Database Users

[Q] Slate 7 Extreme root,flash question

Hi, I am a happy owner of the HP Slate 7 Extreme which is basically the same device as you guys are using.I am still on the 4.2 Jelly bean since HP are not pushing over the air updates with our devices.I want to use the script from the development forum "[Script] [Utility] Nvidia Tegra Note 7 Kitkat Unlock BL, Restore, Recovery, & Root", I want to know if anyone has tried to use it with the Slate Extreme or if it simply should work on the Jelly Bean aswell. Thanks guys.

still have freeze/hang issue..
http://forum.xda-developers.com/showthread.php?t=2663449&page=2

mofared said:
still have freeze/hang issue..
http://forum.xda-developers.com/showthread.php?t=2663449&page=2
Click to expand...
Click to collapse
What about the 4.3+ ?

crazyhacker202 said:
What about the 4.3+ ?
Click to expand...
Click to collapse
i have not test that yet but i believe it should work because i have tested the 4.4.2 and 4.2.2 evga ROM from here using the cwm install from sdcard method..
http://forum.xda-developers.com/showthread.php?t=2627671
The only thing that puzzles me now is i am unable to perform a system recovery from HP update.zip using cwm.
http://h10025.www1.hp.com/ewfrf/wc/...en&cc=us&dlc=en&sw_lang=&product=6608632#N147
So right now i am stuck with 4.2.2 evga ROM all is good and functional.
I have read some post that by updating OTA fix issue in 4.4 but i have no idea on how to get the OTA update.
p/s: This is my first tablet and root attempt...
edit:
i found out that rootjunky has already released the 4.4.2 with 2.3 OTA i will give it a try and feedback later

mofared said:
i have not test that yet but i believe it should work because i have tested the 4.4.2 and 4.2.2 evga ROM from here using the cwm install from sdcard method..
http://forum.xda-developers.com/showthread.php?t=2627671
The only thing that puzzles me now is i am unable to perform a system recovery from HP update.zip using cwm.
http://h10025.www1.hp.com/ewfrf/wc/...en&cc=us&dlc=en&sw_lang=&product=6608632#N147
So right now i am stuck with 4.2.2 evga ROM all is good and functional.
I have read some post that by updating OTA fix issue in 4.4 but i have no idea on how to get the OTA update.
p/s: This is my first tablet and root attempt...
edit:
i found out that rootjunky has already released the 4.4.2 with 2.3 OTA i will give it a try and feedback later
Click to expand...
Click to collapse
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571

There was an individual who has received the 4.4.2 update from HP on his Slate Extreme over at the HP forums. I believe he stated he received 20 units donated directly from HP and was wondering why only 1 of them received the update. I believe the reason stated is that he most likely received a non-retail unit by accident. Not sure if he ever dumped the ROM or even knows how. I don't know either otherwise I'd try to contact him to get him to do so.

Re-write recovery partition?
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
I did flash the modified update.zip but CWM doesn't give me the option to re-write the recovery partition. I go straight to "Install from sdcard complete". How is that re-write done?
*Update* All done - Had to select NO to questions on reboot (Replace recovery and root). Thanks so much - back to stock 4.2.2

Belmichel said:
I did flash the modified update.zip but CWM doesn't give me the option to re-write the recovery partition. I go straight to "Install from sdcard complete". How is that re-write done?
*Update* All done - Had to select NO to questions on reboot (Replace recovery and root). Thanks so much - back to stock 4.2.2
Click to expand...
Click to collapse
See my HP Slate 7 Extreme Root post: http://forum.xda-developers.com/showthread.php?t=2850893

What am I supposed to open updater-script with?
---------- Post added at 03:47 AM ---------- Previous post was at 03:31 AM ----------
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
---------- Post added at 04:25 AM ---------- Previous post was at 03:47 AM ----------
I downloaded a script editor and deleted the first three lines of updater script but it still fails to flash.

Finally success!
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
I have the 4450 extreme and one the things that was a little different- is that I had put the update zip on the sd card prior and it did the update on its own... WEIRD but acceptable! rooted and on 4.4.2- thanks man!

I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot (previously this): This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk (Previously this): The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip (previously this): A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt (previously this): A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.

It Worked! But...
mike-s said:
I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot: This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk: The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip: A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt: A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.
Click to expand...
Click to collapse
I was able to unlock my bootloader using the above method and it worked. My s7e rebooted and everything was working normally. I loaded the bootloader again to go in and do a cache wipe and my 3 year old bumped into me as I was holding down the volume+ and power buttons. Now I'm stuck in ADX mode (black screen but recognized by my pc, have tried connecting to charger, volume+ and power, volume - and power, nothing works) . I've read that Advent has released adx files for the Vega Note 7 and you can use Tegra Note 7 Super Tools to restore the Nvidia Note 7. I'm wondering if I can use the update.zip file and the nvflash files from Nvidia to restore my tablet from ADX mode.
Any suggestions?

