Hello xda, here's guide for bootloader unlocking for Meizu MX4 and Meizu M1 Note.
All your actions with the phone is at your own risk. The authors are not liable. This is just your choice.
PLEASE read full instructions before you start.
RECOMMENDED ONLY FOR EXPERIENCED USERS.
This was tested ONLY on MX4 and M1 Note (MX4 PRO - NOT WORKING)
Archives contains:
custom-recovery_mx4_philz - custom recovery philz touch 6 for MX4
custom-recovery_m1note_philz - custom recovery philz touch 6 for M1 Note
gscript - folder with unlocking script
patched-stock-recovery_mx4 - patched stock recovery for MX4 (who wants to flash International (index I) firmware to chinese MX4 (index A), or flash stock-customs (deleted chinese soft, game center etc.))
patched-stock-recovery_m1note - patched stock recovery for M1 Note (same as MX4)
*********************************** (deleted digital signature checker and checking version of your MX4 / M1 Note (chinese/international))
patcher - loader patcher
terminal emulator - easy terminal emulator
UNLOCKING PROCESS:
Flash clean stock firmware, do this only on android version: 4.4.2 firmware on MX4 (4.2.8.2A) / 4.4.4 firmware on M1 Note (4.2.0.5A) VERY IMPORTANT!!!
**************************************************************** (Android 5.0/5.1 firmwares uboot not patch)
Get ROOT by standard method (flyme account). SuperSu NO NEEDED
Unpack on your disc (on PC) archive with firmware which you used to flash on your MX4 (4.2.8.2A) / M1 Note (4.2.0.5A) VERY IMPORTANT!!!
Place in a folder with unpacked archive (p.3) file "Meizu_Patch.exe" from folder "patcher" of your downloaded archive and open this with administrator rights.
-Theoretically, antiviruses can alarm to packer which patcher was compilated (but Dr.Web is fine) / but antiviruses recommended to be closed.
-If you are afraid about viruses and trojans, skip this step....and all the following.
If all goes well - we see a flashing green "SusseccFully Patched" in the patcher round window - continue.
If no and you see inscription "Patching Failed!", RED - STOP - something goes wrong and if you continue - BRICK!!!
Delete from this folder 2 files: "Meizu_Patch.exe" and "uboot.img.bak".
Create a folder with name "UNLOCK" in phone root directory (SD card)(DCIM folders, Picture, Music, data etc.) and copy in already patched loader file "uboot.img" from firmware folder from PC (where we started our patching (unpacked firmware)).
Pack this firmware (on PC) back in archive (using 7-zip/winrar) with name "update.zip" (default flyme firmwares) - could be useful.
Copy a folder "gscript" together with the contents in phone root directory (SD card).
Install "terminal emulator" on your phone from "gscript" folder.
Open terminal and write
su
sh /sdcard/gscript/unlock.sh
*Important!!* Wait 3 minutes for script action
Reboot your phone by command reboot . If it succesfully boot - congratulations, all right.
Further:
*WARNING!!!* All operations of modules flashing (recovery.img, boot.img etc.) doing ONLY BY STANDARD METHODS, by FASTBOOT command "fastboot flash"!! NOTHING ELSE!!
You can flash modified stock recovery from folder "patched-recovery" for MX4/M1 Note (your needs) by command: "fastboot flash recovery patched_recovery.img" and restrict the international version of firmware (in update.zip you can do all changes you want - signature will not check).
*CARE!!* If you flash index I firmware with patched recovery, USE Titanium or others to delete/freeze "System Update" from firmware. OTA UPDATE WILL BRICK YOUR DEVICE!!!
*CARE!!* Patched recovery will be rewritten on the usual stock recovery by first full android load, then after command "fastboot flash patched_recovery.img" turn off your phone and hold button "volume up" (+) and "power" before the phone starts (or delete "recovery-from-boot" as alternative).
You can flash custom recovery - and use it for your needs.
*CARE!!* DON'T try to flash stock meizu firmwares from any custom recovery, we have patched stock recovery for that.
ALWAYS DO A BACKUP!!
VERY IMPORTANT Notes:
Not allowed "strange" combinations (for example flashing not patched loader and custom recovery). If system goes to bootloop - exit from "half-brick" could be very hard, if it all possible.
Loader patch and reverse packing stock firmwares should be done everywhere - it will save your time and nerves. You should avoid version mismatch of preloader - uboot - boot.img in smartphone firmware. Effects, bugs, lags can be very different.
