta.img file in magisk manager)
4. turn on usb debugging option
5. enter fastboot mode (turn off your device and hold vol up and power)
6. if you have entered fastboot, plug your devices into your laptop/pc and type in adb "fastboot devices" (make sure your devices are connected)
7. And now start patching the boot.img file that you patched earlier and disable boot verification (vbmeta.img)
8. Ok,Patch the boot.img file with the command "fastboot flash boot boot.img"
9. and finally disable vbmeta copy this command "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
10. and restart your device
I hope this can help you
Click to expand...
Click to collapse
HELP, I did this on my phone (realme 8 5g global) and now the system does not turn on as something is recovery (TWRP) and fastboot works normally
this is my main and the only relatively new phone so please help
PS sorry for mistakes, I'm from Poland and I'm writing through a translator
Rzk09 said:
if you have unlocked your device, follow these steps
1.donwload boot.img and vbmeta.img, if your firmware version is A.23 global version you can download it in Attachments
2. Patch the boot.img that you downloaded earlier in the magisk manager, when it's finished you can change the name to "boot.img" to make it easier to patch
3. Copy the boot.img patch to your laptop/PC in "adb and fastboot" folder, together with vbmeta.img (don't patch the vbmeta.img file in magisk manager)
4. turn on usb debugging option
5. enter fastboot mode (turn off your device and hold vol up and power)
6. if you have entered fastboot, plug your devices into your laptop/pc and type in adb "fastboot devices" (make sure your devices are connected)
7. And now start patching the boot.img file that you patched earlier and disable boot verification (vbmeta.img)
8. Ok,Patch the boot.img file with the command "fastboot flash boot boot.img"
9. and finally disable vbmeta copy this command "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
10. and restart your device
I hope this can help you
Click to expand...
Click to collapse
bro please i need your help i'am on A24 Global version version do u have boot.img of this version if not please give me link of A23 global version full rom thank u
mantap, how to downgrade into RMX3241VF_11_A_23? ada no wa or youtube or ig?.. thank u, terima kasih
Rzk09 said:
I have rooted my smartphone, on realme 8 5G
Click to expand...
Click to collapse
Vbmat.img and boot.img for RMX3241_11_A.16 please
Rzk09 said:
if you have unlocked your device, follow these steps
1.donwload boot.img and vbmeta.img, if your firmware version is A.23 global version you can download it in Attachments
2. Patch the boot.img that you downloaded earlier in the magisk manager, when it's finished you can change the name to "boot.img" to make it easier to patch
3. Copy the boot.img patch to your laptop/PC in "adb and fastboot" folder, together with vbmeta.img (don't patch the vbmeta.img file in magisk manager)
4. turn on usb debugging option
5. enter fastboot mode (turn off your device and hold vol up and power)
6. if you have entered fastboot, plug your devices into your laptop/pc and type in adb "fastboot devices" (make sure your devices are connected)
7. And now start patching the boot.img file that you patched earlier and disable boot verification (vbmeta.img)
8. Ok,Patch the boot.img file with the command "fastboot flash boot boot.img"
9. and finally disable vbmeta copy this command "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
10. and restart your device
I hope this can help you
Click to expand...
Click to collapse
Can you send me the attachments for RMX3241_11_C.04 this android version?
Rooted Realme 8 5G to fix unknown IMEI but in the end I know that unknown baseband is the major problem, and no custom ROM for RMX3241.
Stock firmware: RMX3241_11_A.26
Magisk 25.2
Root Tool: MTKClient (GitHub) with Brom/Edl Mode since I got no fastboot
For MTKClient, you'll need to install "MediaTek CDC driver 1.0.8" and manually add legacy hardware in device manager "MediaTek USB PORT" and other thing that you need in the github link.
Root method just same as fastboot method, patch your boot.img with Magisk app and flash patched boot.img + vbmeta.img or using MTKClient flash the patched boot.img and vbmeta.img.empty included in MTKClient.
Where to get your stock boot.img vbmeta.img? Use MTKClient or MTKMETAUTILITY to dump it from your phone. Dump the whole img except userdata to backup just incase....
If somehow the root fail after like 1h bootloop at logo, just reflash with stock boot vbmeta. So keep in mind to backup your stock img file.
I also have TWRP as recovery flashed using MTKClient but no custom ROM?
