Database Users

Modify the system partition on Android Nougat?

Hi all,
has anyone been able to do this? Following the guide here, no longer works for Android N. The phone boots, but ignores all changes to system. How do I modify both build.prop and hosts? It seems that there are now possibly two system partitions?
Thanks!

Same issue on Nexus 5X

No answer on this? How is it that nobody else seems to be having this issue?

What I've done
It looks to me like everyone has moved to systemless and the /system partition cannot be adequately modified in this way anymore.
Maybe this will help others:
I was modifying the system directory for two reasons: 1. modify /system/etc/hosts to remove ads and modifying build.prop to increase lcd.density. I found that here are the alternatives for each:
Removing Ads
Using something similar to AdAway_systemless_hosts_v2.zip (google it for a copy) and modifying the hosts file in that zip file to be the one I use (and rezipping, deploying on the Android device). This basically mounts over /system/etc/hosts with a custom hosts file instead of actually modifying the system specific hosts file which is no longer writable.
The alternative is to use Netguard which routes non https network traffic through a private VPN where you can block ads according to a hosts file. This seems to work OK, but I have noticed that websites seem to take longer to load.
Modifying lcd.density
You can use the same trick as AdAway_systemless_hosts_v2.zip uses, but modify it to also mount a modified copy of build.prop. Alternatively just use the Android N Display settings that are small (what I did anyhow).

I have been able to edit build.prop and still maintain systemless root.
Sent from my Nexus 6P using XDA-Developers mobile app

I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root

ArminasAnarion said:
I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root
Click to expand...
Click to collapse
Have you been able to do this with simply fastboot boot <twrp-image>, mounting system in rw mode and modifying it? I did that as I didn't want to root the phone, and while it looks like it did the write, it does not affect the system partition that is used by the phone after boot. I think there are two system partitions, and twrp mounts only one in rw mode. It does seem like it may be possible to do what you say using adb though after the phone is fully booted up. I'll try that!

dontblinkwatchout said:
Have you been able to do this with simply fastboot boot <twrp-image>, mounting system in rw mode and modifying it? I did that as I didn't want to root the phone, and while it looks like it did the write, it does not affect the system partition that is used by the phone after boot. I think there are two system partitions, and twrp mounts only one in rw mode. It does seem like it may be possible to do what you say using adb though after the phone is fully booted up. I'll try that!
Click to expand...
Click to collapse
I had the same problem. I don't want to root but I do make a few changes to my /system partition through adb in recovery such as the hosts file and some font files (namely the Emoji font file). I had modified stock boot image to not enforce encryption. I would boot back up into the system and couldn't see any changes made. The only thing I found that worked was installing a custom kernel (I use ElementalX). After that, changes I made to /system in TWRP were reflected in the OS. I don't know enough about kernel development to understand why on (mostly) stock kernel my changes couldn't be seen but on a custom one they were.
I never had this "problem" prior to Nougat.

Same issue here. Something has changed with how this is handled in Nougat.
I don't want to root just to overwrite the hosts file...
I'll keep debugging but my capability in this is definitely limited!

I use a similar approach as described in the OP's linked guide except I use my own recovery image that I compiled as an engineering build from source, and I am also experiencing the same behavior. Modifying the hosts file seems to have no impact on the system though the changes persist. Comparing the host file I installed and the host file from the latest Nexus 5X image with 'ls -lZ' the SELinux info looks to be the same. The only information that appears to differ is the modified date and one additional line in the file itself for testing. I thought I was doing something wrong with my hosts file, even though I have been using this approach since Android 6.0. However, I agree, it appears that changes to system are being ignored. Further, changing the system partition no longer shows the red warning at boot about the system being corrupted.
---------- Post added at 09:58 PM ---------- Previous post was at 09:38 PM ----------
DanRyb;68654939 I would boot back up into the system and couldn't see any changes made.[/QUOTE said:
Oooh. You're right. Neither /etc/hosts or /system/etc/hosts is modified in the booted OS after I modify it from live image, but the change is retained when I reboot into live image and mount system. Hmm, so either:
1) Need to figure out where the the system files are being loaded from and modify them from live image if possible
2) Use a mechanism similar to what dontblinkwatchout described AdAway is using of having a custom mount setup (have to reverse engineer AdAway I guess to see what it's doing)
3) ?
Click to expand...
Click to collapse

