[ROOT] Rooting for SGP611 with giefroot (Bootloader Locked)

[ROOT] Rooting for SGP611 with giefroot (Bootloader Locked) - Xperia Z3 Tablet Compact General

WARNING: This instruction may brick your device permanently. I am not
responsible for any your loss or damage.
The following is the instruction to get root for SGP611 with giefroot(http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
Requirement:
Bootloader Locked Z3 Tablet Compact Wi-Fi 16GB (SGP611)
D6603(Generic GLOBAL 23.0.A.2.93) firmware (You can got it from XperiFirm)
Flashtool
Install driver included in Flashtool
Patched version of giefroot_v3 (View attachment giefroot_v3_sgp611_fix1.zip)
Download:
View attachment giefroot_v3_sgp611_fix1.zip
Small Instruction:
1.Backup
2.Flash SGP611 firmware (23.0.1.A.0.167) if other version is installed
3.Flash D6603 system partition (23.0.A.2.93)
4.Enable [USB Debug] and [mock locations] and [Unknown Source] , then run install.bat in (View attachment giefroot_v3_sgp611_fix1.zip)
5.You got root!
6.Backup TA, Back to SGP611 firmware
Instruction:
1. Backup all your data (including application data and internal storage)
2. Get SGP611(23.0.1.A.0.167) firmware
3. Get D6603 firmware(Generic GLOBAL 23.0.A.2.93 ftf) from somewhere
4. If firmware version of your device is not 23.0.1.A.0.167, then flash all
contents of ftf to back to 23.0.1.A.0.167
(Start Flashtool and click "flash device", then choose "Flashmode".
On "Firmware Selector" select SGP611 firmware.
Uncheck APPSLOG, CACHE, DATA in Wipe menu.
Check all checkbox in Exclude menu.
Unckeck KERNEL in Exclude menu.
Then click Flash button.
Shutdown your device and connect USB on holding volume down.
Wait 20minute or more to finish.
)
5. Flash only system partition of D6603 (23.0.A.2.93)
(Open "Firmware Selector" with same instruction above.
select D6603 firmware.
Uncheck APPSLOG, CACHE, DATA in Wipe menu.
Check all checkbox in Exclude menu.
Unckeck SYSTEM in Exclude menu.
Then click Flash button.
And flash with same instruction above.
)
6. Power on your device, then enable [USB Debugging] and [Allow mock
locations] in Developer options. And enable [Unknown sources] in Security
setting.
Added:
Disable [Verify apps over USB] in Developer options, and disable [Verify apps] in Security setting.
Thanks kvi!
7. Install usb driver included in Flashtool
8. Download giefroot_v3_sgp611.zip and extract zip
9. Run install.bat in extracted folder, then wait for about 1minute
10. You got root!
11. Backup TA
12. Restore stock firmware by following insruction of this thread http://forum.xda-developers.com/z3-...-to-rooted-stock-sgp621-firmware-drm-t3015494
(replace SGP621 to SGP611 in the instruction)
Thanks to zxz0O0 for giefroot and some other tools.
zxz0O0 spend so much time to make giefroot work on SGP611 kernel.
Thanks to lowtraxx for root instruction for SGP621.
(http://forum.xda-developers.com/z3-...t/root-root-locked-bootloader-sgp621-t3013534)
Thanks to CubicU07 for instruction to restore stock firmware.
The old version (giefroot_v3_sgp611.zip) does not work.
Please try new version (View attachment giefroot_v3_sgp611_fix1.zip).
I'm sorry.

For me its not working:
Got a Z3TC 16GB WIFI, installed the Z3TC ftf, then flashed the system from the Z3, then used the tool but always get a device not rooted error

moritz31 said:
For me its not working:
Got a Z3TC 16GB WIFI, installed the Z3TC ftf, then flashed the system from the Z3, then used the tool but always get a device not rooted error
Click to expand...
Click to collapse
It may not succeed in one time.
Plaese try again 3 or 4 or more times.
If you still fails, please let's me know results of commands below.
Code:
adb shell cat /data/local/tmp/giefrootlog
adb shell cat /data/getrootlog
adb shell ls -l /data/local/tmp/scsi_wait_scan.ko

rurie said:
It may not succeed in one time.
Plaese try again 3 or 4 or more times.
If you still fails, please let's me know results of commands below.
Code:
adb shell cat /data/local/tmp/giefrootlog
adb shell cat /data/getrootlog
adb shell ls -l /data/local/tmp/scsi_wait_scan.ko
Click to expand...
Click to collapse
hey, i got it the problem seems to be on one site windows10,
on my mac i had to unplug replug the device after reboot before pressing continue

I noticed a mistake.
I fixed and upload again. (giefroot_v3_sgp611_fix1.zip)
Please try new file.
This file fixes both exploit itself and install.sh(for Linux/OS X).

rooted OK disabling all options for check/verify apps ! (1 option in security + 1 option in Developer options) , Backup TA OK
TA restored on rooted stock firmware , drm keys OK
Thx!

kvi said:
rooted OK disabling all options for check/verify apps ! (1 option in security + 1 option in Developer options) , Backup TA OK
TA restored on rooted stock firmware , drm keys OK
Thx!
Click to expand...
Click to collapse
Thanks for confirming

kvi said:
rooted OK disabling all options for check/verify apps ! (1 option in security + 1 option in Developer options) , Backup TA OK
TA restored on rooted stock firmware , drm keys OK
Thx!
Click to expand...
Click to collapse
Thank you for reporting and information!
I added your information to the instruction.

FtF global z3 or z3 tablet?
edited:
I was asking if need to build de ftf firmw using z3 as device or z3 tablet, but It works with z3
Works for me, actually running stock android with root and TA partition restored.
THANKS A MIL!

I do not speak English, I use google translator
Do not know which section you mean, 5 or 12. If I did 5 you see in this picture
http: // oi59.tinypic.com / 2my85qc.jpg

Root with the bootloader intact, that is amazing! Will this also work on the WiFi 4G version? That's the one I have and I don't want to mess it up.

Angelusz said:
Root with the bootloader intact, that is amazing! Will this also work on the WiFi 4G version? That's the one I have and I don't want to mess it up.
Click to expand...
Click to collapse
Just scroll one line up in general forum you have the post for the SGP621 (LTE version) here
enjoy!

Oh, I missed that one, thanks!

Does it void warranty? As the DRM keys and still there and how to do you restore the DRM keys

Copy apps in SDcard.
If you already gained root access, can you copy all apps to SDcard? What apps you guys recommend? Thanks in advance.

Does this method erase all data in internal card?

Has anyone got this working with SGP612 yet? (32gb Wifi only version). I have't seen this mentioned anywhere, but it should be similar to SGP611?

I'm a bit confused at step 12 : first thing to do when following CubicU07 instructions is to follow ... lowtraxx instructions...
If we follow CubicU07 thread, we first have to back up TA, but that was step 11 of this current thread. sso I guess we should follow lowtraxx instructions, but this one specifies that it won't work for SGP611, and sends us to this thread. Back to square one, then.
My guess is that we have to follow CubicU07 thread, no matter what he says first (so, I won't follow lowtraxx instructions).
Could you please be more specific for step 12 ? Do we finally have to use Advanced stock kernel, PRFCreator, SonyRICDefeat, ... as described in CubicU07 thread (which also involves unlocking BL) ?
Thank you.

Where can I get the firmware from step 3?

It's written : install XperiFirm and download it with this software.

Related

[OFFICIAL] Japanese SGS III (SC-03E) Rooting, ROMs, Kernels & Guides

DISCLAIMER: You will be flashing your phone at your own risk. You are solely responsible for anything you do to your phone, so make sure you are well informed and well prepared before deciding to flash or install anything on your device.
The purpose of this thread is to provide a 'reference site' for anything related to ROMs and kernels, be it original stock, modified stock or custom images for the Samsung Galaxy S III Japanese versions, starting with model SC-03E.
All comments and feedback are welcome and appreciated.
Reminders:
After flashing a new ROM image, it is highly recommended to perform a cache wipe and factory reset. Please avoid posting about problems repeatedly which can be easily solved by this procedure.
If you find that someone has been helpful in assisting you, then please do not shy away from hitting the THANKS button below their post; this is the preferred action instead of creating a new post just to show your gratitude
BEFORE ASKING HOW TO DO SOMETHING, READ THIS GUIDE
Some questions are being asked over and over again in this thread without bothering to read through it or looking for the answer here in the OP. Especially for the 'lazy' ones among us, we'll attempt to make a new and fresh, additional, reference pointer right here at the top of the very first post. Please consider taking a look at @lparryU's guide BEFORE posting your next question.
"How-to: Root, Unlock, Enable Osaifu Keitai/Felica, CWM, cook & flash custom ROM for SC-03E"
PIT File
Use this PIT file when flashing with Odin, and ONLY if you have scr*wed up your default partitioning scheme due to specifying an incorrect one during a previous flash. Normally there is NO NEED to specify a PIT file when flashing with Odin!
m3.pit (SC-03E)
Factory Firmware (stock)
samsung-updates.com and www.sammobile.com host some of the stock images.
Due to hotfile.com's demise, and my limited storage and bandwidth resources in my mediafire subscription, stock images will be available on demand only. Sorry for the inconvenience.
Pre Rooted stock ROMs
(Flashing the following ROM components will trigger the custom binary counter)
All the rooters contain a sample debloat script as well. it is located in the file /preload/Proxyme/debloat.sample. If your /sdcard already has an older debloat script in /sdcard/Proxyme/debloat.sh, it will not be overwritten by the rooter (in case you made changes to it for an older rom). So to be sure of using the most recent script for the targeted version of the firmware check the version in the /preload/Proxyme location. As a reminder, you can execute the debloat script (or any other one) from within Proxyme WITHOUT enabling SU, because it will always run in an environment with elevated privileges.
Jelly Bean 4.3
SC03EOMUBNH2 (Proxyme) (Build Date 2014-08-19)
This zip archive contains an Odin flashable file. It is not the complete stock image, so you MUST have OMUBNH2 already running on your phone or you will need to download it from the above reference sites, which carry complete stock firmware images, and flash it before continuing with this file. Instructions are included.
mediafire
uploaded.net
torrent, mirror2
(Flashing these ROMs will NOT trigger the custom binary counter)
Jelly Bean 4.3
XXUENE4 GT-I9305 Based (Proxyme) (Build Date 2014-05-16)
This image will clear data/cache implicitly upon initial boot, so backup your stuff before flashing
This one includes the Samsung Chinese IME with support for full screen handwriting and the QUERTY layout with extra row of numerical keys at the top
torrent, mirror1, mirror2
mega.co.nz
uploaded.net
SC03EOMUBND2 (Proxyme) (Build Date 2014-04-02)
This image will not clear data, but please consider wiping data/cache manually before posting about issues not related to Proxyme
mega.co.nz
torrent, mirror1, mirror2
(Unpack the .tar.md5 file from any one of the following (multipart) zip archive and flash with Odin)
SC03EOMUBND2_PROXYME20140419.z01
SC03EOMUBND2_PROXYME20140419.zip
Jelly Bean 4.1.2
MI4 GT-I9305(TGY) Based (Build Date 2013-09-26)
Rooting instructions are displayed in RootInfo app
Wipe Data/Cache if you are experiencing problems.
Display Languages: English(UK/US), Chinese(Trad/Simpl) and Korean
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg;zh_CN)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
MR8 GT-I9305(TNL) Based (Build Date 2013-09-26)
Rooting instructions are displayed in RootInfo app
Wipe Data/Cache if you are experiencing problems.
Display Languages: (en_GB;en_US;en_AU;en_IE;en_NZ;en_ZA;ko_KR;de_AT;de_CH;de_DE;fr_FR;fr_CH;bg_BG;cs_CZ;da_DK;el_GR;es_ES;et_EE;fi_FI;ga_IE;hr_HR;hu_HU;is_IS;it_IT;lt_LT;lv_LV;mk_MK;nb_NO;nl_NL;nl_BE;pl_PL;pt_PT;ro_RO;sr_RS;sv_SE;tr_TR;ca_ES;eu_ES;gl_ES;kk_KZ;ru_RU;sk_SK; sl_SI; uk_UA; uz_UZ; az_AZ; hy_AM; ka_GE; es_US; pt_BR; ar_AE;zh_CN;zh_TW;ja_JP)
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
MG3 GT-I9305(SFR) Based (Build Date 2013-07-31)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
Data and cache are wiped, so backup your data prior to flashing with Odin.
Display Languages: (en_GB;en_US;en_AU;en_IE;en_NZ;en_ZA;ko_KR;de_AT;de_CH;de_DE;fr_FR;fr_CH;bg_BG;cs_CZ;da_DK;el_GR;es_ES;et_EE;fi_FI;ga_IE;hr_HR;hu_HU;is_IS;it_IT;lt_LT;lv_LV;mk_MK;nb_NO;nl_NL;nl_BE;pl_PL;pt_PT;ro_RO;sr_RS;sv_SE;tr_TR;ca_ES;eu_ES;gl_ES;kk_KZ;ru_RU;sk_SK; sl_SI; uk_UA; uz_UZ;az_AZ; hy_AM; ka_GE;es_US; pt_BR; ar_AE)
Input: Samsung Chinese IME (English/Chinese-TW/Chinese-HK/Chinese/Korean), Standard Samsung IME (en_GB;en_US;az;ca;cs;da;de;et;es;eu;el;fr;gl;ka;hr;it;is;kk;lv;lt;hu;nb;nl;pl;pt;ru;ro;fi;sr;sk;sl;sv;tr;uk;ko;hy;bg)
mediafire (unpack tar.md5 file from this multipart zip archive and flash with Odin)
Jelly Bean 4.1.1
SC03EOMAMJ4 ( 2013-10-18 )
Depending on what's running on your phone currently, you may have to consider performing a manual factory reset and wipe the cache and data partitions.
Rooting Instructions:
Default state is - not rooted - Proxyme has been included in this rom,
Proxyme offers live su binary control, and without the need to 'root' the phone, you have...
- SSH server with virtually unlimited user accounts, configurable with specific UID, GID, home directory and shell,
- execution of scripts with elevated privileges (sample debloating script included),
- tag along scripts for root ON and root OFF actions,
- busybox switch
(Unpack the .tar.md5 file from any one of the following zip archive and flash with Odin)
torrent - full stock root ready (Proxyme)
Uploaded.net - full stock root ready (Proxyme)
MF1 (Build Date 2013-06-10)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
mediafire (unpack tar.md5 file from this multi-part zip archive and flash with Odin)
MC3 (Build Date 2013-03-18)
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
MB1 (Build Date 2013-02-08)
To toggle root/unroot, boot the phone and then press VolumeUp/VolumeDown/Power simultaneously for a brief moment.
This toggle only works if you enable Settings->Developer Options->USB Debugging
Chainfire's SuperSU has been included for your convenience.
hotfile - link dead (unpack tar.md5 file from this zip archive and flash with Odin)
.
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
MA6 (Build Date 2013-01-24)
Courtesy aki0306...
http://forum.xda-developers.com/showpost.php?p=38739961&postcount=8
Custom ROMs
(Flashing these ROMs COULD (and usually will) trigger the custom counter)
Probam Rom
Go to this post... and this post... Courtesy @sasbudi
Slimbean 4.3 NTT Docomo SC-03E
Go to this post... Courtesy @majidkhan
Carbon 4.2.2 for NTT Docomo SC-03E
http://forum.xda-developers.com/showpost.php?p=45164630&postcount=550 Courtesy @majidkhan
PACman (Paranoid AOKP CyanogenMod) 4.2.2
http://forum.xda-developers.com/showpost.php?p=43996579&postcount=489 Courtesy @Edgrr000
CyanogenMod
Instructions for flashing CM10.1 Courtesy @lparryU
Getting CM10 to work on SC-03E with Osaifu-keitai... Courtesy @FlyingFlipFlop and @lparryU
http://forum.xda-developers.com/showpost.php?p=42076531&postcount=313
http://forum.xda-developers.com/showpost.php?p=42076531&postcount=302
http://forum.xda-developers.com/showpost.php?p=42094976&postcount=303
rXTREME.v10.0
Link to post Courtesy @Edgrr000
KBC Developers github wiki
Contains everything everyone in here needs, Samsung custom kernel, with visible hidden partition for using triangle away on stock rooted,
and having all Japanese things working too. And the cm10.1 links. Its in Japanese but easily translated. (courtesy of @Robobob1221)
https://github.com/kbc-developers/release/wiki
Paranoid Android (GT-I9305)
Link to post Courtesy @Edgrr000
Misc
How to Convert ROMs for the SC-03E By @DroidZombie
Japanized Rom Tool By @LeathSeraph
http://lt.imobile.com.cn/forum.php?mod=viewthread&tid=10282917
Hints & Tips
Follow this trail...

