Related
Originally i ported PRIMEv1.4 by Roach2010, an honeycomb 3.1 rom from Asus to Iconia A500..Its now a more Acer specific rom based on acer drivers and software but with 3.1 features. We are still waiting for the kernel source, so limits of a stock kernel apply, which is one, using the new feature PS3 controller joypad's. Until source is out, these functions are missing.
You can also follow updates on Twitter now: Dexter Picard (DexterPicard) on Twitter or
me a Red bull, and you're sure i stay up working on this mod or you can visit my new homepage at Dexter's mods
Kernel source of "angel" is found here
BRIEF HOWTO
Download AcerRecoveryInstaller from Market or from apps section of A500 here. or use the old solution from this post .
Boot into ClockWorkRecovery (POWER ON + VOL-) and do a full backup.
put PRIMEE v1.4 zip on your sdcard and install using ClockWorkRecovery
NEW USERS - do a factory reset (WIPE) in ClockWorkMod when installing for the first time.
What does this rom offer
99% of all the new 3.1 features including;
Google Video (i think it was 3.1 only)
Google Books (i think it was 3.1 only)
Google VideoEditor
Asus Book Reader
Enhanced exchange support
Faster Browser
resizable widgets (new launcher 3.1)
multilanguage
enhanced task manager
added filesystem tweaks (kernel 2.6.36.3 features)
added 3G Huawei dongle support
added international keyboard layout support
SIP supported & SMS supported
enhanced network driver
root'd + superuser.apk included
DLNA support
Latest updates (P8-patch3)
[*] 2.6.36.4 kernel with CIFS/NFS/3G support. Optional OC upto 1700Mhz.
[*] Now with PS3 controller support
[*] A Splashtop HD fix here in this attachment
[*] Asus book reader app fix.
added SMS functionality with 3G, and enable SIP phone over wifi function, use SMS app from Market(handcent sms) with mobile part.
rearranged boot image parameters a little.
Media scanner both see internal & external directories now perfectly.
disabled adb at bootup, so Internal storage shows on windows ( through Portable devices - A500)
GoogleVideos app added (tested and working from USA)
Changed boot.img, so "am,install" etc works from adb again.
Added AcerSync (Request)
Replaced Asus Camera with Acer Camera (Request)
changes to mounted ext4 filesystems (small optimization)
Wifi fix added for EU users to build.prop "ro.wifi.country=EU"
Full fix for storage locations: Now its simple /mnt/sdcard , /mnt/external_sd , /mnt/usb_storage
bootanimation update .. Thanks to boggio95
Dock station + remote controller fix
LetsGolf included in full image , i just had to
Settings -> Battery stats is now included
[Bugs confirmed]
rotation lock key does not work (it serves no function in Asus firmware)
Don't mess with! (NOW YOU ARE WARNED!)
Disabling Phone+TelephonyProvider can cause unstable OS, settings crash, tablet freeze etc..
Removing apps from system folder can cause bootloop's
[PRIMEE_p8-3.zip] (patch goes on top of above existing full p8 image)
MD5: 4a48c21b4dc6cbfd6d074105318c88c4
[PRIMEE_acerA500-p8.zip]
MD5: 4efd9fcfdbe918c8ac696467a05a0ae7
See post #2 for installation and all other guides
You do all this and you take the risk. But remember if you got the CWM working, you should be safe and you can run itsmagic from CWM if you are in doubt. I take no responsibilites if you damage or brick your device. But if you do think its bricked, and you get checksum errors both at boot and recovery, sc2k might be able to help if you saved your UID number.
The GUIDES!!
INSTALL RECOVERY.IMG with ITSMAGIC (proceed at your own risk) Recommended is to follow original guide
Alternatively, a new easy installer solution for adding the new recovery.img see AcerRecoveryInstaller from Market.
0. Please read the guide below to get your UID ( see How to get the USB serial number for more info)
1. Extract the recovery.zip and copy the contents, recovery.img, to your a500. normally /data/local is a sure location to write it to.
2. so copy using adb like this
adb push recovery.img /data/local
adb push itsmagic /data/local
3. open adb shell
4. execute commands
su -
chmod 755 /data/local/itsmagic
/data/local/itsmagic
5. if the itsmagic works, you see the "done" information etc... BUT if its not working, don't do the commands below...try and figure out why its not working.
6. IMPORTANT - if all is ok, continue with the commands to remove any chance of corrupting recovery.
mount -orw,remount /system
rm /system/etc/install-recovery.sh
(this command can fail ie. not found (its ok if it does))
mount -oro,remount /system
6a. Next these commands below will install the new recovery.
cat /dev/block/mmcblk0p1 >/data/local/oldrecovery.img
chmod 777 /data/local/oldrecovery.img
cat /data/local/recovery.img >/dev/block/mmcblk0p1
/data/local/itsmagic
sync
Copy the /data/local/oldrecovery.img to your pc.
Execute this command on your pc.
adb pull /data/local/oldrecovery.img oldrecovery.img
1. with adb you can restore the "oldrecovery.img" like this
adb push oldrecovery.img /data/local
adb push itsmagic /data/local
2. open adb shell
3. execute commands
su -
chmod 755 /data/local/itsmagic
/data/local/itsmagic
5. confirm itsmagic works.
6 if all is ok, continue with the commands
cat /data/local/oldrecovery.img >/dev/block/mmcblk0p1
/data/local/itsmagic
sync
INSTALL CUSTOMROM GUIDE (proceed at your own risk)
make sure you validate the MD5SUM of the rom zipfile if possible for you, to ensure file is ok, or manually extract content on pc/mac/windows to verify zipfile is ok.
copy the PRIMEEv14_acerA500.zip to your sdcard, if md5sum / zip file is ok.
run the recovery (POWER off tablet.. then press and hold POWER button and hold VOL- until text in upper left corner appear and stop pressing VOL-)
use ClockWorkMod as normal (assumed is you tried cwm before) and wipe data/cache areas.
install zip file sdcard, and select the PRIMEEv14_acerA500.zip, and chose YES to install.
wait for installation to finish, and then choose reboot now
the zip file contains itsmagic and will execute at finish, so a reboot should run fine and boot your new custom rom.