*IMPORTANT!!* Then, if we flash "custom firmware", it should NOT CONTAINS "uboot.img" and "preloader.bin". All this can be flashed only in stock (modified) firmware, ONLY FROM STOCK or PATCHED STOCK recovery.
"uboot.img" CAN'T BE flashed by fastboot!! Also not allowed doing experiments with "preloader.bin". BRICK probability is very high!!
Original source:
Authors:
kirill8000 -
kkk4 -
Some thanks:
Paypal - [email protected]
Download links:
For MX4 - drive.google.com/file/d/0B0OQimXw1wRsOE8tc2NmMElMUm8/view?usp=sharing
For M1 Note - drive.google.com/file/d/0B0OQimXw1wRsTk5Qc0p4ZndNd0E/view?usp=sharing
Downloadlink: https://yadi.sk/d/XB3vkcU1j6ywa
Hi guys,
first of all thx... I want test it but i have missed 2 points:
-After unpacking and patching the firmware, i need to move the "gscript with the unpacked firmware" on root folder? Or create a new folder ?
Naphtha said:
Hi guys,
first of all thx... I want test it but i have missed 2 points:
-After unpacking and patching the firmware, i need to move the "gscript with the unpacked firmware" on root folder? Or create a new folder ?
Click to expand...
Click to collapse
New folder's in root of your phone. (a folder called "gscript" with the files "unlock" and "gscript.apk in" AND a folder called "UNLOCK" with the uboot.img you patched
"Copy a folder "gscript" together with the contents in phone root directory" we aren't able to install the apk from root directory...only from sd
Look
when i execute "unlock.sh" :
The phone afther this boot well but no "Program should show 2 window with root access for gscript, Agree! Wait for one-two minutes for script action (until the yellow lines in the gscript window)."
Naphtha said:
Look
Click to expand...
Click to collapse
sure it must be on sd card, i just translated the root directory like sd because we physically haven't it. Logic? nope.
so folder "UNLOCK" should be on SD card and should contains "uboot.img" from patched firmware
folder "gscript" (with .apk and unlock.sh script) should be there too (on SD card)
fixed now and replaced steps.
Nicd
Thx guys i have installed the Ubuntu Touch recovery! :') 4 Phones bricked and now i have it!!
Naphtha said:
Thx guys i have installed the Ubuntu Touch recovery! :') 4 Phones bricked and now i have it!!
Click to expand...
Click to collapse
we haven't tested ubuntu touch recovery for this and especially didn't flashed ubuntu, be carefully, 5th brick should be VERY bad.
The recovery work well and i care i can install the rom from ubuntu desktop...
if all go to hell, i can reinstall the recovery patched from fastboot and back to the firmware modified from recovery.... :')
Naphtha said:
The recovery work well and i care i can install the rom from ubuntu desktop...
if all go to hell, i can reinstall the recovery patched from fastboot and back to the firmware modified from recovery.... :')
Click to expand...
Click to collapse
be care with preloader and uboot.
i want update the process:
- Recovery of ubuntu: Installed
Naphtha said:
i want update the process:
- Recovery of ubuntu: Installed
Click to expand...
Click to collapse
we should wait some flyme-developed-roms (like CM12.1 for flyme based mx4).
don't try to flash ubuntu, file system could be differ. Ubuntu can rewrite your preloader and uboot, then - hello.
slowsunset said:
be care with preloader and uboot.
Click to expand...
Click to collapse
Do you think the same patch could work for MX5 if it was made for it?
I think the problem is related with Lollipop, that is why we only can do with mx4 and m1 note, because they have Kitkat Flyme roms.
You guys are wonderful. So many months waiting for it, and so many months trying to unlock it.
Now is real
Hope you can do it for Lollipop, the rest of Meizu phones. I know you can.
Thanks again
---------- Post added at 03:12 AM ---------- Previous post was at 02:34 AM ----------
Maybe with bootloader unlocked my TWRP works, if anybody wants to try it... https://drive.google.com/file/d/0B1WZs_VfDdzYYjRlTGZFR2w3eUU/view?usp=sharing
For MX4!
help
How can I unlock the bootloader of a bricked MX4? cant access anything than fastboot. please help
Related
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
ui_print - Disabling OTA survival
ui_print - Removing old files
ui_print - Placing files
ui_print - Post-installation script
ui_print - Unmounting /system and /data
ui_print - Done !
Click to expand...
Click to collapse
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Root is working but the problem is TWRP because is not working its giving error so no flashing other custom rom or mods for now.
Yes root is working fine. I didnt tried twrp or cwm. With this guide, you can use stock odexed and unmodified lolipop rom.
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
jojobans said:
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
Click to expand...