SC-03E Hints & Tips
Hints & Tips
Guides.. with several links and specifically for unlocking your phone with the proper ROM (has the LK5 modem which is the go to for unlocking and working with other carriers), and instructions to do just about everything you need to get done with this phone
How to Convert ROMs for the SC-03E (By @DroidZombie)
Instructions for flashing CyanogenMod ROMs (By @lparryU)
Unlocking
Unlocking Guide - Courtesy of XDA member @majin
Yet Another Unlocking Guide
Custom Binary Counter
.Reset Guide .By @majin
Tethering
Tethering Guide By @majin
How to change Tethering preset APN By @majin
Change Roaming Status
Reference post By @majin
Proxyme Rooting
Proxyme Guide
Fixing Lost IMEI
How to repair your SC-03E's IMEI number and restore its network connection
Miscellaneous
SC-03E Dial Pad Codes

SC-03E Docomo S3 LTE - Just Another Unlocking Guide
This (sim) unlocking guide has been primarily inspired by the very comprehensive guide initially written and posted by @majin in his post.
WARNING: This unlock procedure will automatically wipe the phone's cache and data partitions, effectively performing a factory reset; you are strongly advised to backup your data prior to executing this guide.
Prerequisites:
Windows PC running Odin3 in an administrator account (tested with Odin3 v3.07)
USB cable to connect phone to PC (preferably original cable for reliability)
Internet access to download firmware image(s)
Google account to access Play Store
The following list outlines the required steps in order to successfully unlock your SC-03E:
If you have data on the phone, which is of any importance to you, then I highly recommend that you make appropriate backups first
If present, remove the sim card and sdcard (there's no need to have a Docomo sim card for this procedure to work)
Download this stock firmware image, which is based on MB1 and includes the appropriate modem component to assist in wiping the NV stored network locking data structures. In addition, this firmware image is root-ready; meaning that you can toggle root mode by pressing VolumeUp/VolumeDown/Power button combination briefly to switch modes.
Initiate Odin Download mode on the SC-03E (Turn the phone off, then simultaneously press VolumeDown/Home/Power buttons until the Download Mode splash screen appears and requires you to press VolumeUp to continue or VolumeDown to cancel if you find yourself suddenly struck by an overwhelming feeling of stage-fright)
Unpack the SC03EOMAMB1_LK5MDM.tar.md5 firmware image from the above-mentioned/downloaded zip archive and flash the file with Odin3 (specify the image file in Odin's PDA section)
As soon as Odin completes the flashing process, it will instruct the phone to reset; be patient while the phone starts up, because it will require more time to setup and configure itself after a factory reset.
If you have reached this step, then we're assuming the phone has booted successfully and you are presented with the configuration wizard. You need to at least enter your Google account credentials in order to access the Play Store.
Install the (free) ServiceMode Shortcut app (author: KABASOFT) from the Play Store.
Another (paid) option is the ShowServiceMode For Galaxy LTE app (author: Jaken's Laboratory).
Start the service mode app and tap the ServiceMode option, which will in turn fire up the ServiceMode main menu
Select [1]UMTS->[1]DEBUG SCREEN->[8]PHONE CONTROL->[6]NETWORK LOCK->[3]PERSO SHA256 OFF
Now use the phone's android menu soft button to select Back in the popup menu to return to the NETWORK LOCK menu
Tap [4]NW LOCK NV DATA INITIALLIZ and wait for about a minute before returning to the NETWORK LOCK menu; when you tap this option again, it should state PERSO_NV_INIT is SUCCESSFUL
You may now power off the phone to insert a sim card from your favorite telco operator and restart the phone
From this point onward, it is possible to flash any other firmware image without affecting the unlocked state
Enjoy!

SC-03E Dial Pad Codes
This list is most probably not complete. Please post or send a PM if you know about codes not listed here, your input will be highly appreciated!
*#0*# ........................... Hardware Testing
*#06# .......................... Show IMEI number
*#0011# ....................... GSM Status Information
*#0228# ....................... Battery Status
*#0782# ....................... RTCTimeRead (Show Time)
*#1111# ....................... ServiceMode - READ FTA SW VERSION
*#1234# ....................... Show Software Version
*#2222# ....................... ServiceMode - READ FTA HW VERSION
*#2663# ....................... Touch Screen/Key Firmware Update
*#7284# ....................... PhoneUtil - UART & USB Configuration
*#7353# ....................... Quick Test
*#7594# ....................... Factory Mode - Shutdown Configuration
*#9090# ....................... ServiceMode - DIAG CONFIG
*#9900# ....................... SysDump
*#34971539# ................ Camera Firmware Check