How to get the USB serial number:
1. Connect Iconia to your PC
2.a Linux
call lsusb -v
read the value of iSerial for Iconia
2.b Windows
- Open Device manager
- Goto Properties of Android USB Devices->Acer Composite ADB Interface
- Goto "Details" Tab
- Select "Parent" from the property selection.
- Read the value. It looks like this:
USB\VID_0502&PID_3325\370014740c00594
- The number after the last "/" is the UID.
2.c Windows (alternative method)
Download this tool (download link is nearly at the end of the page):
- Open the tool
- Sort after VendorID
- Check all devices with VendorID = 0502 and ProductID = 3325 . There is also a "Serial Number" column.
Backup all of your partitions on your iconia A500
Connect Iconia to your PC or open a terminal on your tablet. make sure you got a sdcard inserted to with at least 1GB free space
if you are on stock rom, location of sdcard is /mnt/external_sd , if you are already on 3.1 its /data/Removable/MicroSD, put that into first step below, where i wrote you should.
so execute the commands below, and you got a full backup of your device..Remember to execute the "itsmagic" command, if you restore this backup.
BACKUP COMMANDS
export SDCARD=[YOUR SDCARD LOCATION] (ie. SDCARD=/mnt/external_sd)
cat /dev/block/mmcblk0p1 >$SDCARD/mybackup_mmcblk0p1
cat /dev/block/mmcblk0p2 >$SDCARD/mybackup_mmcblk0p2
cat /dev/block/mmcblk0p3 >$SDCARD/mybackup_mmcblk0p3
cat /dev/block/mmcblk0p5 >$SDCARD/mybackup_mmcblk0p5
cat /dev/block/mmcblk0p6 >$SDCARD/mybackup_mmcblk0p6
cat /dev/block/mmcblk0p7 >$SDCARD/mybackup_mmcblk0p7
RESTORING FILES
If you want to restore the files, open the CWM recovery you installed and log in with adb.
make sure all partitions are unmounted. execute the commands in the adb here.
make a copy of the "itsmagic" application to your sdcard location as well.
RESTORE COMMANDS
mount /sdcard
export SDCARD=/sdcard
cat $SDCARD/mmcblk0p1 >/dev/block/mmcblk0p1
cat $SDCARD/mmcblk0p2 >/dev/block/mmcblk0p2
cat $SDCARD/mmcblk0p3 >/dev/block/mmcblk0p3
cat $SDCARD/mmcblk0p5 >/dev/block/mmcblk0p5
cat $SDCARD/mmcblk0p6 >/dev/block/mmcblk0p6
cat $SDCARD/mmcblk0p7 >/dev/block/mmcblk0p7
mount /system
copy $SDCARD/itsmagic /system/bin/
chmod 755 /system/bin/itsmagic
/system/bin/itsmagic
Wow! very prompt progress to custom rom. Thanks dexter!
Is that the recovery you included the CWM?
Can I understand that the recovery.img should be flashed using itsmagic method. After that, we get a custom recovery (CWM) to restore your update.zip.
And your update.zip will not contain anything that would alter the kernel such that you will not run itsmagic again in your update.zip. Am I correct? Thanks.
ardatdat said:
And your update.zip will not contain anything that would alter the kernel such that you will not run itsmagic again in your update.zip. Am I correct? Thanks.
Click to expand...
Click to collapse
my update.zip WILL install a custom boot.img , as HC3.1 uses a different boot, so its unavoidable..
but i have included itsmagic in the zip, and when the "system" is unpacked, it leaves it unmounted until itsmagic has run, so the libraries are available to execute the application which is done at the end in the updater-script.
I have tested it and it works and installs the new boot with this recovery.img (this image got busybox in /sbin which is important)
sorry, little tech, but required to explain how i did it.
So exciting cant wait to try this out tomorrow
Oh YEAH! Was still hoping for this coz customROMs came to other devices with locked bootloader too!
Now its here!
Will definetly try this when i have time this afternoon
OMG so greaaaaat, thanks pal!!!
edit: downloading
dexter, can you make a guide for newbie to install this rom ? or may be any one?
Working great so far. Quite stable.
interqd said:
dexter, can you make a guide for newbie to install this rom ? or may be any one?
Click to expand...
Click to collapse
Soon, i will do even better.. ill dig up an old application used on FlipOut to install a recovery.. this app will then install the recovery.img and run the "itsmagic" application. but that for later.
but here is my way of seeing it simple, if you can use adb and a shell in a rooted a500.
See post #1 for the GUIDE(s)
Dexter_nlb said:
Soon, i will do even better.. ill dig up an old application used on FlipOut to install a recovery.. this app will then install the recovery.img and run the "itsmagic" application. but that for later.
but here is my way of seeing it simple, if you can use adb and a shell in a rooted a500.
See post #1 for the GUIDE(s)
Click to expand...
Click to collapse
I got a itsmagic: not found
when I try to execute :S i dont understand why, is there a permission to be set or something?
on itsmagic post just say "call itsmagic" but bunno what this mean its a command? just #itsmagic?
thanks in advance
EDIT:
I think this need to be posted on OP
2. so copy using adb like this
adb push recovery.img /data/local
adb push itsmagic /data/local
3. open adb shell
4. execute commands
cd /data/local
su -
chmod 755 itsmagic
./itsmagic
Click to expand...
Click to collapse
Alejandrissimo said:
I got a itsmagic: not found
Click to expand...
Click to collapse
thanks.. i updated post #1.
Boot perfectly!!!! thanks a TON for your work!!!!
btw, this recovery its 100% functional? for custom.zip files and stuff?
Can root explorer and terminal emulator be used to execute the above commands from the device or is adb the only option?
Sent from my A500 using XDA Premium App
bochocinco23 said:
Can root explorer and terminal emulator be used to execute the above commands from the device or is adb the only option?
Sent from my A500 using XDA Premium App
Click to expand...
Click to collapse
I think yes, you can use terminal emulator
Any impressions so far?
huxflux2003 said:
Any impressions so far?
Click to expand...
Click to collapse
marvelous just want to figureout how play videos everything else its a lot of smooth (youtube HD works)
It plays YouTube videos fine...