Mike-S, Thanks for the in depth how-to. I tried to sell my Extreme 4450 and the guy that I sold it to said when he received it was in boot loop. I got it back and it is indeed the one I sent him, however, now I have a bricked tab that doesn't even allow fastboot. I have, like others tried calling HP, tried installing per you instruction and finally considered just throwing away or selling. I almost seems like the recovery was wiped... I can get to uploading from SD and have tried using your info to accomplish with no success. Any suggestions? I hate to smash it or try and sell if I can fix it.
Thank you in advance for anyone's help

som1special2 said:
however, now I have a bricked tab that doesn't even allow fastboot. I have, like others tried calling HP, tried installing per you instruction and finally considered just throwing away or selling.
Click to expand...
Click to collapse
Damn, I'm sorry to say that I'm unsure if i'll be able to help much or at all. All i can suggest is look and see if there is any pre-boot subsystem that connects to your pc via usb, similar to the mediatek "preboot mt65xx" which can sort of provide a last gasp chance of recovery.

help with ROM
Hi there,
Need desperate help. I followed the instructions here but ended up with no OS in the s7e. I kept on trying to install a signed ROM via ADB, it reaches 100% senidng but always failed inside TWRP. Not succesful even with CWM. I even tried installing from SD card but no success. Please help, thank you.

Anyone still around here?
Mike S ... not sure you (or anyone else) is paying any attention to this thread anymore (and the HP Slate 7 Extreme at this point is a fairly old device) ... but I can't get any of these methods to work and my S7E (model 4450) is basically useless right now. When cold (i.e. not booted up in prior 30mins or so), I can boot it normally, but within about 10mins, it will "crash" to the all-white HP splash screen and will never recover. Holding the power button just has it go through initial startup, get to the white HP splash screen, and sit there until the battery runs down. I haven't been able to root it yet, so the bootloader still shows "locked". What's ironic is that this device is really all I need -- I don't play high-end games and mostly just stream shows -- but now it's completely unusable. I'm not sure which is easier ... trying to get this to root or just buying something else?
So far, to root, I've tried towelroot and Cydia Impactor, but both of those returned errors as others have reported. I tried following the steps that Mike S put up here, but without my tablet being rooted, adb and fastboot don't even detect my device from the PC (though the PC detects it because I'm able to see it in Windows Explorer and drag files to the storage) ... so it seems like I can't even get to install CWM or anything further.
Maybe the right thing to do is just to dump the paperweight ... it used to work so well but about 6 months ago this stupid HP white screen crash started happening, and since then it's become a regular thing that only takes about 10 mins (at most) before it craps out. I can get to the bootloader and onboard recovery mode, but that doesn't let me load anything.
Not sure where to go next but any advice would be appreciated!
--AJ

MGrad92 said:
Mike S ... not sure you (or anyone else) is paying any attention to this thread anymore (and the HP Slate 7 Extreme at this point is a fairly old device) ... but I can't get any of these methods to work and my S7E (model 4450) is basically useless right now. When cold (i.e. not booted up in prior 30mins or so), I can boot it normally, but within about 10mins, it will "crash" to the all-white HP splash screen and will never recover. Holding the power button just has it go through initial startup, get to the white HP splash screen, and sit there until the battery runs down. I haven't been able to root it yet, so the bootloader still shows "locked". What's ironic is that this device is really all I need -- I don't play high-end games and mostly just stream shows -- but now it's completely unusable. I'm not sure which is easier ... trying to get this to root or just buying something else?
So far, to root, I've tried towelroot and Cydia Impactor, but both of those returned errors as others have reported. I tried following the steps that Mike S put up here, but without my tablet being rooted, adb and fastboot don't even detect my device from the PC (though the PC detects it because I'm able to see it in Windows Explorer and drag files to the storage) ... so it seems like I can't even get to install CWM or anything further.
Maybe the right thing to do is just to dump the paperweight ... it used to work so well but about 6 months ago this stupid HP white screen crash started happening, and since then it's become a regular thing that only takes about 10 mins (at most) before it craps out. I can get to the bootloader and onboard recovery mode, but that doesn't let me load anything.
Not sure where to go next but any advice would be appreciated!
--AJ
Click to expand...
Click to collapse
Get your device drivers right (try androidsdk if it's still not getting recognised) and fastboot the stock system images (fastboot is not root dependent). By the way why were you trying those weird rooting methods ??? Just flash supersu from cwm/twrp and be done with it.

Thanks ... I'll try androidsdk. I actually am a root n00b and so I was trying to figure out the simplest way to go. I guess I guessed wrong! But of course before I can get that working I need the right drivers ... So I'll try that first. I was thinking the drivers were OK since my PC recognized the S7E when Android loaded (before it crashed to the white screen).

Couldn't get androidsdk to work
Hello again... I never could get androidsdk to work. My computer never recognized the tablet to be able to fastboot. *sigh* As much as I hate to give up, I don't know what else to do.... I might try another PC?

Looking for update.zip for S7E
mike-s said:
I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot: This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk: The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip: A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt: A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.
Click to expand...
Click to collapse
Hey Mike, you wouldn't still happen to have that signed update.zip since you've don't have it on Dropbox anymore?