IMEI Repair Procedure
How to repair your SC-03E's IMEI number and restore its network connection.
Keywords: IMEI: null/null Unknown + Baseband: Unknown + no connection with QPST + no IMEI backup + phone signal lost
Disclaimer
This procedure is intended to be applied in a last resort scenario only. You must check thoroughly what the actual cause is for your phone having lost its imei number. It may very well be merely due to an incompatibility issue between the baseband code and the efs version, and thus easily fixed by flashing a proper modem component. Writing to partitions in your phone's internal storage device, re-partitioning it, flashing with the Odin tool or operating the QPST Qualcomm engineering tool carries many risks, which include hard-bricking the phone. You are solely responsible for anything you do to your phone and by carrying out the steps detailed in this procedure, you are agreeing to accept all responsibility for any and all outcome of the procedure, even if you end up with an expensive door-stop.
Try This First
Before panicking and diving into this procedure to perform all of its steps, note that your specific problem/case might not require such an extensive procedure. There could very well be a much simpler solution for your case, so I strongly advise you to put some effort into diagnosing your problem properly (best as you can given the resources you have at your disposal) BEFORE continuing.
I will be adding topics to this section based on the feedback we get, which will hopefully help everyone to improve diagnostics and find out if there are quicker/better way to solve any specific case.
BASEBAND UNKNOWN (Courtesy of @majin)
About the devices with "BASEBAND UNKNOWN" not recognized by QSPT, for first users should try with one of these:
1) enter *#9090# and check if "[2] DM/DUN over HSIC (*)" is selected, then to try to use QSPT to fix/restore the IMEI/EFS-folder, (if users have some old working backup too).
3) Try to use EFS Professional Suite to restore the right permissions on the NV files.
4) Use "Qualcomm NV Tools" (included in "EFS Professional Suite") to write directly their IMEI and to do some other test.
If they can't anything of that, then they really need to make all the "Chinese steps".
Click to expand...
Click to collapse
Introduction
This procedure is based on the following two posts, which are identical content-wise, and may be from the same individual. Credit goes to user xt890612 of forum site bbs.shendu.com and user softbank_1001 of forum site bbs.91dongji.com. Special thanks to xda member @majin for the find/input/feedback and having tested the procedure on his SC-03E.
- bbs.91dongji.com
- bbs.shendu.com
The issues we will attempt to resolve are:
IMEI corrupt or 0
Baseband Unknown status
QPST does not recognize the phone
What to Expect
If the procedure has been followed correctly and applied successfully, then take note of the following points.
IMEI restored
Network connection restored
Device serial number not the same as your original one (we will try to resolve this in the future)
No SIM network lock (Do not apply this procedure if you only want to SIM unlock a device with no issues)
You should be feeling happy, so please lookup the sources mentioned above and thank them
Preparations & Prerequisites
You will need the following tools and files, so please check each item in the list below and make sure you have them ready before commencing with the first step of the procedure.
An SC-03E which can at the very least boot into Odin Download Mode (soft-bricked). If the bootloader is corrupt, you will need some kind of JTAG service to revive the phone, because this procedure will not help your case.
Windows PC
Odin v3 (preferably Odin3 v3.09 or v3.07) - Google is your best friend
Google QPST.2.7.378.zip and download this Qualcomm engineering tool. Install it on the PC.
ADB tool/program. ADB, Android Debug Bridge, is included with Google’s Android SDK.
Hex editor. Google 'Hex editor' and download your preferred or favourite variant. Try HexEdit.exe.
Download SC-03E_IMEI-REPAIR.ZIP (mirror, torrent) and unpack the files in this archive to a work directory
Download one of the pre-rooted or root ready rom images, which are still functional/bootable on your phone, from the OP/reference post (this item is only required if your phone does not boot into Android at all, even after resetting it, and is not rooted)
Step 1 - Flash a Bootable Rooted ROM Image
If your phone currently has firmware, which boots properly and can give you root access, then skip this step. If not, then use Odin to flash the rooted image you have downloaded earlier. Consider resetting the phone afterwards by entering recovery mode to clear data and cache.
Step 2 - Enable USB Debugging
Enable USB debugging by setting the checkmark in the following option in settings:
Settings->Developer options->USB Debugging
Step 3 - Connect the Phone
If necessary, wait for all PC drivers to install and initialize.
Step 4 - Prepare Phone Internal Storage
Copy all 15 mmcblk* files, which were unpacked from the SC-03E_IMEI-REPAIR.ZIP zip archive earlier, to the phone's internal sd card after connecting it to the PC. The files must be located in the root of folder /sdcard.
It is important that you consider verifying data integrity of the mmcblk* files you have copied to the phone. Root Browser is recommended and can assist in this process. The following list consists of the MD5 checksums generated for the files in the SC-03E_IMEI-REPAIR.ZIP zip archive.
b5cfa9d6c8febd618f91ac2843d50a1c *mmcblk0p1
30fd6dfc09a70c8bcf345dc8c9e2781a *mmcblk0p10
c71fb4dfba643299159b97c6065fdb54 *mmcblk0p11
95557d70252c9b0af3f95a2244cd93ab *mmcblk0p12
e35b35efb73dd8320bdae08ec463372c *mmcblk0p13
31bc9037b092df1abbcf7550938d553d *mmcblk0p14
96995b58d4cbf6aaa9041b4f00c7f6ae *mmcblk0p15
b5cfa9d6c8febd618f91ac2843d50a1c *mmcblk0p2
dbad1316e91f5dcf0b89ad3e456f3bf8 *mmcblk0p3
713a67b9605c02f6cdd0346dfa1cab1e *mmcblk0p4
130715b90924c2394e1acd758059dd90 *mmcblk0p5
4029a1de061c375547aa3096a14562dc *mmcblk0p6
67bb0d7fbec2e250c5e2bd75dd9816f3 *mmcblk0p7
9e4a4230f51545ffd352cb7988f4bc9f *mmcblk0p8
edc27dbf0cc8b29df3ba31e21b552a98 *mmcblk0p9
4459508535b3c064f6afc6d1c6119b9e *sc03e.qcn
Step 5 - ADB
Now open a cmd window and start the ADB tool by typing the following command at the cmd prompt, followed by the enter key. In many cases, you will first have to cd (change directory) to the directory where the adb.exe program is located (hint, if you've installed the Android SDK, look for the location where it was installed and search its subdirectories for adb.exe):
>adb shell
If the shell in the adb session starts successfully, the following prompt is presented:
[email protected]:/ $
Type su followed by the enter key to get root access. If the $ sign in the prompt does not change in a # sign, then you have no access to root and you should revert back to step 1 to make sure you have a rooted firmware image on the phone.
[email protected]:/ $su <enter>
[email protected]:/ #
Step 6 - Restore Partitions
This step must be taken with great caution. You will be directly writing to partitions in the internal storage device and a mistake can end in disaster. Copy the following lines, each terminated by the enter key to initiate the command. Note that the lines with mmcblk0p10 to p14 can take a long (5 minutes or more) time to complete, so be patient.
dd if=/sdcard/mmcblk0p1 of=/dev/block/mmcblk0p1 <enter>
dd if=/sdcard/mmcblk0p2 of=/dev/block/mmcblk0p2 <enter>
dd if=/sdcard/mmcblk0p3 of=/dev/block/mmcblk0p3 <enter>
dd if=/sdcard/mmcblk0p4 of=/dev/block/mmcblk0p4 <enter>
dd if=/sdcard/mmcblk0p5 of=/dev/block/mmcblk0p5 <enter>
dd if=/sdcard/mmcblk0p6 of=/dev/block/mmcblk0p6 <enter>
dd if=/sdcard/mmcblk0p7 of=/dev/block/mmcblk0p7 <enter>
dd if=/sdcard/mmcblk0p8 of=/dev/block/mmcblk0p8 <enter>
dd if=/sdcard/mmcblk0p9 of=/dev/block/mmcblk0p9 <enter>
dd if=/sdcard/mmcblk0p10 of=/dev/block/mmcblk0p10 <enter>
dd if=/sdcard/mmcblk0p11 of=/dev/block/mmcblk0p11 <enter>
dd if=/sdcard/mmcblk0p12 of=/dev/block/mmcblk0p12 <enter>
dd if=/sdcard/mmcblk0p13 of=/dev/block/mmcblk0p13 <enter>
dd if=/sdcard/mmcblk0p14 of=/dev/block/mmcblk0p14 <enter>
dd if=/sdcard/mmcblk0p15 of=/dev/block/mmcblk0p15 <enter>
Close the cmd window and restart the phone. If the phone does not boot into Android (could be bootlooping due to incompatible data elements), then perform a reset in recovery mode by wiping data and cache.
At this point you should confirm that the baseband has been restored in settings.
Step 7 - Restoring IMEI
Get ready to make changes to the sc03e.qcn file, which was unpacked from the
SC-03E_IMEI-REPAIR.ZIP zip archive earlier, using the hex editor.
Load the sc03e.qcn file in a hex editor and search for the following hexadecimal byte value sequence:
08 0A 21 43 65 87 09 21 43
The file contains two instances of the sequence as is shown above. Both sequences must be changed to your IMEI number and the way it is done is outlined below.
Note that when searching for the above sequence, in most hex editors you are supposed to also specify the search type, whether it be a text search or byte (binary search. You want the latter type.
Start with looking up your device's IMEI number. It is printed on the label in the battery compartment and on a label or sticker on the original box, if you still have it. The IMEI number consists of 15 digits, so please write it on a sheet of paper in order to help you visually 'construct' a hexadecimal sequence, which in turn can be used to update both instances of the abovementioned sequence in the file. This sequence has three fixed nibble values, which must remain unchanged in the final sequence. The following sample shows x's in the sequence which represent the part to be initialised to your IMEI number. The fixed (constant) parts are the 08 and the A in xA.
08 xA xx xx xx xx xx xx xx
In order to correctly fit your 15 digit IMEI number into the sequence, use the following guide to construct it. Here, we use the dummy IMEI number 012345678901234 for reference only.
...0..12.34.56.78.90.12.34 (IMEI number to convert)
08.0A.21.43.65.87.09.21.43 (byte sequence to be constructed)
As you can see, the first digit of the IMEI number is paired with the A of the second byte in the sequence; it is placed left of the A, thus becoming the most significant nibble of the byte. The remaining digits are paired to form 7 groups in order, where each pair's digits are swapped as is shown above.
When you have finished changing the two instances of the search sequence to reflect your IMEI number, save the sc03e.qcn file, exit from the hex editor and move on to the next step.
Step 8 - Restore Configuration From QCN File
Enter the following string in the stock phone dialpad:
*#7284#
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Immediately after entering the trailing # sign, as is shown in the above image, the service mode screen shown in the next image will appear.
Tap on the Qualcomm USB Settings button to display the list of USB options you can choose from. This is shown in the next image.
Select the RNDIS + DM + MODEM option followed by tapping the OK button to return to the previous screen. Now use the back button to return to the dialpad.
Next, enter the following string in the stock phone dialpad to enter the DIAG CONFIG service mode screen:
*#9090#
Immediately after entering the trailing # sign, as is shown in the above image, the service mode screen shown in the next image will appear.
Select the [2]DM/DUN over HSIC (*) option. Note that the phone will immediately reboot as soon as you tap on this option in order for it to take effect.
Let's start the QPST Configuration program in Windows and select the Ports tab to add the new port, which has been assigned to the phone's USB communication protocol. Make sure to select the port with label USB/QC Diagnostic before clicking on the OK button.
If the port has been correctly initialised and selected, SURF9615 (0) should be displayed in the Phone column of the Ports tab, as is shown in the image below.
Finally, select the Start Clients menu and navigate to the QPST Software Download item to start its corresponding program.
In the QPST Software Download program, select the Restore tab and then specify the path to the qcn file which you have edited earlier. Hit the Start button to start uploading the new configuration file to the phone. After the upload is done, reboot the phone and check the IMEI number to verify everything went ok.
Finalizing
Enter the following string in the stock phone dialpad:
*#7284#
The service mode screen appears, so again, tap on the Qualcomm USB Settings button to display the list of USB options you can choose from. To restore the default USB settings, select the RNDIS + DM + MODEM option followed by tapping the OK button to return to the previous screen. Now use the back button to return to the dialpad, or hit the home button to continue using the phone normally.
That's it...enjoy your phone!
Notes & Feedback
Serial Number (Courtesy of @majin)
About the wrong Serial Number, [between step 6 and 7] if users have still on board the Chinese Rooted ROM (or if they flashed any other correct Rooted ROM), they can easily edit the file "\efs\FactoryApp\serial_no" by the phone itself (status is 1000:0000 rwxr--r-- 744)
Then they can flash any other favorite ROM [anyway, to make all easier, I suggest some 4.1 ROM, same as the Chinese one.]
Click to expand...
Click to collapse

hey i cant posting outside url
error message
"To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for understanding!"

aki0306 said:
hey i cant posting outside url
error message
"To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for understanding!"
Click to expand...
Click to collapse
8 more posts to go and you're in. Why don't you head over to this thread and see if you can contribute or give feedback to any of the queries from other members. Once you get into a dialog or discussion, you'll hit that magic 10 easy.
Your message to davidcsv was also relayed to that thread, and it would help to introduce yourself to the group and gain some 'trust' wrt your firmware images.

---------- Post added 5th March 2013 at 12:46 AM ---------- Previous post was 4th March 2013 at 11:58 PM ----------
MB1 Root Rom JB4.1.1
MA6 Root Rom JB4.1.1
MC3 Root Rom Android File Host JB4.1.1
★MC3 Rom no need rename but need flash stock MC3 Rom before flash root Rom
how to flash
flash from odin
1.flash stock rom
ex if u wanna flash MB1 root, u have to flash MB1 stock Rom before flash Root Rom
2.into recovery, wipe/factory reset
3.unzip Root Rom and rename file
★you guys have to rename file when unzip root Rom★
ex SC03E-ROOTED-system_MB1.tar.md5
　　　　　　　　　　　　　↓
　　SC03E-ROOTED-system.tar.md5
4.Flash Root Rom from odin
5.boot
6.installe Supersu or Superuser on play store
cation MB1 & MA6 Root Rom is "same name of file"
thx for kbc-developers
hv fun guys!!!!
---------- Post added at 12:51 AM ---------- Previous post was at 12:46 AM ----------
Custom Rom Link
jump to china forum
this Rom on MA6 Rom

damn.. didn't know this thread existed.
I will link this to the first post in my thread and have it closed.
if you could close my thread so all the talk can go here, it would be much more beneficial/easy to keep track of things.
---------- Post added at 02:01 PM ---------- Previous post was at 01:46 PM ----------
I can confirm that the root method worked for MB1...
LETS GET THE PARTY STARTED! Seriously, I am having a drink afterwork!

lol,trying with my phone.
update result soon.
my phone is rooted now.
but still waiting for custom one that removed needless app.
"Get PIT for mapping" <-------is this dangerous?

Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?

skylinerxz said:
Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?
Click to expand...
Click to collapse
I was just going to ask this...

didoka_702 said:
lol,trying with my phone.
update result soon.
my phone is rooted now.
but still waiting for custom one that removed needless app.
"Get PIT for mapping" <-------is this dangerous?
Click to expand...
Click to collapse
Get PIT for mapping is harmless, because the flashing process with Odin is just getting the current partitioning configuration as is stored in the phone. Just stay away from the PIT options in Odin (PC).
Why don't you just remove unwanted system apps with Titanium Backup?

skylinerxz said:
Thank you aki0306..
Already rooted my phone..
Is there any ways to install cwm on sc03e?
Click to expand...
Click to collapse
Do you mean one of the CWM recovery flavors or the Android builds (like for example CM 10.x)?

davidcsv said:
Do you mean one of the CWM recovery flavors or the Android builds (like for example CM 10.x)?
Click to expand...
Click to collapse
i would like CM10.x ! + CWM recovery flavors!
you got a lab rat available for this!

davidcsv said:
Get PIT for mapping is harmless, because the flashing process with Odin is just getting the current partitioning configuration as is stored in the phone. Just stay away from the PIT options in Odin (PC).
Why don't you just remove unwanted system apps with Titanium Backup?
Click to expand...
Click to collapse
sorry.already did that with tianium backup but still not edit my post.

IparryU said:
i would like CM10.x ! + CWM recovery flavors!
you got a lab rat available for this!
Click to expand...
Click to collapse
Who wants to try CWM Touch recovery? It is embedded in the latest upload of the MB1 stock root ready firmware image. The links are available in the original post in the pre-rooted stock ROMs section.
The procedure is as usual, flash with Odin (PC). Then, when your phone has booted into Samsung's stock Android, at any moment press VolumeUp/VolumeDown/Power at the same time and only briefly. This should root the phone (install su binary) and install the CWM Touch recovery... I say 'should' because I have only been able to test this procedure on my Korean version of the S3; in this case, CWM's recovery has been adapted for the SC-03E. There's no visual or audio confirmation when you've pressed those three buttons, so check with your favorite root-requiring app or with the included SuperSU app.
IF rooting works with this image, then the difference with the one presented by aki0306/kbc-developers is that theirs will always root the phone during startup; meaning you have the convenience of always starting up in a rooted environment. This mechanism will only root it when you need it (three button press detailed above); I'm still assuming that when you reboot, each time su (root) is removed by Docomo's security measures in the boot environment... if you want no root then reboot. As soon as someone can confirm whether this new mechanism works, I can turn it into a toggle kind of switch, so you can root and unroot without having to restart the phone.

davidcsv said:
Who wants to try CWM Touch recovery? It is embedded in the latest upload of the MB1 stock root ready firmware image. The links are available in the original post in the pre-rooted stock ROMs section.
The procedure is as usual, flash with Odin (PC). Then, when your phone has booted into Samsung's stock Android, at any moment press VolumeUp/VolumeDown/Power at the same time and only briefly. This should root the phone (install su binary) and install the CWM Touch recovery... I say 'should' because I have only been able to test this procedure on my Korean version of the S3; in this case, CWM's recovery has been adapted for the SC-03E. There's no visual or audio confirmation when you've pressed those three buttons, so check with your favorite root-requiring app or with the included SuperSU app.
IF rooting works with this image, then the difference with the one presented by aki0306/kbc-developers is that theirs will always root the phone during startup; meaning you have the convenience of always starting up in a rooted environment. This mechanism will only root it when you need it (three button press detailed above); I'm still assuming that when you reboot, each time su (root) is removed by Docomo's security measures in the boot environment... if you want no root then reboot. As soon as someone can confirm whether this new mechanism works, I can turn it into a toggle kind of switch, so you can root and unroot without having to restart the phone.
Click to expand...
Click to collapse
just finish custom my phone today @@
ill try this one tomorrow
and i have already backed up my phone with
+back all user data and app with titanium back up
+back up efs folder using root explorer
+back up QCN file using EFS pro by this thread
any process i need to do after this?

didoka_702 said:
just finish custom my phone today @@
ill try this one tomorrow
and i have already backed up my phone with
+back all user data and app with titanium back up
+back up efs folder using root explorer
+back up QCN file using EFS pro by this thread
any process i need to do after this?
Click to expand...
Click to collapse
That should cover it
I use Whatsapp, so I always make a seperate backup of its database folder as well (folder /mnt/sdcard/WhatsApp)... it contains the message history and all the media that's been sent over.

so i test this one recently and here is MY result (i usually hold up down volume first and then press power button)
+first time:check with Supersu.it said cannot install SuperSU cause of SU binary is not installed.
+restart and try again,this time i installed Titanium back up.and its said that the phone isnt rooted
+restart and try again,no worked
+and at the 5th 6th time everytime i try to press volume up down power to install Su binary,the phone restart.
//so its my result.anyone esle?
//and couldnt get to recovery mode :| now i back to aki rom till the new one came out.