Alejandrissimo said:
marvelous just want to figureout how play videos everything else its a lot of smooth
Click to expand...
Click to collapse
what about install moboplayer?
even 3rd party cant play videos?
and, does usb host is functioning?
keyboard, mouse, gamepad, hdd, td, etc
3.1 should have them to run by default right ?
Language support
Hi, does your ROM supports all languages like Android 3.1, or did you remove e.g. Czech language?
Anyway, sounds great, I will try it today.
MoFo - Image Modification Methods
I have been helping people with other devices to make rooted ext4 images for their devices using @btdownloads7's method here:
http://forum.xda-developers.com/showpost.php?p=60389310&postcount=177
Works great. If they have the system images as sparse chunks, you can use @tal.aloni's SparseConverter.exe found here:
http://forum.xda-developers.com/showthread.php?t=2749797
to make an ext4 single image system.img but you have to use a hex editor to remove the header and the footer following tal.aloni's instructions in the thread, which I summarized here:
http://forum.xda-developers.com/showpost.php?p=61130622&postcount=41
Then you can use btdownloads7's method above to root it.
The problem is that for some devices like the XT1058 there was only the fxz available as a single file system.img, which is not an ext4 file. I don't know how to convert it to an ext4 image but I have an unlocked XT1060 and at least for the XT1058 what I found I could do was flash the XT1058 system.img to my XT1060 using mfastboot, then boot into recovery and go to Mount and check System. Then from an adb shell run the mount command. That told me where the system image was. On the XT1060 it was /dev/block/mmcblk0p38. Then from the adb shell I ran the command:
dd if=dev/block/mmcblk0p38 of=/sdcard/new_image.img
where if = input file, of = output file and dd is a command that copies the data in the input file to the output file.
Then I exited the adb shell and ran the command
adb pull /sdcard/new_image.img
to get the new_image.img on my computer. new_image.img is an ext4 file that you can flash using mfastboot if your bootloader is unlocked or mofo.exe if your bootloader is locked.
Since my XT1060's bootloader is unlocked and the XT1058 image boots on the XT1060, I could mod the XT1058 image while running android - install Xposed, busy box, etc. - then boot into recovery and run the commands above. I am sure I can also install a custom ROM in TWRP and then pull the image. The point being that for the XT1058 and the non-Dev Ed XT1060's,, which have locked bootloaders, I can modify the images using this method. My XT1060 won't work as a phone running an XT1058 image, but I can use wifi to connect to the playstore to download apps and then install them.
So, I was hoping that this would work the same for the XT1095 and our XT1096 devices. I can boot the Pure Edition XT1095 ext4 image fine on my XT1096 after flashing it with mofo.exe (although it won't make calls) so I think the XT1096 image would run on the XT1095. If someone has an XT1095, they should be able to make a nandroid of their sytem, do all of that above, add in whatever we want to the XT1096 image while running it, then boot into recovery, do the steps above and pull it as an ext4 file using adb, then restore their phone using the nandroid.
To summarize the method:
1) Make a nandroid of XT1095;
2) Use mfastboot to flash XT1096 system.img to XT1095;
3) Boot into TWRP recovery, wipe cache and data partitions, adb push SuperSU zip to /sdcard, install SuperSU zip and then boot into system;
4) Enable USB Debugging, add in Xposed, CFLumen, etc. while running Android and reboot as necessary;
5) Boot into Recovery;
6) Open an adb shell and type the command mount to determine where /system is in /dev/block;
7) Run the command dd if=dev/block/correctplace of=/sdcard/new_image.img, where correctplace is wherever /system is in /dev/block;
8) Exit adb shell and run command adb pull /sdcard/new_image.img; and
9) Restore the XT1095 to its previous state using the nandroid backup.
new_image.img would be an XT1096 rooted ext4 mofo.exe flashable file with Xposed, CFLumen, etc. baked in. In step #1, I would also copy the nandroid to my computer so that I would have a backup copy in case anything strange happened. It shouldn't but it is always better to be safe.
Note that my qe converts to 2/1 when I flash a different model's image but it returns to 1/1 once I reflash an XT1096 image.
How To Make an Ext4 Image from a Single File System.img
Requires an Android device of the same model as the system.img is for with an unlocked bootloader and TWRP installed as the custom recovery.
1) Flash the system.img using mfastboot;
2) Boot into TWRP, start an adb shell and run the command mount - note what folder /system is in /dev/block;
3) From the adb shell run the command:
dd if=dev/block/correctplace of=/sdcard/new_image.img
where correctplace is the folder you noted in Step #2.
4) Exit the adb shell and run the command
adb pull /sdcard/new_image.img
to get the new_image.img onto your computer. new_image.img is an ext4 file that you can flash using mfastboot if your bootloader is unlocked or mofo.exe if your bootloader is locked.
How To Make an Ext4 Image From Sparse Chunks
If you have the sparse chunks for your model - i.e., system.img_sparsechunk1, etc. - then you can use SparseConverter.exe to make a single file ext4 system.img that is flashable by mfastboot and mofo.exe:
http://forum.xda-developers.com/showthread.php?t=2749797
The command is:
SparseConverter.exe /decompress C:\system.img_sparsechunk1 C:\system.img
And it is run from the directory where SparseConverter.exe is. Of course, if your sparse chunks aren't in c:\ you would put in the path to where they are in the command above. And sometimes the first sparse chunk is not sparsechunk1 but rather sparsechunk0 and if so, of course you would start with sparsechunk0.
The system.img you make using SparseConverter.exe will have a header and a footer in it that need to be removed before the system.img is flashable by mfastboot and mofo.exe. The instructions for how to do that are here.
