I'm trying to root the brand new model with MediaTek processor (Z300M) but nothing has worked so far. Any suggestions?
I'm surprised there is no root for this ?? I'd love to get rid of all the ASUS bloatware??
any luck?
for any mt8163 devices anywhere?
Damn, hoped by now there would be something... oh well... back to the cave.
Asus ZenPad 10 Z300M (P00C) Android 6.0
Has Anyone had any luck finding a way to unlock the bootloader on a Z300M (P00C) (marshmallow 6.0, Android security patch level 1 December 2016)
I'm trying to root it so I can change the ROM on it to the new Android 7.1 . I've been reading all the post in hear about it, Tried all the intel stuff (no joy) KingRoot doesn't work, Won't pay OneClick.. Came across some dodgy webpage with a program called Autoroot tools V3.0 Which wants you to install some software first before it lets you download the program....... very suspect.. so no. Back to square one No Unlocked Bootloader, no root....... can anyone help ?
You may find this useful ..
https://forum.xda-developers.com/an...d-10-z300c-t3214802/post65188654#post65188654
Asus have released their bootloader unlock tool, it may be somewhere to start. I'd suggest you check the support section of the asus website for the Z300M. I've downloaded, installed and tried to run however it failed. I've updated the tablet to android 7.0 and made no other modifications, tried on the home WiFi and hotspot through my phone. Failing them two I attempted to reflash 7.0 in the hopes that would help... The tablet doesn't pick up the files. Possibly because it isn't so much an update?
Either way I've become stuck on this whole situation too. It's quite a pain and I don't have the knowledge to start from scratch, I'm not even sure where to start.
Guys, I'm pretty sure you don't need to unlock the bootloader to flash anything to that tablet. The Z300M and the Z380M are basically the same tablet, just with a different screen size. I've had a fully working TWRP custom recovery posted for the Z380M since April. There's also a version of Mediatek Smartphone Flash Tool that lets you flash it without any bootloader unlock. So here's what you need to do, in a nutshell, to build and flash a custom recovery for the Z300M:
Make a scatter file for this device. The partition layout may be the same as the Z380M, in which case you can just use mine (just change the project name). If not, you can build one from the GPT by reading off the first 4 or 5 sectors from the flash ROM with Flash Tool's readback function and converting the LBA addresses to byte addresses.
Take my recovery source code and import the compiled kernel from the Z300M.
Change TWRP's theme layout (e.g. to landscape mode).
Change the model/device names to ones corresponding to the stock names.
Compile and flash it with SP Flash Tool
I'll be glad to help build the scatter file, etc. Just PM me the GPT.
Removed all information due to the wrong process being used.
Related
I've seen a lot of questions about the unlock/root possibilities with new Blu R1 HD and I thought I'd post my experience with the phone last week / post a guide to follow what I did.
My wife's phone broke and had to be sent in to the manufacturer for repairs which could take up to two weeks after they receive it. I have a Blu R1 HD I bought in August last year that I installed the non-Prime OS on and thought that might be a good way to go, so we decided to get a Blu R1 HD and FreedomPop service to give her something to use in the meantime (her phone was a Nexus 5X on google fi so we couldn't just put her current SIM in it). I was a little concerned at first about whether or not it could be unlocked and converted to a non-Prime version but decided to give it a try anyway.
Fortunately, the phone I received was version 7.4 .2. From what I have gathered, if your version is any higher than 7.4.2 you can't do anything. Along those lines I did made sure to not let it update and did the minimum required to get to where I could enable developer settings / ADB, etc.
The end goal was to install the non-Prime OS. In order to do that, you have to have the preloader that can use SPFT so rolling back the preloader was where I started.
The directions for rolling back the preloader are at: https://forum.xda-developers.com/r1-hd/how-to/r1hd-update-6-6-bootloader-roll-t3491096
In order for the roll-back procedure to work you have to have the bootloader unlocked and a custom recovery installed, so it's off to another page for that (the link is on the preloader rollback page as well): https://forum.xda-developers.com/r1-hd/how-to/unlock-tool-t3561333
The instructions are pretty clear and the tool is great, so I just followed the steps listed to bootloader unlock and install TWRP.
With the bootloader unlocked and TWRP installed you are ready to roll back the preloader. Once again, the tool provided is great so just follow the directions. I will say though that both this and the previous tool require some input on occasion for when the phone is in a particular state, so mind your stray key-presses. If you mess up, just start over.
Now that the pre-loader is rolled back you can flash the non-Prime OS. The directions can be found at: https://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
This requires you to download some tools and will directly overwrite the flash to the non-Prime OS. Don't worry that it says you can't use it past 7.4.2; with the preloader rolled back it'll just overwrite the flash directly so the OS version you have installed doesn't matter.
Ironically, now that you've flashed the non-Prime OS you've lost the unlocked bootloader and TWRP because those sectors of the flash were overwritten. Luckily, the process for bootloader unlocking and installing TWRP is much easier on this OS. The instructions for this are at the same post as the one for flashing the non-Prime OS. Basically you just boot to fastboot, OEM unlock, and flash the recovery. You can root here too, if you'd like by following the included directions on the same post.