Windows scripts to backup/restore partitions in EDL mode (locked bootloader too)

I have created a set of Windows scripts (.cmd files) to backup/restore selected partitions via emmcdl utility (a part of android-host-knife project).
Tested on RN3P but may be used with other Qualcomm-based devices.
emmcdl uses "firehose" module to interact with device's eMMC in 9008/EDL mode. With prog_emmc_firehose_8976_ddr.mbn from the "fastboot" firmware, can read/write partition table and any partition (including non-volatile ones, like modemst1/2, fsg etc.).
With this selected partition list, successfully restored phone's IMEI, MAC addresses and bootloader unlock status after accidental damaging the memory.
Can be used to create rawprogram0.xml file to flash images via MiFlash (recommended) or another Qualcomm utility.
!!! Not for beginners! If you don't know what is a "partition", "image" etc., please don't use this toolset until learning about that.

Do create a basic guide.
Will help a lot of em
Sent from my Redmi Note 3 using Tapatalk

Navi44 said:
Do create a basic guide.
Click to expand...
Click to collapse
Don't want to create a guide for beginners, like "click here and have fun". Since this process is dangerous, a user should have some knowledge, experience, and be careful.

emuzychenko said:
Don't want to create a guide for beginners, like "click here and have fun". Since this process is dangerous, a user should have some knowledge, experience, and be careful.
Click to expand...
Click to collapse
Some are ready to learn and take risks.
Anyways, it's all your choice.
Sent from my Redmi Note 3 using Tapatalk

I'm just trying to restore all partitions on my kate variant, i wiped every partition described in this thread:
https://forum.xda-developers.com/redmi-note-3/how-to/partition-layout-snapdragon-t3530412
It was an atempt to solve a weird bug after tons of flashes, i wiped them again and tried to flash the firmware using miflash in edl mode and nothing happens, it says flash successful but the phone is stuck booting in the MI logo part with the 3 dots.
My phone has locked bootloader, also i wiped those partitions performing an unofficial unlock.
I have the qcn file for the IMEIs.
The question... how to use the file from the OP's post?
If anybody can help me it will be appreciated.
Thank you for your time.

avercros said:
I'm just trying to restore all partitions on my kate variant, i wiped every partition described in this thread:
https://forum.xda-developers.com/redmi-note-3/how-to/partition-layout-snapdragon-t3530412
It was an atempt to solve a weird bug after tons of flashes, i wiped them again and tried to flash the firmware using miflash in edl mode and nothing happens, it says flash successful but the phone is stuck booting in the MI logo part with the 3 dots.
My phone has locked bootloader, also i wiped those partitions performing an unofficial unlock.
I have the qcn file for the IMEIs.
The question... how to use the file from the OP's post?
If anybody can help me it will be appreciated.
Thank you for your time.
Click to expand...
Click to collapse
It can take 10-15 minutes on first boot from miflash. if the dots are animated just go make some food and wait.
also make sure you do it like this : flash global stable FASTBOOT rom in edl mode with miflash, make sure you replace bootloader before you flash with unlocked one (emmc_appsboot.mbn) then reboot to fastboot when you see "successful" msg(hold vol down and power until you see fastboot), then "fastboot flash recovery recovery_zcx.img" then "fastboot boot recovery_zcx.img" i recommend zcx because it will automatically patch dm-verity... when zcx recovery boots, reboot to system. after you boot once into miui you can flash whatever recovery you want through twrp
the names are generic make sure to name your recovery image properly...
fastboot-edl to enter edl from fastboot mode - https://drive.google.com/open?id=0B2w-p-CP_G3FM1pCcG1JT0lfRUk
fastboot rom list - http://en.miui.com/a-234.html
zcx 917 - https://drive.google.com/file/d/0B2w-p-CP_G3FcHJRVTZHSjlNU3M/view?usp=drivesdk
unlocked emmc_appsboot.mbn - https://drive.google.com/file/d/0B2w-p-CP_G3FaXVFdWp1ODJOQm8/view?usp=drivesdk
miflash 64 bit with miphone drivers - https://drive.google.com/open?id=0B2w-p-CP_G3FRHR5UEp5TUMwemM

pabloa2 said:
It can take 10-15 minutes on first boot from miflash. if the dots are animated just go make some food and wait.
also make sure you do it like this : flash global stable FASTBOOT rom in edl mode with miflash, make sure you replace bootloader before you flash with unlocked one (emmc_appsboot.mbn) then reboot to fastboot when you see "successful" msg(hold vol down and power until you see fastboot), then "fastboot flash recovery recovery_zcx.img" then "fastboot boot recovery_zcx.img" i recommend zcx because it will automatically patch dm-verity... when zcx recovery boots, reboot to system. after you boot once into miui you can flash whatever recovery you want through twrp
fastboot rom list - http://en.miui.com/a-234.html
zcx 917 - https://drive.google.com/file/d/0B2w-p-CP_G3FcHJRVTZHSjlNU3M/view?usp=drivesdk
unlocked emmc_appsboot.mbn - https://drive.google.com/file/d/0B2w-p-CP_G3FaXVFdWp1ODJOQm8/view?usp=drivesdk
Click to expand...
Click to collapse
I tried this and the phone keeps stuck in booting.
I think that the last hope for this is a full partition repair or sell it for spare parts :/

avercros said:
I tried this and the phone keeps stuck in booting.
I think that the last hope for this is a full partition repair or sell it for spare parts :/
Click to expand...
Click to collapse
one final thing even though i mentioned it already, you must make sure your phone has dm-verity patched before you boot if you plan on using custom recovery. if you don't use zcx to automatically patch it then you need to install something like lazy patcher before you boot miui the first time. make sure you follow directions carefully. if your phone still isnt booting after 15 minutes (yes it can take that long) then you're out of luck, but i have a strong suspicion that your phone is not bricked.... a hard bricked phone will show no signs of life whatsoever, no leds, no screen, nothing. you must use testpoint method to enter qdloader mode at that point but your phone is not hard-bricked.