There's absolutely no way to modify or mount system partition r+w unless you disable dm-verity
Enviado desde mi Nexus 6P mediante Tapatalk

alexiuss said:
There's absolutely no way to modify or mount system partition r+w unless you disable dm-verity
Enviado desde mi Nexus 6P mediante Tapatalk
Click to expand...
Click to collapse
dm-verity has been around since Android 4.4. Are you saying there is something new around this in Android 7.0?
You can modify the system partition by compiling an engineering build of Android and booting it, then mounting the system partition and modifying it. I've been doing this to update the hosts file since Android 6.0 for every OTA update (since more recently OTA updates bomb out unless you reflash the clean "uncorrupted" system.img first). Changing the system image before Android 7.0 did result in an extra screen with a red warning about a corrupted something or other (I'm sure because dm-verity checking failed). Regardless, you can still change the system partition, the information just no longer seems to be used, which is a bit perplexing to me atm.

crashenx said:
dm-verity has been around since Android 4.4. Are you saying there is something new around this in Android 7.0?
Click to expand...
Click to collapse
Android 7.0 introduced redundant bits for reed solomon forward error correction into the system and vendor partitions and code in the kernel to perform the error correction.
Your changes are being written to emmc but when you boot with 7.0 kernel with dm-verity enabled your changes are being treated as data corruption and on-the-fly error corrected back to original.
You can see your changes if you boot into twrp because it has dm-verity disabled. However if you boot into android with dm-verity enabled it will look like original image again even though your changes are technically still there.
It took me a day to figure out what was really going on because i initially had no idea they added this feature to Android N.
The simple way to disable dm-verity is to install SuperSU, but you can also accomplish the same patching your own kernel, installing pre-patched kernel, installing custom kernel, etc.

sfhub said:
Android 7.0 introduced redundant bits for reed solomon forward error correction into the system and vendor partitions and code in the kernel to perform the error correction.
Your changes are being written to emmc but when you boot with 7.0 kernel with dm-verity enabled your changes are being treated as data corruption and on-the-fly error corrected back to original.
You can see your changes if you boot into twrp because it has dm-verity disabled. However if you boot into android with dm-verity enabled it will look like original image again even though your changes are technically still there.
It took me a day to figure out what was really going on because i initially had no idea they added this feature to Android N.
The simple way to disable dm-verity is to install SuperSU, but you can also accomplish the same patching your own kernel, installing pre-patched kernel, installing custom kernel, etc.
Click to expand...
Click to collapse
That's good info and makes total sense. Thanks! Pretty neat actually, just a bummer for me.
Yeah so SuperSU path is not really one I want to pursue. I could learn how to update the dm-verity shas used for verification. That'd probably be the most secure, but it's gonna be a PITA I bet. I imagine I'd need to compile my own image similar to how I made my live image and update a few things. Might have to deal with encryption which is probably an even bigger headache. Also, I bet it would break OTA and have to reflash to update, though that's true now.
I'm really curious what AdAway is doing. Maybe I should pursue reverse engineering that.
I really appreciate you pointing us in the right direction.

I am glad found this thread..willing to assist here without permanent root..

Ericarthurc said:
I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root
Click to expand...
Click to collapse
I was trying to create a /system/xbin/post-boot but couldn't remount /system, and so I added busybox to the front of my command. I am not using adb so I cut that part off. Thanks a lot!

