Database Users

[Q] psneuter outdated ?

Since more than a week i am the - nevertheless happy - owner of a N7 but still looking for a minimal way for rooting. It's my first tablet. I've run Linux 1994-99 (and revived my experience here and then) and am knowing, that the destination of the actual user (on one of several "virtual" terminals) isn't done by the OS but the user - after booting. Is this (last) booting step so deeply integrated into the downsized Linux Android, that there is no other way to get root access than to install a whole (modified) OS ?
There are still some init... files in /android (seen by "adb shell") - under Linux these files are controlling the boot process - and i'd like to read them but have not even read permissions. psneuter is the proposed tool here. "adb push" copied it, "chmod 777" apparently worked, but running psneuter (from adb shell in /data/local/tmp) resulted in:
Failed to set prot mask (Inappropriate ioctl for device)
Click to expand...
Click to collapse
I' not the only one meeting this error, but the answers on related questions of others meeting this have never been meeting the point. More searching on the net yielded this - incomplete and a bit cryptic - site: osvdb.org/74800 with:
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
Click to expand...
Click to collapse
and:
Solution: Upgrade to version 2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Click to expand...
Click to collapse
Accordingly psneuter is useless - dead at least since June 1, 2011. Is that true ?

If you want a minimal root look no further than here.
It runs an exploit to gain root privileges, and from there installs a setuid 'su' executable (and it's companion Android app). Other than that, the ROM is not replaced - it's full stock.
Having said that, folks that fool around with their new-found root privileges inevitably wedge their OS boot somehow... and then come crying in here for help.
The android recovery (which is really just a slimmed-down alternate boot ramdisk - think of it as an improved single-user mode) can be replaced with a custom version which is useful for making full backups to mitigate such disasters. It's a damn good idea, frankly.
Since the recovery boot image is just a binary blob, it can be saved and also overwritten from a root-privileged shell using "dd" (raw copy) with the correct (recovery) partition.
PS If you just want to "look" at some files rather than rooting, you can certainly download the factory images, unpack the boot images, etc. Linux is probably the preferred platform for doing that, although it is not mandatory ... just far easier.

"adb restore <mybak.ab>" is perfectly working for me. Indeed i had a mishap with the Google_Nexus_7_ToolKit_v5.0.0 and got my pad into the same status than backuped afterwards. There won't be any crying. I feel very comfortable with anything i've done in adb.
The hint to factory images might help - i'll check, where Google is providing the droid for download to PC via http or ftp.
Sitll i am curious about psneuter. There are so many recommendations for it by administrators seemingly knowing their stuff.
Thanks, 3Jane

3Jane said:
The hint to factory images might help - i'll check, where Google is providing the droid for download to PC via http or ftp.
Click to expand...
Click to collapse
I think you were asking, here it is anyway
https://developers.google.com/android/nexus/images
Get split_bootimage.pl from here, the ramdisk can be unpacked with a gunzip+cpio pipeline.
Also, you might find extract-ikconfig to be helpful if you want to compare kernel build configs without booting the kernels examined.
have fun

Indeed: Using the exploit of motochopper alone, i was able "to root" adb without any further installing.
Thus my first goal ("cat init.rc" in the adb shell) has been reached. Thanks again, 3Jane

[UNOFFICIAL][Guide] Update Original Shield Tablet to Android M (6.0)

Unofficial nVidia Shield Tablet (Original) Update to Android 6.0
| ROOT INCLUDED | Updated 1/21/16 |​
I take no credit for the development of this update other than this simplified guide. All of the development was from here mostly via the user 'fards' efforts, castrwilliam's found here, and Steel01 found here
THIS IS A MODIFICATION TO THE ORIGINAL SYSTEM PUT ON THE DEVICE BY NVIDIA. BY FOLLOWING THESE STEPS I ASSUME NO RESPONSIBILITY IF YOU BREAK YOUR DEVICE. THESE IMAGES ARE NOT FULLY TESTED. PROCEED AT YOUR OWN RISK KNOWING UNLOCKING THE BOOTLOADER VOIDS YOUR WARRANTY​
---------
Necessary Files
First, you'll need all of these files:
● https://drive.google.com/file/d/0B4WUjKii92l2bDl0UV9tS3BEbzA/view | This is the staging blob.
**************************************************(Pick ROOT method or non-root below)
● ***https://drive.google.com/file/d/0B4WUjKii92l2ZWROeFF6WTNaNFU/view | This is the rooted boot image (For use with Step 18 A)
OR
●***https://drive.google.com/file/d/0B4WUjKii92l2bHByWi1kaXZtWm8/view | This is the non-rooted boot image (For use with Step 18 B)
**************************************************(Ensure you follow the corresponding steps as addressed above)
● https://www.androidfilehost.com/?fid=24345424848487676 | This is the experimental TWRP for the Shield Tablet.
● https://www.androidfilehost.com/?fid=24345424848488107 | This is the reduced System Image file compatible with the original Shield Tablet.
---------
Installation Steps
Now begins the fun part, you will need to issue the following commands in order:
Step 1: You will need Fastboot drivers and be in a Fastboot permissible state on your Shield Tablet (Power button + Volume Down).
Step 2: Be in the directory you placed the files you downloaded (IE: "cd \users"username"\downloads")
Step 3: You will need to flash the Staging Blob downloaded from above. In a Command Prompt (or corresponding Window) type "fastboot flash staging blob.img"
Step 4: Power down the device and power on the device (it will bootloop).
Step 5: Return to a Fastboot permissible state (the bootloader).
Step 6: Issue the command "Fastboot getvar all" and ensure you see the line "(bootloader) max-download-size: 0x06000000" If you do not see that line, you flashed the blob wrong... so try again.
Step 7: Issue the command "Fastboot format system"
Step 8: Issue the command "Fastboot erase recovery"
Step 9: Issue the command "Fastboot format cache"
Step 10: Issue the command "Fastboot flash boot boot.img (Use your BOOT.IMG name, unless it is actually named 'boot.img'")
Step 11: Issue the command "Fastboot flash recovery twrpXXXXXXXXXXX (Not actually the recovery name, use tab-complete)"
Step 12: Issue the command "Fastboot flash system reducedsystem.img"
Step 13: Reboot.
Step 14: Return to a Fastboot permissible state.
Step 15: Issue the command "Fastboot format userdata"
Step 16: Reboot @terrigan (happy? )
Step 17: Wait for a long time at the "nVidia" logo.
Step 18: SEE LISTED OPTIONS BELOW
●STEP 18 A: Go through setup and in the Playstore install the app "phh's SuperUser"
OR
●STEP 18 B: Install SuperSU 2.65 BETA which can be downloaded https://download.chainfire.eu/752/SuperSU/BETA-SuperSU-v2.65-20151226141550.zip*FIXED
Step 19: Profit.
---------
Optional Stylus Support:
●The developer, fards, has also supplied us with the NVLauncher.apk which will give you the pop-up. That .apk is downloaded here: http://forum.xda-developers.com/attachment.php?attachmentid=3591547&d=1451326283
---------
Known Bugs
●Battery Drain (see fix)
---------
Battery Drain Fix
Thank you to @sockusminimus for finding this fix. What you need to do is be rooted and open a terminal emulator and issue these commands in order:
• su
• mount -o remount,rw /system
• chmod a-x /system/bin/logd
• Go wipe cache in TWRP
Utilizing this battery drain fix will break system logging.
---------
●A note for post-installation Android M end-users: DO NOT panic when the OS runs poorly. For the first several hours following install and use it will lag. This will subside, the ROM has a settling period. After the settling period, it SHOULD run smooth as stock OG shield 5.1.1
---------
Screenshots of OG Shield Tablet running Android M
●http://i.imgur.com/LtuQRyQ.jpg
●http://i.imgur.com/7hrLiOt.jpg
●http://i.imgur.com/aBKlixu.jpg
●http://i.imgur.com/yM02kD1.jpg

Nice - going to mess with this later and maybe get a 6.0 hybrid rom working.

Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?

Thanks for putting it together.
If you run out of drive allowance I'll zip it all up and stick it on Afh.
I really like this mm build, but there's a lot of things can be done to improve on what Nvidia have done with this.
I quite like their nearly aosp builds, but there's still some slowdowns on sdcard access to work with, I don't understand why they feel the need for a ramdisk.
Virtual memory settings are bad, possibly because of the ramdisk.
Mounting the sdcard as a dynamic extension to internal memory is a great idea, if internal memory wasn't filed first, which throws up errors.
If I get a chance I'll look in to these. But no promises.

gotbass said:
Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?
Click to expand...
Click to collapse
The ROM definitely needed settling time and was laggy for quite a while. But after I let all of the system apps update it runs very smoothly with expected battery life. So aside from the relatively complicated install, the experience is smoot.

fards said:
Thanks for putting it together.
If you run out of drive allowance I'll zip it all up and stick it on Afh.
I really like this mm build, but there's a lot of things can be done to improve on what Nvidia have done with this.
I quite like their nearly aosp builds, but there's still some slowdowns on sdcard access to work with, I don't understand why they feel the need for a ramdisk.
Virtual memory settings are bad, possibly because of the ramdisk.
Mounting the sdcard as a dynamic extension to internal memory is a great idea, if internal memory wasn't filed first, which throws up errors.
If I get a chance I'll look in to these. But no promises.
Click to expand...
Click to collapse
That sounds really great! If you would like some amendments to this or updated links.. Just let me know!

gotbass said:
Great work! Would you recommend it?
Stability and performance wise?
And is there not a chance we may get an OTA 6.0 for the original shield?
Click to expand...
Click to collapse
The OTA isn't expected until next year sometime.

IKOB3AST said:
The OTA isn't expected until next year sometime.
Click to expand...
Click to collapse
Thanks for your efforts.
Yeah the install looks like fun haha.

followed the steps and worked perfectly for me. now running android 6 on my og shield tablet

What about the killswitch?

hello, i have tried to flash that blob but the line you indicated on step 6, "(bootloader) max-download-size: 0x06000000", doesnt show up. any ideas?
C:\adb\platform-tools>fastboot getvar all
(bootloader) version-bootloader: 1.0
(bootloader) version-baseband: 2.0
(bootloader) version: 0.4
(bootloader) serialno:
(bootloader) mid: 001
(bootloader) product: ShieldTablet
(bootloader) secure: no
(bootloader) unlocked: yes
(bootloader) partition-size:bootloader: 0x0000000000600000
(bootloader) partition-type:bootloader: basic
(bootloader) partition-size:recovery: 0x0000000001000000
(bootloader) partition-type:recovery: basic
(bootloader) partition-size:boot: 0x0000000001000000
(bootloader) partition-type:boot: basic
(bootloader) partition-size:dtb: 0x0000000000400000
(bootloader) partition-type:dtb: basic
(bootloader) partition-size:system: 0x0000000050000000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:cache: 0x0000000040000000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:userdata: 0x0000000311600000
(bootloader) partition-type:userdata: ext4
all:
finished. total time: 0.137s
Update: I rebooted and went into a bootloop so something changed when i flashed it. I decided to go for it and everything installed perfect and im setting up 6.0 on og shield tablet.

Nailyouh said:
What about the killswitch?
Click to expand...
Click to collapse
Delete tegra-ota ?

fards said:
Delete tegra-ota ?
Click to expand...
Click to collapse
I mean is it possible that we wont recieve the switch due to updated Firmware ofc I will not try that hehe

Will this work on the LTE version?

Nailyouh said:
What about the killswitch?
Click to expand...
Click to collapse
Tested it on a pyrotab and the killswitch DID NOT activate!

aznmode said:
Will this work on the LTE version?
Click to expand...
Click to collapse
It does. I do not believe LTE will work though.

IKOB3AST said:
Tested it on a pyrotab and the killswitch DID NOT activate!
Click to expand...
Click to collapse
Thanks for being that brave haha I just have a pyrotab so I wont do it :b fear is stronger then being courios in this case :angel:

IKOB3AST said:
It does. I do not believe LTE will work though.
Click to expand...
Click to collapse
That's ok I don't use the LTE. Only reason I have the LTE version now is for the 32gb
Sent from my SM-N910T using Tapatalk

Thanx man! This seems intetesting. Is possible to revert to previous system configuration via nandroid backup twrp?
Sent from my LG-E975 using XDA Free mobile app

Paharsahath JG said:
Thanx man! This seems intetesting. Is possible to revert to previous system configuration via nandroid backup twrp?
Sent from my LG-E975 using XDA Free mobile app
Click to expand...
Click to collapse
No cuz u would backup the whole partition but u can use ie. Titanium backup for the appsettings and stuff works great IMO :good:

ASUS Zenpad Z10 (ZT500KL - Verizon)

I am wondering if there's a working temp root (or even perm root without bricking Android 6.0 OS) for this Verizon exclusive ASUS Zenpad z10, as I am now looking for a way to unlock the bootloader as most of unlock commands are intact in the bootloader itself - only "Allow OEM unlock" tab is missing, so I will have to extract the bootloader partition and system configuration partitions - the problem is root.
That way I can get started on putting TWRP after unlocking the bootloader.

Already tried temp root the manual way; running su in /data/local/tmp after giving it the correct permission. All I got was "1" in shell, basically along the line, "f*** you, I am not letting you run as root." Why temp root? I have to do it so I don't accidentally brick the tablet - all I want to do right now is to extract the vital partitions and examine every single of them to see if I can indeed get "Allow OEM Unlock" or some bootloader unlock approval commands so I can get ASUS ZenPad z10 unlocked. And there's absolutely NO ASUS update RAW file extractor tool to date.
Apparently it looks like ASUS and several other OEMs don't bother going the extra miles getting the bootloader locked down as tightly as Evil Moto, or worse, Samsung. They just simply remove "Allow OEM Unlock" tab and call it a day. (Beware, though, Qualcomm second stage bootloader varies so much among OEMs which is why I have to take a peek into the partition image and see what I can find.)