pabloa2 said:
one final thing even though i mentioned it already, you must make sure your phone has dm-verity patched before you boot if you plan on using custom recovery. if you don't use zcx to automatically patch it then you need to install something like lazy patcher before you boot miui the first time. make sure you follow directions carefully. if your phone still isnt booting after 15 minutes (yes it can take that long) then you're out of luck, but i have a strong suspicion that your phone is not bricked.... a hard bricked phone will show no signs of life whatsoever, no leds, no screen, nothing. you must use testpoint method to enter qdloader mode at that point but your phone is not hard-bricked.
Click to expand...
Click to collapse
Not working, i've done everything following your post, my phone only shows the MI logo and now it's blinking, it does not boot.

This is in the wrong section.

emuzychenko said:
I have created a set of Windows scripts (.cmd files) to backup/restore selected partitions via emmcdl utility (a part of android-host-knife project).
Tested on RN3P but may be used with other Qualcomm-based devices.
emmcdl uses "firehose" module to interact with device's eMMC in 9008/EDL mode. With prog_emmc_firehose_8976_ddr.mbn from the "fastboot" firmware, can read/write partition table and any partition (including non-volatile ones, like modemst1/2, fsg etc.).
With this selected partition list, successfully restored phone's IMEI, MAC addresses and bootloader unlock status after accidental damaging the memory.
Can be used to create rawprogram0.xml file to flash images via MiFlash (recommended) or another Qualcomm utility.
!!! Not for beginners! If you don't know what is a "partition", "image" etc., please don't use this toolset until learning about that.
Click to expand...
Click to collapse
Thanks for the thread..
Is there some insight to create "rawprogram0.xml" from this tool? I've try to execute it to see if there's any command list but only have "parttable.txt not found" message.

emuzychenko said:
I have created a set of Windows scripts (.cmd files) to backup/restore selected partitions via emmcdl utility (a part of android-host-knife project).
Tested on RN3P but may be used with other Qualcomm-based devices.
emmcdl uses "firehose" module to interact with device's eMMC in 9008/EDL mode. With prog_emmc_firehose_8976_ddr.mbn from the "fastboot" firmware, can read/write partition table and any partition (including non-volatile ones, like modemst1/2, fsg etc.).
With this selected partition list, successfully restored phone's IMEI, MAC addresses and bootloader unlock status after accidental damaging the memory.
Can be used to create rawprogram0.xml file to flash images via MiFlash (recommended) or another Qualcomm utility.
!!! Not for beginners! If you don't know what is a "partition", "image" etc., please don't use this toolset until learning about that.
Click to expand...
Click to collapse
Thanks man !
This tool was a big help for my other device (LYF) based on qualcomm.
it's one of a kind..couldn't find anything similar & easy on internet.
don't know why this thread is not popular given that lot of people want the things this tool can easily do, may be they are reluctant to go over edge and try on own.
Anyway thanks a lot again & Keep good work

Qullcomm device
Hello sir I have erased perist on my device accidentally and my device is Redmi 4x I have tried to restore my persist partion on my device via emmcdl utility when I enter first command emmcdl -1
It's show my device port com 5 and when I entered second command
emmcdl -p COM5 -f prog_emmc_firehose_8937_ddr.mbn -e persist -o persist.img it's showing error failed to write hello response back to device and didn't receive Sahara hello packet from the device and some thing like that. the error also show when I disconnected my device from pc. Please anyone help me.thankyou

Dbdbsss said:
Hello sir I have erased perist on my device accidentally and my device is Redmi 4x I have tried to restore my persist partion on my device via emmcdl utility when I enter first command emmcdl -1
It's show my device port com 5 and when I entered second command
emmcdl -p COM5 -f prog_emmc_firehose_8937_ddr.mbn -e persist -o persist.img it's showing error failed to write hello response back to device and didn't receive Sahara hello packet from the device and some thing like that. the error also show when I disconnected my device from pc. Please anyone help me.thankyou
Click to expand...
Click to collapse
Have u unlocked ur bootloader.
If yes then
Put phone in fastboot mode.
Flash persist img using fastboot command
fastboot flash persist persist.img
Or use advance twrp and flash persist.img in persist partition.

rawprogram0.xml
how to create a rawprogram0.xml which contains all partitions?
i am much willing to learn more about this,
feel free to message me in fb
facebook.com/samuel.tajuda

When I tried to Restore a Backup Userdata.img to my Zenfone, It requires me a Startup Password that I've not currently set on. (I only used Lockscreen and Google's Default Password but nothing happens)
Does somebody know the Encrypted Password made by QCPart or How to Unpack the Disk Image File that only shows Unallocated on Linux Reader for Windows?
I have some important files that I need to retrieve from the Bricked Phone that I backup with it before I Flashed the Android ROM with Clean Firmware

Lg g4 vs986 bootloader unlock (not steps)

so i want to *try* unlocking the bootloader on an lg g4 vs986. my question is how is bootloader unlocking done
(not steps to go through to do it, iv done it on an old lg i had a few years ago. but whats going on 'under the hood' when a phones bl is unlocked?) Im kinda hoping to learn a little from this. if i figure it out ill post instructions.