Root+Xposed+Busybox for Bootloader Locked Moto X ATT/VZW

Only fresh flashed bootloader locked XT1058 AT&T - ROM LPAS23.12-21.7-1, and XT1060 VZW - ROM LPAS23.12-39.7-1 are supported!
See archive content for instructions. Time to install ~20 min. If you experience problems after Android boot, like not working buttons or quick settings, wipe cache + data partitions. Don't update SuperSU (disable auto updates), it won't work. Later I'll post complete debloated ROMs with fresh SuperSU version, and simplify instructions. Be informed also, that this method doesn't give you read-write rights like unlocked bootloader. You may read and write having root-rights, but only till a restart or shutdown occurs, and every change will be undo by the Qualcomm protection (like HTC' s=on).
At the moment patch includes:
SuperSU 2.65 Free
Xposed Framework v86 (installer, modules)
Busybox 1.25.0.YDS, path /system/xbin/busybox
Download
P.S. Install only on indicated above ROM versions, and it's obvious that you must have enough theory knowledge and practical experience to make use of 9008 patch, so I'm not responsible for any consequences, etc. Greets go to: CrashXXL (method inventor), Sabissimo (our former OP), and serg_gangubas (ROM guru).
==============================================================================================
31.07.2017 - Full ROM Patch for Bootloader Locked Moto X ATT/VZW/etc
Based on the same principle, and not depend on system partition content, so it suits any bootloader locked Moto X Gen1 ATT/VZW (possibly any model, besides 1049 RepW / 1055 US Cell), but takes about 4 hours to be done - prepare for that, 100% battery level only!
This full ROM patch includes:
SuperSU 2.82 Free
Xposed Framework v87 (installer, modules)
Busybox 1.26.2, path /system/xbin/busybox
ViperFX 2.5.0.5 - sorry needs polishing, removed now (
Gallery and Camera not depend on Moto services
Gboard instead AOSP Keyboard. If it eats too much RAM, see Simple Keyboard
GAPPSes updated. Use command like adb shell pm uninstall --user 0 com.blahblah.blah to block any unwanted app or service
ES File Explorer Free Edition (a clone, you can disable and install yours )
"Jedy" gesture
AdBlock support (effect lasts till the 1st reboot yet, I'll think about make it constant). Please, choose /data/hosts instead of /system/etc/hosts
ROM debloated, but not deodexed.
Download
Instruction
Be careful, phone will be WIPED then flashed in 9008 "brick" mode (CrashXXL idea). Before you start install Moto drivers, latest RSD Lite, and fully charge the battery.
1) Download and unpack zip on С: (or any), open Python27, launch RUN_path.bat (needs to be launched only single time), install driver QHSUSB_driver.exe, and launch file _Moto.X.BootLocked.*.exe (where * - is desired ROM).
2) Go into fastboot mode, execute RUN_blbroke.bat. Screen gets black, Device Manager in Windows finds "QHSUSB_DLOAD", and installs it as "Qualcomm HS-USB QDLoader 9008 (COM*)". If it doesn't install, google for Windows driver digital signature disable.
3) Now launch RUN_root.bat, and see that patching process took start.
4) A small patch *SPEAKERS.BOOST.exe (if exists) boosts both speakers' volume.
P.S. Please, don't flash anything extra into the phone. In case of trouble, all you need is inside this folder. Just make it work.
To make "Battery OK" in fastboot use fastboot_cyclecharge.bat
Completely drained out battery causing "USB input device" needs disassembly of the phone to charge externally.
In case Titanium Backup shows error "Batch backup interrupted: insufficient free storage space", delete default backup folder, and make a new:
Titanium Backup > Menu > Preferences > Backup folder location > Storage Provider > DocumentProvider storage > Show Internal Storage > Internal Storage > Select Internal Storage > Create the folder > Use the current folder. Done!
Notes for myself: Viper, force wipe, readme.txt, volume patch, Adblock, advanced debloat

Debloated, rooted, lightweight ROM - soon! )
PUBLISHED. Sorry, took long time.

As soon as I can actually get 5.1 flashed I'll try this.
Though I'm afraid I'll have to try to go to stock and use sunshine first, still have a locked BL.
But this is great, I didn't expect root so soon.

DownTheCross said:
As soon as I can actually get 5.1 flashed I'll try this.
Though I'm afraid I'll have to try to go to stock and use sunshine first, still have a locked BL.
But this is great, I didn't expect root so soon.
Click to expand...
Click to collapse
This method is working on locked BL.

DownTheCross said:
As soon as I can actually get 5.1 flashed I'll try this.
Though I'm afraid I'll have to try to go to stock and use sunshine first, still have a locked BL.
But this is great, I didn't expect root so soon.
Click to expand...
Click to collapse
Wait wait... If you can have now possibility to unlock bootloader - go for it immediately! You will have normal FULL root-rights (SuperSU 2.49). Don't install 5.1, if you plan to unlock, because Sunshine app (25$) works only on 4.4.2 Android.
This topic is to help those AT&T users that are boot locked forever (who missed out possibility to unlock on 4.4.2 by proceed to 5.1) to give them READ-ONLY root. Yes, it's limited, but anything at least.

s5610 said:
If you can have now possibility to unlock bootloader...
Click to expand...
Click to collapse
I guess anyone on 4.4.4 today. There is no possibility to use Sunshine anymore.
Anyway spasibo za method

Ahh, if I don't have to be BL unlocked that's great lol.
I haven't read too much into the 5.1 updates or sunshine for that matter.
I've been on krypton 1.4.1 since it was released, and I haven't been able to successfully upgrade to any 5.1 roms yet.

Works great!
Works great for me on Windows 10 RTM 64-bit! Thanks a ton, I was waiting for a post like this.
I only had 3 minor hiccups:
1. RSD Lite gave me an error about "getvar", so I had to go into flashfile.xml in the ROM zip and remove the line that said getvar
2. I had to reboot to disable driver signature enforcement twice for some reason because Windows Update
3. The run-root.bat got stuck on "Executing..." because I installed the wrong driver (the correct file is qcusb.inf when installed from device manager -> browse my computer for driver software -> let me pick from a list -> all devices -> have disk)
Otherwise, everything runs just as well as KitKat, including Xposed.

Hehe got to love step 9

System Write
How can we help in getting the system write to zero using the same method,because I have xt1058 model bootloader unlocked and I provide any file needed to disable the pesky system write...

How can we help in getting the system write to zero using the same method,because I have xt1058 model bootloader unlocked and I provide any file needed to disable the pesky system write...
Click to expand...
Click to collapse
First, never quote op. It takes way to much space and is redundant.
Second, to get write off we would need to some how either start a custom kernel some magical way or disable it via a kernel mod like htc guys did. Another way, which was done before was to burn the efuse but kernel has been patched since then.

Need some help, I did all steps until step 9. I installed the QHSUSB_DLOAD driver manually, and I can see 'Qualcomm HS-USB QDLoader 9008 (COM4)' showed in my Device Manager, but when I run 'RUN_Root.bat', I got this
c:\Python27>python qdloadRoot.py MPRG8960.bin -ptf root/partitions.txt
QDLoad utility version 1.2 (c) VBlack 2014
Found TTY port: com4
Sending MAGIC ...
QCOM fast download protocol targ:
Version: 7
Compatible version 2
Maximum block size 1024 (0x00000400)
Base address of Flash 0x00000000
Flash: eMMC
Window size: 30
Number of sectors: 128
First sector size: 2097152 (0x00200000)
Feature bits: 09
Sending SBL Reset...
Done
c:\Python27>pause
Press any key to continue . . .
Then I tried to run 'RUN_Root.bat' again, then I got
c:\Python27>python qdloadRoot.py MPRG8960.bin -ptf root/partitions.txt
QDLoad utility version 1.2 (c) VBlack 2014
Found TTY port: com4
Requesting Params...
Params:
Version: 8
Min version: 1
Max write size: 1536 (0x00000600)
Model: 144
Device size: Invalid or unrecognized Flash device, or Flash device progr
amming not supported by this implementation
Device type: Intel 28F400BX-TL or Intel 28F400BV-TL
Requesting SoftwareVersion...
Version: PBL_DloadVER2.0
Requesting SerialNumber...
Serial number: 00,00,48,03
Requesting HW Id...
HW Id: 00,00,48,03,e1,10,7e,00
Requesting PublicKey...
PublicKey: 39,c4,ee,3e,b5,be,eb,87,8e,2f,e3,b8,53,4d,14,6f,91,ca,fd,bb,94,2a,0d
,aa,d0,1e,b0,87,62,d4,b9,b8
Uploading file 'MPRG8960.bin' to addr 0x2a000000...
Executing...
Could not find Qualcomm device in Emergency download mode
Done, with errors!!!
c:\Python27>pause
Press any key to continue . . .
any suggestions? Thanks

jahrule said:
First, never quote op. It takes way to much space and is redundant.
Second, to get write off we would need to some how either start a custom kernel some magical way or disable it via a kernel mod like htc guys did. Another way, which was done before was to burn the efuse but kernel has been patched since then.
Click to expand...
Click to collapse
Ill put the files here

Fantastic!!! I was looking this. All the last week I was sleeping about 3 hours per day trying to root my phone.
----
I scream "Victory" before the process finish.
Damn! My phone reboot and stay in the android doll fallen screen.

DejanPet said:
Ill put the files here
Click to expand...
Click to collapse
What to do with these files?

Those files are needed by Jahrule

Sabissimo
Hello.
I did everything as instructed, but eventually got the screen "no command".
The only thing I did not flash rom - a month ago updated by an OTA to 5.1, thought it was not necessary.
Factory reset does not help.
Advise something.
In the end, everything worked, thank you))

It works
It works great! Thank you very much! ATT xt1058.

eze_cba17 said:
Damn! My phone reboot and stay in the android doll fallen screen.
Click to expand...
Click to collapse
Follow the OP instruction EXACTLY, no exceptions!
If you got your current 5.1 through AT&T OTA, it's not enough for root patching procedure. A full RSD 5.1 official SBF flash over is required.

Could someone please do a video on this. I'm having a little trouble.