Although I'm of no help to you, I will be following this. I just picked up one of these today. There's simply not a lot of information out there.
Sent from my SM-N920V using XDA-Developers mobile app

Apparently, due to the way Android Marshmallow security system works, all I can do is wait (and probably trawl the forums, although I doubt it will happen unless I pull the kernel from the eMMC SSD which is technically a catch-22 situation, as I have to root before I can touch the kernel or even "Allow OEM Unlock" configuration file in some partition - a bit like chicken and egg paradox).
UNLESS there is a temporary root that works by abusing the Dirty Cow exploits, and allows me to pull the eMMC SSD partitions so I can look through the files contained within the pulled partitions.

Discovered that this tablet do have root detection system - it basically tattle to Verizon. Those bastards. Nevertheless, I would need to find a way to allow OEM unlocking (which I had gut feeling that it's there somewhere) without it getting all antsy.
The more I dig into it, the more I just want the bootloader itself to be unlocked. It never cease to amaze me how far Verizon will do anything to be so nosy.

Slightly off topic, but since you seem to be the only other person here who has this tablet... Have you attempted to figure out a simultaneous charge and data option? I've tried several different cables and adapters so far without much luck.
Sent from my SM-N920V using XDA-Developers mobile app

Good question, however I don't really have a computer with USB-C port, if you meant that (been considering doing a new computer build at some point which then I get better idea how this tablet function on USB-C doing general stuff via USB - it may be by the time this tablet is running CM 14.x, once we figure out how to unlock the bootloader, so it may be hard to say how it will function with stock ROM). On the other hand, regular USB is usually limited to 500 milliamps (1/4 that of bundled charger), so may not charge because of the current requirements that may have to be met within the power management firmware (meaning about 1 Amp - which many DIY PC motherboards now meet the minimum specifications).
However, the screen backlight consume the most juice so you may try turning off the screen after you have mounted the MTP drive (due to MTP security in Android - it will stay mounted after you plug it into computer and turn off the screen however), which then you may be able to charge it. It will take a while as there's a huge battery inside (7.8 Amp hour rating). You would have better luck with a computer that conforms to USB Power Delivery specifications (USB 3.x already support that - USB 3.x ports are usually blue, BTW, so it's kind of hard to miss).

Finally extracted the files from ASUS' Verizon ROM image - ZArchiver Pro apparently can read ASUS' RAW image file, much to my delight. Now, I will have to figure out how to treat the Qualcomm second-stage bootloader (aboot.img) and few other partition images as a disk drive so I can figure out how to enable OEM unlock so I can get this thing unlocked (and I will disassemble the Linux kernel - boot.img - and recovery toolkit - recovery.img - so I can get ball rolling).

Tried to unpack the boot.img and recovery.img - the boot unpacker failed with "Android boot magic not found". Oh well, I will try to keep at it.

Alright, I think it's because the kernel is compiled in ARM64 assembly codes (thus not really standard as far as most Linux kernel boot.img unpackers are concerned), so now I will try one that can and will touch 64-bit kernel image. Then keep on probing the entire recovery and boot images for potential clues to the OEM unlock configuration (and as well as system.img - one problem is, Linux refuse to touch the system.img even though it is evidently the EXT4 FS SSD image).

Anyone who know of decent multi-faceted disk image extractor (the ones that can touch the non-standard disk image, including boot.img and recovery.img which doesn't have the standard "ANDROID!" magic), let me know. I have been googling anywhere, and it's difficult to pull the vital files which I can look for important files. System image, however, may have to be analyzed for type of fuse file system (if it's not sparse file system, then it's definitely an odd SSD image).

Another ZenPad owner checking in. I had to go to asus's site to say this thing even is. The model number P00l is absolutely worthless.
Anyways I've ordered a laptop with native USB 3.0 so will poke around where I don't belong soon.
I absolutely hate this UI, who is to blame? Asus? Verizon?

Verizon. They usually make the call in firmware development (Can you say who locked the bootloader?) and yeah, they're famous for horrible stock firmware. Hence, I am figuring out how to unlock the bootloader just so we can get rid of garbage on the tablet. ZenUI is on ASUS though.
Nice hardware, bad software. That's kind of a shame. It will hurt even less when we get CyanogenMod 14.x operating system on it.
EDITED: the model number is zt500kl, not superfluous "P00l" - I had to figure it out, and GSM Arena had the model number (and bootloader apparently confirmed that).

Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).

Asus ZenPad ZT500KL
I just purchased this tablet yesterday. If you need me to test anything feel free to pm me.....
Thanks for working on this, if I can be of any help. do not hesitate to ask.
Dr. Mario said:
Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).
Click to expand...
Click to collapse

Due to a potential brick risk due to entering the wrong magic value, I'd rather that we have temporary root or shell root first so we can pull the soft efuse partition and some setting files from ASUS settings.apk / systemui.apk to figure out the FRP values just so we don't accidentally lock ourselves out or worse.
Once we find out what it is, we can go ahead and test that (kind of wish I have extra money to get a sacrificial tablet to take a jab at the bootloader, as Verizon love to make it risky).

Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.

Dr. Mario said:
Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.
Click to expand...
Click to collapse
I'm within my 14 day return period ...., send me a pm
Sent from my iPhone using Tapatalk

Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).

Dr. Mario said:
Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).
Click to expand...
Click to collapse
Sounds good. Didn't even know the tablet had a fingerprint reader ( home button)
Sent from my iPhone using Tapatalk