At this point I decided to do a little bit of debloating. These scripts are installed from recovery and instructions and files can be found here: https://forum.xda-developers.com/r1-hd/how-to/guide-ad-removal-debloat-block-ota-easy-t3429555
The whole process itself didn't take that long, but it did take a lot of searching and some courage to figure out and try the steps needed to do this.
I would also recommend making nandroid backups along the way and even make a system dump using SPFT before flashing the non-Prime OS. Instructions can be found here under "Dump Full ROM": https://forum.xda-developers.com/showthread.php?t=2540400
The next steps are to try to figure out what the most up-to-date version of the non-Prime OS is that I can safely install and to figure out how to do that. If anyone can point me in the right direction, that would be appreciated.
TLDR;
On 7.4.2:
https://forum.xda-developers.com/r1-hd/how-to/r1hd-update-6-6-bootloader-roll-t3491096:
Roll back preloader: https://forum.xda-developers.com/r1-hd/how-to/unlock-tool-t3561333 Unlock Install TWRP Roll back preloaderhttps://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
Install non-Prime OS: Unlock Install TWRP Roothttps://forum.xda-developers.com/r1-hd/how-to/guide-ad-removal-debloat-block-ota-easy-t3429555
Debloat
I'm not a developer and can't answer any difficult questions/problems you may have along the way but I'll help if I can.
James.ptrsn said:
I've seen a lot of questions about the unlock/root possibilities with new Blu R1 HD and I thought I'd post my experience with the phone last week / post a guide to follow what I did.
My wife's phone broke and had to be sent in to the manufacturer for repairs which could take up to two weeks after they receive it. I have a Blu R1 HD I bought in August last year that I installed the non-Prime OS on and thought that might be a good way to go, so we decided to get a Blu R1 HD and FreedomPop service to give her something to use in the meantime (her phone was a Nexus 5X on google fi so we couldn't just put her current SIM in it). I was a little concerned at first about whether or not it could be unlocked and converted to a non-Prime version but decided to give it a try anyway.
Fortunately, the phone I received was version 7.4 .2. From what I have gathered, if your version is any higher than 7.4.2 you can't do anything. Along those lines I did made sure to not let it update and did the minimum required to get to where I could enable developer settings / ADB, etc.
The end goal was to install the non-Prime OS. In order to do that, you have to have the preloader that can use SPFT so rolling back the preloader was where I started.
The directions for rolling back the preloader are at: https://forum.xda-developers.com/r1-hd/how-to/r1hd-update-6-6-bootloader-roll-t3491096
In order for the roll-back procedure to work you have to have the bootloader unlocked and a custom recovery installed, so it's off to another page for that (the link is on the preloader rollback page as well): https://forum.xda-developers.com/r1-hd/how-to/unlock-tool-t3561333
The instructions are pretty clear and the tool is great, so I just followed the steps listed to bootloader unlock and install TWRP.
With the bootloader unlocked and TWRP installed you are ready to roll back the preloader. Once again, the tool provided is great so just follow the directions. I will say though that both this and the previous tool require some input on occasion for when the phone is in a particular state, so mind your stray key-presses. If you mess up, just start over.
Now that the pre-loader is rolled back you can flash the non-Prime OS. The directions can be found at: https://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
This requires you to download some tools and will directly overwrite the flash to the non-Prime OS. Don't worry that it says you can't use it past 7.4.2; with the preloader rolled back it'll just overwrite the flash directly so the OS version you have installed doesn't matter.
Ironically, now that you've flashed the non-Prime OS you've lost the unlocked bootloader and TWRP because those sectors of the flash were overwritten. Luckily, the process for bootloader unlocking and installing TWRP is much easier on this OS. The instructions for this are at the same post as the one for flashing the non-Prime OS. Basically you just boot to fastboot, OEM unlock, and flash the recovery. You can root here too, if you'd like by following the included directions on the same post.
At this point I decided to do a little bit of debloating. These scripts are installed from recovery and instructions and files can be found here: https://forum.xda-developers.com/r1-hd/how-to/guide-ad-removal-debloat-block-ota-easy-t3429555
The whole process itself didn't take that long, but it did take a lot of searching and some courage to figure out and try the steps needed to do this.
I would also recommend making nandroid backups along the way and even make a system dump using SPFT before flashing the non-Prime OS. Instructions can be found here under "Dump Full ROM": https://forum.xda-developers.com/showthread.php?t=2540400
The next steps are to try to figure out what the most up-to-date version of the non-Prime OS is that I can safely install and to figure out how to do that. If anyone can point me in the right direction, that would be appreciated.
