Related
ALL IN ONE GUIDE
Unlock + Root + Backup + Restore + Downgrade
For Moto G 2014 (2nd Generation)
titan (3G) : XT1063, XT1064, XT1068, XT1069
thea (4G/LTE): XT1072, XT1077, XT1078, XT1079
(Updated 1st August, 2017)
Requirements:
1. Moto G 2014 2nd Generation (titan/thea)
2. Unmodified Stock ROM
3. Windows PC & Stable Internet Connection
4. Good Quality USB Cable & Functioning USB Port
5. Lots Of Patience & Common Sense
This guide is divided into 4 parts, read the below post & the comments before asking any question. Dont quote the entire post in the comments & ask what is only necessary.
PART I : UNLOCKING
This part is compulsory before proceeding to PART II. Your warranty will be voided after sending a request for an unlock key to Motorola used for unlocking process.
PART II : ROOTING
This part consists of 2 steps, flashing TWRP & flashing SuperSU Zip. After PART II is done, you can now flash custom ROMs, mods, scripts on your Moto G 2014.
PART III : RESTORING
This part is for those who wish to go back to the same stock firmware i.e. 6.0 to 6.0, 5.0.2 to 5.0.2 in case of boot loop, stuck at Motorola logo/boot-animation, BOOTLOADER UNLOCKED screen, OTA Update. You dont need an unlocked bootloader to flash the same stock firmware.
PART IV : DOWNGRADING
This part is for those who wish to revert back to previous Android version. i.e. 6.0 to .0.2 or 5.0.2 to 4.4.4. Please be very careful in this part as it can lead to dead devices if you dont follow the instructions correctly.
Code:
#include
/*
* Your warranty is now VOID !
*
* I am not responsible for bricked devices, dead SD cards,
* accidental data wipe or a thermonuclear war.
* If you have any concerns about steps included in this
* guide please do some research before trying it!
* YOU are choosing to make these modifications & if you
* point the finger at me for messing up , I will laugh at you.
*
* GOOD LUCK !
*/
PART I : UNLOCKING
NOTE:
The warranty of all Non-European phones is lost permanently after UNLOCKING bootloader. LOCKING the bootloader again after UNLOCKING won't give your warranty back.
The warranty of all European phones is not lost after UNLOCKING bootloader. To claim warranty of an UNLOCKED European phone you will need to live in the European Union.
Requirements:
Minimal ADB + Fastboot Drivers v1.4.2
Motorola Device Manager Drivers v2.5.4
Unlock Bootloader Tutorial
Unlock Bootloader YouTube Video
Bootloader LOCKED, Status Code 0 : Bootloader was not UNLOCKED before by the user & is factory LOCKED, UNDER Warranty.
Bootloader UNLOCKED, Status Code 3 : Bootloader is UNLOCKED by the user, Warranty VOID.
Bootloader RELOCKED, Status Code 2 : Bootloader was UNLOCKED by the user & is LOCKED again by the user, Warranty VOID.
1. Users with LOCKED bootloaders will have to first UNLOCK their bootloader before proceeding, this will VOID your WARRANTY.
2. Users with UNLOCKED bootloader need not worry as this process will not wipe anything from the internal storage.
3. Users with RELOCKED bootloader will have to UNLOCK their bootloader again before proceeding, phone will be erased again after UNLOCKING.
4. After UNLOCKING the bootloader your phone's internal storage will be erased. Your installed apps, contacts, SMS, call logs, data like photos, music, videos in internal storage will be WIPED completely.
5. Use 'SuperBackup' App from Playstore & set the location of backup files to external sdcard.
6. Before proceeding make sure you backup everything & move your data from internal storage to external sdcard or PC.
PART II : ROOTING
Requirements
Minimal ADB + Fastboot Drivers v1.4.2
Motorola Device Manager Drivers v2.5.4
TWRP v3.1.1-0 for titan
TWRP v3.1.1-0 for thea
SuperSU v2.82 Stable
A) Flashing TWRP
1. You need to unlock the bootloader before proceeding/
2. Install Motorola & Fastboot Drivers & restart your PC. Copy the SuperSU Zip inside your phone storage.
3. Go inside the installed adb fastboot folder. Hold "Shift" key & right click inside the folder & click on "Open CMD Window Here".
4. Copy the TWRP image file inside installed adb fastboot folder.
5. Switch off the phone, press & hold "Volume Down" & "Power" & release after 4-5 seconds.
6. Connect phone to PC . You will see "USB Connected" on the phone screen.
7. Type and press enter after each command
For titan (3G) : XT1063, XT1064, XT1068, XT1069
Code:
fastboot flash recovery twrp-3.1.1-0-titan.img
fastboot boot recovery twrp-3.1.1-0-titan.img
For thea (4G/LTE): XT1072, XT1077, XT1078, XT1079
Code:
fastboot flash recovery twrp-3.1.1-0-thea.img
fastboot boot recovery twrp-3.1.1-0-thea.img
7. Your phone will now boot into TWRP.
B) Backup Stock ROM (Optional)
1. Inside TWRP, select 'Backup', select 'System', 'Boot' & 'PDS' partitions & swipe to backup your Stock ROM.
C) Flashing SuperSU Zip
1. Select "Install" option, Select the location of SuperSU Zip & flash it, go back & select "Reboot", select "System".
2. Open the App Drawer & check for SuperSU app & then download 'Root Checker' app from Play store to check for root access.
PART III : RESTORING
Requirements
Minimal ADB + Fastboot Drivers v1.4.2
Motorola Device Manager Drivers v2.5.4
Softbrick : Stock 5.0.2 Factory Firmware Image Installer
Hardbrick : Unbrick Moto G 2014 (2nd Gen)
1. You won't need to UNLOCK the bootloader to flash the firmware of your variant for your region. i.e. You can flash firmware on a LOCKED bootloader. However to flash a firmware for different region, your bootloader needs to be UNLOCKED. Check your Moto G 2nd Gen Model No & Regional Variant from here before proceeding. You will need it for downloading factory images for your corresponding phone.
2. If your device gets stuck in following situations it has soft bricked.
- Stuck on Motorola logo or "Unlocked Bootloader" screen.
- Stuck on boot animation or device restarts automatically (boot loop)
- Cannot boot into recovery mode.
- Can boot into fastboot mode only.
3. If your device gets stuck in following situations it has hard bricked.
- Cannot boot into fastboot mode.
- Cannot power on or cannot charge.
- Cannot boot into recovery mode.
Step By Step Troubleshooting Of Your Device
1. Check if it switches on or boots into fastboot menu, if it doesnt maybe the battery is depleted. Use a minimum 1A output charger & keep it plugged in overnight for atleast 10-12 hours. Repeat for 2-3 days. If it still doesnt power on, this means your phone is hardbricked & recovery may or may not be possible. Motherboard replacement might be needed. You will loose all your data & your IMEI number will be changed after your motherboard is replaced.
2. If it switches on & is stuck on Motorola logo/bootanimation or "Unlocked Bootloader" screen, hold power button till phone screen turns off. Your phone will restart, let it continue the booting process. If it still stuck, hold power button till phone screen turns off. After it turns off immediately press volume down while holding power button. Release both after 2-3 seconds. You will now boot into fastboot menu. This means your phone is softbricked & can be recovered by flashing correct factory image for your device. Flashing incorrect image or downgrading from a higher Android version to lower (Eg Marshmallow to Lollipop) may render your device permanently hard-bricked/dead.
PART IV : DOWNGRADING
Requirements
Unlock Bootloader Here
Unlock Bootloader YouTube Video
Minimal ADB + Fastboot Drivers v1.4.2
Motorola Device Manager Drivers v2.5.4
5.0.2 Factory Firmware Image Installer
1. Boot into fastboot mode. Check your bootloader version from top 2nd line. It should say something like "48.86 (sha-5497-c9). 4886 is your bootloader version.
2. Marshmallow 6.0 to Lollipop 5.0.2 : If your bootloader version is 4886 (Marshmallow Bootloader), you need to make some changes in the easyinstaller.bat file inside the Stock Factory Firmware Image that you download or while flashing the ROM manually.
- Download Lollipop 5.0.2 Factory Firmware image zip from PART III RESTORING Section
- Unzip the contents & open easyinstaller.bat with notepad.
- Find the 2 lines "mfastboot.exe flash motoboot motoboot.img" & delete both of them.
- Delete the motoboot.img file inside the extracted contents.
- Run the easyinstaller.bat
- Do not type "mfastboot.exe flash motoboot motoboot.img" while flashing the Lollipop ROM manually
3. Lollipop 5.0.2 to Kitkat 4.4.4 : If your bootloader version is 4882/4883(Lollipop Bootloader), you need to make some changes while flashing the ROM manually.
- Download Kitkat 4.4.4 Factory Firmware image zip.
- Unzip the contents.
- Delete the motoboot.img file inside the extracted contents..
- Do not type "mfastboot.exe flash motoboot motoboot.img" while flashing the Kitkat 4.4.4 firmware image manually.
4. If you downgrade your bootloader version i.e flash a 4883 Lollipop bootloader on your existing 4886 Marshmallow bootloader, your phone will be hard-bricked / permanently dead. Therefore follow the instructions above carefully. I am not responsible for dead phones.
CREDITS
@Lucas Eugene for his thread 'Unlock Bootloader - Moto G (2nd Gen) [UPDATED]'
@Tomsgt for his YouTube video 'How to unlock the boot loader on your Motorola phone Moto X, G, & E all versions'.
@Chainfire for creating CF Auto Root & SuperSU.
@luca020400 for maintaining TWRP.
@reefuge for his thread '[STAGE FRIGHT][XT106x][5.0.2][LXB] Stock 5.0.2 Easy Installer via FastBoot Tool'
Do I have to change anything if I have the bootloader already unlocked (especially to avoid the factory reset)?
Nagass said:
Do I have to change anything if I have the bootloader already unlocked (especially to avoid the factory reset)?
Click to expand...