[TOOL] SKIPSOFT ANDROID TOOLKIT - ONEPLUS 3 - Drivers, Unlock, Flash Stock, Root

ONEPLUS 3 - SUPPORTS ALL VERSIONS UP TO THE LATEST OXYGEN OS BUILD.
SEE SUPPORT LIST FOR PUBLIC/PRO VERSIONS *HERE*
The Unified Android Toolkit brings together all the Google, Nexus, OnePlus and Samsung Toolkits and supports many devices. There is also an option at startup to run a Basic Android Toolkit which any Android device can use to install drivers, make app backups, install apk files, reboot the device into different modes and run a command prompt for manual input.
FUNCTIONS OF UNIFIED ANDROID TOOLKIT
* Install correct adb/fastboot drivers automatically
* Backup/Restore a single package or all apps, user data and Internal Storage
* Backup your /data/media (virtual SD Card) to your PC for a Full Safe backup of data
* Root any public build automatically
* SkipRoot boot image to AutoRoot (selected builds)
* Sideload root/unroot files via Custom Recovery
* ALLINONE to Unlock, Flash Recovery, Root, Rename the restore file + install Busybox (G,N,O)
* ALLINONE to Flash Recovery, Root, Rename the recovery restore files + install Busybox (Samsung)
* Unlock/Re-Lock your Bootloader (G,N,O)
* Download Google Stock Image files directly to the ToolKit (G,N,O)
* Check md5 of google stock image before flashing
* Flash Google Stock Image (G,N,O)
* Flash any part of a stock firmware image to device [boot, system, recovery, etc.] (G,N,O)
* Download/sideload stock OTA image (G,N,O)
* Install BusyBox binarys on device
* Rename the Recovery Restore File present on Stock Roms (if stock recovery is being restored after flashing custom recovery image)
* Flash Stock Recovery, CWM touch, Philz_touch or TWRP Touch Recovery
* Pull /data and /system folders, compress to a .tar file and save to your PC
* Auto Update Toolkit at startup (PRO ONLY)
* Auto Update superuser file and custom recovery images to latest versions (PRO ONLY)
* Disable forced encryption on Nexus5X,6,6P and 9
* Install Root Checker app by Burrows Apps
* Install Backup/Restore app by MDroid Apps
* Install EFS/Partition Backup/Restore app by Wanam
* Create tar with 1-Click for flashing via Odin
* Fix extSdCard write permissions in Android 4.4+
* Perform a FULL NANDROID Backup of your system via adb and save in Custom Recovery format on your PC (selected builds)
* Useful Mods, Fixes and Tools Section
* Extras, Tips and Tricks section (includes guides)
* Backup/Restore your /efs partition (gsm only)
* Dump selected Device Partitions, compress to a .zip file with md5 and save to your PC ( on builds with insecure image available)
* Mods section to automatically perform certain tasks on your device
* Boot to any recovery without Flashing it (G,N,O)
* Boot or Flash .img Files directly from your PC
* Quick Picks Professional Feature (10 slots)
* Install a single apk or multiple apk's to your device
* Push Files from your PC to your phone
* Pull Files from your phone to your PC
* Set Files Permissions on your device
* Pull and Trim your Radio Image (gsm models only) to your PC
* Dump selected LogCat buffers to your PC
* Dump BugReport to your PC
* Rip cache.img to zip file in CWM format
* Reboot device to Fastboot Mode or Android in fastboot mode (G,N,O)
* Reboot device to Fastboot Mode, Recovery, Android or Download Mode in adb mode
* Turn Initial Start Screen On/Off for next use
* Sideload any zip file via Custom Recovery
* Basic Toolkit for use with ANY Android device
Key: G-Google N-Nexus O-OnePlus S-Samsung
--------------------------------------------------------------
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
--------------------------------------------------------------
SUPPORTED DEVICES AND LATEST SUPPORTED BUILDS *HERE*
DOWNLOAD THE SKIPSOFT UNIFIED ANDROID TOOLKIT *HERE* (FROM SKIPSOFT.NET)
NOTE: Key files are signed with a Digital Certificate from skipsoft.net but some ‘may’ get picked up as potentially harmful by Antivirus Programs and deleted. They are not harmful, this is a false positive given because of the compiler used. If this happens restore the file and exclude the folder from future scans to use it. This seems to happen mostly on AVG Free and Norton. If you are using the Auto Update feature on pro versions then you will need to disable the AV program or exclude the folder from scans before running the update again.
Credits: Grarak or TWRP custom recovery on OnePlus 3, ChainsDD for Superuser, Chainfire for SuperSU and kernel patches, koush and the clockworkmod team for cwm and the universal driver pack, 1wayjonny for the adb/fastboot driver pack, Adam Lange for all his support and help with the insecure kernels, Viperboy for the Knox Disabler app, Stephen Erickson for the BusyBox installer app, BurrowsApps for the Root Checker app, NextApp for the SD Fix app, fOmey for TWRP for the Galaxy Gear.
--------------------------------------------------------------
WHAT IS THE DIFFERENCE BETWEEN PUBLIC (FREE) AND PROFESSIONAL (DONATE) VERSIONS?
THE PUBLIC VERSION OF THE TOOLKIT INCLUDES EVERYTHING YOU COULD NEED TO MANIPULATE AND ROOT YOUR DEVICE.
ACTIVATING THE PROFESSIONAL VERSION ADDS THE MOST USEFUL FUNCTION IN THE TOOLKIT, THE ABILITY TO CHECK FOR ‘AUTO UPDATES’ DIRECTLY VIA THE TOOLKIT AND HAVE THEM PUSHED TO YOUR PC RIGHT AWAY AS SOON AS THEY ARE UPLOADED WITHOUT NEEDING TO DOWNLOAD THE WHOLE TOOLKIT EVERY TIME. YOU WILL ALWAYS HAVE THE LATEST VERSION AS SOON AS IT IS MADE AVAILABLE. THIS MEANS SMALLER UPDATES CAN BE SENT OUT MORE FREQUENTLY, SUCH AS ADDING A SINGLE FUNCTION, FIXING A BUG OR ADDING COMPATIBILITY FOR A SINGLE CARRIER. THE SMALLER UPDATES WILL BE COMPILED AND RELEASED TO THE XDA COMMUNITY AS A FULL (PUBLIC) DOWNLOAD VERSION SO PROFESSIONAL VERSIONS ARE ALWAYS UPDATED SOONER.
THE PRO VERSION ALSO ADDS THE ABILITY TO CHECK FOR THE LATEST VERSION OF SUPERUSER AND RECOVERY FILES AND DOWNLOAD THEM DIRECTLY TO THE TOOLKIT.
THE ‘QUICK PICKS’ SECTION[/B] ALLOWS YOU TO PROGRAM UPTO 10 SLOTS WITH TASKS THAT YOU MAY PERFORM ON A REGULAR BASIS OR JUST WANT TO KEEP A SET OF TASKS IN 1 PLACE. THEN JUST SELECT THE SLOT AND IT WILL REMEMBER ALL YOUR SETTINGS FOR THAT TASK AND RUN IT.
PRO USERS CAN ALSO SELECT THE “ANY BUILD” OPTION IN THE BUILD SELECTION SCREEN TO ROOT ANY BUILD AS LONG AS THE VERSION IS SUPPORTED (USEFUL IF YOUR BUILD IS NOT LISTED).
MORE IMPORTANTLY DONATING SHOWS YOUR APPRECIATION AND ALLOWS THE TOOLKIT TO CONTINUE TO EVOLVE AND GROW.
AUTO REPLY LINKS FOR PAYPAL TO GET A CODE INSTANTLY CAN BE FOUND AT http://goo.gl/nyGqv
--------------------------------------------------------------
PLEASE READ THE *HELP* PAGE AT http://www.skipsoft.net/?page_id=1269 OR USE THE INFORMATION SECTION WITHIN THE TOOLKIT IF YOU HAVE ANY QUESTIONS. I HAVE TAKEN A LOT OF TIME TO WRITE IT AND SOMETHING ON THERE SHOULD ANSWER 99% OF PROBLEMS.
--------------------------------------------------------------
1. INSTALLING ADB/FASTBOOT DRIVERS
The first thing you need to do is to install the adb/fastboot drivers. These are needed so that you can unlock your bootloader, root your device and perform other adb/fastboot functions.
THE DRIVERS CAN BE INSTALLED DIRECTLY VIA THE TOOLKIT. OPTION 1 IN THE MAIN MENU.
If drivers are not installed or there is an exclamation mark next to the device:
Plug the device in to a usb cable directly connected to your motherboard.
In the Device Manager a new item, usually called Android 1.0 should pop up in the list.
Right click on the device item then left click on Update Driver Software. Select 'browse my computer' and then 'Let me pick from a list'.
If no adb interface driver appears in the list then untick 'Show compatible hardware' and find the Android or Samsung adb interface driver.
If you cannot find either of these click Have Disk, browse to the Toolkit install folder, drivers folder, click on android_winusb.inf and click Open.
Click OK and select Google ADB Interface.
Make sure you have USB debugging enabled in settings, developer options. In Android 4.2.2 or later you have to enable the developer options screen by going to settings, About on your device and click on Build number at the bottom 7 times until it says You are now a developer. If you have already enabled usb debugging then unplug/replug the usb cable.
On Android 4.2.2 or later when you replug the usb cable after enabling usb debugging for the first time you will get a popup asking you to authenticate your pc. Tick 'Always allow' then click 'ok'.
--------------------------------------------------------------
2. USING SKIPSOFT UNIFIED ANDROID TOOLKIT
When starting the Toolkit you will first be asked which device you want to work with. Working folders will be created and the device files downloaded. You will then be taken to the Model/Build selection screen where you can do a number of things (other than select your model/build): Type '00' to enter your activation code and enable pro features, 'i' will take you to the Information and Help Section, 'a' will give you information on how to add support for a new build.
Supported builds are listed in the Model/Build selection screen and typing the associated number (i.e. 11) will download needed boot and recovery files (stock and custom recovery) then check for and download the latest superuser files available and custom recovery (pro versions only), verify all the files and start the Main Menu. You can now use all the functions and tools the Android Toolkit offers. Pro users can select the "any build" option to root any build (useful if your build is not listed).
--------------------------------------------------------------
USEFUL INFORMATION
How to get into your FastBoot Mode
1. Turn your phone off
2. Unplug your usb cable if you have one plugged in
3. Keep holding the 'Volume Up' and 'Power' buttons to boot the phone into FastBoot Mode
How to get into Recovery
1. First boot into FastBoot Mode as described above
2. Scroll down with the 'Volume Down' button until it says 'Recovery mode' at the top and press the 'Power' button to enter Recovery
--------------------------------------------------------------
*DISCLAIMER*
I take no responsibility for any fault or damage caused by using the Unified Android Toolkit. No warranties of any kind are given.

**FAQ**

**VIDEOS**

I have finished all the work on the OnePlus modules for the 1, 2 and 3 devices and it is ready for testing.
You can download and test the Toolkit from the link in post#1. Please remember that this IS a test version at the moment as I do not own any OnePlus devices but I have checked all the code thoroughly and don't see any problems. I am especially pleased with the unlock/lock routines and will probably implement the code for the Nexus modules if it works well.
Everything can be checked (and please do) except downloading a stock build directly from the Toolkit as I am waiting to hear back from AndroidFileHost to see if I can get direct links to use in the Toolkit. The fastboot flash routines are working though and the Toolkit will detect the storage of the device (16GB or 64GB) and flash the relevant userdata image so you do not have to do that manually anymore.
I have used the Universal USB driver pack from CWM so if anyone has not installed OnePlus drivers yet PLEASE test if this works. I did originally include the official drivers from OnePlus but they close the Toolkit when the drivers installation starts and thats not great.
The ALLINONE routine should work fine and I have sent out some pro codes to testers to check it all works.
All builds are covered and the correct version of TWRP will be downloaded depending on the build selected. Please check everything and let me know of any bugs or textual errors (as I used a lot of the Nexus code) so I can release it publicly as soon as possible.
Thanks, Mark.

Great job, thanks a lot!!!

Dude, did a scan of your file and found this: Result: Detected: Trojan-Ransom.Win32.Cryrar.gib care to explain?

Trojan?
I hope not - seems legit.
I have 2 problems:
1)
It never asks me to authenticate the PC on the phone after installing drivers - tried both driver versions.
But the Phone serial shows up in the menu, the driver test is fine and I can backup .apks.
2)
I can not flash the OTA
Is it because it is a full stock image instead of an OTA?

gruntyoldbag said:
Trojan?
I hope not - seems legit.
I have 2 problems:
1)
It never asks me to authenticate the PC on the phone after installing drivers - tried both driver versions.
But the Phone serial shows up in the menu, the driver test is fine and I can backup .apks.
2)
I can not flash the OTA
Is it because it is a full stock image instead of an OTA?
Click to expand...
Click to collapse
Just saying, got that hit when I scanned the installer file. Might be wrong but I will not run it until dev explain why

TheErk said:
Dude, did a scan of your file and found this: Result: Detected: Trojan-Ransom.Win32.Cryrar.gib care to explain?
Click to expand...
Click to collapse
Did you read the first post of the thread?
NOTE: Key files are signed with a Digital Certificate from skipsoft.net but some ‘may’ get picked up as potentially harmful by Antivirus Programs and deleted. They are not harmful, this is a false positive given because of the compiler used. If this happens restore the file and exclude the folder from future scans to use it. This seems to happen mostly on AVG Free and Norton. If you are using the Auto Update feature on pro versions then you will need to disable the AV program or exclude the folder from scans before running the update again.
Click to expand...
Click to collapse
The Toolkit has been running over 4 years and there have never been any viruses in it.
Mark.

I ran this on my Nexus days, the guy is well known around, you can go with this.
Envoyé de mon ONEPLUS A3003 en utilisant Tapatalk

gruntyoldbag said:
Trojan?
I hope not - seems legit.
I have 2 problems:
1)
It never asks me to authenticate the PC on the phone after installing drivers - tried both driver versions.
But the Phone serial shows up in the menu, the driver test is fine and I can backup .apks.
2)
I can not flash the OTA
Is it because it is a full stock image instead of an OTA?
Click to expand...
Click to collapse
I found the problem right away, just deleted 1 word by accident when I was renaming things.
I have made new device modules and uploaded them. Delete the ConfigOnePlus3.exe file from the Tools folder (or run ToolkitClean and select the OnePlusThree), then rerun the Toolkit and select your device to download new modules. Should work then.
Mark.

mskip said:
Did you read the first post of the thread?
The Toolkit has been running over 4 years and there have never been any viruses in it.
Mark.
Click to expand...
Click to collapse
Thought I did! Thanks for the fast reply!
---------- Post added at 11:23 AM ---------- Previous post was at 11:11 AM ----------
Impressive tool you got here! Thanks!

mskip said:
Delete the ConfigOnePlus3.exe file from the Tools folder (or run ToolkitClean and select the OnePlusThree), then rerun the Toolkit and select your device to download new modules. Should work then.
Click to expand...
Click to collapse
I cleaned the toolkit and
**************
Also I had to restart the toolkit (my own error - I didnt use the toolkit to restart, but restarted manually) and I got:
************
Tried again and Windows installed more device drivers when accepting sideload from ADB.
Didnt work the 2nd time either.
**********
BTW: drivers are installed correctly
******
Btw: I really love your tool - nice, clean, fast and a lot of HELP in the menus

gruntyoldbag said:
I cleaned the toolkit and
**************
Also I had to restart the toolkit (my own error - I didnt use the toolkit to restart, but restarted manually) and I got:
************
Tried again and Windows installed more device drivers when accepting sideload from ADB.
Didnt work the 2nd time either.
**********
BTW: drivers are installed correctly
******
Btw: I really love your tool - nice, clean, fast and a lot of HELP in the menus
Click to expand...
Click to collapse
Thanks and thank you for staying with me, I have had to change some of the procedures for the OnePlus.
Should be all fixed now. One of the procedures I had to skip set the filename for the OTA image. Have added it back in.
Clean the module files, download the new ones and retest. Hopefully it should go through.
Mark.