TLDR;
On 7.4.2:
https://forum.xda-developers.com/r1-hd/how-to/r1hd-update-6-6-bootloader-roll-t3491096:
Roll back preloader: https://forum.xda-developers.com/r1-hd/how-to/unlock-tool-t3561333 Unlock Install TWRP Roll back preloaderhttps://forum.xda-developers.com/r1-hd/how-to/guide-convert-to-prime-rollback-ota-t3432499
Install non-Prime OS: Unlock Install TWRP Roothttps://forum.xda-developers.com/r1-hd/how-to/guide-ad-removal-debloat-block-ota-easy-t3429555
Debloat
I'm not a developer and can't answer any difficult questions/problems you may have along the way but I'll help if I can.
Click to expand...
Click to collapse
Thanks for your input, but you have gone , kinda of the long way around.
The unlock tool you linked to has the preloader roll-back built in as one that extra options.
And also ocne you have twrp installed there is no need to use spft to convert to non-prime. Just flash a ROM with twrp.
And the debloat scripts are also in the tool, but are older than the ones directly in the thread you linked.
Mine was the Prime variant, rolled it back, rooted & TWRP installed, debloated all the BLU & Amazon apps, virtually running near pure Android 6.0 -
follow this link for details
https://forum.xda-developers.com/r1-hd/development/modified-8-3-stock-rom-t3602672
Subsequent to the released of the modified 8.4 ROM, I downloaded to the R1 HD, make a backup of the boot/system, etc. first (caution - remove mSD card if in use, as it will get reformatted and/or wiped, corrupted data, etc. ... reinstall after everyone is up & running again) - just follow basic steps.
Boot into TWRP, factory reset for a clean & fresh install, flash modified 8.4 rom, reboot - take a 10 minute break - setup & restore from Cloud as desired. Enjoy - no bloatware & security patches up to May 2017, etc. Apps will auto-update from Play Store, once everything settled down - power down, re-insert mSD card (where my MP4 & backup pictures, etc. are stored). Reboot & tweak/optimized one's own preferred settings like display, sound, etc. and have fun.
Battery life could be better, but 2 days+ of standby with light use, mostly on WiFi - Freedompop 4G/LTE sim in slot 1 and Project Fi data-only sim in slot 2 -
... one happy camper.
Update #1 (7/2/2017) for other end users - Gravity Box working nice w. Xposed for last 2 weeks. Viper4AndroidFX installed and running smooth as well.
What does non-prime get you over the de-ad versions of prime? Could be several steps shorter.
Links to the latest prime (de-ad) and non-prime are given by Letitride
Hello, thank you very much for reading, I hope you can help me. I need one or more files to be able to recover my phone: Samsung Galaxy S7 Active.
These are the files that I need:
prog_emmc_firehose_8996.mbn (.elf)
rawprogram0.xml
patch0.xml
I do not know if I would also need these:
MPRG8996.hex
rawprogram_unsparse.xml
I think these files are the same as prog_emmc_firehose_8996.mbn (.elf):
8996_msimage.mbn
MSM8996.mbn
How did I make a brick my phone? Installing the first official version:
SM-G891A_G891AUCU1APG7_ATT_Full_Repair_Frimware
Previously I used this version without any problem:
G891AUCS2API2_CL8737252_QB10881022_REV02_user_low_ship_MULTI_CERT
I wish someone could help me, I have read more than 50 pages, but I have not been able to solve the problem.
Please.
Can anybody help me?
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
yakine13 said:
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
Click to expand...
Click to collapse
I hope someone helps us.
HEY!
I found a way!!!
...for me:/
why you want this emmc_firehose_8996.mbn?
actually, i think that you don't need that file especially, it doesn't exist from where i've searched.
if it's to flash your phone all you need is odin and a flashable file of your phone firmware
i had a zuk z2 pro and was locked with frp when i wanted to setup custom rom AOSP 9.0.0 for example.
but i managed to unlock it by flashing a custom rom without gapps in the first place to no get locked out.
tell me how your phone is reacting, what do you have access to, and your initial step before brick
yakine13 said:
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
Click to expand...
Click to collapse
yakine13 said:
HEY!
I found a way!!!
...for me:/
why you want this emmc_firehose_8996.mbn?
actually, i think that you don't need that file especially, it doesn't exist from where i've searched.
if it's to flash your phone all you need is odin and a flashable file of your phone firmware
i had a zuk z2 pro and was locked with frp when i wanted to setup custom rom AOSP 9.0.0 for example.
but i managed to unlock it by flashing a custom rom without gapps in the first place to no get locked out.
tell me how your phone is reacting, what do you have access to, and your initial step before brick
Click to expand...
Click to collapse
Hello, sorry for my bad English. My phone is a Samsung Galaxy S7 Active (SM-G891A). I will try to explain what happened.
I had this version of Android 6 installed (via Odin) on the phone:
G891AUCS2API2_CL8737252_QB10881022_REV02_user_low_ship_MULTI_CERT
With that version my phone was fine, but then I tried to install the first version of Android 6 (official) via Odin:
SM-G891A_G891AUCU1APG7_ATT_Full_Repair_Frimware
When the installation was completed (Odin said the installation was successful), the phone never restarted. There is no way to turn it on with any combination of buttons, nor with a microSD with a debrick.img. A USB JIG has not worked for me either.