Click to collapse
Just flash the latest SuperSU http://download.chainfire.eu/supersu with twrp. That's it.
Nagass said:
Do I have to change anything if I have the bootloader already unlocked (especially to avoid the factory reset)?
Click to expand...
Click to collapse
Please read the OP
Unlocked bootloader wont wipe anything after rooting.
Just remove install_recovory.sh from /system/etc/. when you bootep into twrp the first time
After flash supersu and reboot
It displays failure remote failure when I run bat.exe
Thank you so much, this tutorial is perfect. :good::good::good:
Now my girlfriend can enjoy her 5.0.2 rooted with twrp 2.4.8.0 installed.
Great
iamanubhav said:
It displays failure remote failure when I run bat.exe
Click to expand...
Click to collapse
https://forums.motorola.com/posts/132580d3df
thaaaaaaaaaaanks @luca020400
and I can delete the application motorola?
If I understood correctly, this method does not require unlock key from motorola to unlock bootloader. So, if I unlock the bootloader and restore the lock again later, then there won't be any way that motorola can get to know if it was unlocked ever (for warranty purpose )??
Thanks for this!
However, it results in the same issue I've found ANY time I've tried to install ANY version of SuperSU with ANY android version on this phone (1063). That is: after flashing supersu, I get a boot loop. The first few times this happened, I cursed and reformatted the entire phone. For anyone else who has encountered this, I just figured out a way around it! It looks like this problem *only* affects the recovery partition, which is easily re-flashed.
Here's what worked for me:
While boot looping, press and hold vol down + power until screen stays black for 5-10 seconds, then release. You'll get to fastboot mode here. Then, connect with a usb cable and in a cmd prompt, from within your adb directory, type fastboot flash recovery <recovery image name.img> and hit enter. Once it flashes sucessfully, you'll be able to start back up with "normal startup" from the device's fastboot menu and all should be well. And if you've done this to correct a boot loop brought on by this autoroot, you'll actually still have root once you start up. Hooray!
The recovery image that you flash can be TWRP (link above) or the stock android recovery (which I found on this forum somewhere, but will upload with a link as soon as Mega is nice to me again).
Hope this helps someone else.
himsin said:
If I understood correctly, this method does not require unlock key from motorola to unlock bootloader. So, if I unlock the bootloader and restore the lock again later, then there won't be any way that motorola can get to know if it was unlocked ever (for warranty purpose )??
Click to expand...
Click to collapse
You need to unlock it
These are the step after the unlock on lollipop roms
imp .questions
Hey thanks for this thread I have successfully rooted my phone
Q. And if Motorola pushes the 5.1 ota can I update my is to 5.1?I have just rooted and the recovery is also stock
luca020400 said:
You need to unlock it
These are the step after the unlock on lollipop roms
Click to expand...
Click to collapse
So, this method won't unlock the bootloader?? The very first warning in OP gave me the impression that it will also unlock the bootloader :silly:
himsin said:
So, this method won't unlock the bootloader?? The very first warning in OP gave me the impression that it will also unlock the bootloader :silly:
Click to expand...
Click to collapse
Yes , the tool unlock your bootloader
But anyway you need the motorola code and unlock process
luca020400 said:
Yes , the tool unlock your bootloader
But anyway you need the motorola code and unlock process
Click to expand...
Click to collapse
Now I am more confused.... If the tool unlocks the bootloader then shall I assume that it asks for the unlock code during process?
himsin said:
Now I am more confused.... If the tool unlocks the bootloader then shall I assume that it asks for the unlock code during process?
Click to expand...
Click to collapse
Yes it ask for unlock code
Didn't work for me on Linux
fastboot-linux binary included with auto-root seems to be not working.
I tried to use fastboot from ubuntu repositories, which works, but couldn't correctly boot auto-root image.
I used openrecovery-twrp-2.8.4.0-titan.img with "normal" procedure described here , and everything worked perfectly.
Thanks anyway!
luca020400 said:
Yes it ask for unlock code
Click to expand...
Click to collapse
Thanks for clearing the doubts
himsin said:
If I understood correctly, this method does not require unlock key from motorola to unlock bootloader. So, if I unlock the bootloader and restore the lock again later, then there won't be any way that motorola can get to know if it was unlocked ever (for warranty purpose )??
Click to expand...
Click to collapse
Yes they understand, since your STATUS number changes from 0 to 3.
When you relock it changes from 3 to 2.
So your warranty is lost forever. Be careful.
You can find this number on the display when you're on fastboot mode (turn off the device and then press power + volume down for aboout 5 sec and release)
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
ui_print - Disabling OTA survival
ui_print - Removing old files
ui_print - Placing files
ui_print - Post-installation script
ui_print - Unmounting /system and /data
ui_print - Done !
Click to expand...
Click to collapse
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Root is working but the problem is TWRP because is not working its giving error so no flashing other custom rom or mods for now.
Yes root is working fine. I didnt tried twrp or cwm. With this guide, you can use stock odexed and unmodified lolipop rom.
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
jojobans said:
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
Click to expand...
Click to collapse
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
Click to expand...
Click to collapse
evet arkadash
Muhahahah
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Click to expand...
Click to collapse
Finally YES!!! thank you so mu ch. Will try later.
Root plus Custom Recovery, or Root Only?
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, one user of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
topet2k12001 said:
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, the OP of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
Click to expand...
Click to collapse
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Just to make sure, this works for v20i only or does it work for, say, my v20h too?
6ril1 said:
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Click to expand...
Click to collapse
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
topet2k12001 said:
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
Click to expand...
Click to collapse
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his flashables 20x original fw flzshable zip (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
6ril1 said:
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his rom (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
Click to expand...
Click to collapse
Yes, however that is a repackaged firmware (extract everything, root it, and then "bump" the necessary components, and then put it back together as a single flashable zip). That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. This guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
topet2k12001 said:
Yes, however that is a repackaged firmware. That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. Your guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
Click to expand...
Click to collapse
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
6ril1 said:
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
Click to expand...
Click to collapse
Ah, sorry I misunderstood what you were saying.
I do not know what rpm.img and tz.zip are for. I did read somewhere in XDA that tz.img is for the "radio" (or transmitter?). But I would suggest to keep those files (tz.img, rpm.img, aboot.img, sbl1.img) at "Kitkat version" because there will be a signature mismatch resulting to "certificate verify" or "security error" - if people want to have a custom recovery.
If people will NOT install a custom recovery (they just want root) then they can use this guide. The device will boot fine without the error messages, since recovery.img is Lollipop non-"bump'd" version (so the signatures match).
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
6ril1 said:
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
Click to expand...
Click to collapse
Yes, that's another way of approaching it. Or maybe create a flashable zip from it. But we will still need to instruct users to extract their Kitkat Image files (I don't think all Image partitions are the same for all variants), that's why I find the manual method (like @autoprime) to be a good approach because I personally find it to be more "universal".
One example: the D858HK does not have cust.img.
So for us to create an all-in-one script, zip, or approach, it would be difficult because of the many variants of the LG G3. Maybe if there were not that many variants, I'm sure skilled people like you can have a universal and convenient solution. For now, I still think that manual flashing is more universal.
topet2k12001 said:
Yes, that's another way of approaching it.
Click to expand...
Click to collapse
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
6ril1 said:
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
Click to expand...
Click to collapse
So that explains why even if the Lollipop versions are included/flashed, they won't cause an issue of signature mismatch. The Image file that causes a signature mismatch when you flash a "bump'd" file is aboot.img (the Android Bootloader). Which explains also in my experiment (prior to discovering it all and creating a thread) why I was initially able to "fix" my issue, following @autoprime's tutorial, when I flashed aboot.img - however, in exchange I lost "bump" status.
So basically, people will need to flash their Kitkat version of aboot.img and "bump" will still work (and will have custom recovery). That is our hypothesis at this point.
This reminds me: in my how-to guide, there was a user complaining about fast battery drain. Maybe if I advise him to flash the Lollipop version of rpm.img, that would help alleviate the issue. I will do an experiment and if this will succeed, I will update my how-to guide. In your case, for this thread's purpose, you may also do an experiment and create scripts.
Nice teamwork.
I don't know what "trustzone" is though. Will it affect signature mismatches? sbl1.img and rpm.img seem to be self-explanatory.
EDIT:
As mentioned previously, it is very dangerous to flash any of the restricted boot partitions such as sbl1, sbl2, sbl3, aboot or rpm. However it is safe to flash any other partition in order to install custom Linux builds and run them.
Click to expand...
Click to collapse
...do we really want people to touch this?
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **The following is tested on model SGP-771. For Wifi-only model the procedure is the same but you should use the files and kernels for the Wifi model. Do not flash the ftf and kernel files intended for the cellular model on a Wifi-only tablet.I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @AndroPlus, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your tablet when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this tablet such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each tablet and cannot be copied over from another tablet) unlocking the bootloader results in an irreversible loss of some of your tablet's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.260 firmware, For this tutorial I used SGP771_Customized HK_1296-4830_28.0.A.8.260_R10A. You can download it from https://mega.nz/#!YsUWwY5Y!0775_vLpjV9-UkoGjMWP6-Yu8L31LkJVHEyUwA7X9NA. For the wifi only model SGP712 use
https://mega.nz/#!wlIl0JDa!DR0lRL6dDn5Y-K_4768oJnLGWQyrxNV0xLHgKVVesFw (thanks to @kuroneko007)
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable. (To access service menu on SGP712 (Wi-Fi only model) see: http://forum.xda-developers.com/showpost.php?p=66164176&postcount=5) Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your tablet.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the tablet which is now in USB debugging mode to your PC and answer yes when it asks to authorize the PC to access the tablet in USB debugging mode. You can check that the PC indeed sees the tablet by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-07102015.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the tablet initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 SGP771_Customized DE_1295-6955_32.1.A.1.185_R4C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Obtain a kernel boot image. If you want to stick with the stock kernel you need to extract kernel.elf from the ftf that you flashed in step 1.15. If you want a custom kernel you can download one from https://kernel.andro.plus/kitakami.html Note that whatever kernel you are using in this step must match the firmware version currently installed on your system. For this example I downloaded Z4T_SGP771_AndroPlusKernel_v27.zip and extracted the boot.img file from the zip, which matches Marshmallow 32.1.A.1.185.