[GUIDE/TUTORIAL/HOWTO] HTC One M7 Stock to Android 11 / LineageOS 18.1

[GUIDE/TUTORIAL/HOWTO] HTC One M7 Stock to Android 11 / LineageOS 18.1
[GUIDE/TUTORIAL/HOWTO] HTC One M7 any version (m7, m7ul, m7spr, m7vzw) stock to Android 11 R / LineageOS 18.1
This detailed step-by-step guide helps you transform your HTC One M7 (any version) to a powerful one with Android 11.
Make sure you have the One M7 model, in Android, go to Settings > About phone and check the model.
CHANGELOG
v8. Upgrade to Android 11, improve readability, update pack
v7. Updated pack with MagiskManager 8.0.7 and Magisk 21.4
v6. Infos in case of Simlock
v5. Moved to Android 10 thanks to @tarkzim, updated pack with Magisk 20.4
v4. Moving to Android 9. I was wrong in v3 ;- Thx @tarkzim), good for all M7 versions
v3. Reverted back to Android 7.1. No stable ROM for Android 8 or 9 (and will never be)
v2. Tutorial updated for Android 8.1 Oreo, updated pack with TWRP 3.3.1-0
v1. Initial release
1) DOWNLOAD
- djibe HTC One M7 pack (44.3 Mo) v2 : http://bit.ly/djibe-onem7-v1
(includes HTC drivers, recovery TWRP 3.6.1_9-0 for all m7 by Xeno1, Magisk Root 23 adb & fastboot.exe).
Unzip the djibe folder from the zip on root folder of C: drive.
- ROM Unofficial Lineage OS 18.1 for M7: https://forum.xda-developers.com/t/rom-11-0-unofficial-m7-all-lineageos-18-1-stable.4454219/
Download latest build for M7 here: https://androidfilehost.com/?w=files&flid=334598&sort_by=date&sort_dir=DESC
+ BitGApps ARM 11 v1.4+: https://github.com/BiTGApps/BiTGApps-Release/releases/
+ Charge phone to 100 %
WARNING. This tutorial uses Microsoft Windows.
WARNING. Warranty is now void.
WARNING. Read carefully the sentences starting with ###.
2) BACKUP DATA AND INSTALL DRIVERS
Disable Antivirus.
Install drivers from my pack:
right click on HTCDriver.exe -> click on Run as administrator and continue the setup.
Then install HTC_BMP_USB_Driver_x64.msi (or *_x86 if you have a 32bits Windows edition).
### Install doesn't work ? Try these drivers for Win10 : https://htcusbdriver.com/download/htc-usb-driver-v4-02-0-001
Now go to my folder flash, and right click the adb 15seconds installer > Run as administrator.
During install, every time the command asks you a confirmation, enter Y and confirm with Enter.
Connect HTC One (while phone on) to PC, let drivers install.
In Windows explorer, HTC One should be available.
### If not make sure phone connection is in File transfer mode (see Android notifications).
Collect all personal photos, videos, etc ... and copy these on PC.
Use an app like Backupyourmobile to backup texts, contacts, etc.
Check that backup is located on microSD card.
Then copy the backup on your PC.
Disconnect phone.
### If your phone is Simlocked/carrier locked/Network locked, don't go further.
Visit official website of your network carrier (or call their support) to retrieve your desimlock code.
Ask them for details on how to remove simlock.
How do I know my phone is simlocked ? When you insert a SIM card from another operator, network is not accessible.
Only a stock ROM can remove simlock.
To go back from custom ROM to stock in 1 zipfile flash, follow this tutorial: https://tcg96.github.io/m7gurureset
3) UNLOCK BOOTLOADER
In Android, go to Settings > About > Software information > More.
Tap 7 times on Build number. It unlocks Developer options.
Go back to the About menu, you can see the new Developer options menu.
Tap on it, accept the warning.
Toggle on the USB debugging option.
Connect phone, a message appears on phone : Allow USB debugging?
check Always allow and confirm by tapping on OK.
Now, open a Windows command on my "flash" folder (hold Shift + right click on folder -> Open a windows command here).
### Then navigate to my flash folder (if it is on desktop) with this command :
Code:
cd /d C:\djibe\flash
Enter command :
Code:
adb devices
, confirm by pressing Enter.
Command returns :
Code:
List of devices attached
HT35****** device
### If no device is found, uninstall and reinstall properly the drivers while antivirus is off.
### Or start fresh on another PC.
Now type :
Code:
adb reboot bootloader
Authorize ADB commands on phone.
Phone restarts in Fastboot mode. Wait till phone screen is blank in fastboot mode.
Type :
Code:
fastboot devices
Command returns :
Code:
HT35**** fastboot
Type :
Code:
fastboot oem get_identifier_token
, confirm by pressing Enter.
Command returns multiple lines.
Select with your mouse all the lines from
Code:
<<<< Identifier Token Start >>>>
(included)
to the line
Code:
<<<<< Identifier token end >>>>>
(included).
Now on keyboard copy (Ctrl + C combo), then open Notepad.
In Notepad, paste those lines (Ctrl + V combo).
Now manually remove all the (bootloader) strings from each line.
Your notepad should now look like this :
<<<< Identifier Token Start >>>>
37A5DBF4FE5F0D9F4425E54AA91AFDBF
2A20E9C67C3BB4FAE60263F76BDEC6AC
847BF9FFB11DAEA4AB88AC8710435449
9BC12E93DF4C54FFE3D064C4C810C49A
2CDAF2E0CD3A164FED4A568CB0FD2AC6
C01AA991733D949C00987062D691DE91
8AA1C97CEBC3ACE83FECE75A1D03CE72
62414C7DC36A73AFCBF433E1EBE2EDC7
E272F73309632D3EF8C86E472B65E8EF
37E46B52FE3F94FC69D1854CA3DE6F48
C3E10001B233A70B1EAF35134F51FCC6
353E0CC98534E6E60A241A7063D0BE2F
A5B752E75C1C47E6F739BDBE67D024DA
3292A14278247557632639802722A86C
E61424F7666AE085AA9905096FEED1AD
5ECBBD867544E95ABDDA277690B8CB55
<<<<< Identifier Token End >>>>>
Now visit this website : https://www.htcdev.com/bootloader/
Register on the site. Confirm registration with your email.
In the select menu, chose HTC One (M7), click Begin unlock Bootloader button.
Agree to legal terms.
Next page, go to the bottom and click continue to step 5.
In the bottom of this page, in the lower textarea "My Device Identifier Token",
copy and paste the multiple lines you just edited (my example is just above).
Click Submit.
HTC tells you : Token Submitted Successfully.
Open your mailbox (associated to your HTC account).
Copy the Unlock_code.bin file attached to email in my "flash" folder you unzipped.
In Windows command, type :
Code:
fastboot flash unlocktoken Unlock_code.bin
, confirm with Enter.
Command should return :
Code:
unlock token check successfully
Back to phone, press Volume+ to select "Yes, unlock bootloader", then Power button to confirm flash.
Now wait while phone is going to Factory reset.
Don't let Android restart by holding both Power + Volume- to enter bootloader immediately.
FASTBOOT menu is overlined in red.
4) FLASH TWRP RECOVERY
Using the same Windows command prompt, enter :
Code:
fastboot devices
to make sure phone is still available.
Then
Code:
fastboot flash recovery twrp-3.6.1_9-0-m7univ.img
Command returns :
Code:
finished. total time: x.xxxxs
##€ If it fails, tries with a Windows Powershell shell.
Now on phone, press Volume- to select Bootloader, confirm with Power button.
You are back to the booloader screen (UNLOCKED is written on top line), press Volume- to navigate to RECOVERY, and confirm with Power button.
Phone reboots in TWRP recovery.
5) WIPE PARTITIONS
In TWRP, check Never show this screen and Swipe to Allow Modifications.
You land on TWRP Home screen.
Go to Wipe > Advanced wipe.
Select Dalvik, Cache, System, Data, Internal Storage then Swipe to Wipe, go back to Wipe menu.
6) FLASH ROM, GAPPS AND ROOT (OPTIONNAL)
We first have to get our zips on the phone.
Still on TWRP Home screen, tap on Mount > deselect all partitions except Data, then connect phone to PC.
In Windows Explorer, you can see MTP Device, copy the zips of ROM, GApps, Magisk + Magisk Manager right in the Internal Storage folder.
Tap on Disable MTP once copy is finished.
Then back to Home screen, tap on Install > choose lineage*.zip,
(if you don't see the files, tap on Select Storage and make sure Micro SDCard is active)
then Add more Zips -> Magisk*.zip,
then Add more Zips -> bitgapps*.zip,
then Swipe to confirm Flash.
Wait for operation to end (can be long).
When completed successfully, tap on Reboot.
Tap on Do not install when TWRP asks for the app install.
Wait during long first boot.
Setup Android.
7) You can use Backupyourmobile to restore data,
use GPS Status & Toolbox app to enhance GPS fix.
That's it.
Enjoy,
djibe
THANKS --------------
Teams of : TWRP, LineageOS team, tarkzim, zsoerenm, alray, ., Flyhalf205, icxj1, R1ghtC, gimmeitorilltell, All M7/MSM8960 contributors.