Click to collapse
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
Click to expand...
Click to collapse
evet arkadash
Muhahahah
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Click to expand...
Click to collapse
Finally YES!!! thank you so mu ch. Will try later.
Root plus Custom Recovery, or Root Only?
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, one user of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
topet2k12001 said:
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, the OP of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
Click to expand...
Click to collapse
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Just to make sure, this works for v20i only or does it work for, say, my v20h too?
6ril1 said:
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Click to expand...
Click to collapse
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
topet2k12001 said:
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
Click to expand...
Click to collapse
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his flashables 20x original fw flzshable zip (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
6ril1 said:
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his rom (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
Click to expand...
Click to collapse
Yes, however that is a repackaged firmware (extract everything, root it, and then "bump" the necessary components, and then put it back together as a single flashable zip). That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. This guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
topet2k12001 said:
Yes, however that is a repackaged firmware. That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. Your guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
Click to expand...
Click to collapse
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
6ril1 said:
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
Click to expand...
Click to collapse
Ah, sorry I misunderstood what you were saying.
I do not know what rpm.img and tz.zip are for. I did read somewhere in XDA that tz.img is for the "radio" (or transmitter?). But I would suggest to keep those files (tz.img, rpm.img, aboot.img, sbl1.img) at "Kitkat version" because there will be a signature mismatch resulting to "certificate verify" or "security error" - if people want to have a custom recovery.
If people will NOT install a custom recovery (they just want root) then they can use this guide. The device will boot fine without the error messages, since recovery.img is Lollipop non-"bump'd" version (so the signatures match).
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
6ril1 said:
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
Click to expand...
Click to collapse
Yes, that's another way of approaching it. Or maybe create a flashable zip from it. But we will still need to instruct users to extract their Kitkat Image files (I don't think all Image partitions are the same for all variants), that's why I find the manual method (like @autoprime) to be a good approach because I personally find it to be more "universal".
One example: the D858HK does not have cust.img.
So for us to create an all-in-one script, zip, or approach, it would be difficult because of the many variants of the LG G3. Maybe if there were not that many variants, I'm sure skilled people like you can have a universal and convenient solution. For now, I still think that manual flashing is more universal.
topet2k12001 said:
Yes, that's another way of approaching it.
Click to expand...
Click to collapse
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
6ril1 said:
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
Click to expand...
Click to collapse
So that explains why even if the Lollipop versions are included/flashed, they won't cause an issue of signature mismatch. The Image file that causes a signature mismatch when you flash a "bump'd" file is aboot.img (the Android Bootloader). Which explains also in my experiment (prior to discovering it all and creating a thread) why I was initially able to "fix" my issue, following @autoprime's tutorial, when I flashed aboot.img - however, in exchange I lost "bump" status.
So basically, people will need to flash their Kitkat version of aboot.img and "bump" will still work (and will have custom recovery). That is our hypothesis at this point.
This reminds me: in my how-to guide, there was a user complaining about fast battery drain. Maybe if I advise him to flash the Lollipop version of rpm.img, that would help alleviate the issue. I will do an experiment and if this will succeed, I will update my how-to guide. In your case, for this thread's purpose, you may also do an experiment and create scripts.
Nice teamwork.
I don't know what "trustzone" is though. Will it affect signature mismatches? sbl1.img and rpm.img seem to be self-explanatory.
EDIT:
As mentioned previously, it is very dangerous to flash any of the restricted boot partitions such as sbl1, sbl2, sbl3, aboot or rpm. However it is safe to flash any other partition in order to install custom Linux builds and run them.
Click to expand...
Click to collapse
...do we really want people to touch this?
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **The following is tested on model SGP-771. For Wifi-only model the procedure is the same but you should use the files and kernels for the Wifi model. Do not flash the ftf and kernel files intended for the cellular model on a Wifi-only tablet.I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @AndroPlus, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your tablet when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this tablet such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each tablet and cannot be copied over from another tablet) unlocking the bootloader results in an irreversible loss of some of your tablet's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.260 firmware, For this tutorial I used SGP771_Customized HK_1296-4830_28.0.A.8.260_R10A. You can download it from https://mega.nz/#!YsUWwY5Y!0775_vLpjV9-UkoGjMWP6-Yu8L31LkJVHEyUwA7X9NA. For the wifi only model SGP712 use
https://mega.nz/#!wlIl0JDa!DR0lRL6dDn5Y-K_4768oJnLGWQyrxNV0xLHgKVVesFw (thanks to @kuroneko007)
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable. (To access service menu on SGP712 (Wi-Fi only model) see: http://forum.xda-developers.com/showpost.php?p=66164176&postcount=5) Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your tablet.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the tablet which is now in USB debugging mode to your PC and answer yes when it asks to authorize the PC to access the tablet in USB debugging mode. You can check that the PC indeed sees the tablet by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-07102015.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the tablet initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 SGP771_Customized DE_1295-6955_32.1.A.1.185_R4C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Obtain a kernel boot image. If you want to stick with the stock kernel you need to extract kernel.elf from the ftf that you flashed in step 1.15. If you want a custom kernel you can download one from https://kernel.andro.plus/kitakami.html Note that whatever kernel you are using in this step must match the firmware version currently installed on your system. For this example I downloaded Z4T_SGP771_AndroPlusKernel_v27.zip and extracted the boot.img file from the zip, which matches Marshmallow 32.1.A.1.185.