Neco Carmello said:
so i want to *try* unlocking the bootloader on an lg g4 vs986. my question is how is bootloader unlocking done
(not steps to go through to do it, iv done it on an old lg i had a few years ago. but whats going on 'under the hood' when a phones bl is unlocked?) Im kinda hoping to learn a little from this. if i figure it out ill post instructions.
Click to expand...
Click to collapse
There is no unlock lg. Is the only one. Its not locked but encrypted with 256 bit encryption un brutable. Only way is to find a way to flash images that apear to be signed by lg. Kinda like bump and loki.
This has been exlained a million times. But good luck.

Thanks. At least i have a place to start . that sounds much less complicated than i thought it would be. How hard would it be to fake a signiture to make the phone thinks its an origiinal lg(or verizon) signiture?
Or pretty much copy/paste a signiture?

Neco Carmello said:
Thanks. At least i have a place to start . that sounds much less complicated than i thought it would be. How hard would it be to fake a signiture to make the phone thinks its an origiinal lg(or verizon) signiture?
Or pretty much copy/paste a signiture?
Click to expand...
Click to collapse
Thats the million dollar question. As of rite now no one has been able to do it.
If im not mistaken how it works is say u modify the boot image the signature is broken.
And lg and in my case sprint is the only ones who know it.
Me and countless others have been throught weeks worth of hex files. Moding and bricking secure boot errors. The whole nine yards. Technicly the pot for donations on a bootloader hack os still up for grabs

TheMadScientist420 said:
Thats the million dollar question. As of rite now no one has been able to do it.
If im not mistaken how it works is say u modify the boot image the signature is broken.
And lg and in my case sprint is the only ones who know it.
Me and countless others have been throught weeks worth of hex files. Moding and bricking secure boot errors. The whole nine yards. Technicly the pot for donations on a bootloader hack os still up for grabs
Click to expand...
Click to collapse
Did u mount the boot partition directly in android or make a .img and mount that (in android linux windows)
And how did u do it.
P.s. on a related note: wouldnt it be theoretically possible to create a rom w/out modifying the bootloader e.g. port cyanaganmod using the origional bootloader?

Neco Carmello said:
Did u mount the boot partition directly in android or make a .img and mount that (in android linux windows)
And how did u do it.
P.s. on a related note: wouldnt it be theoretically possible to create a rom w/out modifying the bootloader e.g. port cyanaganmod using the origional bootloader?
Click to expand...
Click to collapse
There are roms for the sprint varient even a few not rooted ones but all stock based cm dont boot with stock boot image.
I personally didnt try the steps u stated but im sure someone has. We had some killer devs at one point in time. Dont get me wrong we still do but most have givin up on this project

TheMadScientist420 said:
There are roms for the sprint varient even a few not rooted ones but all stock based cm dont boot with stock boot image.
I personally didnt try the steps u stated but im sure someone has. We had some killer devs at one point in time. Dont get me wrong we still do but most have givin up on this project
Click to expand...
Click to collapse
I have 2 good questions.. Has anyone tried the irreversible option of switching the fastboot partition over the recovery partition? From what i read down & power boots fastboot after the swap which we can use to fastboot boot fishtwrp.img ( twrp for locked bl).. Just a theory.. Or i extracted the genesis rom. It supposedly flashes over any rom from what it reads. The tot only has the system.bin, primarygpt.bin ( partition file) & some bin file i dont recognize.. In theory it only changes the system files for modified versions. Keeps boot and everything original. No root but can we change the gpt.bin, build.prop and any other dependencies, then flash it safely over ls991zve or ls991zvf? Im extracting the files still to dig deep and see what we can play with..

lowkeyst4tus said:
I have 2 good questions.. Has anyone tried the irreversible option of switching the fastboot partition over the recovery partition? From what i read down & power boots fastboot after the swap which we can use to fastboot boot fishtwrp.img ( twrp for locked bl).. Just a theory.. Or i extracted the genesis rom. It supposedly flashes over any rom from what it reads. The tot only has the system.bin, primarygpt.bin ( partition file) & some bin file i dont recognize.. In theory it only changes the system files for modified versions. Keeps boot and everything original. No root but can we change the gpt.bin, build.prop and any other dependencies, then flash it safely over ls991zve or ls991zvf? Im extracting the files still to dig deep and see what we can play with..
Click to expand...
Click to collapse
I am on zv6 rooted. Best way i see as of now is the locked twrp with efi droid ported in. To either dual boot into a unlocked setup from intern mem or ext sd. Fastboot on ls991 even zv6 dont acknowlede realy any fastboot commands other than reboot. Cant even get identifier token. Been there.