Windows detects my phone in Qualcomm 9008 mode. Odin does not detect it.
did you find a solution?
actually it look like to be a hard brick but as it's snapdragon 820 you can recover from it
I'm waiting for the day when noobs and half-noobs (no offense, all of us have been there) will start reading before writing and stop assuming that their 1st aid kit will revive a kitten ran over by a train.
It's okay not to know, but before writing a spam reply, just consider for a second that the user already tried your solution and is already a step ahead.
Listen guy, go to Halab Tech. They have certain firmwares for what you need, but they ask money.
Those type of firmwares have a prefix "DEBUG_EMERGENCY_DOWNLOAD_FA....'
In my case it's "DEBUG_EMERGENCY_DOWNLOAD_FA70_G955U1SQU6ASG1_CL12542406_QB24669289_REV00_user_mid_noship_MULTI_CERT.tgz"
As I consider that a bastard move (since they are selling Samsung's intellectual property as their own, stuff that should be public in the first place), I encourage you to share the files if you buy them, so that we can all use them and screw over these monopoly playing-intellectual property stealing bastards.
I'm now working on a recovery of my G955U1 (S8+ Qualcomm USA). I paid $25 for a god damn firmware and I'm gonna post it in next couple of days.
I'm personally having trouble of flashing the firmware (because not many flash tools support flashing .elf flash loaders), but I used one FRP tool (Octoplus FRP tool) to check the loader and it managed to send it, receive the "hello" packet, read partitions and erase the FRP partition (I assume it worked by the log), but I don't have a way to flash other partitions yet.
You people should have in mind one thing: even though certain devices have the same chipset, doesn't mean that you can use the same firehose flash loader, since manufacturers create different loaders for them and write their digital signatures into the chip (don't know is it hardwired or flashed), meaning that you cannot use Xiaomi's prog_ufs_firehose_8998_ddr.elf (just an example) to flash a Samsung device with MSM8992 chipset.
In fact, I think that each phone model and possibly even it's different firmware revisions have unique loaders, since I didn't manage to get a successful response from my G955U1 by sending G955U2 loader, and the loader which I managed to send is actually stated to be for G955U1U6 (U6 is the bootloader revision number, while U1 is the part of the model number).
Best of luck, contact me if you need help.
Im attempting to get info or at least start a thread on the possibility of ROOTING the (Walmart) ONN Surf 100005208 10.1"
It's a rebranding of the ONA19TB003. Same hardware, new name.
jordianz said:
Im attempting to get info or at least start a thread on the possibility of ROOTING the (Walmart) ONN Surf 100005208 10.1"
Click to expand...
Click to collapse
As @razredge stated, the Onn Surf 10.1 is merely a rebranding of its predecessor tablet. The Surf 10.1 can be rooted with or without TWRP. Follow the guides on rooting the previous Onn 10.1. Everything works exactly the same. TWRP is fully compatible as well.
can you share your stock firmware with me
no
the thing was a brick when i attempted the mod its a MT8768WA chipset not MT8163
Viva La Android said:
As @razredge stated, the Onn Surf 10.1 is merely a rebranding of its predecessor tablet. The Surf 10.1 can be rooted with or without TWRP. Follow the guides on rooting the previous Onn 10.1. Everything works exactly the same. TWRP is fully compatible as well.
Click to expand...
Click to collapse
KaosKreationz said:
the thing was a brick when i attempted the mod its a MT8768WA chipset not MT8163
Click to expand...
Click to collapse
Regardless of chipset platforms, both Onn 10.1" tablet variants can be rooted using the same TWRP and the same root method, and without TWRP by fastboot flashing a Magisk patched boot image.
Viva La Android said:
Regardless of chipset platforms, both Onn 10.1" tablet variants can be rooted using the same TWRP and the same root method, and without TWRP by fastboot flashing a Magisk patched boot image.
Click to expand...
Click to collapse
I keep reading it can’t and I do not want to brick this tablet so tell me exactly how to root it it’s the android 10 preloaded version.
---------- Post added at 08:37 PM ---------- Previous post was at 08:34 PM ----------
KaosKreationz said:
I keep reading it can’t and I do not want to brick this tablet so tell me exactly how to root it it’s the android 10 preloaded version.
Click to expand...
Click to collapse
Also how does one patch the image with magisk if the magisk software does not work on said tablet?
As well as how does one dump the images when so flash nor mt software doesn’t recognize the image.
KaosKreationz said:
I keep reading it can’t and I do not want to brick this tablet so tell me exactly how to root it it’s the android 10 preloaded version.
---------- Post added at 08:37 PM ---------- Previous post was at 08:34 PM ----------
Also how does one patch the image with magisk if the magisk software does not work on said tablet?
As well as how does one dump the images when so flash nor mt software doesn’t recognize the image.
Click to expand...