How to Root an Ext4 Image - Requires a Bootloader Unlocked Android Device With TWRP
Requires an Android device with an unlocked bootloader and TWRP installed as the custom recovery. Originally posted here.
btdownloads7 said:
Yes, but there was a slight change in the process (at least on the Nexus 7) from they way I described it originally. Since the image is huge, and wouldn't fit onto the system partition of the Nexus 7, i couldn't just flash it as a system image from fastboot. Here's what I ened up doing:
1. Make sure that you have at least 6 GB free on the SD card, and boot into TWRP
2. Copy the clean ext4 image file to the SD card (the links are a few pages back in this thread)
3. Create a "supersu" folder on the SD card
4. Download the SuperSU update zip (the current version is 2.46)
5. Extract the "armv7" and "common" folders from the update zip to the "supersu" folder from Step 3.
6. Extract the "update-script" binary from the attached zip, and copy it to the same "supersu" folder. It's a script from tha update binary that I modified for our purposes.
7. In TWRP gui, wipe the system partition (this may not have been necessary, but I did it just in case)
8. In TWRP gui, unmount the system partition from the TWRP menus
9. open ADB shell
10. run "rm -r /system", and disregard any errors that it gives you. This will clear the mount point for our image
11. run "mkdir /system", and ignore any errors it gives you
12. run "mount -t ext4 -o loop /sdcard/system.img /system"
13. run "chmod +x /sdcard/supersu/update-script"
14 run "cd /sdcard/supersu" followed by "./update-script". You might see some errors when it's running, but you can disregard them
15. In ADB shell, run "mount", and that should list all the partitions. Remember which path is for the system partition (on my end it was "/dev/block/loop0")
16. run "dd if=dev/block/loop0 of=/sdcard/new_image.img". Obviously replace "/dev/block/loop0" with whatever you got in the previous step
And thats it. Copy the new image back to your PC, and you're ready to flash it with mofo
Click to expand...
Click to collapse
General Info On Modding Images Using Linux
@Ekkoria's tutorial here provides general information on how to mod images using linux.
@ClydeDroid - can you give a synopsis of what needs to be done to add a symlink for the AdAway hosts files? I would like to add it to this thread. Thanks!
Adding Free WiFi Tether to a System Image
To add free WiFi tether to a system image, the /system/build.prop file needs to be edited to include the following line:
net.tethering.noprovisioning=true
The line can be added anywhere in the build.prop file. Please note that editing the build.prop file in some instances resulted in HDR camera problems (force close when a picture was taken with HDR on). Be sure to use NotePad++ to edit the build.prop file, not another editor.
Adding Xposed for Lollipop to a System Image
Here and here are the instructions for @mikeoswego's method for installing Xposed for Lollipop in a system image.
You need to download both the apk and the zip from this thread:
http://forum.xda-developers.com/showthread.php?t=3034811
as well as the script that is attached to this post (unzip the script).
mikeoswego said:
1) You must mount the image that you want to install Xposed to /system on your Linux box (or edit the script some more.)
2) Make the script executable (chmod 755) and then run the script like this:
sudo [full path to script] [full path to zip file]
On my system it looks like this:
sudo /home/mike/InstallXposed /home/mike/xposed-sdk21-arm-20150430.zip
There will be some chcon errors but it still sets the permissions correctly.
3) Before you flash the image having Xposed in it to your device, download the XposedInstaller apk to your phone from the first post in this thread: http://forum.xda-developers.com/showthread.php?p=58948978#post58948978 and delete the following folders from your /data partition:
/data/dalvik-cache/arm
/data/dalvik-cache/profiles
4) On reboot, it will take a little longer at the red Verizon screen, then it will upgrade/optimize apps claiming a very large number of apps to process but most of them go by very quickly. On subsequent reboots it upgrades/optimizes one app each time. Otherwise I've not noticed any other problems or side effects.)
Click to expand...
Click to collapse
reserved 7
JulesJam said:
reserved 4
@btdownloads7 Is it possible for you to write up a synopsis of how you got Busy Box and SQLite into the image? It doesn't have to be a step by step guide, but whatever insight you could give even a high level summary would be appreciated. Thanks!
Click to expand...
Click to collapse
Sqlite is easy -- you just put the binary into /system/xbin, and chmod 755 it.
Busybox is harder. The overall process is very similar to rooting it, but you have to run most of the script in a virtual machine, and one command in TWRP. You have to get the update zip for it, extract the proper binaries for the arm7 architecture, and extract the update script. Then modify the update script to remove any mention of the mounting/dismounting of partition, and to move the the extracted binaries instead of having the script extract them. At the very end of the script, it runs a "busybox --install" command, and that has to be run on the actual device (in TWRP).
@mikeoswego - did I get the instructions correct here? I wanted to combine 2 of your posts into 1 set of instructions. Please let me know if I paraphrased you correctly, thanks!
JulesJam said:
@mikeoswego - did I get the instructions correct here? I wanted to combine 2 of your posts into 1 set of instructions. Please let me know if I paraphrased you correctly, thanks!
Click to expand...
Click to collapse
Looks good!
---------- Post added at 06:45 PM ---------- Previous post was at 06:41 PM ----------
JulesJam said:
net.tethering.noprovisioning=true
Click to expand...
Click to collapse
I'm not sure this works for carriers other than Verizon.
mikeoswego said:
I'm not sure this works for carriers other than Verizon.
Click to expand...
Click to collapse
AFAIK it works for ATT but the problem is that ATT is not subject to the Block C license restrictions so if you enable it, you still need to hide the fact that you are tethering from ATT. There are ways to modify the /system partition to do that but idk how to do it.
If you have UDP and don't tether very much, from all I have read, ATT lets it go. But if you are going to use lots of data per month tethering, they send you a letter telling you that you are violating their TOS and if you don't stop, they will take away your UDP or terminate your contract, I can't remember which. So those with UDP have to hide that they are tethering somehow.
JulesJam said:
6) Open an adb shell and type the command mount to determine where /system is in /dev/block;
7) Run the command dd if=dev/block/correctplace of=/sdcard/new_image.img, where correctplace is wherever /system is in /dev/block;
Click to expand...
Click to collapse
Just so you know, there's an easier way to do this part. The directory "/dev/block/platform/msm_sdcc.1/by-name" contains links to all the partitions so you don't have to remember weird numbers like "mmcblk0p38". The app "DiskInfo" can also show you which partitions map to which block devices, and it doesn't even need root. Hope this helps.
Mmcblk0p38 on my XT1095
btdownloads7 said:
Sqlite is easy -- you just out the binary into /system/xbin, and chmod 755 it.