[Q] Ads reapearing after Rooting->Building hosts file>Uninstalling Magisk

Hey, I'm having an interesting issue that I haven't seen before on my previous phones. Normally, I'll occasionally flash magisk to root and update my hosts file with Adaway (and several lists that I've added to it which seem to block most/all ads), then unroot my phone. I noticed with the 6T that after I unroot (restore images, then uninstall through Magisk Manager) that the hosts file seems to be restored back to the stock file without any of my blocks. Am I doing something wrong? Thanks!

the00guy said:
Hey, I'm having an interesting issue that I haven't seen before on my previous phones. Normally, I'll occasionally flash magisk to root and update my hosts file with Adaway (and several lists that I've added to it which seem to block most/all ads), then unroot my phone. I noticed with the 6T that after I unroot (restore images, then uninstall through Magisk Manager) that the hosts file seems to be restored back to the stock file without any of my blocks. Am I doing something wrong? Thanks!
Click to expand...
Click to collapse
Without having some type of ramdisk patch in place, like Magisk or custom kernel, the system will default to the stored system image and effectively undo any changes to the /system partition. Any changes to the system partition that you have made will not be there until you install Magisk or a custom kernel again.
So basically with the stock boot image unmodified you cannot make persistent edits on the /system partition from my experience.

Wow, I was not aware that the system started keeping a clean system image like that. Historically I've always been able to modify /system with root and then unroot and the changes would remaim. Since TWRP is part of /boot now, perhaps that would be sufficient to prevent the stock boot from rewriting my /system changes...? Are there any other ways to prevent the system from being restored to stock after unrooting?

the00guy said:
Wow, I was not aware that the system started keeping a clean system image like that. Historically I've always been able to modify /system with root and then unroot and the changes would remaim. Since TWRP is part of /boot now, perhaps that would be sufficient to prevent the stock boot from rewriting my /system changes...? Are there any other ways to prevent the system from being restored to stock after unrooting?
Click to expand...
Click to collapse
As far as I know the phone wont boot with just TWRP installed, you need Magisk as well. So if you don't want to keep Magisk installed I suggest installing only a custom kernel. I personally love Smurf Kernel here (https://forum.xda-developers.com/oneplus-6t/development/kernel-smurfkernel-2-0-49-t3868360). Although I have not tested to see if /system modifications stick with only custom kernel but I feel like they should since it is modifying the ramdisk to allow the phone to boot modified. I know that Smurf Kernel will detect if you have Magisk or not and patch the boot image accordingly. So you will be able to run just a custom kernel without root if this is what you want.
Also if you are not aware you can disable all root access from the Magisk app without having to uninstall anything, maybe that could work for you as well.
Make sure to hit the thanks button if I was able to help you out here!

the00guy said:
Wow, I was not aware that the system started keeping a clean system image like that. Historically I've always been able to modify /system with root and then unroot and the changes would remaim. Since TWRP is part of /boot now, perhaps that would be sufficient to prevent the stock boot from rewriting my /system changes...? Are there any other ways to prevent the system from being restored to stock after unrooting?
Click to expand...
Click to collapse
You could always, edit the partition directly in TWRP and install an alternative host file.

tech_head said:
You could always, edit the partition directly in TWRP and install an alternative host file.
Click to expand...
Click to collapse
The issue is that Android will replace the /system partition with the stored stock system image if you do not have a modified ramdisk. So if you remove Magisk and don't use custom kernel you effectively cannot modify anything on /system as it will not persist.

yerger said:
The issue is that Android will replace the /system partition with the stored stock system image if you do not have a modified ramdisk. So if you remove Magisk and don't use custom kernel you effectively cannot modify anything on /system as it will not persist.
Click to expand...
Click to collapse
Hopefully the community can find a workaround eventually for this that won't replace the /system with a clean image, or find a way to patch the clean image when performing root operations. Some apps can still detect/are broken by magisk, as good as it is, and I hate running any of my phone without ad blocking. I tried going the DNS route, but have yet to find a good private dns provider that oxygen os plays nicely with that also doesn't log.

the00guy said:
Hopefully the community can find a workaround eventually for this that won't replace the /system with a clean image, or find a way to patch the clean image when performing root operations. Some apps can still detect/are broken by magisk, as good as it is, and I hate running any of my phone without ad blocking. I tried going the DNS route, but have yet to find a good private dns provider that oxygen os plays nicely with that also doesn't log.
Click to expand...
Click to collapse
Try using just a custom kernel. You can do that without root and it should prevent /system from being overwritten with the stored system image. The issue is that you need a patched ramdisk in order for the /system partition to boot modified. No way around that unfortunately.
I personally use Smurf Kernel (https://forum.xda-developers.com/one...-0-49-t3868360) and get much better battery life than the stock kernel. The phone is much smoother and snappier as well.