2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel (e.g. boot.img) to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd boot.img boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y
- Install TWRP recovery? [Y/n] N
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your tablet.
2.5- Boot the tablet in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the tablet and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is succesfull you will see this but if it hasn't been successful you will see this.
3- How to flash a custom or stock kernel
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash it on your tablet you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to flash recovery
4.0- To install TWRP recovery you need to flash AndroPlus kernel first (see sections 2.1 and 3).
4.1- Download a TWRP image from the same webpage. For this tutorial I used TWRP-3.0.2-0-20160417.img.
4.2- Reboot into fastboot mode and run this command:
Code:
fastboot flash recovery TWRP-3.0.2-0-20160417.img
4.3- Reboot the tablet. To enter recovery touch the volume keys when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the tablet must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the tablet. The command will look similar to this:
Code:
tarestore TA-07102015.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the tablet. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Reserved
For FAQ, etc.
Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...
Stevethegreat said:
Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...
Click to expand...
Click to collapse
No. This tool cannot help you and trust me there is no shortcut to avoid all of this.
Flashfire (the tool you mentioned) only works if you already have root access. There is no root available for this tablet without unlocking the bootloader, and unlocking the bootloader means you lose the TA partition immediately. So by the time you get this tool to work your TA partition will have been long erased.
Hi. Does this solution suit only for people who have not erased drm keys yet and are be able to backup it? For those who lost, no up-to-date solution except for that http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 ?
Correct.
Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?
mrdarek said:
Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?
Click to expand...
Click to collapse
You can download a tool called flashtool from http://www.flashtool.net/index.php and flash an unmodified ftf firmware. Because the firmware is unmodified the bootloader doesn't have to be unlocked. Many tutorials are available on xda and elsewhere about using this tool, which you can find by doing a Google search. As I said in the prerequisite section, "You should be able to flash an ftf file using flashtool. "
anybody successfully tried this guide?
I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?
mrdarek said:
I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?
Click to expand...
Click to collapse
As you said it, the problem was that you didn't flash the 260 version, not that it wasn't customized.
If you can't find the right version I upload it and post a link in the OP. It takes a little time so check this thread again in about 5 hours.
I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152
mrdarek said:
I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152
Click to expand...
Click to collapse
The sizes sound about right. What errors are you getting?
You can try to relock the bootloader using the instructions and see if your TA backup works. If that works then we can see why the kernel is patched correctly.
Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?
mrdarek said:
Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?
Click to expand...
Click to collapse
You need to follow the instructions to the letter:
1- flash the esaxt same firmware that you made the TA backup with.
2- Restore TA backup.
I guarantee you it will work or l will help you debug it.
Not very understand. It was done. TA backup was done with "260" firmware. I'm able lock that firmware again, so it work. but it only lollipop, can't go into marshmallow from it.
Goal is: marshmallow with root twrp and drm. How achieve it?
I see - I have new device version (karin) so (hopefully) temporary this solution not work for me. I can have only marshmallow with root and twrp (no DRM) or marshmallow with DRM (no root and twrp). I must wait as developers support my device, and keep my keys in safe place to that time.
mrdarek said:
Goal is: marshmallow with root twrp and drm. How achieve it?
Click to expand...
Click to collapse
mrdarek said:
Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
...
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
...
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
...
- Skipping drmfix. Unsuppported/untested for model karin
...
Click to expand...
Click to collapse
OK, I see what is going on.