2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel (e.g. boot.img) to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd boot.img boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y
- Install TWRP recovery? [Y/n] N
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your tablet.
2.5- Boot the tablet in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the tablet and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is succesfull you will see this but if it hasn't been successful you will see this.
3- How to flash a custom or stock kernel
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash it on your tablet you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to flash recovery
4.0- To install TWRP recovery you need to flash AndroPlus kernel first (see sections 2.1 and 3).
4.1- Download a TWRP image from the same webpage. For this tutorial I used TWRP-3.0.2-0-20160417.img.
4.2- Reboot into fastboot mode and run this command:
Code:
fastboot flash recovery TWRP-3.0.2-0-20160417.img
4.3- Reboot the tablet. To enter recovery touch the volume keys when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the tablet must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the tablet. The command will look similar to this:
Code:
tarestore TA-07102015.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the tablet. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Reserved
For FAQ, etc.
Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...
Stevethegreat said:
Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...
Click to expand...
Click to collapse
No. This tool cannot help you and trust me there is no shortcut to avoid all of this.
Flashfire (the tool you mentioned) only works if you already have root access. There is no root available for this tablet without unlocking the bootloader, and unlocking the bootloader means you lose the TA partition immediately. So by the time you get this tool to work your TA partition will have been long erased.
Hi. Does this solution suit only for people who have not erased drm keys yet and are be able to backup it? For those who lost, no up-to-date solution except for that http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 ?
Correct.
Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?
mrdarek said:
Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?
Click to expand...
Click to collapse
You can download a tool called flashtool from http://www.flashtool.net/index.php and flash an unmodified ftf firmware. Because the firmware is unmodified the bootloader doesn't have to be unlocked. Many tutorials are available on xda and elsewhere about using this tool, which you can find by doing a Google search. As I said in the prerequisite section, "You should be able to flash an ftf file using flashtool. "
anybody successfully tried this guide?
I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?
mrdarek said:
I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?
Click to expand...
Click to collapse
As you said it, the problem was that you didn't flash the 260 version, not that it wasn't customized.
If you can't find the right version I upload it and post a link in the OP. It takes a little time so check this thread again in about 5 hours.
I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152
mrdarek said:
I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152
Click to expand...
Click to collapse
The sizes sound about right. What errors are you getting?
You can try to relock the bootloader using the instructions and see if your TA backup works. If that works then we can see why the kernel is patched correctly.
Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?
mrdarek said:
Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?
Click to expand...
Click to collapse
You need to follow the instructions to the letter:
1- flash the esaxt same firmware that you made the TA backup with.
2- Restore TA backup.
I guarantee you it will work or l will help you debug it.
Not very understand. It was done. TA backup was done with "260" firmware. I'm able lock that firmware again, so it work. but it only lollipop, can't go into marshmallow from it.
Goal is: marshmallow with root twrp and drm. How achieve it?
I see - I have new device version (karin) so (hopefully) temporary this solution not work for me. I can have only marshmallow with root and twrp (no DRM) or marshmallow with DRM (no root and twrp). I must wait as developers support my device, and keep my keys in safe place to that time.
mrdarek said:
Goal is: marshmallow with root twrp and drm. How achieve it?
Click to expand...
Click to collapse
mrdarek said:
Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
...
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
...
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
...
- Skipping drmfix. Unsuppported/untested for model karin
...
Click to expand...
Click to collapse
OK, I see what is going on.
When I use drmonly script version 4.24 I get the following:
Code:
C:\Users\najoor\Desktop\rootkernel_v4.24_Windows_Linux>drmonly.cmd boot.img test.img TA-07102015.img
- Unpacking kernel
Found android boot image
- Unpacking initramfs
- 64-bit platfrom detected
- Configuring secd
- Configuring wvkbd
- Configuring drmserver
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
But if I use version 4.31:
Code:
C:\Users\shervin\Desktop\working\Download\rootkernel_v4.31_Windows_Linux>drmonly
.cmd boot.img x.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
I have no idea why @tobias.waldvogel decided to remove the support for Tablet Z4 in the latest version of the drmonly script, but I can see that the DRM works fine with the old version.
I do not have persmission from @tobias.waldvogel to post the older version of his script here so you have to ask him to either add support in the new version or give you the older version.
Thanks - so now I see where is problem. I try contact with author.
Heh - I send PM him but it was my fault [added: it not totally fault - Tobias work on new version and soon we should have new working utility for all ]
I'm enough clever to modify script in 5 minutes (it txt ), and enough stupid to flash it immediately. Now I have....
rooted marshmallow with DRM KEY and TWRP - job finished
To finish job I disabled in settings auto-update, because now it start possible
FAILED <remote dtb not found>
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
downloading 'boot.img' ...
OKAY [ 0.347s]
booting ....
FAILED <remote: dtb not found>
Click to expand...
Click to collapse
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.
Hybel1507 said:
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.
Click to expand...
Click to collapse
Please follow the following steps exactly and let me know in what step things fail. If you do not provide detailed information I will not be able to help you.
1- Clean flash a 185 ftf and make sure system boots fine.
2- extract the kernel.elf from the ftf and I use fastboot to see if you can boot using fastboot with this kernel.
3- extract boot.img from AndroPlusKernel_v27 and see if you can use fastboot to boot with this image.
4- use the procedure in the OP to patch AndroPlus kernel and see if you can use fastboot to boot with this image.
5- flash this image using fastboot to see if the system boots fine.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This thread has the aim is to provide you with one single thread to find what you seek and where every user can participate by sharing files and/or links to.
Here's a list of all variants as thankfully provided by @Kisakuku:
htc_ocndtwl - China (Dual SIM)
htc_ocnuhl_jp - Japan (Single SIM)
htc_ocnuhl - Asia / EMEA (Single SIM for carriers and HTC direct sales)
htc_ocndugl - Asia / EMEA (Dual SIM for HTC direct sales)
htc_ocnwhl - North America (Single SIM US Unlocked, Sprint)
Helpful links:
[GUIDE | FIX] PIN/PATTERN/PASSWORD not recognised after TWRP restore
[GUIDE] HTC U11 How-To - Return to Full Stock ROM/Firmware
Downloads of fastboot mini platform tools from Google: Win64 | Linux
Downloads of htc_fastboot from HTCDev: Win64 | Linux | macOS
Instructions on fastboot flashing and Firmware by @Sneakyghost
Instructions on how to get an OTA link from HTC by @topjohnwu
Universal HTC RUU/ROM Decryption Tool by @nkk71 and @Captain_Throwback
SunShine Unlock/S-OFF thread by @jcase and @beaups
I cannot accept any liability and/or responsibility for these firmware packs. I am not able to go through the process of testing each pack, hence community members are called to test these on their own.
Regards 5m4r7ph0n36uru
Post #2: Google Spreadsheet with download links
Post #3: Firmware flashing methods by @Sneakyghost
Post #4: General Information by @Sneakyghost
Post #5: How-To Guidelines
1. How-To flash a RUU using the SD card method
2. How-To restore an untouched/pristine system image using a Nandroid Backup
3. How-To manually flash an OTA Update
Post #6: RUU Errors & Fixes
This thread wouldn't be as good as it already is without all those contributes named at the end of this thread. Thanks again to all of you sharing your files and knowledge that enables me to hold up this thread.
There are some special thanks I want to express to
@Sneakyghost by whom's firmware threads I gained the most, if not all, my knowledge about firmware reagarding HTC
@Captain_Throwback for creating and maintaining the HTC RUU decrypt tool, as well as maintaining all those TWRP Recoveries
@nkk71 for creating and maintaining the HTC RUU decrypt tool, as well as the MultiROM Mod on my past HTC devices
XDA:DevDB Information
[GUIDE][Collection] HTCU U11 – RUU/Firmware/Recovery/OTA/Backups
Contributors
@5m4r7ph0n36uru, @ziand_, @Kisakuku, @OMJ, @JEANRIVERA, @blueberry60, @Golv, @sergos1221, @topjohnwu, @andybg40, @Petert87, @sirioo
Created 2017-05-25
Last Updated 2017-06-24
[Collection] Spreadsheet with download links
GOOGLE SPREADSHEET
Recent Additions:
Please remember: you're writing to boot-critical parts of your phone. If anything goes wrong along the way, your phone might be bricked.