yerger said:
Try using just a custom kernel. You can do that without root and it should prevent /system from being overwritten with the stored system image. The issue is that you need a patched ramdisk in order for the /system partition to boot modified. No way around that unfortunately.
I personally use Smurf Kernel (https://forum.xda-developers.com/one...-0-49-t3868360) and get much better battery life than the stock kernel. The phone is much smoother and snappier as well.
Click to expand...
Click to collapse
Thank you all for the information. It seems I need to read up more on how android pie works behind the scenes particularly with the ramdisk and how the system position is managed.

https://blokada.org/
Non root adblocker, many lists available, DNS change

Or just use Adguard DNS. Works great.

persistant changes to hosts file following reboot?

Hi everyone. I'm scratching my head here and struggling to find a solution that doesn't require root.
I've got a hosts file that I love as it blocks nearly all advert servers on my phone.
I know there are several adblocking apps but they all require root.
I have had to remove root as I have some critical apps that still don;t work, even after hiding magisk from the apps within the Magisk Manager.
I've got a magisk patched image that I can "fastboot boot" with and can edit the hosts file (after remounting /system as rw) but when I then reboot afterwards, the hosts file has been overwritten.
Can anyone help me please or give me a pointer of how to make the hosts edits remain following a reboot?
edit2add
I am using stock ROM with latest August patches on my Mi A1

You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list

Dead-neM said:
You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list
Click to expand...
Click to collapse
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?

wodgey said:
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?
Click to expand...
Click to collapse
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.

Dead-neM said:
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.
Click to expand...
Click to collapse
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort

wodgey said:
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort
Click to expand...
Click to collapse
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.

Dead-neM said:
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.
Click to expand...
Click to collapse
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?

wodgey said:
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?
Click to expand...
Click to collapse
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.

Dead-neM said:
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.
Click to expand...
Click to collapse
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.

wodgey said:
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.
Click to expand...
Click to collapse
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution

Dead-neM said:
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution
Click to expand...
Click to collapse
Thanks for info I'll investigate later in the week when I have more time. Monday has arrived too quickly!
Appreciated though

[DISCONTINUED][KERNEL][TOCO] Experimentum

Code:
* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
* Please do some research if you have any concerns about features included in the products you find here before flashing it!
* YOU are choosing to make these modifications.
* Your warranty will be void if you tamper with any part of your device/software.
* Same statement for XDA.
Experimentum kernel is -as the name suggests- an experiment for me.
So I don't guarantee any updates, any new features, or any fixes at all.
Features:
Compiled with the latest Proton Clang/LLVM + O3 + ThinLTO + LLD Linker + Polly
Should feel snappier
Wireguard
TCP Fast Open
Power Efficient Workqueues
300 HZ Timer Frequency
Swap is disabled (We don't need swap on a 6/8 GB device. Considering building a separate image with swap enabled though. Let me know if you'd want that.)
Bunch of file system, memory management, and scheduler related optimizations
Planned features:
Support tucana
SimpleLMK
Cpu and gpu undervolt
A better scheduler
Known issues:
Slow charging
Credits:
Thanks @Disty0, I was too lazy for pulling the toco source code from the Xiaomi repo.
Source:
https://github.com/iakindev/experimentum_kernel_toco/
Downloads:
https://github.com/iakindev/experimentum_kernel_toco/releases
LICENSE:
You are permitted to do anything with my part of the code and compiled binary. You can include it in your rom, sell it, put it in terminator robots, send it to the moon, I don't care. (As long as you comply with GPLv2 which is Linux kernel license).

Thanks a lot, we desperately need custom kernels.

Good luck!
What is swap?