When I use drmonly script version 4.24 I get the following:
Code:
C:\Users\najoor\Desktop\rootkernel_v4.24_Windows_Linux>drmonly.cmd boot.img test.img TA-07102015.img
- Unpacking kernel
Found android boot image
- Unpacking initramfs
- 64-bit platfrom detected
- Configuring secd
- Configuring wvkbd
- Configuring drmserver
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
But if I use version 4.31:
Code:
C:\Users\shervin\Desktop\working\Download\rootkernel_v4.31_Windows_Linux>drmonly
.cmd boot.img x.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
I have no idea why @tobias.waldvogel decided to remove the support for Tablet Z4 in the latest version of the drmonly script, but I can see that the DRM works fine with the old version.
I do not have persmission from @tobias.waldvogel to post the older version of his script here so you have to ask him to either add support in the new version or give you the older version.
Thanks - so now I see where is problem. I try contact with author.
Heh - I send PM him but it was my fault [added: it not totally fault - Tobias work on new version and soon we should have new working utility for all ]
I'm enough clever to modify script in 5 minutes (it txt ), and enough stupid to flash it immediately. Now I have....
rooted marshmallow with DRM KEY and TWRP - job finished
To finish job I disabled in settings auto-update, because now it start possible
FAILED <remote dtb not found>
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
downloading 'boot.img' ...
OKAY [ 0.347s]
booting ....
FAILED <remote: dtb not found>
Click to expand...
Click to collapse
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.
Hybel1507 said:
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.
Click to expand...
Click to collapse
Please follow the following steps exactly and let me know in what step things fail. If you do not provide detailed information I will not be able to help you.
1- Clean flash a 185 ftf and make sure system boots fine.
2- extract the kernel.elf from the ftf and I use fastboot to see if you can boot using fastboot with this kernel.
3- extract boot.img from AndroPlusKernel_v27 and see if you can use fastboot to boot with this image.
4- use the procedure in the OP to patch AndroPlus kernel and see if you can use fastboot to boot with this image.
5- flash this image using fastboot to see if the system boots fine.
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **
The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.
I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the Customized NL ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, follow this guide through to section 5 place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133 (The rootkernel tool has a bug in its built-in SuperSU integration. See: http://forum.xda-developers.com/showpost.php?p=67485478&postcount=838)
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to root
5.1- Place SuperSU 2.71 zip (or higher) on the phone's sdcard. The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
5.2- Reboot to recovery and flash the zip file.
6- How to relock bootloader and return it to original factory state
6.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
6.1- Repeat step 1.1
6.2- Repeat steps 1.3, 1.4, and 1.5
6.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
6.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
najoor said:
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:
Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Click to expand...
Click to collapse
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
arokososoo said:
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
Click to expand...
Click to collapse
Not yet, atleast for my Dual SIM Version.
njaya95 said:
Not yet, atleast for my Dual SIM Version.
Click to expand...
Click to collapse
So you mean there is a way to root single sim version without unlocking BL?
Thanks ú so much! this is well writen, i will try this when i get the time to do a fresh install. Cheers mate
@arokososoo
Please, in the future never quote long OP and any other long posts. This is very annoying for mobile and desktop users to scroll to the next post. Thanks.
Sent from my Sony E6553 using XDA Labs
I wonder if E6533 can use this guide
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Stoneybridge said:
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Click to expand...
Click to collapse
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Trilliard said:
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Click to expand...
Click to collapse
I can't see your picture, but I assume you have that stucking at modem/system ?
If so, downgrade Flashtool to 0.9.19
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Trilliard said:
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Click to expand...
Click to collapse
Did you forget to wipe?
In a thread i opened in Q&A a user said that even though service info reported bl unlock allowed NO, he managed to unlock it anyways using standard procedure, what do you think?
it seems like Sony RIC is not fully disabled with this patch.
Finally ! Works like a charm in my E6533 (Dual sim) !!! Thanks a lot !!!
Hi thiefxhunter,
How you do this? could you explain us step by step. I like to root my dual sim model.
Thanks.
Hi.. I am stuck in 2.5
My device is unlocked, It is connected in fastboot mode (blue led).
error msg
'Fastboot is not recognised as an internal or external command, operable program or batch file'
Please help me in this.
Solved..
Thanks for this post..
Thanks for this guide, it worked like a charm on my E6553 with 32.2.A.0.224
CorzCorry said:
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
Click to expand...
Click to collapse
Can you please explain how did you do that? Thanks
Fixed! Go here for steps
I've tried the relock.bat provided in the unofficial bootloader unlock/lock thread but I keep getting the bootloader unlocked warning. I also downloaded and tried installing the stock ROM mentioned in https://m.youtube.com/watch?v=peSI-KeEt5E&time_continue=23 but the window just closed itself so I manually flashed recovery, boot, system and vendor images using twrp. I then booted and installed the April security patch update but I got random soft-reboots in the process.