By Following this guide, you will lose your warranty so keep that in mind before you begin. (Although you have probably already lost your warranty by unlocking the bootloader)
So, if like me, you ended up buying the Redmi Note 10S because it was very cheap (it's something like 200$ for a really good phone) and then just hopped on to xda forums for the latest roms and stuff, you'll find that not much development is going on regarding this phone, understandably because of "better" alternatives within the same line-up.
As a consequence, we don't yet have TWRP or CWM or any such custom recoveries built for this specific device (Redmi Note 10S) nor do I think they're coming any time soon, which is unfortunate since that would have made the process a tad bit more convenient. We don't have any custom roms built specifically for our device either (although we can probably use GSI roms)
So we'll now try to do the process ourselves.
Now, for the disclaimer:
DISCLAIMER: I'm an amateur in terms of tinkering with android stuff and phones in general. The process mentioned below has worked on my phone but I would still recommend waiting for someone more....knowledgeable to weigh in his/her opinions. If you end up bricking your phone or if things go wrong, I'm not responsible, that's on you.
Also, please read the entire guide first and then begin.
Alright, with the appetizers out of the way, let's just crack on to the main course:
STEP-0: Requirements:
Redmi Note 10S
Install OEM fastboot drivers
Obtain android platform-tools along with knowledge about how to use it
Your Bootloader should be unlocked (wait for 1 week after first attempt at unlocking after which you'll receive your "permission")
Fastboot rom from here
Magisk apk
Being ready to lose your data (in short, don't personalize your phone just yet (....and also take a backup of everything)) and accept that you'll have SafetyNet related issues until you do some other special stuff
Enable Developer mode and USB debugging
STEP-1: Obtain boot.img (and vbmeta.img)
What we need is a boot.img that we can patch using magisk. We can do some code-fu to pull it from the phone but we don't need to do that. We can instead obtain the fastboot rom from here (I don't think region matters but take accordingly just to stay safe). While downloading, you'll see that what you're downloading a zip. This is intended because the boot.img (and the vbmeta.img) is within this zip file.
Anyways, once you download it, unzip all of the contents into a folder and move on to the next step.
STEP-2: Patch the obtained boot.img:
Take the boot.img from the zip file you obtained earlier and move it into the internal storage of your phone. Install the Magisk Manager apk from here. Install the apk and then after opening, go straight to installing Magisk, then select "Select and Patch a File" and then select the boot.img that you moved into the internal storage. It will then start patching the boot.img after which it will generate a patched boot.img, the directory of which is mentioned at the end of the patching process.
Move the patched boot.img back into your computer and move on to the next step.
STEP-3: Flash the patched boot.img:
Alright, this is the final leg of the journey (or should I say, desserts?).
Keep the vbmeta.img and the patched boot.img handy as you will be needing them here. You can find the vbmeta.img in the zip file you extracted earlier in the guide.
NOTE: The vbmeta.img is especially important because if you don't flash this while disabling verity and verification, you'll be stuck in a bootloop until you flash the stock boot.img (the boot.img before you patched it) back because this.
Alright, with all of that at hand, boot your phone into fastboot mode.
Now disable what is equivalent to the windows version of secure boot:
Code:
fastboot.exe --disable-verity --disable-verification flash vbmeta vbmeta.img
And then the following command that will finish it off:
Code:
fastboot.exe flash boot patched_boot.img
If you get stuck in a bootloop (perhaps because incorrectly flashing vbmeta.img or anything else), flash the stock boot.img with the same command and try the process again
And then finally for the cherry on top:
Code:
fastboot.exe reboot
After all that is done, hopefully you will see the setup for MIUI. Complete it as you normally would, and after the setup, you will find the magisk manager preinstalled but it will have the placeholder android app logo. Open that and it will prompt you to complete the download and installation of magisk manager. Do that and then open magisk manager (at this point it will have the familiar logo), go straight to installing Magisk and then select Direct Install (Recommended) and then let it do its thing.
After that, it will prompt you to restart your device to complete some stuff at which point you have successfully rooted your phone.
Aftermath:
I would like to remind you that SafetyNet will fail, even if you enable MagiskHide. You will have to do some other stuff to fix that if you want to use stuff like Google Pay so if that is a deal breaker, I suggest you don't follow this guide yet until some recommendations regarding SafetyNet pop up in this thread (or if you find some stuff elsewhere (please do let me know)).