Alex2017Germany said:
Good luck!
What is swap?
Click to expand...
Click to collapse
Storing part of the ram memory on the internal storage. See here for more info.

anyone tried 12.0.3 xiaomi.eu version, a10 ?

Alex2017Germany said:
Good luck!
What is swap?
Click to expand...
Click to collapse
Thank you,
It's just like @lqvd said. But devices often do this when they are low on memory. This prevents low memory killer to act when necessary sometimes and memory pressure goes up until your device becomes laggy for 2-3 seconds due to high I/O activity caused by swapping memory (this is usually the time that low memory killer is triggered).
So by disabling swap, we are making low memory killer act early and start to kill some processes.

Good job, works on Eu miui 12.1.4.0 and i have a question, does anyone else have a problem with root? filesystem is read-only, so i can't modify any system file and can't use adb as root. It says it works on userdebug builds. I found i have to change ro.debuggable from 0 to 1 in default.prop to make adb root work for disabling dm-verity and remounting system. I thought this kernel will solve this issue, but the value in default.prop is still set to 0. Any advice? I would decompile and change it, but i'm noob in these things....thanks.

After flash this kernel anything goes wrong how can i back to stock kernel

Mi note 10 lite User 😭😭 said:
After flash this kernel anything goes wrong how can i back to stock kernel
Click to expand...
Click to collapse
Backup your 'boot' partition on the 'backup' section on TWRP then flash this kernel. If anything goes wrong you can restore it on 'restore'.

Ashnwor said:
Backup your 'boot' partition on the 'backup' section on TWRP then flash this kernel. If anything goes wrong you can restore it on 'restore'.
Click to expand...
Click to collapse
Bro mi note 10 lite twrp not have a option for system file backup

Mi note 10 lite User 😭😭 said:
Bro mi note 10 lite twrp not have a option for system file backup
Click to expand...
Click to collapse
another way to get back to your kernel from your installed rom ..
STEP 1: unzip the boot.img file from the zip of the rom you flashed.
STEP 2: flash the boot.img via boatloader and you will have the initial kernel again

Thanks
jeremysz1 said:
another way to get back to your kernel from your installed rom ..
STEP 1: unzip the boot.img file from the zip of the rom you flashed.
STEP 2: flash the boot.img via boatloader and you will have the initial kernel thanks
Click to expand...
Click to collapse

jeremysz1 said:
another way to get back to your kernel from your installed rom ..
STEP 1: unzip the boot.img file from the zip of the rom you flashed.
STEP 2: flash the boot.img via boatloader and you will have the initial kernel again
Click to expand...
Click to collapse
when it says that the boot.img file should be unzipped, and then flash it through cmd with the cell phone in boatloader, and then reboot. so it is or I am wrong in the process.

Which commend i will run in cmd
Jcyeici said:
when it says that the boot.img file should be unzipped, and then flash it through cmd with the cell phone in boatloader, and then reboot. so it is or I am wrong in the proces
Click to expand...
Click to collapse

Mi note 10 lite User 😭😭 said:
Which commend i will run in cmd
Click to expand...
Click to collapse
fastboot flash boot boot.img

MiRw³b said:
fastboot flash boot boot.img
Click to expand...
Click to collapse
Thanks Buddy

Jcyeici said:
when it says that the boot.img file should be unzipped, and then flash it through cmd with the cell phone in boatloader, and then reboot. so it is or I am wrong in the process.
Click to expand...
Click to collapse
Yes.. you are right.. it's very easy.. try it!

I would like to know if you can provide me with how much real load with this kernel

Jcyeici said:
I would like to know if you can provide me with how much real load with this kernel
Click to expand...
Click to collapse
Sorry, I couldn't understand what you have said. Can you explain what do you mean?