Can anyone guide me to restoring the device to locked condition? (4GB ram variant)
Update: Noticed that these reboots occur as soon as app installation is over. Disabled app updates for now
Relock Bootloader ZenFone Max Pro M1
1) Download Zenfone_Max_M1_Pro_Relock.zip and extract it to a folder on your desktop.
2) Power off your phone. Then press Power and Volume Down key together, to boot into fastboot mode.
3) Connect your Asus Zenfone Max Pro M1 to the PC using a USB cable.
4) Windows will now automatically detect the device and start installing the fastboot drivers for it. If not, download and install these ASUS drivers.
5) Open the directory where you extracted the file from #1.
6) In that directory, open a file named relock_bl.cmd
7) A Command (CMD) prompt will do the rest of the work for you.
Let the phone restart.
8) It will then erase all the data on your phone (excluding Micro SD card).
9) Now the phone won’t show the “bootloader unlocked” warning that was displayed before you relocked the bootloader.
You have successfully relocked the bootloader.
myapky said:
9) Now the phone won’t show the “bootloader unlocked” warning that was displayed before you relocked the bootloader.
Click to expand...
Click to collapse
No success. I'm following the method shown in this thread
Edit: Reboots are fixed after I wiped data before flashing the images
myapky said:
1) Download Zenfone_Max_M1_Pro_Relock.zip and extract it to a folder on your desktop.
2) Power off your phone. Then press Power and Volume Down key together, to boot into fastboot mode.
3) Connect your Asus Zenfone Max Pro M1 to the PC using a USB cable.
4) Windows will now automatically detect the device and start installing the fastboot drivers for it. If not, download and install these ASUS drivers.
5) Open the directory where you extracted the file from #1.
6) In that directory, open a file named relock_bl.cmd
7) A Command (CMD) prompt will do the rest of the work for you.
Let the phone restart.
8) It will then erase all the data on your phone (excluding Micro SD card).
9) Now the phone won’t show the “bootloader unlocked” warning that was displayed before you relocked the bootloader.
You have successfully relocked the bootloader.
Click to expand...
Click to collapse
IF YOU ARE ON THE LATEST FIRMWARE THEN THE ABOVE STEPS WORK, I CANNOT POST LINKS HERE AS I'M NOT ABLE TO.
MY PHONE FIRMWARE : Version WW-14.2016.1804.305
CONFIRM YOURS............!!!!
myapky said:
WW-14.2016.1804.305
Click to expand...
Click to collapse
OPM1.WW_Phone-14.2016.1804.305-20180521
Check this [GUIDE][Back-To-Stock] Flash Stock ROM
CHECK THIS : https://forum.xda-developers.com/showpost.php?p=76695194&postcount=95
Download stock recovery availbale at xda forum.
Than download the official latest firmware 1.4GB from asus website and place in external sdcard.
Flash stock recovery with fastboot method. Boot into recovery and flash the firmware zip..it will automatically encrypt your internal data.
SINGHYAR.
myapky said:
CHECK THIS : https://forum.xda-developers.com/showpost.php?p=76695194&postcount=95
Click to expand...
Click to collapse
This got my device into Red State with message "Your data is corrupt". Unlocked bootloader again, will try this method by installing system, boot, recovery and vendor partition images
That script is working for me, but I installed the images of the csc zip which was indonesian edition. Trying again with ZB601KL images
Thanks @myapky! Phone is now having a locked bootloader
Can I relock bootloader after installing Magisk?
Sourav-21 said:
Can I relock bootloader after installing Magisk?
Click to expand...
Click to collapse
You should lock bootloader only on stock recovery without root and with no system modification (like uninstall of system apps, property file change).
If you lock the bootloader with custom recovery or modified system then if OTA messes up boot or any other partition .. you have no way to fix it.
Also .. only locking the bootloader will not fix OTA .. as any OTA patching boot.img will mess your Magisk anyway .. so keep bootloader unlocked if you have modifications.
.A.V.i.n.a.S.h. said:
You should lock bootloader only on stock recovery without root and with no system modification (like uninstall of system apps, property file change).
If you lock the bootloader with custom recovery or modified system then if OTA messes up boot or any other partition .. you have no way to fix it.
Also .. only locking the bootloader will not fix OTA .. as any OTA patching boot.img will mess your Magisk anyway .. so keep bootloader unlocked if you have modifications.
Click to expand...
Click to collapse
Thank you. I forgot that Magisk patch the system.img. In old days superSU just modify the system partition.