Click to collapse
Well, you just taught me something I wasn't aware of. I have not yet seen the Onn 10.1" variant with preloaded Android 10. My variant (Onn Surf 10.1, Model No. 100005208) came with Android 9 Pie. And I was able to root it using the TWRP build from my tablet's predecessor, which had the same chipset and also rah on Android 9 Pie. You seem to be referring to an entirely new variant that ships with Android 10. What is your exact model number and your current firmware build number? I'll see what I can find out.
Viva La Android said:
Well, you just taught me something I wasn't aware of. I have not yet seen the Onn 10.1" variant with preloaded Android 10. My variant (Onn Surf 10.1, Model No. 100005208) came with Android 9 Pie. And I was able to root it using the TWRP build from my tablet's predecessor, which had the same chipset and also rah on Android 9 Pie. You seem to be referring to an entirely new variant that ships with Android 10. What is your exact model number and your current firmware build number? I'll see what I can find out.
Click to expand...
Click to collapse
It just got a silent OTA update which I was trying to find in the saved directory but it went right to it and installed before i had a chance to pull it. ****ing thing has been a pain since i got it. trying to root and remove bloat bc its a decent setup and could run pretty fast if it were a clean android OS.
To answer your question it is the ONN 10003562 with MT8768WA Chipset ill update with the firmware one i fix the damn thing it bricked on me again while removing bloatware. this thing has some kinda tamper check or something. i get it starting to run really nice without root and then on reboot its a brick.
KaosKreationz said:
It just got a silent OTA update which I was trying to find in the saved directory but it went right to it and installed before i had a chance to pull it. ****ing thing has been a pain since i got it. trying to root and remove bloat bc its a decent setup and could run pretty fast if it were a clean android OS.
To answer your question it is the ONN 10003562 with MT8768WA Chipset ill update with the firmware one i fix the damn thing it bricked on me again while removing bloatware. this thing has some kinda tamper check or something. i get it starting to run really nice without root and then on reboot its a brick.
Click to expand...
Click to collapse
So you have yet another variant of the Onn 10.1" tablet. That's good to know. My 100005208 was merely a rebranding of its predecessor but it appears now that Onn has released yet another variant. Yeah, hold off on trying to root right now. Anything released with Android 10 out of the box uses the system-as-root (SAR) implementation. While Magisk does support SAR, the rooting process has changed up some. I'll see what I can dig up for you.
Viva La Android said:
So you have yet another variant of the Onn 10.1" tablet. That's good to know. My 100005208 was merely a rebranding of its predecessor but it appears now that Onn has released yet another variant. Yeah, hold off on trying to root right now. Anything released with Android 10 out of the box uses the system-as-root (SAR) implementation. While Magisk does support SAR, the rooting process has changed up some. I'll see what I can dig up for you.
Click to expand...
Click to collapse
ok thanks. the only thing I am able to really do is remove some bloatware. but even then it still runs like ****. I found some OTA's in one of the threads here and also its supposedly a stock from the box backup but the scatter doesnt match the chipset. I was hoping someone could inform me if there is a way to get an android ten backup of the older device and swap out keys or whatever the thing is checking for when it boots and flash it.
very limited with no real su so stuff wont work right when I delete certain bloatware. Also if anyone can inform as to how I can even pull my firmware and recover.img and boot.img etc. I have tried MTK device or whatever that software is as well as sp flashtool and nothing seems to read the device rom. can see the device but cant pull. its been so long since ive used or attempted to root an android device im out of practice.
KaosKreationz said:
ok thanks. the only thing I am able to really do is remove some bloatware. but even then it still runs like ****. I found some OTA's in one of the threads here and also its supposedly a stock from the box backup but the scatter doesnt match the chipset. I was hoping someone could inform me if there is a way to get an android ten backup of the older device and swap out keys or whatever the thing is checking for when it boots and flash it.
very limited with no real su so stuff wont work right when I delete certain bloatware. Also if anyone can inform as to how I can even pull my firmware and recover.img and boot.img etc. I have tried MTK device or whatever that software is as well as sp flashtool and nothing seems to read the device rom. can see the device but cant pull. its been so long since ive used or attempted to root an android device im out of practice.
Click to expand...
Click to collapse
Earlier, you mentioned a "silent OTA." Could you elaborate on that? Did the OTA install seamlessly, without rebooting to recovery? I'm wondering if your variant has A/B partitions.
Viva La Android said:
Earlier, you mentioned a "silent OTA." Could you elaborate on that? Did the OTA install seamlessly, without rebooting to recovery? I'm wondering if your variant has A/B partitions.
Click to expand...
Click to collapse
When I said silently I meant I was sitting at the computer with the tablet hooked up in adb mode and i walked away for maybe 3 minutes to relieve myself and upon returning the tablet was rebooting and installing an update. I swear I had the automatic updates in dev mode turned to off.
Here is what I gather from the device.
KaosKreationz said:
When I said silently I meant I was sitting at the computer with the tablet hooked up in adb mode and i walked away for maybe 3 minutes to relieve myself and upon returning the tablet was rebooting and installing an update. I swear I had the automatic updates in dev mode turned to off.