Lollipop boot chain
---------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (no validation)
Bootloader --> aboot (validated by bootloader) --> recovery (validated by aboot)
Marshmallow boot chain
------------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (validated by boot img!!! )
That means no root since MM anymore (Samsung makes a difference because they had implemented the MM behavior since 5.1.x).
Before MM it was possible to modify the system partition to gain root. This way you are able to get root even on a locked bootloader. This stops to work as you can see in the above boot chain illustration.
###################################
While my hacking tests regarding unlocking the g4 bootloader aboot I've seen no encryption nowhere. Only signed images. But keep in mind that this is totally enough to validate the boot chain!
There is no need for encryption.
The validation happens by signing with a well proven mechanism with the relevant content or even the whole image. If you find a way to break this in general you will become prominent world wide in a second.
The only other chance is to find a vuln within the LG implementation either of the signing or validating.
Best option for a hack is the aboot because here you could disable the validation to fully unlock. You would dump this partition and then disassemble it on your PC with e.g. ida pro then trying to hack.
The problem is that any modification will void the signature. So you need to find a way to exploit, find a wrong implementation which can be used to workaround further validation or breaking the signature algo. And you need good C knowledge
Good luck.
.
Sent from my LG-H815 using XDA Labs

,
steadfasterX said:
Lollipop boot chain
---------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (no validation)
Bootloader --> aboot (validated by bootloader) --> recovery (validated by aboot)
Marshmallow boot chain
------------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (validated by boot img!!! )
That means no root since MM anymore (Samsung makes a difference because they had implemented the MM behavior since 5.1.x).
Before MM it was possible to modify the system partition to gain root. This way you are able to get root even on a locked bootloader. This stops to work as you can see in the above boot chain illustration.
###################################
While my hacking tests regarding unlocking the g4 bootloader aboot I've seen no encryption nowhere. Only signed images. But keep in mind that this is totally enough to validate the boot chain!
There is no need for encryption.
The validation happens by signing with a well proven mechanism with the relevant content or even the whole image. If you find a way to break this in general you will become prominent world wide in a second.
The only other chance is to find a vuln within the LG implementation either of the signing or validating.
Best option for a hack is the aboot because here you could disable the validation to fully unlock. You would dump this partition and then disassemble it on your PC with e.g. ida pro then trying to hack.
The problem is that any modification will void the signature. So you need to find a way to exploit, find a wrong implementation which can be used to workaround further validation or breaking the signature algo. And you need good C knowledge
Good luck.
.
Click to expand...
Click to collapse
Thanks thats perfect! Im ganna try doing that in virtualbox with all the partition .img files from my phone mounted and boot that way just in case i brick it
Edit: how doci mark this thread solved in the android app

steadfasterX said:
Lollipop boot chain
---------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (no validation)
Bootloader --> aboot (validated by bootloader) --> recovery (validated by aboot)
Marshmallow boot chain
------------------------------------------------
Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (validated by boot img!!! )
That means no root since MM anymore (Samsung makes a difference because they had implemented the MM behavior since 5.1.x).
Before MM it was possible to modify the system partition to gain root. This way you are able to get root even on a locked bootloader. This stops to work as you can see in the above boot chain illustration.
###################################
While my hacking tests regarding unlocking the g4 bootloader aboot I've seen no encryption nowhere. Only signed images. But keep in mind that this is totally enough to validate the boot chain!
There is no need for encryption.
The validation happens by signing with a well proven mechanism with the relevant content or even the whole image. If you find a way to break this in general you will become prominent world wide in a second.
The only other chance is to find a vuln within the LG implementation either of the signing or validating.
Best option for a hack is the aboot because here you could disable the validation to fully unlock. You would dump this partition and then disassemble it on your PC with e.g. ida pro then trying to hack.
The problem is that any modification will void the signature. So you need to find a way to exploit, find a wrong implementation which can be used to workaround further validation or breaking the signature algo. And you need good C knowledge
Good luck.
.
Click to expand...
Click to collapse
Actually........(sorry of this is another reapeted question)
You wrote
"Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (no validation)"
If aboot was moddified to not verify the kernel then the bootloader was moddified to not verify aboot then there would be no verifications being done then this phone could boot pretty much anything compiled for it...right?
Also if the internal storage (all of them not just "internal sd") were somehow completely repartitioned (or all but boot or boot and recovery idk) and linux installed couldnt it boot?

Neco Carmello said:
Actually........(sorry of this is another reapeted question)
You wrote
"Bootloader --> aboot (validated by bootloader) --> boot/kernel (validated by aboot) --> ROM (no validation)"
If aboot was moddified to not verify the kernel then the bootloader was moddified to not verify aboot then there would be no verifications being done then this phone could boot pretty much anything compiled for it...right?
Also if the internal storage (all of them not just "internal sd") were somehow completely repartitioned (or all but boot or boot and recovery idk) and linux installed couldnt it boot?
Click to expand...
Click to collapse
The trick is: you cannot modify the bootloader (easily). It is on a chip in the device and normally read only. There will be a way to make it writeable but this requires to shortcut whatever on the mainboard afaik. Then normally you can't just write something on it you have to use a special tool for this as well. But yes. If you can modify the bootloader to not verify aboot you have won as well.
Regarding your Linux question:
No. Changing partitions is not enough You need a "trampoline" (a hook which executes your own boot code) for this. That's why I developed android FIsH (see my signature)!! It was developed and works for locked devices.
The current development direction is to boot either efidroid or multirom with FIsH. Would be great if you wanna join this approach
With FIsH you could even boot Linux btw..
.
Sent from my LG-H815 using XDA Labs