2019/02/09 - 2.42.709.86 RUU thanks to @ziand
2018/10/12 - 2.42.709.82 Nandroid thanks to @ziand / 2.33.91.7 Nandroid thanks to @korom42
2018/10/12 - 2.42.709.7 DUGL Nandroid, 2.42.709.7 > 2.42.709.82 DUGL OTA thanks to @ziand
2018/10/11 - 2.42.709.6 > 2.42.709.7 DUGL OTA, 2.33.401.19 DUGL Nandroid thanks to @ziand / 1.27.89.10 RUU thanks to @ziand and @migascalp / Updated all OTA links possible to AFH links thanks to @ziand, and removed those whhich are no longer working, due to HTC's server changes
2018/09/19 - 2.33.401.19 Nandroid thanks to @scotty2000 / 1.13.161.7, 1.27.161.5, 1.27.161.10, 2.33.161.11 Combined FullWipe Firmware thanks to @Petert87
2018/09/18 - 2.33.161.11 > 2.33.161.12 OTA, 2.33.161.12 Firmware, Nandroid & Stock Recovery thanks to @Petert87
2018/09/15 - 2.33.401.10 > 2.33.401.19 OTA thanks to @ziand
2018/09/06 - 2.42.400.3 DUGL RUU thanks to @ziand
2018/08/24 - 2.42.617.7 RUU ZIP thanks to @ziand / 2.42.400.6 > 2.42.400.7 DUGL OTA thanks to @desean
2018/08/12 - 2.33.91.6 Nandroid thanks to @korom42 / 2.42.617.7 Nandroid thanks to @8bitbang / 2.42.617.7 NoWipe Combined Firmware thanks to @darwinmach
2018/01/13 - EMEA DUGL: 1.27.401.11 > 2.33.401.10 OTA thanks to @jhil110/@sirioo, 2.33.401.10 Stock Recovery thanks to @ziand_ / EMEA UHL 1.27.401.12 > 2.33.401.10 OTA / 2.31.709.1 > 2.42.709.1 OTA, Stock Recovery & Nandroid thanks to @ziand_ / 2.31.617.2 > 2.42.617.1 OTA, Stock Recovery thanks to @JEANRIVERA / RUU (EXE & ZIP) thanks to @OMJ / Nandroid (AFH) thanks to @ziand_
2017/12/28 - 1.11.701.5 > 1.28.710.4, 1.28.710.4 > 1.29.710.5, 1.29.710.5 > 2.33.710.9 OTAs added thanks to @GraeFNZ
2017/12/17 - 1.27.400.8 > 1.27.400.21 OTA, 1.27.400.21 RUU & Nandroid thanks to @Kisakuku / 1.27.118.5 > 1.27.118.12 OTA, Nandroid & Stock Recovery thanks to @buttie / 1.27.1405.7, 1.35.1405.2 RUUs & 1.27.1405.6, 1.27.1405.7, 1.35.1405.2 Nandroids thanks to @liweichen6 / 1.28.617.30 > 2.31.617.2 OTA & Nandroid thanks to @OMJ / RUU (.EXE/.ZIP), Stock Recovery, Combined NoWipe & Full Wipe Firmwares thanks to @Kisakuku / 1.27.400.21 > 3.31.400.6 OTA thanks to @goodman_east / Stock Recovery, Combined FullWipe & No Wipe Finmares thanks to @Kisakuku
2017/11/03 - 1.28.651.40 > 1.28.651.50 thanks to @OMJ / 1.28.651.50 RUU (EXE & ZIP), Combine FullWipe & NoWipe Firmwares, Stock Recovery, Nandroid thanks to @Kisakuku / 1.27.401.11 (DUGL) OTA thanks to @Electronic Punk / 1.27.401.11 (DUGL) Combined FullWipe & NoWipe Firmware, Stock Recovery thanks to @Kisakuku / 1.27.401.11 (DUGL) Nandroid thanks to @ziand_ / 1.27.401.12 (UHL) OTA thanks to @axst_68 / 1.27.401.12 (UHL) Combined FullWipe & NoWipe Firmwares, Stock Recovery as well as 1.28.617.30 RUU (EXE & ZIP), Combine FullWipe & NoWipe Firmwares, Stock Recovery, Nandroid thanks to @Kisakuku
2017/10/15 - 1.27.401.5 UHL RUU, Combined FullWipe &NoWipe Firmware, Nandroid / 1.27.401.5 DUGL RUU, Combined FullWipe & NoWipe, Nandroid by @Kisakuku
2017/09/14 - 1.27.401.5 Stock Recovery by @Kisakuku
2017/09/12 - 1.27.401.5 OTA by @axst_68
2017/09/10 - 1.28.709.6 OTA by @topjohnwu, 1.28.709.6 Recovery, Combined FullWipe & NoWipe Firmware, Nandroid by @Kisakuku
2017/09/03 - 1.27.401.5 OTA & Nandroid by @ziand_, Recovery by @Kisakuku / 1.28.651.3 OTA by @OMJ, Nandroid, RUU, Recovery, Combined FullStock & Combined noWipe Firmware / 1.27.400.8 Nandroid, RUU, Recovery, Combined FullStock & Combined noWipe Firmware all by @Kisakuku / 1.27.1405.4 & 1.27.1405.6 RUU by @liweichen6 all added to the spreadsheet
[...]
2017/07/08 - Initial release of the newly created spreedsheets with all links provided as of today
Click to expand...
Click to collapse
Disclaimer
You are aware that writing to security protected, boot-critical partitions increases your risk to lose the device exponentially. You understand and agree that I cannot be held responsible for such or any other damages. The flash process is theoretically safe and well tested, however you are the brains behind the wheel and you are solely responsible for the execution of the process. I will not accept any liability. The method itself is developed by Google and HTC, I only provide access and information to it and I am trying my best to make it understandable and simple. Do not use this if you have difficulties understanding what this is!
You understand that you should not do it if you are not willing to accept this risk.
As some questions within this thread already showed that people don't read the OP, which includes all linked threads linked to in post #1, I'll leave the follwing here. With courtesy of our fellow contributer @Sneakyghost who allowed me to use his work in this thread, I'll quote his explanations on flashing methods, as well as the provided firmware.zip variants below.
If S-OFF will get available I'll double check all what's written below and alter it to reflect the the currrent situation on the HTC U11 if needed. For as long as we don't know what still holds true on the U11, I'll leave his fabulous work untouched as a quote.
The whole thanks and respect for this work belongs to @Sneakyghost. Thanks again to you mate!
Sneakyghost said:
Flashing methods:
The safest way is still HTCs RUU and OTA method. US RUUs can be accessed via HTC's US Support Site. Jump to your device, then click "View" and scroll down for the download-link. The page has Dev/Unlocked (617), Sprint (651), AT&T (502) and T-Mobile US (531) covered. RUU's are superior to other flashing methods because they carry lab tested combinations of partition images and the method itself is also known to work well (plus the psychological advantage).
Other than HTC's original OTA's which are "incremental", My packages are always FULL packages (applies to my NoWipe as well! It can also be considered a FULL update as opposed to incremental) - with these you can safely jump from a very old firmware right up to the newest. Following this original RUU / OTA method, come the methods most suitable for my packs:
My preferred method is the "Fastboot method", which needs a PC or Mac or Linux computer. I will be detailing how to fastboot flash firmware further down.
The "SDCard Method" can be considered the fastest and most suitable for people without a PC. I will be detailing how to SDCard flash firmware further down.
An explainer to the ZIP variants provided here:
Full Stock WIPE ZIPs:
NOTICE: FullStock zips currently permanently break the phones ability to receive HTC stock OTA's - to restore your OTA functionality, refer to post #5 for more information!
Only System removed (and encryption broken) - Everything else stock! This type of zip also re-flashes the /data partition with HTC's DZDATA files (meaning you loose everything on your internal SDCARD). Also replaces the Kernel, recovery and Splash1 with latest stock images! The /system partition will not be touched. (Else this would be a RUU.zip). It also includes the "apppreload.img" with all the carrier-bloatware (WWE has no bloat in there!).
Be sure to put a ROM onto your EXTERNAL SD before proceeding with a Full WIPE ZIP! If you forgot to put a zip on your sdcard: you can reflash TWRP with Fastboot (use my batch tool) and then choose between ADB file push, MTP transfer or even USB mass storage transfer mode. Last but not least you can take out the sdcard and use a card-reader with your computer. Phone will NOT boot without ROM reflash after using this!
NoWipe ZIPs:
These packages are modified. This type of ZIP updates basic Firmware partitions, does not touch the /data partition, leaves kernel, splash and ramdisk (in order to support custom ROM's modifying ramdisk) alone. The "apppreload.img" is removed, the bloatware partition will remain unchanged (to remove already existing bloat permanently flash apppreload.img from International/WWE/401, it is an empty image). Recovery will be replaced with the current TWRP. Phone should in most cases boot normally after using this.
And what you won't get here (fine print):
Since this is a Firmware Update Thread and not a ROM thread, you do NOT EVER get a ROM (a.k.a "System.img" or plain: "System" here. You understand and agree that you cannot have this from me. You also acknowledge that I cannot be blamed for your non-booting phone due to you not reading or not understanding this. You may find stock system backups here
How to flash firmware.zip's using fastboot
Prerequisites:
You need ADB and Fastboot on your PC. To get ADB and Fastboot up and running I strongly suggest you use my "Batch Tool" setup, because it contains an updated htc_fastboot, which is 100% working with the HTC 10 . This is important: the generic Google fastboot from SDK API Level 24 (latest at time of writing) is NOT FULLY COMPATIBLE.
The method outlined here does apply to my zips as well as HTC signed zips. The difference is, that for my zips, S-OFF is mandatory, while HTC signed zips can under certain conditions also be flashed to S-ON phones, however, different prerequisites and risks apply there. I will not cover HTC signed zips here as they are fundamentally different in some aspects while the flashing method remains the same.
Note: use "htc_fastboot" with my batch tool. If you use another ADB/Fastboot set, it will probably be Google Fastboot and then the commands should be starting with "fastboot".
Step-By-Step:1. If device is booted into Android, reboot into download mode by running:
Code:
adb reboot download
NOTICE: adb reboot download is new since the M9 for those who come from earlier HTC devices - zips can be flashed in download mode or RUUMode, both work. The on-screen status report is more detailed in download mode. This making it the preferred flashing mode for now.
1.a Or else, if your device is in a different state or you just prefer the button method:
In Android: Press and hold Power and VolDown at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power, keep holding VolDown a little longer.
During Boot and sometimes when booted into Recovery: Press and hold Power, VolDown and VolUp at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power and VolUp, keep holding VolDown a little longer.
When in download mode, use the VolUp and VolDown buttons to navigate up and down and use Power to confirm.
2. Now place the Firmware_xx.zip into your adb/fastboot folder (which will be "C:\Android\com" if you use my Batch Tool).
3. Followed by:
Code:
htc_fastboot flash zip Firmware_xx.zip
(replace "Firmware_xx.zip" with the name of your zip)
4. Now check the console output. It should approximately look like this log:
NOTICE: this flash log is taken from a NoWipe (not all images included) flash on an HTC 10. New is (compared to M7, M8) that the checking routine is way more sophisticated and Controller Firmware for e.g. the touch panel or the Infra Red Remote (One Series only, not available on the HTC10) and the like do NOT get flashed if the checks determine that they are already up-to-date. Images that do not get flashed show "BYPASSED", which is NOT an error.