Weirdly the Widevine rating is still at L1 according to DRM Info so I guess Netflix and other stuff will work fine(?). I don't use netflix or prime video so I can't help you there.
Concluding:
If there is anything step I have missed out or some issues you're facing, please let me know within this thread. I'll be happy to resolve the issue. If there are any recommendations regarding SafetyNet or any recommendations in general, I'll be happy to listen.
EDIT 1: You can't use Netflix because you won't be able to find it in Google Play Store.
EDIT 2: You can use Netflix and other DRM protected applications by installing the following Magisk Modules:
Riru (This is required by the next one)
Universal SafetyNet Fix (To pass SafetyNet ctsProfile evaluation)
MagiskHide Props Config (!!MOST IMPORTANT!!) (To get fingerprint certificates and pass other authentication related stuff)
Of course, as is with software, this stuff may eventually be patched by google or netflix so you should still refrain from using this guide (or rooting in general) if you don't want to deal with the hiccups down the road.
Certification is still L1 (weirdly) after installation of the modules and you will now be able to find Netflix in the store.
EDIT 3: Edited the guide after @murigny64 's reply (Thanks!)
Hello
No need to flash both A and B,
you can use "fastboot flash boot patched_boot.img", it will flash active system branch
because "boot" is a "partition_by_name" and symlinked to active partition (boot_a or boot_b)
I can flash Boot & VBmeta without issues but "--disable-verity --disable-verification flash vbmeta vbmeta.img" command just does not work. I got vbmeta.img from original device image & i have tried all kind of versions of command "fastboot.exe --disable-verity --disable-verification flash vbmeta vbmeta.img". Flasching VBmeta vorks but then i guess i would need spesific modified image file where it is disabled already. Any advice?
flashing vbmeta does result in an error and boot loop.
Error: unknown option -- diable-verity
Okay it seems like my phone has been sort of rooted but not completely. When I tried to edit my build.prop (to disable MiraVision), it resulted in the entire build.prop being wiped completely.
Thanks for sharing
Anyone got Google Pay working after installing Magisk and Universal Safety Net Fix ?
Exb22 said:
I can flash Boot & VBmeta without issues but "--disable-verity --disable-verification flash vbmeta vbmeta.img" command just does not work. I got vbmeta.img from original device image & i have tried all kind of versions of command "fastboot.exe --disable-verity --disable-verification flash vbmeta vbmeta.img". Flasching VBmeta vorks but then i guess i would need spesific modified image file where it is disabled already. Any advice?
Click to expand...
Click to collapse
sengottuvel said:
flashing vbmeta does result in an error and boot loop.
Error: unknown option -- diable-verity
Click to expand...
Click to collapse
Use a command prompt, not windows powershell.
stuntdouble said:
Use a command prompt, not windows powershell.
Click to expand...
Click to collapse
I shall try what you said. And get back to you.
sengottuvel said:
I shall try what you said. And get back to you.
Click to expand...
Click to collapse
same issue. Even cmd did not work. what am I doing wrong?
Can you please outline the steps? perhaps I am missing something by mistake.
You haven't followed the guide above, you've sent the commands in the wrong order. If you have done it in the right order previously then your adb version is maybe out of date so follow this guide and try again:
How to install ADB on Windows, macOS, and Linux
A step-by-step guide to get you started with the Android Debug Bridge tool.
www.xda-developers.com
stuntdouble said:
You haven't followed the guide above, you've sent the commands in the wrong order. If you have done it in the right order previously then your adb version is maybe out of date so follow this guide and try again:
How to install ADB on Windows, macOS, and Linux
A step-by-step guide to get you started with the Android Debug Bridge tool.
www.xda-developers.com
Click to expand...
Click to collapse
Could you please tell me the right order in which the two command lines have to be entered?
I was able to successfully entered the two lines in the below order,
fastboot flash boot path to patched boot image
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot reboot
I am now seeing MIUI logo for more than 10 minutes. I am not sure if this waiting time is normal?
Could I try replacing the second line with fastboot flash vbmeta path to vbmeta image?
Your help will be highly appreciated.
In the exact same order as RandomAccessVemuri has kindly posted for us all in their guide above. The vbmeta file first then the boot.img. If everything is done to the letter then there's no reason it shouldn't work on your device.