steadfasterX said:
The trick is: you cannot modify the bootloader (easily). It is on a chip in the device and normally read only. There will be a way to make it writeable but this requires to shortcut whatever on the mainboard afaik. Then normally you can't just write something on it you have to use a special tool for this as well. But yes. If you can modify the bootloader to not verify aboot you have won as well.
Regarding your Linux question:
No. Changing partitions is not enough You need a "trampoline" (a hook which executes your own boot code) for this. That's why I developed android FIsH (see my signature)!! It was developed and works for locked devices.
The current development direction is to boot either efidroid or multirom with FIsH. Would be great if you wanna join this approach
With FIsH you could even boot Linux btw..
.
Click to expand...
Click to collapse
I think ill try fish, id love to have arch linux arm on my phone... But can u post a link plz i feal like if i try googling it i wont find anything close to it
Also... Could fish allow me to multiboot linux and android (or maybe fish and multirom) or just multiple android roms?
Edit: yup lmao a search for "android fish" gave me nothing but games... And oddly enough the f.lux app but thats it so i link would be greatly appreciated

Neco Carmello said:
I think ill try fish, id love to have arch linux arm on my phone... But can u post a link plz i feal like if i try googling it i wont find anything close to it
Also... Could fish allow me to multiboot linux and android (or maybe fish and multirom) or just multiple android roms?
Edit: yup lmao a search for "android fish" gave me nothing but games... And oddly enough the f.lux app but thats it so i link would be greatly appreciated
Click to expand...
Click to collapse
LOL
Just read carefully all the stuff here
https://tinyurl.com/FISHatXDA
It should hopefully answer all your questions
Sent from my LG-H815 using XDA Labs

Thanks ill check it out later today. I got a niece to watch :laugh:

Ok so I downloaded fish. havent compiled it or anything but i did skim through the install file. it looks like it might be a good "work around". I did notice the mount commands are a little off for this particular phone ( i use [mount -o rw,remount ext4 /system] to mount /system as rw. Ur commands have a little different syntax) so id have to tweak it a bit for this phone but thatll be fairly straight forward. ima look through the code to learn whats doing what and tweak it a little before compiling. are there any instructions anywhere for compiling and inatalling it? Im just scrathing the surface with code and never really compiled myself (iv used frontends that do it for u but thats it really).
Once i have fish working ill look into booting archlinuxarm w/ it.

Neco Carmello said:
Ok so I downloaded fish. havent compiled it or anything but i did skim through the install file. it looks like it might be a good "work around". I did notice the mount commands are a little off for this particular phone ( i use [mount -o rw,remount ext4 /system] to mount /system as rw. Ur commands have a little different syntax) so id have to tweak it a bit for this phone but thatll be fairly straight forward. ima look through the code to learn whats doing what and tweak it a little before compiling. are there any instructions anywhere for compiling and inatalling it? Im just scrathing the surface with code and never really compiled myself (iv used frontends that do it for u but thats it really).
Once i have fish working ill look into booting archlinuxarm w/ it.
Click to expand...
Click to collapse
Really do you have read the whole thread? I mean it is all their how it works and so on...
Not for compiling stuff ok but for the rest..
.
Sent from my LG-H815 using XDA Labs

Iv skimmed through it but im not doing anything just yet (just research) ill read through it when i have the time
also i just noticed my phone has the command "chattr", is the bootloader on this thing some derivative of grub or is it specific to android (0r Lg\Verizon)?

Neco Carmello said:
Iv skimmed through it but im not doing anything just yet (just research) ill read through it when i have the time
also i just noticed my phone has the command "chattr", is the bootloader on this thing some derivative of grub or is it specific to android (0r Lg\Verizon)?
Click to expand...
Click to collapse
https://linux.die.net/man/1/chattr
I use it only for the immutable bit..
Sent from my LG-H815 using XDA Labs

So did you get it to work safely?
I am stuck with this version of this phone and was wondering if it can indeed be safely rooted to install another ROM, when one becomes available. Is it possible?

stuck trying to restore back to stock

I'm trying to restore my Shield TV back to stock. Following Neo's thread I get to the very end where I'm stuck with the message below. Can anyone help out with this message?
C:\Users\......................\Downloads\nv-recovery-image-shield-atv-5.1.0\nv-recovery-im
age-shield-atv-5.1.0>fastboot flash dtb tegra210-foster-e-p2530-0930-e02-00.dtb
error: cannot load 'tegra210-foster-e-p2530-0930-e02-00.dtb'

This is how (Or, what), you (need to do to), recover your Shield TV using the correct Recovery Image from nVIDIA.
NOTE its CRITICAL to make sure you use the correct Image Standard, or Pro 2015, or 2017 Model. Flashing the incorrect, or an older version e.g. Experience 3.x over the current Experience 5.x.x. Will most likely (Perma) -brick you Device.
That said you need to place your Device into Fastboot Mode. Than use the following commands...
Code:
fastboot flash staging blob
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img
fastboot reboot
Of these flashing system.img will take the longest. About Five-ish Minutes or so, as the Shield will first erase the contents of the /system before rewriting it again.
P.s. As an aside to this, and as a bit of advice, if your lucky enough to have a Pro version. Have a look at the few SSHD to SSD migration Threads on this Site, and contemplate making a Backup of your Device, and then storing said backups on Google Drive, and or a USB Stick. Should you ever find yourself in a brick situation. This WILL probably save your delicious Bacon.