Important: Should you decide to flash in RUUMode (instead of Download Mode like suggested further up), the flash process halts at around 90% on phone screen! This is normal and a safety precaution! The last few percent is the reboot, which is NOT happening automatically, so you get a chance to check the console output to make sure it is safe to reboot! The bar will only fill up to 100% once you type:
Code:
htc_fastboot reboot
Important: Download Mode flashes finish at 100% on phone screen and in console and ask you to hit Power to return to Download Mode screen.
IF you encounter any errors which are not "FAIL90", have a look into Post #3 or ask in the thread! DO NOT reboot the device until you have an idea what happened!
5a.
Code:
htc_fastboot reboot-bootloader
or press Power to return to Download Mode screen - depending on the mode you used to flash the zip. In Download Mode and Bootloader you can go to either regular reboot or shut-down the device via button navigation.
5b. Optional:
Code:
htc_fastboot reboot
to just reboot the phone to Android.
How to flash firmware using SDCard MethodPrerequisites:
Compatible SDCard, should be formatted with FT32 for older firmware, newer firmware can also handle ExtFS formatted cards.
A firmware.zip you would like to flash, taken from Post #2 (Downloads)
Phone charged up at least 30% (will fail with low power warning if lower than 30%)
Step-By-Step:1. Rename your firmware.zip to exactly "2PS6IMG.zip" - make sure you enable "show file extensions" in Windows Explorer, if you rename it on your PC. Else you might end up with a "2PS6IMG.zip.zip" which won't flash.
2. Copy your "2PS6IMG.zip" over to the root of your SDCard. Use a cardreader, or MTP protocol in Android or Recovery, or USB Mass Storage protocol in Recovery, or ADB push the file in Android or Recovery - many methods available.
3. Now, if device is booted into Android, reboot into download mode by running:
Code:
adb reboot download
3.a Or else, if your device is in a different state or you just prefer the button method:
In Android: Press and hold Power and VolDown at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power, keep holding VolDown a little longer.
During Boot and sometimes when booted into Recovery: Press and hold Power, VolDown and VolUp at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power and VolUp, keep holding VolDown a little longer.
4. Once Download Mode starts, it will "see" the 2PS6IMG.zip and ask you (yellow text at bottom of screen) if you want to flash the firmware. Press VolUp to confirm and proceed with the flash, or press VolDown to cancel and continue into Download Mode UI.
5. Now check the screen while it flashes. It should stop at "end UI updating. Press Power to continue" - the phone will now shut off! To turn it back on, press and briefly hold power again.
Click to expand...
Click to collapse
General Information
The whole thanks and respect for this work belongs to @Sneakyghost. Thanks again to you mate!
Sneakyghost said:
FullStockWipe and HTC OTA's a.k.a "Verity"
What's the problem?
The way the new security works, a FullStock zip will break your OTA capability in almost all scenarios. The only scenario where that would NOT happen is if you have, before you flash the zip, already the corresponding untouched, hash-sum matching stock system image flashed. Nobody using custom ROM's has that. So, what happens is this:
- FullStock.zip flashes stock kernel which has verity enabled and checks partition integrity upon boot.
- After flashing, you reboot. The kernel kicks in (around when bootanimation would start). The kernel checks the /system partition if it is the correct one.
- The kernel finds it is not the correct system and reports a fail-status, sets this as persistent information, and will force a reboot
- At reboot, (and every reboot after) the Bootloader picks up the fail status and pass it on to the kernel, which in turn will pass it on to the system.
- Now, Android thinks, System is messed up and will not allow you to download and apply an OTA.
From now on, every boot, even if you flash a clean stock system, the aboot will tell the rest of the guys working inside your phone: hey, this thing has been messed with, it cannot be updated anymore!
Fixing strategies:
1.) To restore OTA function fast and easy: run a RUU.
2.) If there is no RUU for your specific model, you could convert to another model which has a RUU.
3.) Then there is a third, theoretical way I have not yet tested: obtain an untouched system image that fits your FullStock (same version), flash that in fastboot (it can be a raw dump or a TWRP systemimage backup of the correct system) and then flash the corresponding FullStock again. That should, like a RUU, restore OTA functionality too.
4.) Also very simple: grab the HTC OTA file which you find in /data/data/com.htc.updater somewhere if you can download. If not, find it on XDA from someone else who got it. Then put it on your sdcard, have stock recovery flash it from SDCard (no detailed guide here but its the same since years, there are tons of guides on how to manually flash a HTC OTA out there. Use Google).
5.) Remove boot.img from my FullStock zip before you flash. Your custom ROM of choice will put a hacked kernel into your phone again anyway...
However, at time of writing this, I know @nkk71 is investigating other, simpler methods to restore the correct state.
So, if you absolutely depend on HTC's OTA's, best would be to just not flash/boot a stock kernel ever while a custom system is installed.
Flash Process Output (applies mostly to older phones, the newer HOSD driven output is much more detailed)
There are a few steps in the flash process which are not really straightforward but i can maybe explain some of them here:
sending 'zip' means: fastboot is sending zip over to client (here referred to as “remoteâ€)
OKAY [ 2.839s] means status of sending was good. Transfer succeeded.
writing 'zip'... means the zip is being written to some location on the phone from the /temp location.
(bootloader) zip header checking... means the zip header is being checked for validity, see if it’s a real zip file and check for HTC’s signature, which often resides in the header part.
(bootloader) zip info parsing... means most likely a check on the file hashes in the zip (integrity check - if the zip is borked, it will fail here)
(bootloader) checking model ID... The bootloader checks if the android-info.txt contains the right MID. If it fails here you gotta swap out your model ID in the android-info.txt file or write another MID to your phone.
(bootloader) checking custom ID... The bootloader checks if the android-info.txt contains the right CID. If it fails here you gotta swap out your Customer ID in the android-info.txt file or write another CID, possibly SuperCID, to your phone.
(bootloader) start image[hboot] unzipping for pre-update check... means the bootloader is now unzipping the [hboot] image. This line will be repeated before every image that is to be flashed.
(bootloader) start image[hboot] flushing... means the bootloader is now beginning to flash the [hboot] image.
(bootloader) [RUU]WP,hboot,0
(bootloader) [RUU]WP,hboot,99
(bootloader) [RUU]WP,hboot,100 these three lines read [RUU] for what mode fastboot is in, WP for “Write Partition†for what is currently being done in RUUmode, “hboot†is the name of the currently flashed partition, number xx is a percent stage of the write process.
(bootloader) ...... Successful means the final status is successful.
Now, before the [RUU]WP,hboot,xx line we often see another line reading [RUU]UZ,radio,50 for example. That reads RUUmode is currently unzipping the Radio.img and at stage 50 percent. UZ means UNZIP.
If you see something like this:
(bootloader) start image[sbl1-1] unzipping & flushing...
(bootloader) [RUU]UZ,sbl1-1,0
(bootloader) [RUU]UZ,sbl1-1,100
(bootloader) signature checking... means it is checking the signature of the partition if it matches the expexted signature stored in the hboot.
(bootloader) verified fail means the signature in the image did not meet expectations.
(bootloader) ..... Bypassed means the image got skipped because its got the wrong signature.
This has to be interpreted like this: there are multiple “SBL†images, to be exact: type 1 has 3 variants and type 2 has only one variant. Of type 1 (“SBL1-xâ€), two get skipped, one gets flashed (see my log above), of type two (“SBLxâ€) both get flashed. I believe, SBL 2 and 3 are device independent, but SBL1 has three variants, of which only one fits the current device. So, depending on the device you have, you will see either SBL1-1, SBL1-2 or SBL1-3 being flashed and the other two subtypes being skipped (bypassed).
The same goes for the "dzdata" images in the firmware package. They come in two or three size flavors (16, 32 and 64 GB) and resemble the file structure of the /data partition. Depending on your device and model, only the one with the right size gets flashed, the others skipped.
Important to understand: nearly all FAILED messages that do NOT occur while [RUU]WP (write partition) should be considered harmless. Only a FAIL during a write operation will most likely result in a damaged partition. All other fails will probably leave the original partition intact and thus the device can be rebooted. So far my understanding.
General hints for RUUmode / Download Mode zips
- Opening a zip is best done with 7zip as WinRAR and other zipping tools have lead to flash fails in the past.
- Choose low compression, higher compressions often fail. Pick "save" or "normal" to be safe, anything higher could cause the unzip in Bootloader to fail.
- Adding and Removing images is not a problem. The naming of the partition images seems flexible, yet if you encounter an “Error 23: parsing image fail†you need to rename the relevant image to something stock as not all names seem to be recognizable. The Hboot/Aboot determines the right partition from the header inside the image.
- Additional Dots in zip file names are known to have caused issues for a few people.
- Spaces in names are a no-go!
- Custom Recoveries can be added to those zips as well as custom kernels. In fact, if your phone is S-OFF, you can pretty much add anything and name it e.g. “recovery.img†and it will be flashed. You gotta be very very careful, as this is an easy way to break your phone. Make sure not to mess around with modified images!
- With S-ON, those zips only flash if everything is totally stock, from the android-info.txt being right up to all images being the correct versions for that update package and all having the right signatures. Reads: no custom messing with firmware zips for S-ON phones. In fact: apart from HTC OTA firmware.zip’s and RUU’s, nothing will flash with S-ON at all...
General hints for android-info.txt
- Use an Editor that doesn't mess up linebreaks like Windows Notepad does. Use Notepad++
- MID’s can be added one per line. Also supports wildcards i think e.g.: 71******, but i’m not sure.