Here is what I gather from the device.
Click to expand...
Click to collapse
Thanks for the stats. Yeah it looks like you're fully Treble supported but non-A/B. Ok just to make sure I'm not missing something, sort of give me a simple outline on everything you've done from start until now. Did you mention your device was a brick when you got it, or did you brick it initially attempting to root? How did you recover from the brick? I'm assuming SP Flash Tool and I recall you mentioned something about a mismatched scatter file. I believe I have a root solution for you but I want to make sure I have my info correct. Thanks for helping me to help you. You seem to know your Android well.
It was a soft brick via adb removal of bloat ware it was able to be restored from factory settings..
I think I may almost have it but i'm to afraid of flashing the boot.img bc I did brick the first one I had via sp flash. The firmware someone added in this thread a bit back says 100003562 but the chipset is MT6765 not the MT8768WA. I was able to mod that boot.img with magisk but as I stated I'm to afraid to flash it I tried the fastboot boot magiskpatched.img command it seemed to read with no errors but it shutdown and then rebooted. soo im afraid it may cause a loop. Im trying now to figure out a way to remove the dm verity check but have had no success as of yet. if i could just pull my own roms Im sure I could get this to root with magisk maybe.
link to larger files https://drive.google.com/drive/folders/1-j0wj9d0FuLxvHdvW8CjYICp3-xV00cs?usp=sharing
I cant seem to get SP Flash to read the device scatter properly Im unable to pull roms with readback I think i have to set it up manually?
I have attached the screenshots, rom, magisk image created as well as the bug report from soft brick.
It would Be soo much easier if i could get the DM verity off and or pull my roms.
KaosKreationz said:
It would Be soo much easier if i could get the DM verity off and or pull my roms.
Click to expand...
Click to collapse
Ok as you probably know, your device has SAR (system-as-root) implementation, because it shipped with Android 10. It appears that you will need to install Magisk to recovery ramdisk, because your boot image contains no ramdisk. Magisk does support this, as you probably know. Go to this link and look under the heading "Magisk in Recovery"
https://topjohnwu.github.io/Magisk/install.html#magisk-in-recovery
My Moto G7 Play is SAR as well, and has no boot image ramdisk, so I have it rooted with Magisk installed to recovery. It's different indeed, but as of now, it's the only root solution for SAR devices with recovery ramdisk implementations like yours and mine. Magisk will actually "live" within the recovery partition and actually becomes hijacked by Magisk. As you will read in the link I sent, it is still possible to use recovery mode. You will need to get a stock recovery image from somebody with your variant who has pulled the image, or from a stock firmware package. In sum, you will be patching your recovery image, not your boot image. Accordingly, you will be flashing your /recovery partition to achieve root, not your /boot partition. As you know, as long as you are bootloader unlocked, you can flash the patched recovery image using fastboot. You will not need a TWRP for root. In the link I sent, also look for the previous heading "Patching Images." To test and make sure I'm 100% right on this, install the latest Magisk Manager app on your device and open the app. Look in the "Ramdisk" section. If it says NO, then I'm right and you must install Magisk to recovery as I've stated. If it says YES I'm wrong and you need to disregard this entire post.
But please let me know the status on things, and if you manage to get Magisk systemless root installed properly.
Anyone have a 100003562 boot.img or recovery.img for the MT8678WA
---------- Post added at 06:52 PM ---------- Previous post was at 06:45 PM ----------
I tried the recommended and it bricked I'm only able to use and now when the device boots it hangs at the logo screen or does anyone know Walmarts update software command.
Hello,
I’ve been browsing these forums endlessly in an effort to find an answer to my problem, however I feel like I am at my wit’s end so I am trying to find anyone that could help me here.
I have Samsung A5 (2016) with Android 7.0 and October 1, 2018 Security patch level.
I’m trying to flash an older version of 6.0 Android with an older Security update level, however I am facing the “SW REV CHECK FAIL ERROR” - from what I understand I cannot downgrade to a version that has lower security patch. Is there ANY way around this besides trying to flash 6.0 with newer security patch?
I’ve been browsing here a lot and found a few mentions of this being possible by unpacking the .tar.md5 file and removing all files ending with .bin and packing it up as .tar.md5 again, however my attempts at this have failed - Odin will still give me “Fail” and I will still get the same SW REV CHECK FAIL error. I’ve found a post saying that removing the .bin files from the .tar.md5 file that I want to flash and replacing them with newer .bin files should work as to trick the bootloader to think the version is the same as my current one and essentially leaving the newer version of bootloader still on my phone but with downgraded android version of a lower sec. patch. I’m a bit skeptical about this approach and I fear it will not work - I am afraid to try.
I have been trying to find an anwser for days - any help will be truly appreciated! ^^
Armageddon8 said:
Hello,
I’ve been browsing these forums endlessly in an effort to find an answer to my problem, however I feel like I am at my wit’s end so I am trying to find anyone that could help me here.