It is sideloading now
Reboot was successful - thx
Btw: If you want the help text to be 100% correct:
When you reboot you have to chose ENGLISH (or you can chose chinese or madarin?)
And it is called 'Install from ADB' not from USB.
Then click OK to 'Do you want to update' (not 100% sure about this text - can not remember now.
************
Just tried option 11 from the main menu:
****
Booting to stock recovery gives me the same error.

gruntyoldbag said:
It is sideloading now
Reboot was successful - thx
Btw: If you want the help text to be 100% correct:
When you reboot you have to chose ENGLISH (or chinese or whatever)
And it is called 'Install from ADB' not from USB.
Then click OK to 'Do you want to update' (not 100% sure about this text - can not remember now.
Click to expand...
Click to collapse
Thank you. I have uploaded the fixes to all the OnePlus device modules so that part at least should work for them all now.
Does the language selection come up as soon as the device boots to recovery?
I put Install from USB as thats what it said in the flashing tutorial on oneplus.net I will change it to Install from ADB/USB just to be safe for all devices.
Thanks again for the feedback. If you want to test any of the pro functions (ALLINONE) then let me know and I will send an activation code to your inbox.
Mark.

gruntyoldbag said:
It is sideloading now
Just tried option 11 from the main menu:
****
Booting to stock recovery gives me the same error.
Click to expand...
Click to collapse
Have you unlocked your bootloader? This is required before flashing/bootings images to your device.
I can capture the error when trying to boot/flash with a locked bootloader to provide more help for the user.
Mark.

The language selection come up as soon as the device boots to recovery - yes.
No I didn't unlock the bootloader - I didn't think it was necessary - help text said something about unlocking - but not that it was required.
I just wanted to backup the device - not flash anything.
Yes let me try (ALLINONE) - send me a PM thx.

gruntyoldbag said:
The language selection come up as soon as the device boots to recovery - yes.
No I didn't unlock the bootloader - I didn't think it was necessary - help text said something about unlocking - but not that it was required.
I just wanted to backup the device - not flash anything.
Yes let me try (ALLINONE) - send me a PM thx.
Click to expand...
Click to collapse
I have changed the text when booting to recovery and added extra error control when flashing or booting an image without the bootloader unlocked. New device modules uploaded.
Now sending a pm to you with a code.
Mark.

PM received - PM sent
New text and error control seems to work :good:

[ROM] Flyme OS 6 (G) Global Stable for Chinese Pro 6 Plus devices

How To Install Flyme OS 6.1.0.0G Global Stable on Chinese Pro 6 Plus devices
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is a Guide to install the Global ROM Flyme OS 6Global on the Meizu Pro 6 Plus Chinese version.
Note: This is also a way to install Any custom ROM made in the future. If someone wanna Customize the ROM( Integrate Xposed and other stuff) feell free to do it.
What does this mean:
Meizu released two versions of the Pro 6 Plus, a chineese version (A) for china and an International version (G) for the devices sold in other countries (International). If you bought your Pro 6 plus from official meizu store on your country, it will come with the G version, but if you bought it from Aliexpress or any other Chinese store, you will buy a Chinese version, some seller may send you the international version if you are lucky but the majoritynot.
Global / International version:
No bloatware, chinese apps..
Multilanguage ( all languages available)
Stock apps optimized for International use (Weather....)
seems to be smoother and faster than the chinese version.

Disclaimer
*** As always - Read everything carefully and Flash on our own risk! ***
I can and will not take any responsibility for bricked phones or lost data.What do we need:
Rooted Device
FlashFire app from playstore
Flyme 6.1.0.0G _Global_Stable_Pro 6 Plus for Flashfire

Instructions:
Its recomnended to back up your data (Titanium backup, your fotos etc)in case of disaster.
Update to a newer version:
Copy the new version to Internal storage
Open Flashfire, click on the + button and choose Flash Zip / OTA
Select the Downloaded ROM from the file explorer and select Mount system read write.
Now you will see a screen with all the actions that will be done, select the action called Reboot and un-thick the option Preserve recovery, leave Normal selected.
Finally click on FLASH and wait until the process ends.
Enjoy...
Note: In case of any problems and you want a clean installation, add the wipe action from the + button before flashing. But it should not be needed.
Note: it seems to be a problem with supersu if you don't wipe data before update. so to avoid problems, you should wipe before flash.
If you want to keep your apps and data, you should make a data (data partition only) backup from flashfire before updating. then wipe and update, follow instructions to root and to have super su. After that you can use flshfire to restore data backup (only data partition) .
also you can use kingroot but its not compatible with flashfire.
If you already updated, you can use titanium backup(give root permision from system root in settings, security root permissions)make a backup of your apps and then follow the guide below How to go back to stock chinese ROM in case of disaster, after that follow the instruction of new installation and when you have the that done, you can rstore your apps with titanium backup.
[/LIST]

First Time Installation:
Root:
Go to Meizu page and create and account. Enter a valid email as its needed to activate the account. if you already have an account, just skip this step.
Now go to Settings on your device and Select Meizu account, Log in with your new created account.
Go back and select Fingerprint & security , then select Root permission, scroll down and confirm. The device will reboot. Now its rooted but i recommend installing supersu because the built int root some times has failed for me.
Install SuperSu from playstore, open it and select Update su binary, choose Normal. wait until it finishes and reboot.
Now you have Root
Note: if you dont have Google Playstore, open meizu app store and search for supersu.
Install ROM:
Root your device
Install Flashfire from Playstore
Download This modified Flyme 6.1.0.0G _Global_Stable_Pro 6 Plus for Flashfire
[*]Copy the downloaded ROM to Internal storage
[*]Open Flashfire, give root permissions and click on the + button,
[*]Select Wipe and then ok
[*]Click again on the + button and choose Flash Zip / OTA
[*]Select the Downloaded ROM from the file explorer and select Mount system read write. See these screens for more information:
[*]Now you will see a screen with all the actions that will be done, select the action called Reboot and unthick the option Preserve recovery, leave Normal selected.
[*]Finally click on FLASH and wait until the process ends.
[*]Enjoy...

Turn off the device （hold power button until it turns off.
Hold Volume + button and power button at the same time until the phone vibrates. it will enter recovery mode.
Connect your device to your PC by usb, you will have access to a folder named Recovery. Copy the update.zip to this folder and wait for it to finish.
Go back to the device and select the options Upgrade System and Clear data.
Hit Start and wait until it finishes.

Older Versions:
Flyme OS 6.7.4.11_beta_Global_Pro 6 Plus for Flashfire

Thanks for this tutorial! It was very detailed and easy to follow.
In the future when I want to perform an update, do I need to go through FlashFire in order for it to work correctly on a Chinese version of the device? Also, where do you download the "G" versions of the beta firmware? I know their next release is a stable version and I know it comes out after the A version; just wondering where you go to download it. Cheers!

ShaolinMilk said:
Thanks for this tutorial! It was very detailed and easy to follow.
In the future when I want to perform an update, do I need to go through FlashFire in order for it to work correctly on a Chinese version of the device? Also, where do you download the "G" versions of the beta firmware? I know their next release is a stable version and I know it comes out after the A version; just wondering where you go to download it. Cheers!
Click to expand...
Click to collapse
For future update you can download the stable from http://www.flymeos.com/firmwarelist?modelId=46&type=1. Or the betas from flyme forum. You will have to edit the installation script to be able to flash through flashfire and don't get error and avoid firmware problems. Anyway i will upload the future updates modified for flashfire.

bihariel said:
For future update you can download the stable from http://www.flymeos.com/firmwarelist?modelId=46&type=1. Or the betas from flyme forum. You will have to edit the installation script to be able to flash through flashfire and don't get error and avoid firmware problems. Anyway i will upload the future updates modified for flashfire.
Click to expand...
Click to collapse
Thanks!!! I tried looking through the zip file to see what you changed, but didn't know which file to go into. I assume it's not as easy as opening up a file in notepad and changing some data on there.

ShaolinMilk said:
Thanks!!! I tried looking through the zip file to see what you changed, but didn't know which file to go into. I assume it's not as easy as opening up a file in notepad and changing some data on there.
Click to expand...
Click to collapse
Its not hard to do but yes, i you dont know what are you doing is dangerous. Dont worry i will upload future updates.

bihariel said:
Its not hard to do but yes, i you dont know what are you doing is dangerous. Dont worry i will upload future updates.
Click to expand...
Click to collapse
Thanks dude! Looking forward to it.

im surprised at how small the response to this phone is....just stumbled upon it while looking for a new device.
this is rather off-topic but this seems to be the most active thread

thanks for that.
i have question,i can flash the Flyme 5.2.7.0G by this method?

@bihariel Hey I have a question for you. Have you ever experienced a sudden change in battery life out of nowhere? When I first installed this firmware, the battery was perfect. All of a sudden after charging my phone, the battery is draining at an unprecedented rate especially on standby. I charged the phone to 100%, disabled all notification/wifi/cellular network and left it on overnight to activate the battery calibration. The problem still exists however. It's draining about 1% every 2 minutes on standby which is ridiculous.
I'm just wondering if you ever encountered this issue before.
Sent from my PRO 6 Plus using XDA-Developers Legacy app

mr.mgmg said:
thanks for that.
i have question,i can flash the Flyme 5.2.7.0G by this method?
Click to expand...
Click to collapse
You can but you have to modify the script to avoid firmware files and recovery.img to be flashed, which would end in an installation abort,

ShaolinMilk said:
@bihariel Hey I have a question for you. Have you ever experienced a sudden change in battery life out of nowhere? When I first installed this firmware, the battery was perfect. All of a sudden after charging my phone, the battery is draining at an unprecedented rate especially on standby. I charged the phone to 100%, disabled all notification/wifi/cellular network and left it on overnight to activate the battery calibration. The problem still exists however. It's draining about 1% every 2 minutes on standby which is ridiculous.
I'm just wondering if you ever encountered this issue before.
Sent from my PRO 6 Plus using XDA-Developers Legacy app
Click to expand...
Click to collapse
Not really, the battery is surprising me on this ROM. Maybe you sould use a battery monitoring app and see whats draining it. If not, do a factory reset and see if it still prsists.

bihariel said:
You can but you have to modify the script to avoid firmware files and recovery.img to be flashed, which would end in an installation abort,
Click to expand...
Click to collapse
so,how we can do that?
i think the 6.7.4.11_beta_Global no stable yet
u can edit the Flyme 5.2.7.0G?

bihariel said:
How To Install Flyme OS 6.7.4.11 Global on Chinese Pro 6 Plus
This is a Guide to install the Global ROM Flyme OS 6.7.4.11 on the Meizu Pro 6 Plus Chinese version.
Note: This is also a way to install Any custom ROM made in the future. If someone wanna Customize the ROM( Integrate Xposed and other stuff) feell free to do it.
What does this mean:
Meizu released two versions of the Pro 6 Plus, a chineese version (A) for china and an International version (G) for the devices sold in other countries (International). If you bought your Pro 6 plus from official meizu store on your country, it will come with the G version, but if you bought it from Aliexpress or any other Chinese store, you will buy a Chinese version, some seller may send you the international version if you are lucky but the majoritynot.
Global / International version:
No bloatware, chinese apps..
Multilanguage ( all languages available)
Stock apps optimized for International use (Weather....)
seems to be smoother and faster than the chinese version.

Instructions:
Its recomnended to back up your data (Titanium backup, your fotos etc)in case of disaster.
Root:
Go to Meizu page and create and account. Enter a valid email as its needed to activate the account. if you already have an account, just skip this step.
Now go to Settings on your device and Select Meizu account, Log in with your new created account.
Go back and select Fingerprint & security , then select Root permission, scroll down and confirm. The device will reboot. Now its rooted but i recommend installing supersu because the built int root some times has failed for me.
Install SuperSu from playstore, open it and select Update su binary, choose Normal. wait until it finishes and reboot.
Now you have Root
Note: if you dont have Google Playstore, open meizu app store and search for supersu.
Install ROM:
Root your device
Install Flashfire from Playstore
Download This modified Flyme OS 6.7.4.11_beta_Global_Pro 6 Plus
Copy the downloaded ROM to Internal storage
Open Flashfire, give root permissions and click on the + button,
Select Wipe and then ok
Click again on the + button and choose Flash Zip / OTA
Select the Downloaded ROM from the file explorer and select Mount system read write. See these screens for more information:
Now you will see a screen with all the actions that will be done, select the action called Reboot and unthick the option Preserve recovery, leave Normal selected.
Finally click on FLASH and wait until the process ends.
Enjoy...