Click to expand...
Click to collapse
Where do you get the binary and what is "out"?
JulesJam said:
Where do you get the binary and what is "out"?
Click to expand...
Click to collapse
I don't remember where I originally got the binary, but if you do a google search, you should be able to easily find it. Here's a good place to start.
And "out" was a typo. Should have said "put"
btdownloads7 said:
And "out" was a typo. Should have said "put"
Click to expand...
Click to collapse
I thought so but I wanted to make sure in case it was some linux command I am not familiar with, lol!
I'm trying to do something that should be very simple using the Linux method: change the boot animation. No matter what bootanimation.zip I put into /system/media, set permissions to 644 and ownership to root:root, the animation seems to default to a pulsating text "android" logo. When I also change the bootanimation file in /system/bin I only get the pre-boot Motorola logo until boot up is complete.
Pulling a MoFo Flashable Image From an XT1095
This is useful for the AT&T XT1097. You can flash modified XT1095 images to an AT&T XT1097 since they both work on AT&T. Here is how you can pull a MoFo flashable image from an XT1095.
Open an adb shell by typing adb shell at the command prompt. Then type the command su. Then run this command:
dd if=/dev/block/mmcblk0p38 of=/sdcard/system.img
Then pull the image using the adb pull command:
adb pull /sdcard/system.img c:\
joshnat said:
I'm trying to do something that should be very simple using the Linux method: change the boot animation. No matter what bootanimation.zip I put into /system/media, set permissions to 644 and ownership to root:root, the animation seems to default to a pulsating text "android" logo. When I also change the bootanimation file in /system/bin I only get the pre-boot Motorola logo until boot up is complete.
Click to expand...
Click to collapse
@mikeoswego may be able to explain to you how to do it.
This guide assumes you are already rooted on 5.0.3.1 (this will work for future updates as well if @zeroepoch push out new rooted images) I will just need to update the hash check accordingly
Now before I go any further **this can brick your device** so you assume all risk associated with this method.
I have tested this on 2 of my AFTV2 devices no less than 50 times so it was safe for me. There are factors that cant be accounted for such as bad blocks on the nand. I have put in a lot of checks into this script to go off without a hitch. If something doesn't match up the script will tell you and drop you back to terminal. The safest method to date is using @zeroepoch diff and waiting 2 hours.
Or wait until someone like @rbox comes up with a custom recovery solution.
This method came down to necessity for me as I wasn't getting the 5.0.4 update (waited a week on each of my devices)
Plus I cant stand waiting around for 2 hours. @xenoglyph started this off by being the first to use the dd method and after seeing his success I figured I would automate the process because some users bricked their device because of a simple mistake (failing to unpack the .gz for the images).
I have only tested this over USB (use over network at your own risk but if you happen to please report back if it works)
How to:
All-in-One package - https://mega.nz/#!1YJXDbJa!jzy1g78qIUdsRwY4Pzw2yLLyH9pB2uo9imDaskbotY0
Mega decryption key - !jzy1g78qIUdsRwY4Pzw2yLLyH9pB2uo9imDaskbotY0
Script only package is below (you will need to download and decompress all images)
MicroSD Method:
1. Extract the .zip to a microSD card and place the card in the AFTV
2. Plug in your USB A to A cable
3. Turn on USB Debugging
4. Make sure your system sees the AFTV (adb devices) (or over wifi/wired adb connect 192.168.1.xxx -=tested see post #7 & #28=-)
5. Open adb shell (adb shell)
6. Enter the commands one at a time below
Code:
su
cd /storage/sdcard1
chmod 775 root.sh
sh ./root.sh
The device will reboot when finished (if for some reason it doesn't reboot on its own and drops you the terminal after the 60 second message, you can just pull the plug)
Internal Storage Method:
1. Extract 5.3.0.1-5.0.4-local-script.zip and adb push it to /data/local/tmp (this is the script, busybox, and verify.md5 only) you have to push images (see below)
2. Plug in your USB A to A cable
3. Turn on USB Debugging
4. Make sure your system sees the AFTV (adb devices) (or over wifi/wired adb connect 192.168.1.xxx -=tested see post #7 & #28=-)
5. Open adb shell (adb shell)
6. Enter the commands one at a time below
Code:
su
cd /data/local/tmp
chmod 775 root.sh
sh ./root.sh
The device will reboot when finished (At the moment reboot and busybox reboot aren't working. The script will give you a message when to reboot at the end)
After the device reboots disable OTA again just to be on the safe side:
Code:
adb shell
su
pm disable com.amazon.device.software.ota
I have a class 10 microSD and the process takes exactly 3 mins from the second you run root.sh
If you have a slower card expect it to take up to 5 mins.
If the script is tampered with it will error on the hash check
Here are the hashes for each file:
MicroSD Method md5:
Code:
c230711c59ec66a67229449afbf84291 verify.md5
e7c105e97a797f451c1e6ca7a1d950d6 root.sh
dedf4203ca67fa067dc658c8a1325b4f busybox
Local Storage Method md5:
Code:
ef110ab79458f3263fbdba4492125f48 verify.md5
e40dafa35b7d694f8c13b95446b84a3a root.sh
dedf4203ca67fa067dc658c8a1325b4f busybox
5.0.4 Image md5:
Code:
4cc42c5a4ded1eb4d9529b2aede1dfb7 boot.img
f0b05f68cbcecb96722a4637eb06a8a0 lk.img
53649663ee0fa2f7c434b5acdbfddcda preloader.img
3aa70baba1bbb8b29f7d2fa7428e4e1e recovery.img
57bad37f08489b228ae71fc1246adb53 system.root.img
Images for script only download:
http://download.zeroepoch.com/aftv2/5.0.4/boot.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/lk.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/preloader.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/recovery.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/system.root.img.gz
I will maintain the script until a custom recovery arrives.
Special thanks to @zeroepoch for rooting the AFTV2 and maintaining a git/wiki
Also thanks to everyone else working on the AFTV(2)
@rbox, @ImCoKeMaN, @xenoglyph
Nice, thanks for this guide and script!