Just my 2 cents
Just my 2 cents if it can help
djibe89 said:
- a microSD card (FAT32 format). Copy the zips of ROM, GApps, addonsu and deviceid*.apk (both in my pack) on the root folder of microSD, then insert it in phone.
Click to expand...
Click to collapse
The M7 is not equipped with a mircoSD card slot, only a virtual /sdcard (symlink to /data/media/0) ... So they'll either have to adb sideload or adb push the files to internal memory which is pointless at this stage since it will be wiped during bootloader unlock. Or drag n drop the files using mtp from twrp once it's installed on the phone.
3 ) UNLOCK BOOTLOADER
[...]
Now wait while phone is going to Factory reset.
Setup Android again on next boot.
4 ) FLASH RECOVERY
Now re-enable USB debugging in Android.
Using the same Windows command prompt, type
Code:
adb reboot bootloader
again.
Click to expand...
Click to collapse
You could save a lot of time just force rebooting to bootloader (power + vol down) right after BL unlock/factory reset are completed so you don't have to setup the system you're going to wipe 2 steps later. USB debug anyway isn't required to fastboot flash recovery so it's not like booting back in system is mandatory before flashing recovery.
:good:

@alray : Thank you so much for help.
I'm lazy with baby waking up every night and did some awful copy-paste.
I correct all these right now.
Thanks.

I would highly recommend to use the official downloads of twrp, HTC drivers, roms and so on, you uploaded these files to your google drive and there is stuff in it nobody will ever need. And nobody knows if those files are in original condition. Strange thats the third time this year someone tries to get users to use their stuff (for a five years old device) there are already a lot of guides out there and several thousand people did it several thousand times without problems. Also you wrote that this would be official lineage but its unofficial, and for that there is already a thread here. The other two threads got deleted by mods because they tried to get users to use files from unknown suspects sources. Use android file host and maybe tell in los thread where those files are stored, whats the source and who made it.

saturday_night said:
I would highly recommend to use the official downloads of twrp, HTC drivers, roms and so on, you uploaded these files to your google drive and there is stuff in it nobody will ever need. And nobody knows if those files are in original condition. Strange thats the third time this year someone tries to get users to use their stuff (for a five years old device) there are already a lot of guides out there and several thousand people did it several thousand times without problems. Also you wrote that this would be official lineage but its unofficial, and for that there is already a thread here. The other two threads got deleted by mods because they tried to get users to use files from unknown suspects sources. Use android file host and maybe tell in los thread where those files are stored, whats the source and who made it.
Click to expand...
Click to collapse
Because you are a senior member you know where to download everything.
But everyone is not like you.
So I tried to compile a ready-to-go pack for the newcomers, like I did for many devices by know.
This allows noobs to profit from custom ROMs and don't keep it esoteric.
Like you say, many downloads are just hacks, so I tried to bundle lowest size safe files.

saturday_night said:
I would highly recommend to use the official downloads of twrp, HTC drivers, roms and so on, you uploaded these files to your google drive and there is stuff in it nobody will ever need. And nobody knows if those files are in original condition. Strange thats the third time this year someone tries to get users to use their stuff (for a five years old device) there are already a lot of guides out there and several thousand people did it several thousand times without problems. Also you wrote that this would be official lineage but its unofficial, and for that there is already a thread here. The other two threads got deleted by mods because they tried to get users to use files from unknown suspects sources. Use android file host and maybe tell in los thread where those files are stored, whats the source and who made it.
Click to expand...
Click to collapse
For the official LOS ROM, tell LOS to store official builds. As they don't do it anymore, we must rely on personnal builds.
A lot of guides out there ? Made extensive search for cracking this phone, never found a step by step one.
Five year old device ? Still so good once unleashed. Custom ROMs are for these devices isn't it ?

@djibe89 Might be useful to point out in your opening post that the 20180420 build has DT2W enabled, but I'd like feedback from people with a functional battery if it makes their device reboot or not, similar to issues reported in the original kernel thread. I suspect my battery is on its way out. The 20180416 build is completely stock upstream LineageOS, no DT2W.
Thanks for the credit .

.:B:. said:
@djibe89 Might be useful to point out in your opening post that the 20180420 build has DT2W enabled, but I'd like feedback from people with a functional battery if it makes their device reboot or not, similar to issues reported in the original kernel thread. I suspect my battery is on its way out. The 20180416 build is completely stock upstream LineageOS, no DT2W.
Thanks for the credit .
Click to expand...
Click to collapse
Thanks for your explanations.

Any trouble following this tutorial guys ? How to enhence it ?

802D device supported?

M.Z.F said:
802D device supported?
Click to expand...
Click to collapse
Hi, no idea, does your model has another model name/code ?

djibe89 said:
Hi, no idea, does your model has another model name/code ?
Click to expand...
Click to collapse
Model name & code like?
PRI Version= 4.22_001
PRL Version = 10012

Getting this message: Updater process ended with ERROR: 7 Error installing zip file '/sdcard/lineage-14.1-20180520-UNOFFICIAL-m7.zip'
any help would be appreciated, thank you

I have tried all the custom roms mentioned above i.e. lineage os , Xenonhd and slim7. But non of them installed. It always shows error either this is not for your device , this device is cdwg or unable to mount. Please give me a link for custom rom for my device that is htc one 802d cdwg

Rafay106 said:
I have tried all the custom roms mentioned above i.e. lineage os , Xenonhd and slim7. But non of them installed. It always shows error either this is not for your device , this device is cdwg or unable to mount. Please give me a link for custom rom for my device that is htc one 802d cdwg
Click to expand...
Click to collapse
All the custom roms mentioned above are NOT for your phone variant.There were almost no development for the 802 branch at the peak of it's popularity and I didn't see anything new for this variant in the past 2 years or so. I wouldn't expect a 7.1 roms for this variant...
Maybe you'll have better luck searching on Asian forums

skovatov said:
Getting this message: Updater process ended with ERROR: 7 Error installing zip file '/sdcard/lineage-14.1-20180520-UNOFFICIAL-m7.zip'
any help would be appreciated, thank you
Click to expand...
Click to collapse
Here you have answer:
https://forum.xda-developers.com/showthread.php?t=2522762
---------- Post added at 05:30 PM ---------- Previous post was at 05:20 PM ----------
Hi.
After installing Android 7.1 Google Pay stop working on my phone. I have torn on NFC communication but terminal don't read my card from app. I don't turn on access to root. Any aidia how to solve this issue?