I have Samsung A5 (2016) with Android 7.0 and October 1, 2018 Security patch level.
I’m trying to flash an older version of 6.0 Android with an older Security update level, however I am facing the “SW REV CHECK FAIL ERROR” - from what I understand I cannot downgrade to a version that has lower security patch. Is there ANY way around this besides trying to flash 6.0 with newer security patch?
I’ve been browsing here a lot and found a few mentions of this being possible by unpacking the .tar.md5 file and removing all files ending with .bin and packing it up as .tar.md5 again, however my attempts at this have failed - Odin will still give me “Fail” and I will still get the same SW REV CHECK FAIL error. I’ve found a post saying that removing the .bin files from the .tar.md5 file that I want to flash and replacing them with newer .bin files should work as to trick the bootloader to think the version is the same as my current one and essentially leaving the newer version of bootloader still on my phone but with downgraded android version of a lower sec. patch. I’m a bit skeptical about this approach and I fear it will not work - I am afraid to try.
Is there any way to do this?
Click to expand...
Click to collapse
The fifth character from the right end of your firmware build number is the Binary version.
You are getting that failure error because the firmware that you are trying to flash has a Binary version that is lower than the Binary version of the firmware that you had on the device before you tried to downgrade it. You can not flash any firmware that has a lower Binary version, you can flash a firmware that has the exact same Binary version as what was already on the device or a higher Binary version. You can't go backwards, you can only stay where you are or go forward, but, if you go forward, you also can't go back to what you had before you went forward, and so on and so on....
Yes, you can try to swap the .bin files, but, that may not be the only things that need to be swapped or modified. You'd have to do some research for yourself and use a little trial and error.
Sent from my SM-S767VL using Tapatalk
Yeah I know about all that, apparently my bootloader is 7.
What I’m trying to do is to find a workaround for the “can’t go back to older version” roadblock.
I was hoping someone here might be experienced in this regard as to help me with the editing process. I’ve also heard that flashing custom ROM and then flashing the old version Android might work.
Anyone with any ideas? :/
Armageddon8 said:
Yeah I know about all that, apparently my bootloader is 7.
What I’m trying to do is to find a workaround for the “can’t go back to older version” roadblock.
I was hoping someone here might be experienced in this regard as to help me with the editing process. I’ve also heard that flashing custom ROM and then flashing the old version Android might work.
Anyone with any ideas? :/
Click to expand...
Click to collapse
Flashing a custom ROM then trying to flash the older version isnt going to work either because even though you would have a custom ROM installed, the bootloader that is blocking the downgrade is still there "under" the ROM.
As I stated, swapping files between the older version and the newer version "might" work. But, the problem is, there is no definitive guide that works for every user or every device. It is always a case by case scenario where the modifications required depend on but are not limited to exactly which device you are working with, what android versions are you working with, what bootloader versions you are working with and whatever other software security measures may be incorporated into your device.
As I said, on this subject, you will have to do your own research and use trial and error. In other words, you will have to try for yourself and experiment until you find something that works. There are no instructions or guides that any of us can specifically give you and say "do this" that will 100% work for you because results are different from one device to the next.
I realize that this doesn't help you as much as you would like it to, but, it is the reality whether you choose to accept it or not.
All I can say is do some searches for how to modify Samsung firmware in order to downgrade or how to modify Samsung firmware in general. Then it's a matter of using trial and error to find the right recipe of firmware parts to get a firmware that will successfully flash on your device. It isn't easy because it doesn't always come down to just the bootloader or its binary version, sometimes, the bootloader or the binary is also looking for(for example but not limited to) a modem, system and kernel that has the same binary version as the bootloader that is being flashed. No one can definitely say which parts you can or can't use together from the different firmware available for your device. This makes it very hard to help you to the extent that you are hoping for.
This website really functions by the user searching for answers and doing the work for themselves. We answer questions here, but we don't spoonfeed anyone, we don't hold anyone by the hand and lead them step by step nor will we do it "for" you. You must be willing to put the time and the work into it for yourself, after all, it is your goal to achieve, not ours.
Sent from my SM-S767VL using Tapatalk
I'm trying to resume the discussion about the possibility to build a custom ROM for ASUS Z500KL P00I - Asus Zenpad 3S 10 LTE. I'll put together all the stuff I found about this argument, in the hope to find a way to give some more life to this nice piece of hardware.
I actually can't think of a reason it couldn't smoothly stand last Android 10, except maybe for issues in driver versions.
Of course I own one of those and I'm willing to do help the development.
Unluckily so far I didn't find anything about a custom rom, apart for some rumors about rooting and unlocking.
BOOTLOADER:
In another post I found someone that claims that the bootloader can be unlocked with the asus unlock tools apk, but in the last firmware versions it sais "the package conflicts with an existing package by the same name" and the apk won't install.
I tried with the unlock tool for the Z500M and I can confirm it won't install.