Optional:
You can Install gapps from flashfire along with the rom, just select Flash zip/ota and select Gapps zip, this way it will be installed after rom. Or you can use Google Installer which you can find in meizu appstore after reboot.
Note: For future updates, do not update the device from the Updates app included as it will donload the Gobal version of Flyme but it will fail because your device is still a chinese version.
How to go back to stock chinese ROM in case of disaster:
Download the latest version of chinese Flyme from: http://www.flyme.cn/firmwarelist-101.html#3
Turn off the device （hold power button until it turns off.
Hold Volume + button and power button at the same time until the phone vibrates. it will enter recovery mode.
Connect your device to your PC by usb, you will have access to a folder named Recovery. Copy the update.zip to this folder and wait for it to finish.
Go back to the device and select the options Upgrade System and Clear data.
Hit Start and wait until it finishes.

Click to expand...
Click to collapse
Hello everyone, thanks a lot bihariel for this guide.
I have successfully installed the beta with flashfire and it's all ok!
Some people say flashfy is not a very safe method, what do you think? I'm not an expert.
However, I did not go to the flymex account synchronization, now I've installed the closed beta apps yesterday and it works perfectly well!
We wait for the stable then!
Can you explain how you modified the update for the future? Thanks so much.
Are Alternative Methods to Flashfire? Type ADB?
In Italy a seller on his blog posted this guide, but I could not install it:
"The tutorial for installing firmware G in the Asian Meizu Pro 6 Plus smartphone is really very simple and does not require solid modding basics, you just have to be careful about installing ADB drivers correctly.
Load the battery completely before you begin the procedure and save all your important data
On your PC or on a Cloud as you will need to make the full factory reset.
Prerequisites Preinstalling Firmware G in Meizu Pro 6 Plus:
1-Smartphone fully charged
2-Any antivirus and / or firewalls disabled
3-Driver ADB properly installed, restart your PC after installation!
4-Enabled Root permissions through Flyme account (Fingerprint and Security Menu)
5-USB Debug Mode Enabled in Developer Options (Accessibility Menu)
G Firmware Installation in Meizu Pro 6 Plus:
Decompress the Meizu_Pro6plus_Flyme 5.2.7.0G.zip archive and copy it to the root folder
Of Meizu Pro 6 Plus the file system-i.img
Decompress the archive adb_tool.zip and in the folder obtained we select the file
Cmd.exe to open the command window
Write in the command window:
Adb shell
We give Send and permission to ADB through the pop-up that will appear on the Meizu Pro 6 Plus display
We will read in the shell @ Pro6Plus command window
WARNING: If the pop-up display does not appear, ADB drivers have not been installed correctly!
Write in the command window:
su
We give Send and permission of ADB SHELL root permissions through
The pop-up that will appear on the Meizu Pro 6 Plus display
We will read in the command window the symbol #
WARNING: If the pop-up display does not appear, root permissions are disabled!
Write in the command window:
Dd if = / sdcard / system-i.img of / dev / block / platform / 155a0000.ufs / by-name / system
We give Enter, we will see the cursor blink, we do not touch anything until the flash procedure
The system will not be completed and the screenshot message below will appear
Meizu pro 6 plus 01
Disconnect the usb cable from the Meizu Pro 6 Plus and restart it by holding down the button
Power for a few seconds, the startup process will take a few minutes, do not alarm and we start booting.
When the terminal is started we go in
Settings> About phone> Storage> Factory data reset>
We see Factory reset and Format internal storage>
Select START RESET"
I put into google translate, if you want the original in italian language let me know.

mr.mgmg said:
so,how we can do that?
i think the 6.7.4.11_beta_Global no stable yet
u can edit the Flyme 5.2.7.0G?
Click to expand...
Click to collapse
I read in some chinese forum that we cant downgrade but...
Download the ROM 5.2.7.0G, open the zip and editthis file \META-INF\com\google\android\updater-script
You can use this picture as a guide, delete the red lines:

Tony72 said:
Hello everyone, thanks a lot bihariel for this guide.
I have successfully installed the beta with flashfire and it's all ok!
Some people say flashfy is not a very safe method, what do you think? I'm not an expert.
However, I did not go to the flymex account synchronization, now I've installed the closed beta apps yesterday and it works perfectly well!
We wait for the stable then!
Can you explain how you modified the update for the future? Thanks so much.
Are Alternative Methods to Flashfire? Type ADB?
In Italy a seller on his blog posted this guide, but I could not install it:
"The tutorial for installing firmware G in the Asian Meizu Pro 6 Plus smartphone is really very simple and does not require solid modding basics, you just have to be careful about installing ADB drivers correctly.
Load the battery completely before you begin the procedure and save all your important data
On your PC or on a Cloud as you will need to make the full factory reset.
Prerequisites Preinstalling Firmware G in Meizu Pro 6 Plus:
1-Smartphone fully charged
2-Any antivirus and / or firewalls disabled
3-Driver ADB properly installed, restart your PC after installation!
4-Enabled Root permissions through Flyme account (Fingerprint and Security Menu)
5-USB Debug Mode Enabled in Developer Options (Accessibility Menu)
G Firmware Installation in Meizu Pro 6 Plus:
Decompress the Meizu_Pro6plus_Flyme 5.2.7.0G.zip archive and copy it to the root folder
Of Meizu Pro 6 Plus the file system-i.img
Decompress the archive adb_tool.zip and in the folder obtained we select the file
Cmd.exe to open the command window
Write in the command window:
Adb shell
We give Send and permission to ADB through the pop-up that will appear on the Meizu Pro 6 Plus display
We will read in the shell @ Pro6Plus command window
WARNING: If the pop-up display does not appear, ADB drivers have not been installed correctly!
Write in the command window:
su
We give Send and permission of ADB SHELL root permissions through
The pop-up that will appear on the Meizu Pro 6 Plus display
We will read in the command window the symbol #
WARNING: If the pop-up display does not appear, root permissions are disabled!
Write in the command window:
Dd if = / sdcard / system-i.img of / dev / block / platform / 155a0000.ufs / by-name / system
We give Enter, we will see the cursor blink, we do not touch anything until the flash procedure
The system will not be completed and the screenshot message below will appear
Meizu pro 6 plus 01
Disconnect the usb cable from the Meizu Pro 6 Plus and restart it by holding down the button
Power for a few seconds, the startup process will take a few minutes, do not alarm and we start booting.
When the terminal is started we go in
Settings> About phone> Storage> Factory data reset>
We see Factory reset and Format internal storage>
Select START RESET"
I put into google translate, if you want the original in italian language let me know.
Click to expand...
Click to collapse
I can tell you that for now the safest method is flashfire because it install the ROM in same way that the Recovery does, that is: it wipes the system partition and installs the ROM with correct permissions.
The method you mention is more risky( to get a bootloop) because it overwrites the ROM files directly over the System partition with the OS still running on phone. This drives into a system hang freeze. of course you have to turn it of by holding power button until it restarts. Then you have to go recovery and do a factory reset if you get bootloop.
I tried this method before Flasfire but it gave me bootloop so then i used Flashfire because it do the same job that Recovery does.
About the modifications, its really simple. Just open \META-INF\com\google\androidupdater-script and delete all the lines in red in this picture (these lines check if your phone is Chinese version or global and update the firmware files.)
Also you can delete the files related to those lines just for safety (boot.img, recovery.img, logo.bin, ldfw, bootloader..)

bihariel said:
I can tell you that for now the safest method is flashfire because it install the ROM in same way that the Recovery does, that is: it wipes the system partition and installs the ROM with correct permissions.
The method you mention is more risky( to get a bootloop) because it overwrites the ROM files directly over the System partition with the OS still running on phone. This drives into a system hang freeze. of course you have to turn it of by holding power button until it restarts. Then you have to go recovery and do a factory reset if you get bootloop.
I tried this method before Flasfire but it gave me bootloop so then i used Flashfire because it do the same job that Recovery does.
About the modifications, its really simple. Just open \META-INF\com\google\androidupdater-script and delete all the lines in red in this picture (these lines check if your phone is Chinese version or global and update the firmware files.)
Also you can delete the files related to those lines just for safety (boot.img, recovery.img, logo.bin, ldfw, bootloader..)
Click to expand...
Click to collapse
Thanks a lot!, I'll read all as soon I could

BE Careful
Removed

bihariel said:
I read in some chinese forum that we cant downgrade but...
Download the ROM 5.2.7.0G, open the zip and editthis file \META-INF\com\google\android\updater-script
You can use this picture as a guide, delete the red lines:
Click to expand...
Click to collapse
i flashed the 6.7.4.11 but i have problem when i open the front camrera and close the camrea not open again
now i want back to the 5.2.7.0G but when i want edit the script is Different about your picture.
u can edit the just script and upload and then i will add to zip

mr.mgmg said:
i flashed the 6.7.4.11 but i have problem when i open the front camrera and close the camrea not open again
now i want back to the 5.2.7.0G but when i want edit the script is Different about your picture.
u can edit the just script and upload and then i will add to zip
Click to expand...
Click to collapse
Salam,
The camera bug is weird, i don't have that bug, i open the camera ( front and back) many times and it works perfectly, maybe you changed something in camera setting ( erasing camera app data should help)
Anyway, the script is exactly the same as mine, its just you are using and editor with Arabic orientation.
Just use the app Notepad++( google it) and open it in English lang.
If not, just upload the script for me and i will edit it.

bihariel said:
Salam,
The camera bug is weird, i don't have that bug, i open the camera ( front and back) many times and it works perfectly, maybe you changed something in camera setting ( erasing camera app data should help)
Anyway, the script is exactly the same as mine, its just you are using and editor with Arabic orientation.
Just use the app Notepad++( google it) and open it in English lang.
If not, just upload the script for me and i will edit it.
Click to expand...
Click to collapse
ealaykum alssalam
thanks bro for help
i flashed the rom without change anything in script and its work
u know when the stable rom will out?