I just manually updated and did the 2 hr method last night or I would have done this. It's nice to have a way to do the updates as they happen, thanks for sharing your work
thanks for doin it proper man, been super busy
xenoglyph said:
thanks for doin it proper man, been super busy
Click to expand...
Click to collapse
No problem
Thanks for being the first one to risk bricking with this method!
Thanks @aboshi and @xenoglyph!
aboshi said:
This guide assumes you are already rooted on 5.0.3.1
Click to expand...
Click to collapse
1) Does this script assume anything besides firmware 5.0.3.1 rooted? (see EDIT below)
2) Does it matter that apps may have altered /system after the 5.0.3.1 root? (for instance I have AdAway which edits /system/etc/hosts)
3) You said this takes only 3 minutes to run. Does that mean you can successfully run sync after dd?
4) The Mega link asks for a decryption key to download. Are you making this available only to a select group of people?
EDIT: Noticed that busybox is part of this rooting package. If I already have busybox on the box, should I uninstall that before running this script?
@Patrick_445
The script doesn't need to assume firmware version currently, it will only verify the script, .md5, busybox, and images being used.
Im sure I can put in a verify build prop but I have not done that yet. The only reason that would be needed is if someone downgraded when new FW comes out and that might brick their system and I believe it amazon burns fuses now so you cant downgrade.
I posted the decryption key for Mega. I don't know why it was asking you for one because the whole link includes the key.
It doesn't matter that apps alter anything in /system because its getting overwritten/upgraded anyway.
Yes it runs sync at the very end. As for time running it's really only 2 mins. I added a 60 sec sleep at the end right before the reboot just to be safe.
You do not need to delete busybox if you installed it already. busybox is included to run everything statically from the same dir and it must be present or the script will exit as soon as it does the hash check. I have done it this way because I felt it was safer than just linking.
adb over network
Hi aboshi,
first of all I want to thank you for your script. It makes updating the AFTV2 quite painless.
Otherwise I'd like to report that I did the update using adb over the network (wired) which thankfully worked, but not completely perfect.
When I ran your script in the networked adb shell it did everything as expected up to writing
"Copying system.root.img"
to the screen. Then nothing further seemed to happen. I expected that step to run a little longer, since system.root.img is by far the largest file to be written. But after some minutes, I started to get nervous. I tried to ping my AFTV2, but it wasn't reachable over the network anymore. When I looked at the TV, which is connected to my AFTV2 (different room), I could see, that the AFTV2 had rebooted and it was stuck at the colored amazon logo. I waited for about 20 further minutes, but nothing changed.
Reading about all the brick-stories here, I feared my AFTV2 was dead now. So I gave it a last chance and powercycled my AFTV2. At that second boot, the AFTV made it and after some minutes of "optimizing apps aso." it really came up. I checked the os version and I had 5.04.
So I can only guess what had happened. While writing the system image obviously the network connection got lost and thus the adb shell session terminated. The script probably continued to run, because it managed to write enough of the system image to create a working system. Probably it even ran until the end, since my AFTV2 rebooted by itself. BUT, I can't be sure about it, because I never saw the correspondig lines in my adb shell and the first reboot didn't really work out.
So my conclusion: I wouldn't recommend using the script over the network unless you are a very adventurous person or you have no other possibility. In my case I was to lazy to carry my laptop over to the AFTV2 and to install the USB drivers and adb on it. Also I just hoped the update would work. In the end I did carry my laptop over and repeated the update over USB, just to be sure. This time it worked perfect.
Greets,
Christian
@skyball2
Thank you for testing over network. I knew more than likely something like that would happen and thats why it should be done over USB.
It is due to all system files being overwritten and linking. You might have also noticed when it upgraded from 5.0.3.1 to 5.0.4 that the system black screens in the middle of the copy (but not when overwriting 5.0.4 to 5.0.4). Thankfully the script finished its job and you have a working system.
Im sure it can be done over network for others as a last resort, but I wouldn't do it personally because we have no recovery options at the moment. If anyone else wants to do this over network I HIGHLY suggest that you wait at least 10 mins before you reboot after you lose network connection, and after the reboot I would wait another 10 mins before power cycling again if stuck at the amazon logo. (so in other words UPDATE OVER USB!)
aboshi said:
This guide assumes you are already rooted on 5.0.3.1 (this will work for future updates as well if @zeroepoch push out new rooted images) I will just need to update the hash check accordingly
Now before I go any further **this can brick your device** so you assume all risk associated with this method.
I have tested this on 2 of my AFTV2 devices no less than 50 times so it was safe for me. There are factors that cant be accounted for such as bad blocks on the nand. I have put in a lot of checks into this script to go off without a hitch. If something doesn't match up the script will tell you and drop you back to terminal. The safest method to date is using @zeroepoch diff and waiting 2 hours.
Or wait until someone like @rbox comes up with a custom recovery solution.
This method came down to necessity for me as I wasn't getting the 5.0.4 update (waited a week on each of my devices)
Plus I cant stand waiting around for 2 hours. @xenoglyph started this off by being the first to use the dd method and after seeing his success I figured I would automate the process because some users bricked their device because of a simple mistake (failing to unpack the .gz for the images).
I have only tested this over USB (use over network at your own risk but if you happen to please report back if it works)
How to:
All-in-One package - https://mega.nz/#!5JhhWJjJ!7ziTq93zhvlyPYnZtH1H4xXQBl1yWxQG5zD8Ezn0ldY
Mega decryption key - !7ziTq93zhvlyPYnZtH1H4xXQBl1yWxQG5zD8Ezn0ldY
Script only package is below (you will need to download and decompress all images)
1. Extract the .zip to a microSD card and place the card in the AFTV
2. Plug in your USB A to A cable
3. Turn on USB Debugging
4. Make sure your system sees the AFTV (adb devices) (or over wifi/wired adb connect 192.168.1.xxx -=tested see post #7=-)
5. Open adb shell (adb shell)
6. Enter the commands one at a time below
Code:
su
cd /storage/sdcard1
chmod 775 root.sh
sh ./root.sh
The device will reboot when finished (if for some reason it doesn't reboot on its own and drops you the terminal after the 60 second message, you can reboot manually just type reboot or pull the plug)
I have a class 10 microSD and the process takes exactly 3 mins from the second you run root.sh
If you have a slower card expect it to take up to 5 mins.