It looks like you're trying to format one of the partitions after modifying the boot.img, that's the wrong way around, so yeah that's going to stop it from booting. And when the commands take it should take seconds, then on rebooting using the fastboot command it should load up in a normal time.
RandomAccessVemuri said:
By Following this guide, you will lose your warranty so keep that in mind before you begin. (Although you have probably already lost your warranty by unlocking the bootloader)
So, if like me, you ended up buying the Redmi Note 10S because it was very cheap (it's something like 200$ for a really good phone) and then just hopped on to xda forums for the latest roms and stuff, you'll find that not much development is going on regarding this phone, understandably because of "better" alternatives within the same line-up.
As a consequence, we don't yet have TWRP or CWM or any such custom recoveries built for this specific device (Redmi Note 10S) nor do I think they're coming any time soon, which is unfortunate since that would have made the process a tad bit more convenient. We don't have any custom roms built specifically for our device either (although we can probably use GSI roms)
So we'll now try to do the process ourselves.
Now, for the disclaimer:
DISCLAIMER: I'm an amateur in terms of tinkering with android stuff and phones in general. The process mentioned below has worked on my phone but I would still recommend waiting for someone more....knowledgeable to weigh in his/her opinions. If you end up bricking your phone or if things go wrong, I'm not responsible, that's on you.
Also, please read the entire guide first and then begin.
Alright, with the appetizers out of the way, let's just crack on to the main course:
STEP-0: Requirements:
Redmi Note 10S
Install OEM fastboot drivers
Obtain android platform-tools along with knowledge about how to use it
Your Bootloader should be unlocked (wait for 1 week after first attempt at unlocking after which you'll receive your "permission")
Fastboot rom from here
Magisk apk
Being ready to lose your data (in short, don't personalize your phone just yet (....and also take a backup of everything)) and accept that you'll have SafetyNet related issues until you do some other special stuff
Enable Developer mode and USB debugging
STEP-1: Obtain boot.img (and vbmeta.img)
What we need is a boot.img that we can patch using magisk. We can do some code-fu to pull it from the phone but we don't need to do that. We can instead obtain the fastboot rom from here (I don't think region matters but take accordingly just to stay safe). While downloading, you'll see that what you're downloading a zip. This is intended because the boot.img (and the vbmeta.img) is within this zip file.
Anyways, once you download it, unzip all of the contents into a folder and move on to the next step.
STEP-2: Patch the obtained boot.img:
Take the boot.img from the zip file you obtained earlier and move it into the internal storage of your phone. Install the Magisk Manager apk from here. Install the apk and then after opening, go straight to installing Magisk, then select "Select and Patch a File" and then select the boot.img that you moved into the internal storage. It will then start patching the boot.img after which it will generate a patched boot.img, the directory of which is mentioned at the end of the patching process.
Move the patched boot.img back into your computer and move on to the next step.
STEP-3: Flash the patched boot.img:
Alright, this is the final leg of the journey (or should I say, desserts?).
Keep the vbmeta.img and the patched boot.img handy as you will be needing them here. You can find the vbmeta.img in the zip file you extracted earlier in the guide.
NOTE: The vbmeta.img is especially important because if you don't flash this while disabling verity and verification, you'll be stuck in a bootloop until you flash the stock boot.img (the boot.img before you patched it) back because this.
Alright, with all of that at hand, boot your phone into fastboot mode.
Now disable what is equivalent to the windows version of secure boot:
Code:
fastboot.exe --disable-verity --disable-verification flash vbmeta vbmeta.img
And then the following command that will finish it off:
Code:
fastboot.exe flash boot patched_boot.img
If you get stuck in a bootloop (perhaps because incorrectly flashing vbmeta.img or anything else), flash the stock boot.img with the same command and try the process again
And then finally for the cherry on top:
Code:
fastboot.exe reboot
After all that is done, hopefully you will see the setup for MIUI. Complete it as you normally would, and after the setup, you will find the magisk manager preinstalled but it will have the placeholder android app logo. Open that and it will prompt you to complete the download and installation of magisk manager. Do that and then open magisk manager (at this point it will have the familiar logo), go straight to installing Magisk and then select Direct Install (Recommended) and then let it do its thing.
After that, it will prompt you to restart your device to complete some stuff at which point you have successfully rooted your phone.