[GUIDE/TUTORIAL/HOWTO] HTC One M9 any model from Stock to Android 12

[GUIDE/TUTORIAL/HOWTO] HTC One M9 from Stock to Android 12
[GUIDE/TUTORIAL/HOWTO] HTC One M9 any model from Stock to Android 12
This detailed step-by-step guide helps you transform your HTC One M9 (any model) to a powerful one with Android 12.
Make sure you have the HTC One M9 model, in Android, go to Settings > About > Phone identity and check Model number.
### FM Radio doesn't work with Android 11.
Models supported:
- Himauhl (Europe WWE | GSM | MID 0PJA10000)
- Himaul or Himaulatt (AT&T, Developer Edition, Unlocked | GSM | MID OPJA11000)
- Himaultmus (T-Mobile | GSM | MID OPJA12000), not sure you can get Android 7
- Himauhl (Chunghwa Telecom | GSM | MID 0PJA13000)
- Himawhl (Sprint | CDMA | MID OPJA20000)
Himawl (Verizon | CDMA | MID OPJA30000) is not guaranteed, see: https://forum.xda-developers.com/f/verizon-htc-one-m9.4125/
* MID = Model ID
CHANGELOG
v1. Initial release
1) DOWNLOAD
- djibe HTC One M9 pack : https://bit.ly/djibe-onem9-pack
(includes HTC USB Drivers, recovery TWRP 3.6.2_9-0 for all M9, Magisk Root, adb, fastboot.exe and htc_fastboot.exe).
Unzip the djibe folder from the zip on root folder of C:\ drive.
- ROM for Himaul or Himawl: Unofficial LineageOS 18.1: https://forum.xda-developers.com/t/rom-11-0-0-himaul-himawl-lineageos-18-1-unofficial.4199175/unread
Download latest build here: https://mirror.codebucket.de/claymore1297/LineageOS/18.1/hima
Android 12.1 / LOS 19.1 is WIP (no telephony yet): https://forum.xda-developers.com/t/rom-12-1-0-himaul-himawl-lineageos-19-1-unofficial.4378803/unread
Or you can use AICP 17.1 right below
- ROM Android 12 for other Hima models: Android Ice Cold Project Official 17.1: https://forum.xda-developers.com/t/rom-12-1-0-hima-android-ice-cold-project-17-1-unofficial.4399865/
Download latest build here: https://dwnld.aicp-rom.com/
### Localisation (GPS) must stay turned ON to get Telephony
Or try crDroid 7.12
- NikGapps-SL ARM64 Core or Basic: https://sourceforge.net/projects/nikgapps/files/Releases/NikGapps-SL/
- Charge phone to 100%
- 8+ GB MicroSD card formatted in FAT32
- Copy ROM + Google Apps +/- Magisk root zipfiles without unzipping content. Insert microSD in phone.
WARNING. This tutorial uses Microsoft Windows.
WARNING. Warranty is now void.
WARNING. Read carefully the sentences starting with ###.
2) BACKUP DATA AND INSTALL DRIVERS
Disable Antivirus.
Install drivers from my pack:
right click on HTCDriver.exe > click on Run as administrator and continue the setup.
Connect HTC One (while phone on) to PC, let drivers install.
In Windows explorer, HTC One should be available.
### If not make sure phone connection is in File transfer mode (see Android notifications).
### Phone is still not visible in Windows Explorer ? See fix at end of tutorial.
Collect all personal photos, videos, etc ... and backup these on PC.
Use an app like Backupyourmobile/SMS Backup & Resotre to backup texts, contacts, etc.
Check that backup is located on microSD card.
Then copy the backup on your PC.
Disconnect phone.
### If your phone is Simlocked/carrier locked/Network locked, don't go further.
Visit official website of your network carrier (or call their support) to retrieve your desimlock code.
Ask them for details on how to remove simlock.
How do I know my phone is simlocked ? When you insert a SIM card from another operator, network is inaccessible.
Only a stock ROM can remove simlock.
To go back from custom ROM to stock, see dedicated section at the end of tutorial.
2) KNOW YOUR MODEL
Shutdown phone.
Start in fastboot mode: hold Power + Volume- until it vibrates and release both buttons.
Wait until hTC download mode shows up.
On mine I see:
SECURITY: *** UNLOCKED ***
model: htc_himawhl
CID-11111111
SECURITY UNLOCKED means S-OFF for SECURITY-OFF, otherwise S-ON. With S-ON you can upgrade firmwares but cannot use previous versions.
3) UPGRADE TO LATEST OFFICIAL ROM
In Android, go to Settings > About > Software information.
Android version is 7 and HTC Sense version is 8.0.
If Android is already 7, go to next chapter.
But before, search for IMEI and note this number somewhere safe (we never know).
Otherwise, we need to flash suitable stock Android 7 Nougat firmware, depending on your model.
In Settings > About > Software information, note down Software version (in case of future error).
For me it is 3.41.651.4 (651 is the SKU part, meaning Sprint US ROM).
See Sneakyghost's and Behold_this' SKU-, CID- and MID-List: https://docs.google.com/spreadsheets/d/10H7RftecZZKb5tT2zpShfYNFAfSe-imhhqtVfeMPVDA/edit?pli=1#gid=0
Now tap on More > tap 7 times on Build number. It unlocks Developer options.
Go back to Settings menu, you can see the new Developer options menu.
Tap on it, accept the warning.
Switch ON USB debugging option.
Connect phone, a message appears on phone : Allow USB debugging?
check Always allow and confirm by tapping on OK.
But before upgrading to Android 7 Nougat, you need the latest Android 6 official ROM available for your model.
- Himaul or Himaulatt: RUU_HIMA_UL_M60_SENSE70_ATT_MR_NA_Gen_Unlock_3.35.617.16.exe
- Himaultmus, not sure you can get Android 7: http://downloadmirror.co/android/29Ri/RUU_HIMA_UL_M60_SENSE70_TMUS_MR_TMOUS_3.39.531.7.exe
- Himawhl: https://www.androidfilehost.com/?w=files&flid=334967 or https://downloadmirror.co/1KrL/RUU_HIMA_WHL_M60_SENSE70_SPCS_MR_Sprint_WWE_3.41.651.21.exe
- Himawl: http://downloadmirror.co/android/29...0105_CNV_1.26_002_release_469809_signed_1.zip
RUU*.exe: launch installer, connect phone (from within Android started or in Download mode) and follow executable steps.
Wait during flash.
After reboot, you have access to HTC software updates.
Go to Settings > System updates > HTC software update > CHECK NOW
Install available updates.
Repeat after each update until update 4.x is fetched.
Here you go with Android 7.
### I succeeded with Sprint model, tell us here if you experience problems with other models.
### Flash a RUU in *.zip format
### Copy RUU zipfile to microSD card and insert in phone. Shutdown phone.
### Start in fastboot mode: hold Power + Volume- until it vibrates and release both buttons.
### Use Volume- to Reboot to Bootloader. Confirm with Power.
### Use Volume- to BOOT TO RECOVERY MODE. Confirm with Power.
### Once in recovery, use Volume- to: Apply update from SD card
### Use Volume to select RUU zipfile
### Wait during flash
4) UNLOCK BOOTLOADER
Save IMEI, go to Settings > About > Phone identity > IMEI (15 digits).
In Settings > About > Software information > More.
Tap 7 times on Build number. It unlocks Developer options.
Go back to Settings menu, you can see the new Developer options menu.
Tap on it, accept the warning.
Check ON OEM unlocking and USB debugging options.
Go to Settings > Security > Screen lock > None
Go to Settings > Storage > Phone storage, scroll down and make sure Phone storage encryption is unchecked.
Now, open a Windows command on my "flash" folder (hold Shift + right click on folder -> Open a windows command here).
Or type cmd in Windows address bar and hit enter to launch a Command prompt in actual folder.
Enter command :
Code:
adb devices
, confirm by pressing Enter.
Command returns :
Code:
List of devices attached
HT53****** device
### If no device is found, uninstall and reinstall properly the drivers while antivirus is off. Or see fix at the end of this tuto.
### Or start fresh on another PC.
Now type :
Code:
adb reboot bootloader
Phone restarts in Fastboot mode. Wait till phone screen is blank in fastboot mode.
Use volume keys to switch to Download mode !!!
### With HTC One M9, fastboot commands have to be sent from Download mode (took me hours to figure it out, thanks @DigiGoon).
Type :
Code:
fastboot devices
Command returns :
Code:
HT53**** fastboot
### You may have to fix drivers again (see fix at the end of tuto)
Type :
Code:
fastboot oem get_identifier_token
, confirm by pressing Enter.
Command returns multiple lines.
Select with your mouse all the lines from
Code:
<<<< Identifier Token Start >>>>
(included)
to the line
Code:
<<<<< Identifier token end >>>>>
(included).
Now on keyboard copy (Ctrl + C combo), then open Notepad.
In Notepad, paste those lines (Ctrl + V combo).
Now manually remove all the (bootloader) strings from each line.
Your notepad should now look like this :
<<<< Identifier Token Start >>>>
37A5DBF4FE5F0D9F4425E54AA91AFDBF
2A20E9C67C3BB4FAE60263F76BDEC6AC
847BF9FFB11DAEA4AB88AC8710435449
9BC12E93DF4C54FFE3D064C4C810C49A
2CDAF2E0CD3A164FED4A568CB0FD2AC6
C01AA991733D949C00987062D691DE91
8AA1C97CEBC3ACE83FECE75A1D03CE72
62414C7DC36A73AFCBF433E1EBE2EDC7
E272F73309632D3EF8C86E472B65E8EF
37E46B52FE3F94FC69D1854CA3DE6F48
C3E10001B233A70B1EAF35134F51FCC6
353E0CC98534E6E60A241A7063D0BE2F
A5B752E75C1C47E6F739BDBE67D024DA
3292A14278247557632639802722A86C
E61424F7666AE085AA9905096FEED1AD
5ECBBD867544E95ABDDA277690B8CB55
<<<<< Identifier Token End >>>>>
Now visit this website: https://www.htcdev.com/bootloader/
Register on the site. Confirm registration with your email.
In the select menu, choose HTC One M9, click Begin Unlock Bootloader button.
Agree to legal terms.
Next page, go to the bottom and click continue to step 5.
In the bottom of this page, in the lower textarea "My Device Identifier Token",
copy and paste the multiple lines you just edited (my example is just above).
Click Submit.
HTC tells you: Token Submitted Successfully!
Open your mailbox (associated to your HTC account).
Copy the Unlock_code.bin file attached to email in my "flash" folder you unzipped.
In Windows command, type:
Code:
fastboot flash unlocktoken Unlock_code.bin
, confirm with Enter.
Command should return:
Code:
Device is unlocked
4) FLASH TWRP RECOVERY
Using the same Windows command prompt, enter:
Code:
fastboot devices
to make sure phone is still available.
Then
Code:
fastboot flash recovery twrp-3.6.2_9-0-hima.img
Command returns :
Code:
finished. total time: x.xxxs
Now enter:
Code:
fastboot reboot-bootloader
Press Volume- to navigate to BOOT TO RECOVERY MODE, and confirm with Power button.
Phone reboots to TWRP recovery (with red message alert).
5) BACKUP STOCK SYSTEM
In TWRP, check Never show this screen and Swipe to Allow Modifications.
You land on TWRP Home screen.
Always make a backup of your stock system. We never know when a weird bug will decapitate the system.
Go to Backup menu, select all partitions and Backup to microSD card (Select Storage button).
Backup the generated TWRP folder content from your microSD card to PC.
6) WIPE PARTITIONS
Back to Home menu, go to Wipe > Format data, type yes and confirm with bottom righ icon.
Go to Wipe > Advanced wipe.
Select Dalvik / ART Cache, Cache, System, Data, Internal Storage then Swipe to Wipe, go back to Wipe menu.
### Don't wipe SDcard
Got ot Reboot > Recovery
7) FLASH ROM AND GAPPS +/- ROOT/MAGISK
Back to Home screen, tap on Install > choose aicp*.zip
(if you don't see the files, tap on Select Storage and make sure Micro SDCard is active)
then Add more Zips -> open_gapps*.zip,
then Swipe to confirm Flash.
Wait for operation to end (can be long).
### To flash Magisk, go to Reboot > Recovery and flash Magisk after reboot.
We need to format Data once more to remove an encryption that took me time to figure out.
Go back to Wipe one more > Format Data > yes
When format complete, tap on Reboot system
Wait during long first boot.
Setup Android.
8) You can use Backupyourmobile to restore data,
use GPS Status & Toolbox app to enhance GPS fix.
That's it.
Enjoy,
djibe
THANKS to TWRP team, AICP team, All M9 contributors.
You can find all my tutorials at: https://github.com/djibe/Android-tutorials
##################################################
## Unlock bootloader without Unlock key from HTCDev
See: https://forum.xda-developers.com/t/...loader-without-htcdev-s-off-required.3092036/
## Seek help for your model:
- Sprint: https://forum.xda-developers.com/t/...tc-one-m9-4-27-651-4-updated-4-13-17.3073355/
## Change 4G/LTE region
Edit build.prop
Reboot to recovery > Mount > select System
adb devices
adb root
adb remount
adb pull /system/build.prop
Edit with Notepad++
add ro.telephony.default_network=20
save file
adb push build.prop /system/build.prop
adb shell chmod 644 /system/build.prop

djibe89 said:
Himaultmus (T-Mobile | GSM | MID OPJA12000), not sure you can get Android 7
Click to expand...
Click to collapse
What is the "not sure" based on?

mmortal03 said:
What is the "not sure" based on?
Click to expand...
Click to collapse
Hi,
I didn't find a RUU for this model during a quick search.
Do you know more about an official firmware ?

djibe89 said:
Hi,
I didn't find a RUU for this model during a quick search.
Do you know more about an official firmware ?
Click to expand...
Click to collapse
I don't own this model, but I believe the T-Mobile Nougat firmware is: 0PJAIMG_HIMA_UL_N70_SENSE80_TMUS_MR_TMOUS_4.27.531.6_Radio_01.01_U114401021_126.03.70206G_2_F_release_497408_signed_2_4.zip

mmortal03 said:
I don't own this model, but I believe the T-Mobile Nougat firmware is: 0PJAIMG_HIMA_UL_N70_SENSE80_TMUS_MR_TMOUS_4.27.531.6_Radio_01.01_U114401021_126.03.70206G_2_F_release_497408_signed_2_4.zip
Click to expand...
Click to collapse
Himaul is the International model isn't it ?
I'll dig deeper.
Thx for asking.
Struggling with Verizon model exhausted me

djibe89 said:
Himaul is the International model isn't it ?
Click to expand...
Click to collapse
I believe himaul can refer to a couple of U.S. variants, the AT&T and the T-Mobile. The AT&T variant appends 'att' to the end, and the T-Mobile may append 'tmus' (but I don't have a T-Mobile variant in front of me to verify this).

Hello, I just bought a One M9 model htc_himawhl, and I would like to install android 12 on it.
The device is S-OFF and the bootloader indicate "Software status: Official" and "LOCKED".
I have a few questions about your tutorial.
What advantages we get when we unlock the bootloader ? I installed TWRP 3.7 yesterday, I suppose I can install any custom rom no ?
You didn't gives htc_himawhl compatible Android 12 rom, which one can work with in the list you given ?
I had an HTC U Ultra before this phone (which is now dead...), the process was much more easier because it was an international model. :/
Thanks in advance for your answer !

SofianeLasri said:
Hello, I just bought a One M9 model htc_himawhl, and I would like to install android 12 on it.
The device is S-OFF and the bootloader indicate "Software status: Official" and "LOCKED".
I have a few questions about your tutorial.
What advantages we get when we unlock the bootloader ? I installed TWRP 3.7 yesterday, I suppose I can install any custom rom no ?
You didn't gives htc_himawhl compatible Android 12 rom, which one can work with in the list you given ?
I had an HTC U Ultra before this phone (which is now dead...), the process was much more easier because it was an international model. :/
Thanks in advance for your answer !
Click to expand...
Click to collapse
Hi, normaly you need to unlock bootloader to boot a custom ROM.
To find a suitable ROM you should read the Sprint model section of XDA

@SofianeLasri , if you need VoLTE in your country/with your carrier, unfortunately, none of the recent custom ROMs for this phone have VoLTE/IMS registration working. It is being worked on, but there are no guarantees. You should read and follow the following thread for details/updates on this: https://forum.xda-developers.com/t/...ce-cold-project-17-1-official.4399865/page-12

What a shame, I buy a phone that I think is known on the custom rom scene, and I come across an abandoned operator model...

SofianeLasri said:
What a shame, I buy a phone that I think is known on the custom rom scene, and I come across an abandoned operator model...
Click to expand...
Click to collapse
Custom models are pain for obsolescence

Database Users

welcome