I have an M7 that I would like to update Android on however the above is a bit over my head. I have seen other sites and video showing this to only take a few minutes and not requiring a PC. Am I missing something? I just don't quite understand the process of it all.

Bazooka said:
I have an M7 that I would like to update Android on however the above is a bit over my head. I have seen other sites and video showing this to only take a few minutes and not requiring a PC. Am I missing something? I just don't quite understand the process of it all.
Click to expand...
Click to collapse
Flashing without a PC can be done but not recommended. If something goes wrong (and thrust me, it happens pretty often) you'll be stuck with a bootlooping phone.
The guide at post #1 is all you need, what part exactly do you have problem understanding?

alray said:
Flashing without a PC can be done but not recommended. If something goes wrong (and thrust me, it happens pretty often) you'll be stuck with a bootlooping phone.
The guide at post #1 is all you need, what part exactly do you have problem understanding?
Click to expand...
Click to collapse
Thanks for that. I tried to go through it nice and slow making sure I understood each step. I got to where I needed to open a command window on the "flash" folder to which I must have powershell(?) installed as it gave me that option. After inputting 'adb devices' it listed a device but stated it was offline. This is where I am stuck as the steps after this do not work.

drivers win10
Hi, I have a basic ask. Do you know where to get Win 10 drivers? I can't run the installer HTCDriver_4.2.0.001 on my Windows 10 (version 1803).
It gives me the error: The driver installer is not supported for your operating system. Thanks for your help.

[UNLOCK][ROOT][TWRP][UNBRICK][DOWNGRADE] Fire 7 (ford and austin).

Read this whole guide before starting.
This is for the 5th gen Fire and 7th gen Fire
Current Version
5th gen: amonet-ford-v1.4.1.zip
7th gen: amonet-austin-v1.4.1.zip
What you need:
A Linux installation or live-system
A micro-USB cable
If your Fire is on a newer preloader-version (or a 7th gen) you may also need:
Something conductive (paperclip, tweezers etc)
Something to open the tablet.
There is an alternative for opening the tablet (only 5th gen), which is described below.
Install python3, PySerial, adb and fastboot. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
If you're lucky and have an old preloader (Up to FireOS 5.3.2, thanks @MontysEvilTwin), you can just hold the left volume button while plugging the device in.
If you're on a newer preloader, there are two options:
Open the device and short the pin marked in the attached photo to ground while plugging in.
(Only 5th gen) Downgrade to 5.0.1 firmware via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
NOTE: Using option two will brick your device until you have successfully finished the process.
1. Extract the attached zip-file "amonet-ford-v1.4.1.zip" (use "amonet-austin-v1.4.1.zip" for 7th gen) and open a terminal in that directory.
2. start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
3. If you have an old preloader or used option 2 above:
Hold the left volume-button and plug the device in.
If you chose option 1, short the device according to the attached photo and plug it in.
NOTE: Make sure the device is powered off, before plugging it in.
NOTE: If you have issues getting a 7th gen into bootrom, read this post by @hwmod
NOTE: For hints, how to access the pins on a 7th gen without removing the shield, check Post 1075 by @shelleyfrank
NOTE:
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
8. Wait for the device to reboot into TWRP.
9. Use TWRP to flash custom ROM, Magisk or SuperSU
To return back to stock, Go into hacked fastboot-mode, then run
Code:
sudo ./stock-recovery.sh
Your device should reboot into amazon recovery. Use adb sideload to install stock image from there.
NOTE:
Only ever flash boot/recovery images using TWRP, if you use FlashFire or other methods that are not aware of the exploit,
your device will likely not boot anymore (unless you flashed a signed image).
TWRP will patch recovery/boot-images on the fly.
NOTE:
fastboot-step flashes the 5.6.3 boot.img, if your device hangs at the orange fire logo, try wiping cache first.
If that doesn't help, your system is probably incompatible with that image, just flash the right boot.img via TWRP.
NOTE:
This process does not disable OTA or does any other modifications to your system.
You will have to do that according to the other guides in this forum.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Thanks also to @ANDROID2468 and @bibikalka for testing things.
Thanks to @mateo121212 and @hwmod for debugging 7th gen.
Thanks to @MontysEvilTwin for figuring out volume-button access works up to FireOS 5.3.2, and for figuring out that 5.3.2 PL/TZ fix prime video.

Features.
Uses 5.3.2 Preloader/TZ for easy access to bootrom (using left volume button/only 5th gen)
Uses 5.6.3 LK for full compatibility with newer kernels.
Hacked fastboot mode lets you use all fastboot commands (flash etc).
Boots custom/unsigned kernel-images (need to be patched)
Sets androidboot.unlocked_kernel=true (enables adb root-shell)
For the devs: sets printk.disable_uart=0 (enables debug-output over UART).
NOTE: Hacked fastboot can be reached via TWRP.
NOTE: Hacked fastboot won't patch your boot/recovery-images, so you can easily go back to stock.
Use TWRP for autopatching.

Version 1.4 (25.03.2019)
Update TWRP to twrp-9.0 sources
Implement downgrade-protection for LK/PL/TZ
Add scripts to enter fastboot/recovery in case of bootloop
Automatically restore boot-patch when you boot into recovery
Version 1.3 (20.03.2019)
Fix Prime Video for ford (5th gen), thanks @MontysEvilTwin (See Post #537 for more info).
Version 1.2.1 (17.02.2019)
Fix bug in 7th gen.
16.02.2019
Now also unlock for the 7th gen
Version 1.2 (14.02.2019)
Updated TWRP to contain new microloader..
Added TWRP shell command reboot-amonet to reboot into hacked fastboot.
Version 1.1 (14.02.2019):
Fixed bug, caused when flashing large images via hacked fastboot.
Include stock recovery.img and script to flash back.
Source Code:
https://github.com/chaosmaster/amonet
https://github.com/chaosmaster/android_bootable_recovery

Nice job.

Anyone who wants to update to the latest FW without undoing the unlock you can get it here
I'm also releasing a customized fire os that I'm calling "fire os revamped" ( comes with nova launcher and other enhancements) it will be on xda soon
edit: here it is.
Sent from my VS986 using XDA Labs

So I can do this without opening it up if I'm on a newer version?
---------- Post added at 06:44 PM ---------- Previous post was at 06:34 PM ----------
So my 5.1.1 Fire, which I believe was originally on 5.0.1 worked.
---------- Post added at 06:51 PM ---------- Previous post was at 06:44 PM ----------
I mean it worked without having to brick or open it up.