- CID's can easily be added or removed- one per line, definitely supports wildcards (used by HTC in DevEd phone)
- Mainver line: should hold the version of the used set of firmware images. Example how to format the version: 2.24.401.1 (2= Base version always increases by 1 with each Android base version rise, 24= Build version from HTC, 401= Regional/Customer identifier, 1= Revision of the HTC Build). This line is being written to the /misc Partition and is meant to reflect the whole phones software version - it is not meant to only describe the “firmware†part or the “ROM†part alone. HTC has intended the Version to always represent the whole thing, firmware version matching the ROM version. therefore, it would be wise to always run matching firmware and ROM versions, except where explicitly recommended otherwise. Mismatches can cause anything from no issues over radio problems up to semi-bricks.
- hboot pre-update line: usually says "3" but i have seen different numbers. I think they determine if hboot-preflash is required (when you get “Error 90 - please flush image again immediately†this is when the hboot/aboot needs to be flashed separately first and then the rest. If you encounter this, you need to run the flash command you just did, again.
- btype:1 not clear. [Item subject to change]
- aareport:1 Since HTC hboots/aboots, boot and recovery images come as "hboot_signedbyaa†/ “aboot_signedbyaa†/ “boot_signedbyaa†and “recovery_signedbyaa†i would read this as "aa" representing htc ("hboot signed by aa"). It could possibly mean check on the signature in hboot/aboot/boot/recovery - all of those also come in unsigned flavors - in HTC OTA’s, those are usually without the “_signedbyaa†but in the RUU, they are carrying a signature). So, aareport: 1 can just mean check on signature yes or no.
- Delcache means erase cache when rebooting. Simple. Some firmwares seem to need it, some don't. Line is not present in every android-info.txt. If you mess with a zip that contains the line, leave it active. This is also not referring to the Android OS cache partition. It refers to the separate Kernel and Recovery Cache. Sometimes, not deleting Kernel or Recovery Cache after flashing those leads to malfunctions. If the Kernel is launching and there is an older conflicting copy cached, the phone won’t boot past Kernel stage (before the bootanimation starts), if Recovery is conflicting with a cached copy (usually after flashing a new/different recovery), it will lead to the recovery not booting or malfunction (like aborting an ongoing ROM flash or not being able to execute other functions).
RUUmode:
is the mode used for RUU flashes by HTC. It allows a few more things than the normal fastboot. You recognize it by looking at the phone’s screen. It will be black, showing only a silver HTC logo and if a command is being active, a green progress bar. New M9 RUUMode now shows a percentage counter below the bar.
Download Mode:
New flashing mode, introduced 2015 with the HTC One M9, due to changing to a different, aboot-based bootloader structure, HTC also introduced the use of an HOSD partition containing sort of a micro-linux with extended fastboot-capabilities. It provides much more logging output and can be considered the better flashing environment now. When flashing my firmware.zips, I recommend using Download Mode over RUUMode, as it gives you much more feedback. The ARUWizard (a.k.a RUU or FUU) might still expect RUUMode for flashing, but when manually flashing or also when using SDCard method, Download Mode will work best.
Bootloader Mode:
You can also directly flash most firmware partition images with the by-name method, and that works only when booted to Bootloader (the white screen with colored text lines). In this mode, you can for example flash stuff like this: “htc_fastboot flash recovery recovery.img†or “htc_fastboot flash adsp adsp.img†- almost all image files can be flashed separately without HOSD or RUUMode in bootloader.
On the HTC10 this has become a critical function when recovering from flashing frankenbuild-firmware. After the Android N transition for example, a combination of old keymaster.img with new Android N firmware would lead to broken Download Mode and broken RUUMode, hence disabling all flashing methods. Using this direct image flashing method, you can recover your phone in such a situation. Inside the firmware.zips will be a file called “partition_info†- you can open that with a text editor like NotePad++ and see all the flashing names for the partition and this way figure out how to reflash every single partition manually.
NOTICE: do not flash aboot_signed.img this way! The only image that should not be flashed directly over itself when booted into bootloader!
Recovery flash risk:
Some of you might have heard of, or are thinking about flashing firmware using recovery.
Although it is perfectly possible to write firmware images to the NAND chip using the DD method in recovery (either with a script or by using ADB shell dd) it is highly recommended that no developer employs this method (except if it's the only way to rescue a damaged device, e.g it only boots to recovery or something like that). This suggestion can be limited to boot critical files (SBL images, Aboot, HOSD, Keymaster for instance), but I prefer to see this as a general “good practice†thing. The reason behind this is, that DD has no inbuilt write verification. If there is just one single bit that does not get written correctly, DD won’t notice and won’t correct it. With some bad luck, you end up with a brick this way.
JTAG with a RIFF Box
Every device of these days has so-called jtag test-points. Basically, these are points on the mainboards, where a direct connection to the main chip can be established and then that chip can be read and written to with an external device. Sometimes, these testpoints are hidden (like they are normal contacts of the chip) and no direct visible gold points on the board. It always takes a while after a device is released until the jtag layout is fully discovered but once that is done, companies like multi-com.pl start manufacturing small boards with pins that can be pressed onto the mainboard, so no soldering to the device is required. Once such a board exists, the mainboard can be hooked to the RIFF box which can rewrite a dead chip from the outside.
As long as there is no such small board (called a "JIG") the phone can still be revived but it is necessary to solder hair-thin wires to the test-points. That is perfectly possible, Tecardo can do such a thing, but its not very good for the board and cannot be done very often. At some point the solder points will degrade so much that the board is garbage then.
In case you really brick your device, you can contact Tecardo here: http://forum.xda-developers.com/showthread.php?t=2116062
MID and CID
MID = Model Identification. It serves the purpose of identifying the Model of the phone. There usually are several different ones. The ModelID in android-info.txt is CaSeSenSiTivE!
Some limited Data is here: https://docs.google.com/spreadsheet...ShfYNFAfSe-imhhqtVfeMPVDA/edit#gid=1606643937
CID = Customer ID and describes, for which customer HTC made this phone. HTC has a few own CID's for its regional stores. Then certain carriers decide to have their own CID. Some carriers even have their own Model ID’s.
So, while the MID more like describes the hardware, the CID basically just describes the software set that comes delivered with it. Both get checked on when flashing in RUUmode. How to trick this system? Fairly easy. Just add your respective MID or CID to the android-info.txt file inside the ZIP or make your phone SuperCID (My Batch Tool can do that automatically - but remember: all this only works on S-OFF phones).
S-OFF:
S-OFF refers to the NAND’s security lock. S is for security and OFF means the security is switched off. The factory state HTC’s phones ship with is ON, except for the userdata partition, which of course is always unlocked.
The key for that lock is the most heavily guarded secret in HTC’s software vaults. It cannot be extracted, bought or otherwise obtained from them. There is no official way to unlock the NAND partitions (approximately similar to what Apple fans do when they “jailbreak†their products, although technically not quite as similar). While the HTC Dev Unlock (available through htcdev.com) just unlocks 3 partitions (Boot, Recovery, System), the “S-OFF†hack we use unlocks all partitions, thus enabling the flashing of custom, modified or other devices firmware. This is what you want for this thread and you can get it from the famous reverse engineers Jcase and Beaups over at: http://theroot.ninja/ or alternatively purchase a “Java Card†and learn how to work it, from chinese sellers on Alibaba, sometimes Ebay. Then there is a way to do it with an XTC Clip. But SunShine S-OFF is by far the safest and fairest method. You will only be charged if it works and the guys over at sunshine are really helpful.
A more detailed look at how S-OFF works
[Subject to change - not a definite explanation, just how I think it works]
In the phone's Firmware is a component that checks if certain partitions have a digital signature from HTC and deny write access if the signature is wrong or missing. The checking component is known to be the Security, which can be set to OFF. Then we say the phone is
S-OFF.
System, recovery and boot do not get signature checked at all once you “unlocked†your phone on htcdev.com. The other partitions however do get checked as long as Security flag is set to ON. Partition 3 is where the Security flag is located and maybe also the checking routine that checks the other partions digital signatures,
The S-ON state is resembled by a 3 in the fastboot command to switch security on. It is: fastboot oem writesecurflag 3. You do NOT want to do that while any custom firmware is running. Only after a full RUU that removes any modifications.
Why? For some partitions like the splash screen, it might not lead to a brick if you set security to ON while a custom splash is installed (then failing the signature check), as this partition is not vital for the boot process, it might just be skipped and give you an error message (I have never tried obviously). Other partitions however, boot critical partitions like Hboot/Aboot.... You guys have to understand that altering any of these partitions can be deadly to your phone if you happen to leave them altered when switching security back on.
Determining your “Firmware Versionâ€
I believe there is some wrong info circulating the HTC Fora. People keep saying when running fastboot getvar all it will report the Firmware Version in the line “Version-Mainâ€. This is not always true though. Fastboot getvar all or alternatively getvar mainver pulls a version it finds in the MISC partition and relies on that to be correctly updated. Source
So how does that version string get updated? It is being taken from the android-info.txt file in any firmware zip that you flashed. The last zip you flashed determines what will be reported by the getvar function. So if you mess around with Firmware.zips and RUU’s a lot, chances are, that the version reported there is not equivalent to what you are already running. Often the android-info.txt has version entries not appropriate for the actual zip contents, for compatibility reasons, because it wasn’t done properly or whatever. My zips usually have the correct MainVer though.
The "Firmware" as a concept like we use it on XDA does not exist in HTC's terms. HTC does NOT differentiate between the /System Partition (what we know as "the ROM") and the other 36 partitions. Hence, if you run getvar all or getvar mainver on a stock phone, it will report correctly. It does not go looking for a fictitious place where it would find a separate "Firmware" version. That place it is looking at is the Misc Partition and that’s correct as long as you haven’t messed with lots of different Firmware zips... So, if you happen to run a hybrid system with a ROM from one base and the other partition images from another base or multiple bases (like hboot from 1.27, radio from 4.06 and ROM from 3.62) the getvar function will report as "Version-Main" what it finds in /misc/, precisely the last zip you flashed determines the string put there.