I want to relock the bootloader only for the irritating Warning message at the startup. Is there any way to stop that message like moto G?
Sourav-21 said:
Thank you. I forgot that Magisk patch the system.img. In old days superSU just modify the system partition.
I want to relock the bootloader only for the irritating Warning message at the startup. Is there any way to stop that message like moto G?
Click to expand...
Click to collapse
It appears on custom ROM as well .. so not sure about any way to block it.
If i unlock via official app and when some update available and I download & flash by stock recovery will it work?
Another question is if I install custom rom then how can I back in stock rom?
Ariful Hasan Soikot said:
If i unlock via official app and when some update available and I download & flash by stock recovery will it work?
Another question is if I install custom rom then how can I back in stock rom?
Click to expand...
Click to collapse
Recommended to UNLOCK unofficially - using this Guide.
If you have unlocked officially then you will not get OTA update notification.
To update (if you are on stock system without modifications like TWRP, Root etc..),
Download full firmware from ASUS official site ( ZBL601KL OR ZBL602KL ) and try to unzip it once to check for file errors.
If no issues in unzip then keep the file in base path of Internal storage.
You will get a message like System Update file detected (if not then reboot and check).
Select the notification and authorize to update. DONE.
To revert back to Stock from Custom roms - use this GUIDE or follow the method in this thread
.A.V.i.n.a.S.h. said:
Recommended to UNLOCK unofficially - using this Guide.
If you have unlocked officially then you will not get OTA update notification.
To update (if you are on stock system without modifications like TWRP, Root etc..),
Download full firmware from ASUS official site ( ZBL601KL OR ZBL602KL ) and try to unzip it once to check for file errors.
If no issues in unzip then keep the file in base path of Internal storage.
You will get a message like System Update file detected (if not then reboot and check).
Select the notification and authorize to update. DONE.
To revert back to Stock from Custom roms - use this GUIDE or follow the method in this thread
Click to expand...
Click to collapse
I don't understand about base path of internal storage. Plz can you show a screenshot or make clear about which folder i have to put full firmware?
Ariful Hasan Soikot said:
I don't understand about base path of internal storage. Plz can you show a screenshot or make clear about which folder i have to put full firmware?
Click to expand...
Click to collapse
Just keep the file in Internal storage and not under any folder/directory in Internal Storage.
In Internal Storage you should have ..
Android (directory)
DCIM (directory)
Download (directory)
WhatsApp (directory)
..... etc
UL-ASUS_X00T-WW-14.2016.1804.252-user.zip (file)
Remember that the current UL-ASUS_X00T-WW-14.2016.1804.305-user.zip file on https://www.asus.com/in/Phone/ZenFone-Max-Pro-ZB601KL/HelpDesk_BIOS/ is corrupted.
You can download UL-ASUS_X00T-WW-14.2016.1804.252-user.zip from here - https://androidfilehost.com/?fid=674106145207491520
Hi, is it possible to update HWOTA (Mate 9 rooted) to EMUI9 (MHA-L29C636-9.0.1.159 FullOTA-MF) with patch HWOTA8_2017110501 for Android 8 Oreo?
İ don't now
İ need answer to to trying this method
But my phone C185
And the update file in Firmware finder 2 file not 3
use Hrupdater
CouCouFR34 said:
Hi, is it possible to update HWOTA (Mate 9 rooted) to EMUI9 (MHA-L29C636-9.0.1.159 FullOTA-MF) with patch HWOTA8_2017110501 for Android 8 Oreo?
Click to expand...
Click to collapse
You would have to modify hwota script as Pie only uses 2 zips.
aureliomilitao said:
use Hrupdater
Click to expand...
Click to collapse
that's not recommended as Pie uses System as root.
ante0 said:
You would have to modify hwota script as Pie only uses 2 zips.
that's not recommended as Pie uses System as root.
Click to expand...
Click to collapse
how modify hwota script as Pie only uses 2 zips?>
same steps with 2 file works??
please my account HCU is block
need help for fix my IMEI with acount HCU via TeamViewer
Hi AnteO, I have the same question as Kilis ; how to modify the HWOTA script to use only the 2 zips ?
CouCouFR34 said:
Hi AnteO, I have the same question as Kilis ; how to modify the HWOTA script to use only the 2 zips ?
Click to expand...
Click to collapse
Remove the following line from update-binary in hwota8_update.zip and repack.
echo --update_package=/sdcard/HWOTA8/update_data_public.zip >> /cache/recovery/command
Or check out this post: https://forum.xda-developers.com/showpost.php?p=78962795&postcount=171
I want to patch new updates of emui 9 with latest google security patches so which no check recovery i use on emui 9.