k4y0z said:
Read this whole guide before starting.
...
Click to expand...
Click to collapse
@k4y0z awesome work ! My congratulations again for the great achievement and implementation.
Your solution is letting users revive their "bricks" and make them free to use their gadget as they wishes.
There is still some quirk I have on the 7th Gen tablets with the "microloader" code, though it works well
with the 5th Gen, so I am assuming that something can be improved on the 7th Gen and maybe in general.
Your work opens up to new ROMS and other possible use of the tablet for things I have been dreaming about
for long time, having Linux load from µSDCard, from SSD on OTG or from the network (BOOTP/DHCP/NFS ... ).
I know this will take some time and effort but now more than ever I feel the target objective is on sight.
The first thing would be rebuild a completely modular kernel, maybe a more recent one (4.x).
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
...
Click to expand...
Click to collapse
In all Linux OS the correct way for a normal user to gain read/write access to the serial ports (UARTs) is to make himself a member of the "dialup" group.
You can do this by issuing once the following command (two alternatives given here, use only one):
Code:
sudo adduser MY_USER_NAME dialout
or
Code:
usermod -a -G dialout MY_USER_NAME
This avoids using "sudo" and having to type password several times to gain permission to access the serial device,
it also solved many issues I was having due to multiple concurrent access to the Serial Ports and/or USB Ports from
various software and devices (Bluetooth, Camera, Phones, Digital Signing, Crypto Cards, Prolific/FTDI serial converters ... ).
And this is another suggestion for those continuously testing phones and tablets ...
To avoid trashing the tablet connectors due to continuous connect/disconnect of the USB cables I highly recommend
using the following type of USB Multiport Hub with power switches or similar (there are both USB 2.0 and USB 3.0 versions)
they are inexpensive and really unique in its type having an on/off switch for every port effectively help to avoid damaging connectors.
Have a good hacking night. :good:
.:HWMOD:.
---------- Post added at 02:34 AM ---------- Previous post was at 02:17 AM ----------
Pix12 said:
So I can do this without opening it up if I'm on a newer version?
---------- Post added at 06:44 PM ---------- Previous post was at 06:34 PM ----------
So my 5.1.1 Fire, which I believe was originally on 5.0.1 worked.
---------- Post added at 06:51 PM ---------- Previous post was at 06:44 PM ----------
I mean it worked without having to brick or open it up.
Click to expand...
Click to collapse
This is the proof that it was possible to make the hack available to a bigger group of users.
Another big achievement obtained by the awesome @k4y0z though in my tests this is not
always possible yet, more testing will probably reveal the reason and let's improve on that.
This is especially annoying on the 7th Gen tablets but I keep hoping a simpler way would help there.
Disconnecting the battery does the difference at times and that means just removing two small screws.
.:HWMOD:.

k4y0z said:
Read this whole guide before starting.
This is for the 5th gen Fire.
It can also be used to root a 7th gen, but there are some differences.
It's best you wait for a separate guide how to use this to root your 7th gen.
:
:
Very special thanks to @xyz' for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Thanks also to @[email protected] and @bibikalka for testing things.
Click to expand...
Click to collapse
Outstanding contribution. Clear, concise and relevant to a broad community with appropriate acknowledgements. This is what XDA is all about.

hwmod said:
@k4y0z
There is still some quirk I have on the 7th Gen tablets with the "microloader" code, though it works well
with the 5th Gen, so I am assuming that something can be improved on the 7th Gen and maybe in general.
Click to expand...
Click to collapse
What quirks other than the non-functional screen?
Have you tested what I suggested in the other thread?
In all Linux OS the correct way for a normal user to gain read/write access to the serial ports (UARTs) is to make himself a member of the "dialup" group.
Click to expand...
Click to collapse
That would be the "correct" way of course, I just assumed people where using live-systems, so sudo seems like the easier solution.

k4y0z said:
What quirks other than the non-functional screen?
Have you tested what I suggested in the other thread?
That would be the "correct" way of course, I just assumed people where using live-systems, so sudo seems like the easier solution.
Click to expand...
Click to collapse
Yes I tried to use the file "boot.7th.patched.img" you shared and the UART but the tablet doesn't boot up,
it crashes as soon as the "microloader.bin" is executed, the logs says something like "undefined, aborting"
instead of printing the heading "microloader by xyz. Copyright 2019" as it does with the 5th Gen.
It doesn't print the message "Something went horribly wrong!" that the code print if an error is detected.
It seems the error has to do with a wrong load address, after the error the processor registers are dumped.
Two things I noticed the first shouldn't be a problem but all the image wrappers contains a residual
from the mt8163 platform, the parameters "bootopt=64S3,32N2,32N2". It is present also in "microloader.bin".
I understand that probably it doesn't do anything bad on our Fire mt8127 platform but removing these would
also ensure that possible behaviours are also removed and we don't have that "cmdline" parameter hanging
around without a precise scope.
The second thing is that it seems to me the "boot.7th.patched.img" you shared and asked me to try doesn't
come from version 5.6.3 of the firmware and that may be another point which might break the loading
process and the version mismatches I am seeing on the 7th Gen.
So we don''t have a native "preloader" for the 7th Gen that allow booting images as we have for the 5th Gen so
we are forced to use the one we have from 5th Gen but the we have no matching secondary loader and that
might be another reason we are having a hard time replicating the process that run smoothly on the 5th Gen.
However, even on the 7th we have gained "root" by using the "SuperSu" and also the TWRP seems to be working
well and following that path also the touch screen problems do not show up and everything run natively correct.
Now, what's happen when we face the update route is still unknown, however we will soon learn that since this
evening my 5th Gen downloaded as much as 18 components that needed to be updated on 5.6.3.
I captured them all and have saved the 18 pieces, all are "apk" files, no ".zip" and no ".bin" files.
I am going to download the update version you released today and the patched TWRP and
tomorrow I will restart testing everything again and will let you know if something changes and if there are
further improvements for the 7th Gen.
One request I have is: where can I put more kernel "cmdline" parameters as you did with "printk_disable_uart=0" ?
That's all for now, thank you again for the nice surprises !
.:HWMOD:.

hwmod said:
Yes I tried to use the file "boot.7th.patched.img" you shared and the UART but the tablet doesn't boot up,
it crashes as soon as the "microloader.bin" is executed, the logs says something like "undefined, aborting"
instead of printing the heading "microloader by xyz. Copyright 2019" as it does with the 5th Gen.
It doesn't print the message "Something went horribly wrong!" that the code print if an error is detected.
It seems the error has to do with a wrong load address, after the error the processor registers are dumped.
Click to expand...
Click to collapse
Ok that shouldn't happen, it should at least get further than that.
You are testing it with the 5th gen preloader/lk correct?
Maybe I messed something up creating the image.
I have attached a new one from the 7th 5.6.3 firmware.
Please use the new version 1.1 of the package I just updated a few minutes ago.
(It uses different addressing).
hwmod said:
Two things I noticed the first shouldn't be a problem but all the image wrappers contains a residual
from the mt8163 platform, the parameters "bootopt=64S3,32N2,32N2". It is present also in "microloader.bin".
I understand that probably it doesn't do anything bad on our Fire mt8127 platform but removing these would
also ensure that possible behaviours are also removed and we don't have that "cmdline" parameter hanging
around without a precise scope.
Click to expand...
Click to collapse
I don't think that will cause any issues, the kernel should at least load and print something to UART.
It's not even loading the microloader correctly. (which should work, since it works for TWRP)
hwmod said:
One request I have is: where can I put more kernel "cmdline" parameters as you did with "printk_disable_uart=0" ?
Click to expand...
Click to collapse
I will have to think about that, the flags would need to be stored somewhere.
Sadly the 5.6.3 bootloader doesn't suppoert "oem append-cmdline" anymore.