If the script is tampered with it will error on the hash check
Here are the hashes for each file:
Code:
c230711c59ec66a67229449afbf84291 verify.md5
e7c105e97a797f451c1e6ca7a1d950d6 root.sh
dedf4203ca67fa067dc658c8a1325b4f busybox
4cc42c5a4ded1eb4d9529b2aede1dfb7 boot.img
f0b05f68cbcecb96722a4637eb06a8a0 lk.img
53649663ee0fa2f7c434b5acdbfddcda preloader.img
3aa70baba1bbb8b29f7d2fa7428e4e1e recovery.img
57bad37f08489b228ae71fc1246adb53 system.root.img
Images for script only download:
http://download.zeroepoch.com/aftv2/5.0.4/boot.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/lk.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/preloader.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/recovery.img.gz
http://download.zeroepoch.com/aftv2/5.0.4/system.root.img.gz
I can modify the the script to use /data/local/tmp
So if you want to push all files to the AFTV over adb because you don't have a microSD card let me know.
I believe @zeroepoch will host this on the git as well. I will maintain the script until a custom recovery arrives.
Special thanks to @zeroepoch for rooting the AFTV2 and maintaining a git/wiki
Also thanks to everyone else working on the AFTV(2)
@rbox, @ImCoKeMaN, @xenoglyph
Click to expand...
Click to collapse
Hello,
when I enter the command: chmod 775 root.sh I get the following error: Unable to open root.sh No such file or directory
any ideas why? I checked that fire tv is connected using adb devices. Also entered adb shell with no problems as well as su, and
cd /storage/sdcard1
thanks
Edit: btw I'm on Windows 7 64 bit. Fire TV 2 shows up in Device Manager as Portable Device
Don't know why you're having an issue with chmod but just do this:
Code:
su
mount -o rw,remount /storage/sdcard1
cd /storage/sdcard1
chmod 775 root.sh
sh ./root.sh
aboshi said:
Don't know why you're having an issue with chmod but just do this:
Code:
su
mount -o rw,remount /storage/sdcard1
cd /storage/sdcard1
chmod 775 root.sh
sh ./root.sh
Click to expand...
Click to collapse
thanks for the reply. Still same error after chmod.... no error when mount -o rw,remount /storage/sdcard1 though just at the chmod command.
dk1keith said:
thanks for the reply. Still same error after chmod.... no error when mount -o rw,remount /storage/sdcard1 though just at the chmod command.
Click to expand...
Click to collapse
Still don't see how you're having an issue but try this and let me know:
Instead of chmod 775 root.sh type this:
chmod 775 ./root.sh
And there's no need to remount sdcard1 because the script will handle that.
aboshi said:
Still don't see how you're having an issue but try this and let me know:
Instead of chmod 775 root.sh type this:
chmod 775 ./root.sh
Click to expand...
Click to collapse
I just looked again at the files on the sdcard and there is no root.sh file. Should I try and download the all in one package again?
the zip file I downloaded doesn't have root.sh in the archive? Or am I downloading the wrong file?
I'll DL the zip right now and look.
*edit*
The zip contains root.sh, verify.md5, and busybox
Make sure your are copying them all to the microsd.
I will now go back and edit my other posts because there is no reason to remount anything for the end user.
aboshi said:
Still don't see how you're having an issue but try this and let me know:
Instead of chmod 775 root.sh type this:
chmod 775 ./root.sh
And there's no need to remount sdcard1 because the script will handle that.
Click to expand...
Click to collapse
I'm being a bone head.....I didn't download the script and unzip it to the sdcard just unzipped the all in one file. I just unzipped the script file and put root.sh on the sdcard
dk1keith said:
I'm being a bone head.....I didn't download the script and unzip it to the sdcard just unzipped the all in one file. I just unzipped the script file and put root.sh on the sdcard
Click to expand...
Click to collapse
I just copied the root.sh from the script file to the sdcard the chmod command worked and I am on 5.0.4
---------- Post added at 06:01 PM ---------- Previous post was at 05:59 PM ----------
aboshi said:
I'll DL the zip right now and look.
*edit*
The zip contains root.sh, verify.md5, and busybox
Make sure your are copying them all to the microsd.
I will now go back and edit my other posts because there is no reason to remount anything for the end user.
Click to expand...
Click to collapse
Yes. Sorry if I wasn't clear. I only downloaded the all-in-one zip file. I didn't download the file with the script in it so the script wasn't on the sdcard. I got it sorted and I am on 5.0.4. Thanks for the help
dk1keith said:
I just copied the root.sh from the script file to the sdcard the chmod command worked and I am on 5.0.4
---------- Post added at 06:01 PM ---------- Previous post was at 05:59 PM ----------
Yes. Sorry if I wasn't clear. I only downloaded the all-in-one zip file. I didn't download the file with the script in it so the script wasn't on the sdcard. I got it sorted and I am on 5.0.4. Thanks for the help
Click to expand...
Click to collapse
The all in one has the script as well.
Everything works perfectly except at the end I got "Reboot not found" I just rebooted manually and after booting the screens displays "optimizing system storage and aplications... this will take 10 min"
Now I am back in business but what is the difference with 5.04 version ?
aboshi said:
The all in one has the script as well.
Click to expand...
Click to collapse
Not sure if my anti virus blocked it but I downloaded the all in one zip twice and I didn't get the script file when I extracted the files to sdcard. I then downloaded the script.zip unzipped it and copied the root.sh to sdcard. In any case I am on 5.0.4 and I really appreciate your help and all your work on this root method.
No you are correct, I am repacking the all in one zip now, it was missing root.sh
I will update the OP with the new link.
*Update*
Ok repacked with root.sh and updated new link on OP
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
TempezT said:
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
Click to expand...
Click to collapse
if you're rooted, go to /cache and rename update.zip to something else. then create a zero length file using the name update.zip. lastly set the permissions on that file to read only
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Damn I dont have a computer in hand. Guess i have to wait until im back home in October. Cross fingers this thing don't restart cause that freaking patch is already scheduled.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Click to expand...