Ashnwor said:
Sorry, I couldn't understand what you have said. Can you explain what do you mean?
Click to expand...
Click to collapse
with the kernel, at what speed of w charges the battery, since it is slow charge

[Guide] Convert locked OnePlus 8T TMO to Global version with MsmDownloadTool

This can:
Bypass TMO flash lock as it uses 9008 EDL.
Remove TMO sim lock and oem lock as you will be using global rom.
Convert your KB2007 (KB09CB) to KB2005 (KB05AA) as much as possible. (Although you're using the latest KB2005 firmware, any LineageOS stuff, such as LOS system,LOS recovery and LOS fastbootd, will still recognize it as KB2007. This is the same in OOS 11. But in OOS 12 system, it shows and acts like a KB2005.)
Should enables dsds (dual sim dual standby) in OOS 12. (Not tested. But status bar shows two empty sim slots in KB2005 OOS 12. After I flash LOS 19.1, slot 2 won't act unless boot with "persist.radio.multisim.config=dsds" prop.)
Give you access to Global OxygenOS firmware. (Bye slow TMO~)
Probably give you better overall condition (e.g. partition) than some fastboot scripts, as it's done directly by 9008 EDL.
AND THIS WILL DELETE ALL YOUR DATA ON DEVICE!!!
Actually, you should be able to change any brand device to any version you like by this method, but take your own risk as nothing is solid tested.
This can't:
Give you a second IMEI. (In OOS IMEI2 is "null". I guess it's hard baked somewhere.)
Remove TMO flash lock or unlock a locked bootloader. (You still need unlock token for that.)
You tell me please. I don't have enough time to test everything.
Please:
BE AWARE THAT YOU ARE RESPONSIBLE FOR WHAT YOU DO TO YOUR HARDWARE, NOT ME.
MY SUCCESS DOESN'T MEAN IT MAST HAPPENS TO YOU.
YOU ARE THE ONE WHO TAKE ALL THE RISKS. (And your phone, too.)
Be kind to other readers and help them, I can't stay online all day, sorry.
Why:
I own a fully unlocked KebabT running LineageOS 18.1, and I decided to try LOS 19.1 out.
But OOS 12 firmware is so buggy that it even broke my LOS instance, and the fastboot (not fastbootD, for hell reasons I can't enter LOS recovery AFTER ALL firmware upgrade) is also too buggy to fix my issue.
I unbricked my phone using this " https://forum.xda-developers.com/t/...l-to-restore-your-device-to-oxygenos.4180981/ " (Thanks for sharing!!!), but only to find that TMO firmware is so old, buggy and limited.
Then I googled and found this "https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/" and this "https://github.com/bkerler/oppo_decrypt" ,but they are slightly outdated and doesn't fit kebab.
I fetched global firmware from here "https://forum.xda-developers.com/t/oneplus-8t-rom-ota-oxygen-os-repo-of-oxygen-os-builds.4193183/" (Thanks for sharing!!!) and started trying.
After a few tries I succeed and decided to share what I found.
How:
Firstly, know your hardware. Especially your ram type (ddr4 or ddr5) !
Then follow what this "https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/" said, BUT WITH EXTRA MODIFICATION on your "settings.xml":
1. Overwrite "BasicInfo Project", "Version", "ModelVerifyPrjName", "ModelVerifyRandom" and "ModelVerifyHashToken", these makes you pass MsmDownloadTool's pre-check.
2. Scroll to the end of file and overwrite [Target ID="1" Desc="O2"] with [Target ID="101" Desc="TMO"], otherwise your flash won't begin as the tool can't find right hardware to flash.
3. Search for "Image ID=" and modify the results. For me, I have a DDR4 device, so I go with "xbl.img" and "xbl_config.img", so FOR ME I change "Image ID="1"" to "Image ID="101"", and change "Image ID="65537"" to "Image ID="65637"". Otherwise MsmDownloadTool won't be able to locate the right xbl img file to flash.
4. Follow the rest of that great guide and have a few tries, you won't lose more as you're already under EDL mode. Wish you success!
And:
Sorry in advance for any possible confusion as I'm not a native English speaker. You can ask in replies!
Please let me know if I'm wrong, I'll try to correct.
If this is already shared by other great guys, please forgive me as I really didn't find any related post in this forum.
I doubt this "https://forum.xda-developers.com/t/...m-unlock-or-bootloader-unlock-needed.4188491/" (Thanks for sharing!!!) is done in the same way but no one mentioned about it.
Special thanks to bkerler for creating this awesome "https://github.com/bkerler/oppo_decrypt" project!
Special thanks to LuK1337 for maintain LineageOS for OnePlus 8T!! You're great!!
Question:
It it possible to remove flash lock in this way?
I've tried several times to flash with kebab not kebabT MsmTool. But I can't make it work.