In another post I found someone that says the Z500KL bootloader can be "fooled" to flash self signed packages using fastboot in this way:
Code:
fastboot getvar sofia_support
fastboot flash boot boot_patched.img
I think this bootloader can be unlocked somehow, or it is possibile to flash stuff in some way. I don't think the bootloader is the issue here.
Posts:
https://forum.xda-developers.com/showpost.php?p=76322038&postcount=15
https://forum.xda-developers.com/zenpad-10/how-to/root-asus-zenpad-z10-zt500kl-zenpad-3s-t4067617
https://forum.xda-developers.com/zenpad-10/help/custom-recovery-rooting-z500kl-p00i-t3796558
RECOVERY MODE:
Found some posts where someone says the Z500M TWRP can work also for the Z500KL, but found others that say that they are completely different hardware.
I tried installing the official TWRP APP, but it seem it don't have the package for any zenpad at all. I did then some searching, but can't seem to find a link to a modified version either.
Also, looking at the bootloader, it don't say anything about a recovery mode. There is just a "Factory reset" entry in the fastboot menu.
CUSTOM ROM:
I found at the asus site the sources of an earlier version.
I'm used to compiling linux kernel and programs, but don't have any experience in compiling this stuff, or using the configurations and drivers in these sources to compile a recent version of android.
If is there someone that has news on this front or that has experience and it's willing to help I'll put my device and time to do tests and stuff.
Thanks
I wish there were some roms and I knew how to build lineage is for this tablet.
I wouldn't try a Z500M binary on Z500KL or TKL, the Z500M is a MediaTek SOC and the Z500kl is a Qualcomm.
I think the first step is TWRP.
saq-xda said:
I wouldn't try a Z500M binary on Z500KL or TKL, the Z500M is a MediaTek SOC and the Z500kl is a Qualcomm.
I think the first step is TWRP.
Click to expand...
Click to collapse
Hi, thanks for the info!
Do you have any hint on how to get a working TWRP for the Z500KL?
_payne_ said:
Hi, thanks for the info!
Do you have any hint on how to get a working TWRP for the Z500KL?
Click to expand...
Click to collapse
Trying to get it figured out, not familiar enough with Android internals to know where to go yet. AFAIK there is a switch somewhere to set bootloader lock off, I have root but not sure where that variable is stored ("set" commands from ADB root shell are not working). After that is done it is probably a pretty standard TWRP build. Too bad as it looks like a pretty nice tablet.
Handicapped by not knowing much about Android, but think of three possible attack surfaces from a rooted device (which we have now):
(1) Hacking an Asus unlock tool to send the Z500KL information to Asus - might work, depends on how much checking they do at their end for serial validity or if the databases for serial/etc. numbers are separate for the different models or not. If they're all together and it is a simple lookup command on their end this might work. Also possibly snooping in on the connection from another Asus device and see if we could "spoof" it without the app. Note that this is based on the hypothesis that the app calls out to Asus for a unlock code, there are other ways it could work.
(2) If as has been hinted Asus merely removed the "OEM Unlock" toggle from the menus then going through a rooted tablet and setting "by hand" might work. Depends where the toggle is located and if the bootloader will still recognize it. Per https://android.stackexchange.com/q...ed-against-physical-tampering-in-google-pixel it appears to be stored in TEE (Trusty) or FRP on Pixels, and . From a rooted device if you know the calls we should (?) be able to call Trusty to set the flag, or if we know where it is in FRP set it there. A post on XDA here from Dr. Mario points at the physical efuse partition and suggests it can be adjusted if we have root (which we do now) - https://forum.xda-developers.com/t/asus-zenpad-z10-zt500kl-verizon.3494106/#post-69674114
(3) There are hints and signs that perhaps Asus' signing verification chain isn't watertight - see https://forum.xda-developers.com/t/...-z10-zt500kl-and-zenpad-3s-10-z500kl.4067617/ and https://forum.xda-developers.com/t/custom-rom-for-z500kl-p00i-zenpad-3s-10-lte.4184773/ (comment on self-signed loaders), as well as possibly looking at the "user settable root of trust" option at https://source.android.com/security/verifiedboot/device-state.
I know that I flashed the Z500KL bootloader to a ZT500kl and installed Magisk. Tablet boots but gives the Android-recommended user root of trust warning screen.
If you need a custom ROM you can dig here, and you can also download LineageOS 16 here
Looks like nothing has happened here in a while. Am hoping for an update though if some progress ahs been made. I can't even unlock the bootloader so far... never mind find a ROM that works on it!
The reason I'm here is, I now find that even the ASUS apps are no longer supported on Android 7 (not that I used the ASUS apps much), but still... I looked on the firmware page and was really saddened by the fact that the JP version (which I have) had only 4 months of support (ie date from first firmware and last firmware is only 4 months apart...). For the WW version, it was 6 months. This is really a complete joke... It's a real pity because the hardware is not bad at all, and it is one of the last 4:3 screen ratio tablets. It's terrible to think that this thing has not had even security updates for the last 5 years, so unless I can get a custom ROM on there, then I think I'm going to have to look elsewhere for something.