Example: you flashed a radio with a RUUmode zip from Base X.YY but the android-info.txt is maybe still an old one because the dude who made the zip, just dropped the new radio into an old existing zip, the getvar function will later report that old version as your mainver.
To check your firmware: boot to bootloader and look at the combination of hboot version and radio version - if you didn't flash those separate, the combination will let you know what base you are on (each OTA and RUU has the radioversion in its name).
Finding out your firmware is a game of guesses and knowing what you did to your device and where you are coming from.
If totally lost, best thing is to reflash some clean stock package to be sure you are on the same level with all partitions.
Long story short: you better know what you do because finding out your firmware is going to be difficult if you don't.
Click to expand...
Click to collapse
How-To Guides
1. How-To flash a RUU using the SD card method
reboot to download mode
perform
Code:
htc_fastboot getvar all
and note down your original software version
download the latest Stock RUU for your device.
flash your RUU to revert to stock
rename RUU to 2PZCIMG.zip
copy 2PZCIMG.zip to root directory of SD card
reboot to download mode
press Volume Up button to confirm flash of RUU
As soon as your RUU has been flashed sucessfully, that's it. Your are now Full Stock again, or updated to lates software version respectively!
2. How-To restore an untouched/pristine system by using a Nandroid Backup
flash TWRP custom recovery
download custom recovery at https://twrp.me
reboot to download mode
Code:
adb reboot download
flash recovery image
Code:
htc_fastboot flash recovery nameoftwrp.zip
Restore your Nandroid. If you got none yourself, it might be possible that you’ll find one in the above linked Google spreedsheet.
unzip the according Nandroid
copy Nandroid to TWRP/Backup/SerialNo/Nameofbackup on your extSD
restore Nandroid by using TWRP > RESTORE and choosing above copied Nandroid
Flash incremental OTA firmware
reboot to download mode
perform
Code:
htc_fastboot getvar all
and note down your original software version
download all incremental OTA firmwares to your PC, starting with the one above your current firmware version, up to the software version number of your above choosen Nandroid Backup (ATTENTION: If you are S-OFF it will suffice to download the latest Incremental OTA as well as the latest Combined Full Wipe firmware according to the above choosen Nandroid Backup)
flash all incremental OTA firmwares – one after another – following the below named steps (ATTENTION: If you are S-OFF you start with the Combined FullWipe, and proceed with the Incremental OTA one, to ensure that you’ll be able to receive upcoming OTA updates)
Code:
htc_fastboot flash zip nameoffirmeware.zip
(ATTENTION: this has to be done twice to comlete, and it will flash full firmware, thus TWRP will be replaced by stock recovery)
As soon as you restored the Nandroid and flashed all incremental firmware file up to the current build number of your Nandroid, that's it. Your are now Full Stock again!
3. How-To manually flash an OTA Update
3.1 Pre-ota preparations:
Download needed OTA package, in my example we will use
Code:
OTA_OCEAN_UHL_N71_SENSE90GP_HTC_Europe_1.13.401.1-1.03.401.6_release_5054200ovndmjh5kcwjecc.zip
Check your ROM version in Settings > About > Software Information, it MUST match the second value. In this example case
Code:
1.13.401.1-1.03.401.6
, if you have version different from
Code:
1.03.401.6
, update will FAIL.
Make sure that your device running system without any app/files modifications, otherwise update will FAIL.
Check your recovery, official OTA should be applied only on Stock Recovery.
Now copy your OTA package to system storage, I recommend to copy file in root of the Internal Storage.
When preparation stage is done, we can proceed to installation.
3.2 OTA installation:
Turn off device.
Press Power button and Volume down button, keep them until you see download mode.
Use the Volume rocker to navigate to the menu entry Reboot to bootloader and press Power button to confirm this action.
Use the Volume rocker to navigate to the menu entry Reboot to Recovery and press Power button to confirm this action. Your device will now reboot to recovery mode.
When recovery starts, you will see a red triangle with an exclamation mark within. Don’t worry nothing bad happened, this is just the entry screen of your stock recovery.
Wait for a short while and press Volume-Up button with Power button. This combination allows you to enter the Recovery menu.
Use the Volume rocker to navigate to apply from phone storage option and press Power button to confirm.
Now you can choose your OTA package. In our example it will be stored in
Code:
data/media/0/OTA_OCEAN_UHL_N71_SENSE90GP_HTC_Europe_1.13.401.1-1.03.401.6_release_5054200ovndmjh5kcwjecc.zip
then press Power button.
After reboot you will get message that you successfully updated your device.
4. How-To to take an OTA using TWRP Recovery
The whole thanks and respect for this work belongs to @Captain_Throwback. Thanks to you mate!
Captain_Throwback said:
You can take the OTA directly with TWRP installed; it should work fine - in fact, that's how I took it today.
Prior to hitting the "Install Now" radio button in the System Update notification, though, I had to make a copy of the OTA zip and place it elsewhere on the device. Then, I extracted the firmware.zip from it. Then I extracted the zip itself, and zipped it back up without recovery.img (so that I wouldn't overwrite TWRP). Renamed the new zip 2PS6IMG.zip and placed on the root of my SD.
Then hit "Install Now". System reboots into recovery and OTA install begins. You'll see some red text in the console at the end of the install but it'll complete successfully.
Take a fresh "System Image" backup in case you decide to modify system later. Reboot to download mode, and install the firmware zip. It reboots once by itself to update aboot, and finishes updating after then. Then you have to press power to power off the device (for some reason). When powering back on, hold Volume Down to get back to download mode, this time cancelling the update and rebooting to bootloader, then back to recovery (TWRP). Re-root with SuperSU, flash systemless Xposed or whatever and when you're done, reboot. It'll reboot by itself once to process the SuperSU install, and then booting will proceed. It'll optimize apps, which will take a while, but once it's finally back up, you'll be all updated, without ever having flashed a stock recovery, and fully rooted once again
[...]
P.S. Obviously the OTA will only apply if your system is completely stock, without ever having been mounted rw.
P.P.S. You can only modify the firmware.zip and successfully flash it if you're S-OFF. Otherwise, you have to leave the firmware zip untouched and flash it that way. Then you'll have to re-flash TWRP.
P.P.P.S. You can obviously root using whatever method you'd like. I'm no longer using SuperSU - I'm currently using Magisk combined with phh's open-source root.
Click to expand...
Click to collapse
5. How-To Downgrade your device while S-ON
The whole thanks and respect for this work belongs to @ziand_. Thanks to you mate! But never do it if you do not have a clear vision how to do it. For inexperienced users it is a way to get a brick, I will not accept any liability!
ziand_ said:
There is a possibility to flash old RUU with with S-ON Unlocked. It is necessary to delete current ROM number in misc (example on my OCEN_DUGL 1.13.401.1):
Boot into TWRP recovery.
Check position of ROM version number in misc by command (0x2208 - the same as on HTC 10 and HTC One M9):
c:\adb>adb shell "dd if=/dev/block/platform/soc/1da4000.ufshc/by-name/misc bs=1 skip=2208 count=16"
(or c:\adb>adb shell "dd if=/dev/block/sde1 bs=1 skip=2208 count=16")
1.13.401.1 16+0 records in
16+0 records out
16 bytes (16B) copied, 0.007585 seconds, 2.1KB/s
Delete ROM version number (1.13.401.1):
c:\adb>adb shell "dd if=/dev/zero of=/dev/block/platform/soc/1da4000.ufshc/by-name/misc bs=1 seek=2208 count=16"
16+0 records in
16+0 records out
16 bytes (16B) copied, 0.007466 seconds, 2.1KB/s
Boot into download mode (you can see empty line "OS- ") and flash previous RUU by PC or SD card flashing method, I prefer last one.
It works, I checked it on my U11 (some users checked earlier on HTC 10 and HTC One M9). This can be helpful to flash RUU for removing troubles and fixing phone when there isn't a current running RUU.
Click to expand...
Click to collapse
07 RU_CID_FAIL: CID in android-info.txt does not match your phone’s CID
10 RU_MODELID_FAIL: MID in android-info.txt does not match your phone’s MID
12 SIGNATURE FAIL: phone expects an HTC signature and can't find one; or found a wrong one
22 RU_HEADER_ERROR: something wrong with your zip; check md5 of download
23 PARSING IMAGE FAIL: something wrong with the image within the zip
24 ANDROID-INFO FAIL: something wrong with android-info.txt within the zip
32 HEADER ERROR: the zip couldn't be read and unzipped properly; seems same as 22.
33 NOT KNOWN YET: might indicate hardware failure.
35 FAILED (remote: 35 RU_PARTITION_NOT_SUPPORT <PartitionName>): means you can’t flash an image in download mode, as it has to be done in bootloader mode.
41 WRONG MODEL ID: means the RUU is menat for a different device
42 WRONG CUSTOMER ID: means you got to swap CID first
90 PRE-UPDATE FAIL: means it only flashed aboot and you have to run the process again immediately to flash all other partitions. The htc_fastboot.exe now auto-reboots on Error 90!
99 UNKNOWN: usually indicates you are S-ON, but sometimes also recognizes other Security related issues.
130 WRONG MODEL ID: see 41
152 IIMAGE ERROR: phone ccreen shows a little triangle beside a full green bar
155 INDICATES DIFFERENT THINGS:
the need to relock bootloader; if S-ON
the RUU cannot be executed, because the software versions of ROM, Firmware and RUU aren't matching
170 CHECK USB: RUU won’t run because ADB isn't working properly
171 USB ERROR: happens all the time when the RUU reboots the phone to download mode. For some reason the device is losing its connection and making a RUU flash virtually impossible . There is an incompatibility between USB 3/3.1 and Fastboot/ADB, as well as an issue with Windows Device Detection on the newer Windows 10 builds.
ERROR FIXES by @Sneakyghost:
For Error “7 RU_CID_FAIL” do:
- Make your phone have SuperCID (htc_fastboot oem writecid 11111111)
- Or: edit android-info.txt inside the zip to have your phone’s CID in its list
For Error “10 RU_MODELID_FAIL” do:
- check that the Model ID in android-info.txt matches your phone’s Model ID.