I can fix in os12 but need rw or unpack repack rom

Mr Hassan said:
I can fix in os12 but need rw or unpack repack rom
Click to expand...
Click to collapse
I don't understand.
Fix what or unpack what?
Is this what you need? "https://github.com/bkerler/oppo_decrypt"

I'm kind of curious to know what your model number would show up as in the About Phone screen. Being able to incorporate the SIM fix into the ROM would be a good thing. There was a link in the OP to a took that could unpack and repack the OPS file. My concern is, at least with the bastardized Color/Oxygen OS stock hybrid, that it will still see the device as a KB2007 and not an actual KB2005 outside of just the firmware version.

jcsww said:
I'm kind of curious to know what your model number would show up as in the About Phone screen.
Click to expand...
Click to collapse
For LOS and OOS 11, KB2007. (But for OOS 11 software update page, it shows as KB2005. You're able to get KB2005 OTA updates without any problem.)
For OOS 12, KB2005 everywhere.
You can try to spoof device model by using magisk_hide_props_config module, but it's another story.
jcsww said:
Being able to incorporate the SIM fix into the ROM would be a good thing.
Click to expand...
Click to collapse
If you use global version OOS or flash LOS, sim lock no longer exists.

IAAxl said:
I don't understand.
Fix what or unpack what?
Is this what you need? "https://github.com/bkerler/oppo_decrypt"
Click to expand...
Click to collapse
Unpack whole rom system vendor product odm
Its all in super.img

Mr Hassan said:
Unpack whole rom system vendor product odm
Its all in super.img
Click to expand...
Click to collapse
You can get super.img using oppo_decrypt.
But, I thought that's an unencrypted raw disk image, am I wrong?
And by the way, I flashed KB2005 super.img into my KB2007, but fastboot flash lock is still there, have to use unlock code bin file to disable it.

I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?

raven911 said:
I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?
Click to expand...
Click to collapse
In os12 ofcourse your 2nd sim will disable by bootloader partitions and some other as i mention in another post
But good news is i can fix
But bad news no way yo unpack repack or rw after root

raven911 said:
I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?
Click to expand...
Click to collapse
To answer your questions:
1) Check here: https://wiki.lineageos.org/devices/kebab/fw_update
By the way, 8T hardware has two major variables: UFS 3.0 / 3.1 storage, and lpddr 4 / 5 memory. Storage type doesn't matter to rom flash, but memory type does.
2) Yes! You're still on OOS 11 after change-brand flash, but then you can OTA to KB2005 OOS 12 directly.
And, because my final goal is to run LOS, I didn't put my sim in while my phone is on OOS, so I can't really answer if dual sim is available in OOS 11 or 12.
In LOS, I use magisk_hide_props_config module to add "persist.radio.multisim.config=dsds" into system prop to enable dual sim. You can also try this "https://forum.xda-developers.com/t/...bile-8t-kb2007-with-lineage-aosp-rom.4262669/", same stuff.
If your KB2007 is flash locked, you can try the following steps and see if it will work:
A. Use oppo_decrypt to get elf files from msm rom;
B. Use QPST (and the elf file) to flash magisk patched boot.img into your device under 9008.
C. Install magisk model and get dsds.
∆ The risk is in step B.
I'm not familiar enough with QPST and never succeed to get QPST work to do anything.

Mr Hassan said:
Unpack whole rom system vendor product odm
Its all in super.img
Click to expand...
Click to collapse
Err… Try use MsmTool readback?
Oppo_decrypt offers an option to enable readback. I haven't used it though.
Or can you change what you have to, directly on a rooted device, and check if it works?
I'm still confused. Aren't those img file raw disk images? Can't you mount and read them on any Unix-alike device? How do you usually do this with other devices?