Aftermath:
I would like to remind you that SafetyNet will fail, even if you enable MagiskHide. You will have to do some other stuff to fix that if you want to use stuff like Google Pay so if that is a deal breaker, I suggest you don't follow this guide yet until some recommendations regarding SafetyNet pop up in this thread (or if you find some stuff elsewhere (please do let me know)).
Weirdly the Widevine rating is still at L1 according to DRM Info so I guess Netflix and other stuff will work fine(?). I don't use netflix or prime video so I can't help you there.
Concluding:
If there is anything step I have missed out or some issues you're facing, please let me know within this thread. I'll be happy to resolve the issue. If there are any recommendations regarding SafetyNet or any recommendations in general, I'll be happy to listen.
EDIT 1: You can't use Netflix because you won't be able to find it in Google Play Store.
EDIT 2: You can use Netflix and other DRM protected applications by installing the following Magisk Modules:
Riru (This is required by the next one)
Universal SafetyNet Fix (To pass SafetyNet ctsProfile evaluation)
MagiskHide Props Config (!!MOST IMPORTANT!!) (To get fingerprint certificates and pass other authentication related stuff)
Of course, as is with software, this stuff may eventually be patched by google or netflix so you should still refrain from using this guide (or rooting in general) if you don't want to deal with the hiccups down the road.
Certification is still L1 (weirdly) after installation of the modules and you will now be able to find Netflix in the store.
EDIT 3: Edited the guide after @murigny64 's reply (Thanks!)
Click to expand...
Click to collapse
Hello,
I have done a factory reset to my phone and I lost something very important so is it possible to get back to the previous version of the phone before the reset or should I give up
And thanks for your answer
Hello, I have the same phone as u. I wanted to unlock my bootloader and I tried like every tutorial on Youtube and other websites i could found but none of them worked out for me. this ****ty outdatet program of xiaomi just dont recognize my phone. Pleaaase tell me how u did it
Is it possible to don't wipe userdata ? Maybe using flash_all_except_data_storage.bat ?
There is some options to set before root ? On some other tutorials they tell to turn off MIUI optimization for example
Gg
I want to root my phone but I am scared I hard brick it because I did it before but I was still under warranty and I somehow locked the bootloader so should I give it another shot or just forget it?
Flameagle2021 said:
I want to root my phone but I am scared I hard brick it because I did it before but I was still under warranty and I somehow locked the bootloader so should I give it another shot or just forget it?
Click to expand...
Click to collapse
if you read all the instrucctions you wont hard brick your device
Does it work using an different android version than the boot.img file i extracted it from, since i often switch android versions with gsis and so on. (e.g android 11 boot.img with android 13 gsi?)
Reposting here (from the Magisk forum) on the advice of a Senior Moderator.
I have a Pixel 5 and two days ago now I updated from redfin-2110-rq3a.211001.001-factory-23f4cec2 to redfin-2111-sp1a.211105.004-factory-749e8f9f (yes the Aus version), i.e. from the October version to the November version.
All went well until I tried to root the device using Magisk - something I've done *many* times. The trouble is that after I flashed the patched boot.img, the device would not boot - it started to for a few seconds and then went back into fastboot mode.
I've tried a few times but always the same result.
And it seems that you cannot rollback to the October release - the flash-all.sh completes OK but the subsequent boot hangs.
BTW (1): I'm still using the canary channel, is this still necessary?
BTW (2): I also posted in the github Magisk issues page and that issue was promptly closed with the comment "format data". Really?!
Help.
Curiouser and curiouser: this works
adb reboot bootloader
fastboot boot redfin-2111_boot_magisk_patched.img
gone_bush said:
Reposting here (from the Magisk forum) on the advice of a Senior Moderator.
I have a Pixel 5 and two days ago now I updated from redfin-2110-rq3a.211001.001-factory-23f4cec2 to redfin-2111-sp1a.211105.004-factory-749e8f9f (yes the Aus version), i.e. from the October version to the November version.
All went well until I tried to root the device using Magisk - something I've done *many* times. The trouble is that after I flashed the patched boot.img, the device would not boot - it started to for a few seconds and then went back into fastboot mode.
I've tried a few times but always the same result.
And it seems that you cannot rollback to the October release - the flash-all.sh completes OK but the subsequent boot hangs.
BTW (1): I'm still using the canary channel, is this still necessary?
BTW (2): I also posted in the github Magisk issues page and that issue was promptly closed with the comment "format data". Really?!