Click to collapse
Okay someone in my base lend his laptop but its low end(sony viao core2 duo) dunno how well this work for flashing purposes, also I wanted to point before doing the process that my phone was unlocked permanently by tmobile unlock app and wanted to know if this can affect the unlocking or any other function of my v20.
Following those instructions to root will not gid rid of your carrier unlock.
You might be able to go to Settings>>Storage and delete Cached data.
Zacharee1 said:
You might be able to go to Settings>>Storage and delete Cached data.
Click to expand...
Click to collapse
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
TempezT said:
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
Click to expand...
Click to collapse
You can always restore to stock with the H918. Backup and root.
Zacharee1 said:
You can always restore to stock with the H918. Backup and root.
Click to expand...
Click to collapse
Thanks!
The issue Im having now is that I cant find how to root H91810k which is the current version my phone has besides the schedule update. Any info on that?
You have to find the KDZ for 10d and flash it with LGUP. Then you can use EasyRecowvery to root.
Flashing KDZs will wipe your data, so use LG Bridge to make a backup.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on.......
Click to expand...
Click to collapse
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
wewantutopia said:
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
Click to expand...
Click to collapse
No problem! Glad it helped, I will probably update the post a bit, and then I'll re-post it to its own thread in a few days. As I noticed this section is a bit disorganized...
MDMAchine said:
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Click to expand...
Click to collapse
just wanted to add that SOMETIMES the update.zip is not in /cache. had this happen to me when I had the LGV10 and it just happened to me now. I had recently wiped my device to start from scratch and after initially setting up my device I got the update icon and indeed /cache/update.zip existed. a few reboots later for various reasons the update icon/notification disappeared, as did /cache/update.zip. I thought I was in the clear until last night when I got the update icon/notification again, but this time it was not in /cache. it somehow changed to /data/data/com.google.android.gms/app_download. so if you can't find it in /cache, look there!
DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
Visit this thread for more information
________________________________________________________
CAVEAT
I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
Updating with OTAs should be the same process as the other guides here.
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)
________________________________________________________
STEPS:
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktopfor Mac, type cd desktop or cd /Users/yourname/Desktop
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/bb. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.b. Use Select and Patch a File on boot_a.img
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
10. Reboot and verify it worked.
Forgot to tag it... if an admin is able to do so I'd appreciate it.
Just applied for a bootloader unlock today. When i get approved ill attempt this guide.
I am currently on T-Mobile 11.0.5.7.KB09CB.
Unlike other methods prvoided here for the 8T I got this method to work. Thank you very much!
clarification update: I own the t-mobile kb2007 model of phone
a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
Some prework I had to do for my OnePlus 8T KB2005
-ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
-ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
-With device in bootloader/fastboot, run: fastboot flashing unlock
-verify with your phone to accept
-phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
-renable OEM lock and USB debug
-restart back into bootloader/fastboot
-now you are ready to root
Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
I'm having the same issue although its more tied in with removing youtube as a system app for vanced
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
Actually Is not possible on devices borned with android 10 or above.
giacomowrc said:
Actually Is not possible on devices borned with android 10 or above.
Click to expand...
Click to collapse
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Mpolo87 said:
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Click to expand...
Click to collapse
Yes of course.
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give temporary su access through adb.
Extract boot_a.img and boot_b.img to your computer.
Reboot into OxygenOS and copy boot_a.img and boot_b.img back to your phone.
Use Magisk to patch both images.
Copy the patched images back to your computer.
Use fastboot to temporarily boot using the patched image, giving you temporary root.
Use Magisk to direct install for permanent root.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
________________________________________________________
STEPS:
1. Get the semi-broken TWRP .img. This won't give you a gui but will give you su access over adb. You DON'T want to flash this, we're just booting with it temporarily.
2. Restart your phone into fastboot mode.
3. On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here). Run the following:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb pull /sdcard/boot_b.img boot_b.img
4. Copy the extracted files to a user accessible area of your phone.
5. Install the latest Magisk Canary release to your phone.
a. Select the Install option.b. Use Select and Patch a File on both boot_a.img and boot_b.imgc. You should rename them or make note of the new names given by Magisk. You'll need to use one or the other depending on which partition is active.
6. Copy the patched .img files back to your computer.
7. Restart your phone back into fastboot mode.
8. On your computer, run:
Code:
fastboot getvar all
9. Find which A/B partition is active on this line: (bootloader) current-slot:a/b
10. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot patched-boot-a/b.img
11. You now have temporary root access, to make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
12. Reboot and verify it worked.
Click to expand...
Click to collapse
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
sameog said:
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
Click to expand...
Click to collapse
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Mpolo87 said:
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Click to expand...
Click to collapse
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Please note: I love this guide. It's cohesive and well-written. I just need pictures to "see" on what and where to do. I'm visual.
UPDATE: I followed the tuturial to the best of my ability and I got nothing. I'm giving up and taking a step back.
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./fastboot boot recovery.img
Sending 'boot.img' (64964 KB) OKAY [ 1.660s]
Booting OKAY [ 0.084s]
Finished. Total time: 1.939s
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
OnePlus8T:/ # dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.194981 s, 492 M/s
OnePlus8T:/ # dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.185497 s, 518 M/s
OnePlus8T:/ # exit
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_a.img boot_a.img
/sdcard/boot_a.img: 1 file pulled, 0 skipped. 27.7 MB/s (100663296 bytes in 3.470s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_b.img boot_b.img
/sdcard/boot_b.img: 1 file pulled, 0 skipped. 32.0 MB/s (100663296 bytes in 2.997s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb reboot
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows>
sameog said:
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Click to expand...
Click to collapse
You're missing the command "cd" before the path to change the directory to the new one. It should be cd C:\Users\Mr. Lew\Desktop\oneplus 8t boot image then press enter. Now you can reference any file in that folder by just the name without its entire path as a prefix being required.
A difficult method
zengin said:
Diğer yöntemden hiç de kolay değil.
Click to expand...
Click to collapse
huh?
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
sameog said:
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
Click to expand...
Click to collapse
While this is a temporary solution, it is also a bad solution because you can land with not being able to boot your phone every time an incremental update comes along.