k4y0z said:
Ok that shouldn't happen, it should at least get further than that.
You are testing it with the 5th gen preloader/lk correct?
Maybe I messed something up creating the image.
I have attached a new one from the 7th 5.6.3 firmware.
Please use the new version 1.1 of the package I just updated a few minutes ago.
(It uses different addressing).
I don't think that will cause any issues, the kernel should at least load and print something to UART.
It's not even loading the microloader correctly. (which should work, since it works for TWRP)
I will have to think about that, the flags would need to be stored somewhere.
Sadly the 5.6.3 bootloader doesn't suppoert "oem append-cmdline" anymore.
Click to expand...
Click to collapse
What about "fastboot --cmdline" that is in the help of newer version ?
I have never been able to use that. Can that be made to work in some way ?

hwmod said:
What about "fastboot --cmdline" that is in the help of newer version ?
I have never been able to use that. Can that be made to work in some way ?
Click to expand...
Click to collapse
I haven't tried, my fastboot doesn't support this option.
If the 5.6.3 LK supports it, it should work in hacked fastboot mode.

k4y0z said:
I haven't tried, my fastboot doesn't support this option.
If the 5.6.3 LK supports it, it should work in hacked fastboot mode.
Click to expand...
Click to collapse
Here it is !
Taken from Fedora 29 should work on any recent Linux.
See the line I have made in bold in the included help output here.
Seems to indicate that "fastboot" will pass the "cmdline" parameter,
obviously it needs to be implemented in the target platform though.
Code:
# fastboot --help
usage: fastboot [OPTION...] COMMAND...
flashing:
update ZIP Flash all partitions from an update.zip package.
flashall Flash all partitions from $ANDROID_PRODUCT_OUT.
On A/B devices, flashed slot is set as active.
Secondary images may be flashed to inactive slot.
flash PARTITION [FILENAME] Flash given partition, using the image from
$ANDROID_PRODUCT_OUT if no filename is given.
basics:
devices [-l] List devices in bootloader (-l: with device paths).
getvar NAME Display given bootloader variable.
reboot [bootloader] Reboot device.
locking/unlocking:
flashing lock|unlock Lock/unlock partitions for flashing
flashing lock_critical|unlock_critical
Lock/unlock 'critical' bootloader partitions.
flashing get_unlock_ability
Check whether unlocking is allowed (1) or not(0).
advanced:
erase PARTITION Erase a flash partition.
format[:FS_TYPE[:SIZE]] PARTITION
Format a flash partition.
set_active SLOT Set the active slot.
oem [COMMAND...] Execute OEM-specific command.
boot image:
boot KERNEL [RAMDISK [SECOND]]
Download and boot kernel from RAM.
flash:raw PARTITION KERNEL [RAMDISK [SECOND]]
Create boot image and flash it.
[B] --cmdline CMDLINE Override kernel command line.[/B]
--base ADDRESS Set kernel base address (default: 0x10000000).
--kernel-offset Set kernel offset (default: 0x00008000).
--ramdisk-offset Set ramdisk offset (default: 0x01000000).
--tags-offset Set tags offset (default: 0x00000100).
--page-size BYTES Set flash page size (default: 2048).
--header-version VERSION Set boot image header version.
--os-version MAJOR[.MINOR[.PATCH]]
Set boot image OS version (default: 0.0.0).
--os-patch-level YYYY-MM-DD
Set boot image OS security patch level.
Android Things:
stage IN_FILE Sends given file to stage for the next command.
get_staged OUT_FILE Writes data staged by the last command to a file.
options:
-w Wipe userdata.
-s SERIAL Specify a USB device.
-s tcp|udp:HOST[:PORT] Specify a network device.
-S SIZE[K|M|G] Break into sparse files no larger than SIZE.
--slot SLOT Use SLOT; 'all' for both slots, 'other' for
non-current slot (default: current active slot).
--set-active[=SLOT] Sets the active slot before rebooting.
--skip-secondary Don't flash secondary slots in flashall/update.
--skip-reboot Don't reboot device after flashing.
--disable-verity Sets disable-verity when flashing vbmeta.
--disable-verification Sets disable-verification when flashing vbmeta.
--wipe-and-use-fbe Enable file-based encryption, wiping userdata.
--unbuffered Don't buffer input or output.
--verbose, -v Verbose output.
--version Display version.
--help, -h Show this message.
.:HWMOD:.

hwmod said:
Here it is !
Taken from Fedora 29 should work on any recent Linux.
See the line I have made in bold in the included help output here.
Seems to indicate that "fastboot" will pass the "cmdline" parameter,
obviously it needs to be implemented in the target platform though.
Click to expand...
Click to collapse
Just noticed in mine there is
-c <cmdline> Override kernel commandline.
Click to expand...
Click to collapse
I don't think it's supported by LK.
I suppose you could just rebuild a kernel-image with the appropriate cmdline.

k4y0z said:
Just noticed in mine there is
I don't think it's supported by LK.
I suppose you could just rebuild a kernel-image with the appropriate cmdline.
Click to expand...
Click to collapse
Yes that was another form of of passing the same arguments in a previous version of "fastboot".
I am keeping a collection of "fastboot" version and by looking to the "lk" binaries I see there are
still a lot of referrals string related to "cmdline" handling.
If there is a way to still pass some parameter it might be feasible to inject some on the "cmdline".
Another thing I have been exploring is the MISC partition which contains the ENV variable of "lk".
There is a parameter written in the "lk" environment which reside in that MISC partition which is
"off-mode-charge=1", that parameter is followed by a simple CRC sum of the bytes of the string.
I thought that maybe by writing more parameters in MISC it would result to a parameter injection
but I didn't have the success I hoped, maybe I didn't test well enough or failed something, anyway
that MISC partition is almost empty and maybe it can be used too as extra persistent memory should
we need to save something bigger than a couple of kilobytes.
Have fun !
.:HWMOD:.

~

k4y0z said:
If you're on a newer preloader, there are two options:
Open the device and short the pin marked in the attached photo to ground while plugging in.
Downgrade to 5.0.1 firmware via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
Thanks also to @[email protected]
Click to expand...
Click to collapse
Wasn't exactly clear on this, so on the 7th gen we can sideload the 5.0.1 firmware (bricking the device) then we're able to enter boot-rom and are able to continue with the rest of the the steps?

Rortiz2 said:
@hwmod finally I rooted the fire 7 7th gen! Thanks to @mateo121212 !
Click to expand...
Click to collapse
with the new files k4y0z posted i am working on streamlining the process to make a simpler method for the 7th gen. also the SU 2.82 sr5 edits the .sh file that rebuilds the recovery. thats why some people lose there recovery even if they flash both system and boot from same FW.
.

~