Help.
Click to expand...
Click to collapse
Sorry, but you are going to have to wipe your phone here. On the next updates you won't have to following these instructions.
Get the vbmeta.img from the factory image (the same place you got the boot.img) and put it into your fastboot folder.
In bootloader/fastboot enter:
fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
Then enter:
fastboot -w (<---this wipes your phone)
Then flash the patched boot image as you normally would and reboot.
In the future for updates, download both the ota.zip and the factory image. Pull the boot.img from the factory image and patch it. Pull the vbmeta.img and put it into your fastboot folder with the patched boot.img. Sideload the OTA and when the flash is done, boot to bootloader using the volume/power buttons on your phone from recovery (you'll be there to sideload the ota.zip) IF YOU BOOT TO /SYSTEM YOU'LL HAVE TO WIPE AGAIN!
Flash the vbmeta.img with fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img, then flash the patched boot.img and reboot. You won't have to wipe again as long as you don't boot to /system and don't forget to flash the vbmeta.img with disabling verity and verification.
xunholyx said:
Sorry, but you are going to have to wipe your phone here. On the next updates you won't have to following these instructions.
Get the vbmeta.img from the factory image (the same place you got the boot.img) and put it into your fastboot folder.
In bootloader/fastboot enter:
fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
Then enter:
fastboot -w (<---this wipes your phone)
Then flash the patched boot image as you normally would and reboot.
In the future for updates, download both the ota.zip and the factory image. Pull the boot.img from the factory image and patch it. Pull the vbmeta.img and put it into your fastboot folder with the patched boot.img. Sideload the OTA and when the flash is done, boot to bootloader using the volume/power buttons on your phone from recovery (you'll be there to sideload the ota.zip) IF YOU BOOT TO /SYSTEM YOU'LL HAVE TO WIPE AGAIN!
Flash the vbmeta.img with fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img, then flash the patched boot.img and reboot. You won't have to wipe again as long as you don't boot to /system and don't forget to flash the vbmeta.img with disabling verity and verification.
Click to expand...
Click to collapse
Thank you for your reply. Some questions:
1) What's changed that required a wipe? (Let's face it, it's a MAJOR PITA! Thankfully, I do use TitaniumBackup )
2) You state "download both the ota.zip and the factory image" - what's the difference?
3) Re "Pull the vbmeta.img" - in the current instance, is that from the November file (SP1A.211105.004), if not, from where?
4) Do I have this right for future updates?
* Unpack the downloaded file and put the boot.img and vbmeta.img files in a safe place
* Sideload the update by
adb reboot recovery
Apply update from ADB
adb sideload <ota-update.zip>
* Use volume buttons to boot into bootloader (booting into system will mean I'll have to do another wipe!)
* fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
* flash patched boot.img
* boot
5) Re using Magisk to patch the boot.img: can, say, the November boot.img be patched whilst the phone is running the October update?
Yeah, I know, answering my questions is all you've got to do with your life
1: verified boot is needed in Android 12. Patching the boot.img breaks the signature from Google
2: after flashing the factory image in fastboot you're promoted to press any key to continue, which boots the phone to system iirc (I could be mistaken ~ it's been over a year since I flashed a factory image). You can boot to bootloader from recovery after you sideload the OTA.
3: yes. From the update you are applying.
4: I guess.... Place the vbmeta.img in your fastboot folder the same as the patched boot.img (at least that's where I always put the patched boot.img). Put the pulled boot.img wherever you like to transfer it to your phone from to patch. The rest after that part is correct.
5: yes
EDIT: (Sorry I forgot to use the reply button)
xunholyx said:
1: verified boot is needed in Android 12. Patching the boot.img breaks the signature from Google
2: after flashing the factory image in fastboot you're promoted to press any key to continue, which boots the phone to system iirc (I could be mistaken ~ it's been over a year since I flashed a factory image). You can boot to bootloader from recovery after you sideload the OTA.
3: yes. From the update you are applying.
4: I guess.... Place the vbmeta.img in your fastboot folder the same as the patched boot.img (at least that's where I always put the patched boot.img). Put the pulled boot.img wherever you like to transfer it to your phone from to patch. The rest after that part is correct.
5: yes
EDIT: (Sorry I forgot to use the reply button)
Click to expand...
Click to collapse
Thank you for yor replies and time - much appreciated!