IAAxl said:
Err… Try use MsmTool readback?
Oppo_decrypt offers an option to enable readback. I haven't used it though.
Or can you change what you have to, directly on a rooted device, and check if it works?
I'm still confused. Aren't those img file raw disk images? Can't you mount and read them on any Unix-alike device? How do you usually do this with other devices?
Click to expand...
Click to collapse
let me tell you msm have rb option
but you still not got my pov there,s no rw option in rooted device even after root
so how can i make dump or backup or for which purpose i need backup if i dont even modded something in rooted device
another option which left is unpack system.img vendor.img odm.img etc and modify then repack it
but there,s not way to even convert it to raw i try simg2img but not support by this
even if i able to convert it to raw i can do something
and no its not raw format men. its payload and super

Mr Hassan said:
let me tell you msm have rb option
but you still not got my pov there,s no rw option in rooted device even after root
so how can i make dump or backup or for which purpose i need backup if i dont even modded something in rooted device
another option which left is unpack system.img vendor.img odm.img etc and modify then repack it
but there,s not way to even convert it to raw i try simg2img but not support by this
even if i able to convert it to raw i can do something
and no its not raw format men. its payload and super
Click to expand...
Click to collapse
Okay I understand now..
The goal is to change sth inside vendor and other partition, but they can't be remounted read-write inside system.
And the img file can't be exacted or repacked.
Will you try to remount those partition in recovery ADB maybe?

IAAxl said:
Okay I understand now..
The goal is to change sth inside vendor and other partition, but they can't be remounted read-write inside system.
And the img file can't be exacted or repacked.
Will you try to remount those partition in recovery ADB maybe?
Click to expand...
Click to collapse
Yes now you fully understand
Yes i tried many thing
And yes in twrp also tried remount etc
I also pull files and edit but when i push
Its said device not have enough space
Its maybe need resize etc

Mr Hassan said:
Yes now you fully understand
Yes i tried many thing
And yes in twrp also tried remount etc
I also pull files and edit but when i push
Its said device not have enough space
Its maybe need resize etc
Click to expand...
Click to collapse
I don't know if this helps or not.
But there are some scripts to exctract partitions from SUPER, flash them and make -rw.
[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition
Disclaimer: Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything...
forum.xda-developers.com
[Closed] Universal SystemRW / SuperRW feat. MakeRW / ro2rw (read-only-2-read/write super partition converter)
Welcome to the one and only, the original, universal, System-RW / Super-RW feat. Make-RW / ro2rw (read-only-2-read/write super partition converter) by lebigmac Also known as: THE-REAL-RW, FULL-RW, EXT4-RW, EROFS-RW, EROFS-2-RW, F2FS-RW...
forum.xda-developers.com

Rootk1t said:
I don't know if this helps or not.
But there are some scripts to exctract partitions from SUPER, flash them and make -rw.
[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition
Disclaimer: Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything...
forum.xda-developers.com
[Closed] Universal SystemRW / SuperRW feat. MakeRW / ro2rw (read-only-2-read/write super partition converter)
Welcome to the one and only, the original, universal, System-RW / Super-RW feat. Make-RW / ro2rw (read-only-2-read/write super partition converter) by lebigmac Also known as: THE-REAL-RW, FULL-RW, EXT4-RW, EROFS-RW, EROFS-2-RW, F2FS-RW...
forum.xda-developers.com
Click to expand...
Click to collapse
I done manything even convert to ext4
In shel its showing rw
And also in root explorer get rw but still not edit anything

I also try similar approach using qpst. I can read/save qpst and qcn but i can't write back.

vortex91 said:
I also try similar approach using qpst. I can read/save qpst and qcn but i can't write back.
Click to expand...
Click to collapse
Could you please share what you find?
I'm really unfamiliar with QPST, any info could help.

So, I'm not need T-Mobile help to sim unlock my phone?
Just convert it to global, and it will be carrier unlocked?
Are I read this right?

Deleted.