OK it works very well and EMUI9 is definitely better than version 8; on the other hand how to reinstall TWRP?
I found this post from anteO
https://forum.xda-developers.com/mate-9/help/twrp-emui-9-android-pie-decryption-t3894735
it seems that TWRP is not easily installable ; would there be a solution, especially to install MAGISK ?
CouCouFR34 said:
I found this post from anteO
https://forum.xda-developers.com/mate-9/help/twrp-emui-9-android-pie-decryption-t3894735
it seems that TWRP is not easily installable ; would there be a solution, especially to install MAGISK ?
Click to expand...
Click to collapse
You don't need TWRP to install Magisk; for that matter, they can't be installed simultaneously on EMUI 9 together anyway.
The EMUI 9 method for Magisk is to patch recovery_ramdisk.img extracted from update.app, flash the patched image, and boot to recovery from then on. (Huawei made it impossible to load a custom ramdisk on Pie otherwise.)
Thank you irony_delerium for info's, but is there not a tutorial explaining the steps of modification ?
CouCouFR34 said:
Thank you irony_delerium for info's, but is there not a tutorial explaining the steps of modification ?
Click to expand...
Click to collapse
1) Make sure you've got the stock firmware zip files. (I'm assuming you do.)
2) Extract UPDATE.APP from the main update.zip file (the big one).
3) Using Huawei Firmware Extractor on your desktop (search on XDA for it), load UPDATE.APP and extract the recovery ramdisk image. It's going to be "RECOVERY_RAMDIS" in that app as I recall.
4) Put the image into your phone's internal storage (MTP works, though I've never used it, I usually use adb: adb push RECOVERY_RAMDIS.img /sdcard)
5) Install Magisk Manager on your phone. You want the current release (18.1) at the very minimum. Canary builds also work
6) Select the Install button in the Magisk interface. Select "Patch boot image". In the file browser that comes up, select the image you just transferred in #4.
7) When Magisk finishes, pull the image back to your PC (adb: adb pull /sdcard/Download/patched_boot.img)
8) Reboot to the bootloader and flash (fastboot flash recovery_ramdisk patched_boot.img)
9) Reboot to recovery (fastboot reboot, pull the USB cable and hold volume up).
Thank you irony_delerium ; very clear tutorial ; on the other hand, in UPDATE.APP there are 2 RECOVERY files : RECOVERY_RAMDIS.img and ERECOVERY_RAMDI.img which do the same weight; patching MAGISK with RECOVERY_RAMDIS.img I arrived at a system error and a dialogue asking me to either erase the data, or a factory restore; on the other hand with ERECOVERY_RAMDI.img it was installed alone? does it seem normal to you?
irony_delerium said:
1) Make sure you've got the stock firmware zip files. (I'm assuming you do.)
2) Extract UPDATE.APP from the main update.zip file (the big one).
3) Using Huawei Firmware Extractor on your desktop (search on XDA for it), load UPDATE.APP and extract the recovery ramdisk image. It's going to be "RECOVERY_RAMDIS" in that app as I recall.
4) Put the image into your phone's internal storage (MTP works, though I've never used it, I usually use adb: adb push RECOVERY_RAMDIS.img /sdcard)
5) Install Magisk Manager on your phone. You want the current release (18.1) at the very minimum. Canary builds also work
6) Select the Install button in the Magisk interface. Select "Patch boot image". In the file browser that comes up, select the image you just transferred in #4.
7) When Magisk finishes, pull the image back to your PC (adb: adb pull /sdcard/Download/patched_boot.img)
8) Reboot to the bootloader and flash (fastboot flash recovery_ramdisk patched_boot.img)
9) Reboot to recovery (fastboot reboot, pull the USB cable and hold volume up).
Click to expand...
Click to collapse
Hello
If you wouldn't mind confirming a few things from your post, as I'm trying to do this.
Is the sole purpose of extracting the big file to extract the recovery_ramdis ? You don't mention if anything is done with the big file.
The ADB commands didn't work for me, (error: push requires an argument).
But, I sent the recovery_ramdis via magisk manager, and it worked, then advised me that it put the image in /storage/emulated/0/Download/patched_boot.img but I can't find that location.
OK, edit ... I found the file and flashed it, rebooted into recovery and I get the message software installation failed.
I've had a whole lot of failures, phone won't root despite magisk giving no errors, dload won't work, superSU won't work.
Update .... root decided to work out the blue so I tried EMUI flasher and it looked like it was going to work ... but failed the update at about 10%.
Update - Bricked.