I used the correct image. Device rebooted. How long should the Nvidia logo stay there on the first reboot? Wondering if I need to give it time or if I did something wrong.
From the link below what's then what's the difference in this thread?
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash userdata userdata.img
fastboot flash staging blob
fastboot flash dtb <DTB file name>
http://developer.download.nvidia.co...TV/Upgrade-2.1/HowTo-Flash-Recovery-Image.txt

Worrying about my device being bricked I was able to get back into fastboot. I'm assuming that means I can flash and flash again?
My device has some overscan going on so I can't read the complete fastboot menu options but I'm assuming I don't need to do anything with those for this to flash?

I find it odd that your using a "dtb" File as normally there isn't one. Perhaps way, way back when. But, I know Experience 3.x (i.e. Marshmallow), Recoveries never hosted such a File. Neither would any Experience 5.x (Nougat) Recovery.
This seems to suggest (to me), that you attempted to flash an otherwise correct, but older ROM., which is a HUGE NO NO!!!
It would seem that newer ROMs manage to alter the overall partition map of the SSHD / eMMC in such a way that revering to an older version will cause the Device to brick.
Besides the order is wrong. You need to go by what nVIDIA tells you to do (flashall *.bat / *.sh), and less what some outdated Website suggests. Again see above. dtb Files just (Well as far as the Pro goes...), Just don't exist anymore. I gather they had, but ONLY in the earliest Firmware ROMs.
One other thing... In some cases depending on how it goes... It may well Stick at the nVIDIA logo for up to Two plus Hours! As the Shield is rebuilding itself. In which case the best advice would be to leave it and go out for some Coffee, and a Crawler and check it out again well after the Two Hour mark. Of course this shouldn't​ happen on a 16Gb eMMC version. Which should be IMO near instantaneous. Alas the SSHD isn't quite that fast.

Ichijoe said:
I find it odd that your using a "dtb" File as normally there isn't one. Perhaps way, way back when. But, I know Experience 3.x (i.e. Marshmallow), Recoveries never hosted such a File. Neither would any Experience 5.x (Nougat) Recovery.
This seems to suggest (to me), that you attempted to flash an otherwise correct, but older ROM., which is a HUGE NO NO!!!
It would seem that newer ROMs manage to alter the overall partition map of the SSHD / eMMC in such a way that revering to an older version will cause the Device to brick.
Besides the order is wrong. You need to go by what nVIDIA tells you to do (flashall *.bat / *.sh), and less what some outdated Website suggests. Again see above. dtb Files just (Well as far as the Pro goes...), Just don't exist anymore. I gather they had, but ONLY in the earliest Firmware ROMs.
One other thing... In some cases depending on how it goes... It may well Stick at the nVIDIA logo for up to Two plus Hours! As the Shield is rebuilding itself. In which case the best advice would be to leave it and go out for some Coffee, and a Crawler and check it out again well after the Two Hour mark. Of course this shouldn't​ happen on a 16Gb eMMC version. Which should be IMO near instantaneous. Alas the SSHD isn't quite that fast.
Click to expand...
Click to collapse
Thank you for the detailed response. I wonder if that thread on here can be decommissioned. That's where I found the info about that dbt file. I left it at startup a few hours ago so I'll see if there is any change when I return.
Assuming since it's not the mechanical HD something is probably wrong. What does Nvidia tell me? Do they have steps on their site? I didn't think to go there since this shield I acquired already had regular Android on it figuring I needed the XDA or some other community.

I still couldn't get the flash dtb file name portion to work from the steps below. These were listed on Nvidia's steps. Anyways this worked! Back to stock.
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash vendor vendor.img
fastboot flash dtb <DTB file name> (Use result from "fastboot oem dtbname" in <DTB file name>)
fastboot reboot

@Liip008, so the only thing you did was to wait? (I can't see any different steps in your second post).
I'm trying to downgrade to Marshmallow but all I get is a black screen. Not even the logo displays. Nvidia should change really consider to change their instructions since someone may brick their device. For instance, the installation readme of 3.2 says "SHIELD UNITS WITH ANDROID MARSHMALLOW OR NEWER", thus implying downgrading shouldn't be a problem.

[RECOVERY] TWRP for Onn Android Tablets (unofficial) - 2019-11-30

TWRP Custom Recovery for the Onn Android Tablet series​
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model

Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.

Reserved also

grabbing this one too cuz why not

Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?

Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....

Amazing!! Gonna install and test 8" right now.

Has anyone tried a GSI on these tablets yet?

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.

WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!

Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.

@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!

You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...

diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.

Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?

Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?

If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.