Typically, making your phone “SuperCID” makes it ignore CID and MID mismatches alike. However, lately we have noticed HTC has changed that behavior. MID mismatches are not ignored by SuperCID anymore. You will need to unzip my firmware package, change the MID in there to your MID and rezip it. Or, alternatively, change your phone’s MID, which is a bit trickier.
To un- and re-zip, please refer to Post #5 of this thread for more information!)
For Error 12 “signature fail" do:
- might indicate that a signed firmware package is required. This would only happen with S-ON phones though.
For Error 22 "RU_HEADER_ERROR" do:
- verify that you followed my zipping instructions exactly. If a correct zip is given (e.g. you get this error with one of my zips as well), we will need further information to work out what happened. This means a complete log and step-by-step post of what you did. Best just copy and paste the full console window contents so we can take a look.
For Error 23 "parsing image fail" do:
- change image names in the zip to stock image names like “hboot.img" or “radio.img" or whatever failed there....
For Error 24 "android-info fail" do:
- check that your ZIP isn’t some HTC OTA or anything that’s got no android-info.txt - those cannot be flashed with “htc_fastboot flash zip nameof.zip” command.
- check that your zip has a good MD5 and is not broken, check android-info.txt etc...
For Error 32 "header error" do:
- Make sure there is only one . (dot) in the filename, before the extension. Fastboot reads anything after the first dot it sees as the extension. If that is not zip, it fails.
- See Error 22.
For Error 33 "Update fail" do:
- Try other flashing modes, such as "SDCard method" or direct bootloader-flashing (only available for images named in "partition-info" file inside the firmware zip) if Fastboot Method fails.
- If all modes keep failing, validate image integrity with someone else who was able to flash successfully (MD5 Hash Sum compare).
- [UPDATE] Re-try to flash the image again and again, even for days. Maybe power it down completely for a night, then try again. It might eventually flash again. If you notice stuff in your phone failing again after it was actually fixed (like Sensors again not working if it was Sensor_Hub.img that didn’t properly flash initially, like if the symptoms come back after you fixed the flash), you might have a hardware damage rather than a broken software.
- Send it in for warranty! Should we find a "soft" solution, I will update this piece of info.
For Error 42 "Wrong Customer ID" and: 41 "Wrong Model ID" do:
Code:
htc_fastboot getvar all
Read that output, take note of your CID and MID and then edit the "android-info.txt" in your firmware.zip accordingly (For Wrong MID change the MID in the text, for wrong CID add your CID to the text).
Alternative method for MID and CID errors:
go SuperCID. Do:
Code:
htc_fastboot oem writecid 11111111
You can change back to any desired CID after a successful firmware flash. Notice: this command only works on S-OFF phones (which you have already of course or else you wouldn't be here).
For “pre-update FAIL 90 ..." do:
- Let the phone reboot itself into Download Mode. If it doesn't boot to download mode, force it back there (From Android with adb reboot download or with the button method, see "step 1").
- If the flash does not auto-resume, run the same flash command again which you just ran (press arrow up on your keyboard to get to the previous command in console)
For “Error 99 UNKNOWN" do:
- Check with other zip’s if they work!
- Check if your S-OFF is correct
- You are S-ON? Then almost definetely this means the ZIP is not signed - get an unmodified zip!
For “Error 130 wrong model ID" do:
- Please refer to Error Code 41/42.
For “Error 155 relock bootloader" do:
- Since my thread works only with S-OFF phones anyway, this error can be read as: you need to S-OFF first!
- Error 155 can mean that you need SuperCID. On a few occasions this was shown when the RUU refused to run because of a wrong region lock.
- Error 155 also sometimes occurs when a RUU was launched from within Android. When encountering a RUU error 155 with the process stalling after the rebootRUU (stuck at black screen with silver HTC logo), please just restart the RUU and leave the phone in that mode, or reboot the phone, then reboot to bootloader, then do “htc_fastboot oem rebootRUU” and then launch the RUU again.
- run the fastboot command “htc_fastboot oem lock" - only applies to S-ON phones that want to update the firmware with a stock OTA package (not offered on this thread!!). Stock OTA files sometimes need a locked bootloader.
For “Error 170 Check USB" do:
- Sometimes shown when running a RUU. Indicates issues with drivers. One way to solve is to run the ARUWizard with the phone already in Fastboot mode. Else you will have to re-install HTC Sync manager. Also, avoid USB 3 ports (the blue ones) - they have a complete new driver stack and that still doesn't always as expected.
For “Error 171 USB" do:
How to fix RUU error 171 on Windows 10x64 easily. System: Win 10 Redstone (1607) x64 with Intel based USB3.0 and USB2.0 ports:
Sync Manager from HTC Website
Download the attached file Fastboot.reg.txt and change the extension to Fastboot.reg.
Right click on the Start button and choose Command Prompt (admin). Then type "regedit" and press enter.
Go to File > Import > choose Fastboot.reg.
Reboot
NOT safe to reboot / Flash (partly) happened Errors (if you encounter one of them, DON’T reboot):
For “Error 152 Image Error" do:
- Error 152 is quite rare, have seen it only once with a friend’s phone and it aborted the flash nearly at the end. The flash was started by the FUU. We could resolve the matter by NOT rebooting the phone and flashing the zip again through a manual fastboot flash as outlined further up.
Click to expand...
Click to collapse
Good times. I guess just for completeness sake, let's mark htc_ocnuhl as "Asia / EMEA (Single SIM for carriers and HTC direct sales)" since HTC is selling it in the UK and possibly in other markets.
Thanks for the heads-up. Will correct as soon as I'm back home in an hour or two.
Sent from my htc_pmeuhl using XDA Labs
H3G, OrangeEU, EE, VodafoneUK, CHS RUUs found
Mornin' folks,
just a little informational heads-up. I've been able to find H3G, OrangeEU, EE, VodafoneUK, and CHS RUUs. Already saved them on my harddrive. As I'm away all day today, will try to upload them on saturday, or sunday so stay tuned.
Greeting s
5m4r7ph0n36uru
Interesting, Vodafone UK basically said they weren't getting the handset...
Flinny said:
Interesting, Vodafone UK basically said they weren't getting the handset...
Click to expand...
Click to collapse
2PZCIMG_OCEAN_UHL_N71_SENSE90GP_Vodafone_UK_1.03.161.6_Radio_8998-001791AE-1705110032_release_503500_signed_2_4.zip does exist though.
I'm not denying it, just very strange that it exists!. I wonder if it was a late decision to not stock it, or maybe it's only available to business customers. I've been with them forever and am making the jump to EE because of them not stocking htc phones anymore. EE just better not lock the bootloader or it's going straight back
Flinny said:
I've been with them forever and am making the jump to EE because of them not stocking htc phones anymore. EE just better not lock the bootloader or it's going straight back
Click to expand...
Click to collapse
Then 2PZCIMG_OCEAN_UHL_N71_SENSE90GP_EE_UK_1.03.91.6_Radio_8998-001791AE-1705092019_release_503492_signed_2_4.zip should be more up your alley )
I'll help for now yes, and it'll still be useful to pull some system/build.prop settings out of.
As long as I can unlock the bootloader I'll likely switch to SlimRoms as soon as I get it working, that'll likely require some kernel source first though!
Kisakuku said:
Then 2PZCIMG_OCEAN_UHL_N71_SENSE90GP_EE_UK_1.03.91.6_Radio_8998-001791AE-1705092019_release_503492_signed_2_4.zip should be more up your alley )
Click to expand...
Click to collapse
Flinny said:
I'll help for now yes, and it'll still be useful to pull some system/build.prop settings out of.
As long as I can unlock the bootloader I'll likely switch to SlimRoms as soon as I get it working, that'll likely require some kernel source first though!
Click to expand...
Click to collapse
Will upload this RUU at the weekend.
Sent from my htc_pmeuhl using XDA Labs
No rush for me, I grabbed it already. Noticed there are others on easy firmware also.
Finally received my AFH developer status. Uploading promised RUUs right now. Will transfer one of the RUUs on my GDrive to AFH later this week. As soon as all RUUs are up I'll update the currently missing links.
Sent from my htc_pmeuhl using XDA Labs
OP updated
Uploaded the following RUUs to my AFH account and added links accordingly
H3G,
OrangeEU,
EE,
VodafoneUK,
and CHS
Uploaded the following recoveries to my AFH account and added links accordingly
EE,
VodafoneUK
Whats next:
upload recoveries for H3G, OrangeEU, and CHS
Noticed that U11 firmware does not contain the good old 900+Kb aboot_signed.img. Instead it has a much smaller abl_signed.img of around 140 Kb, which has no red text warning string or any plain text string for that matter. Gets unarchived during boot?
BTW, US Unlocked 1.11.617.1 has been posted (2PZCIMG_OCEAN_WHL_N71_SENSE90GP_NA_Gen_Unlock_1.11.617.1_Radio_8998-001791-1705231845_release_505052_signed_2_4.zip).
Kisakuku said:
Noticed that U11 firmware does not contain the good old 900+Kb aboot_signed.img. Instead it has a much smaller abl_signed.img of around 140 Kb, which has no red text warning string or any plain text string for that matter. Gets unarchived during boot?
BTW, US Unlocked 1.11.617.1 has been posted (2PZCIMG_OCEAN_WHL_N71_SENSE90GP_NA_Gen_Unlock_1.11.617.1_Radio_8998-001791-1705231845_release_505052_signed_2_4.zip).
Click to expand...
Click to collapse
Thanks for your information. Already got three more and will upload them at the weekend. If I got enough time I'll as well unpack and upload all recoveries.
Sent from my htc_pmeuhl using XDA Labs
Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
WARNING: ANY BOOTLOADER UNLOCK METHOD INVOLVES THE RISK OF BRICKING YOUR DEVICE PERMANENTLY. WHILE THERE IS USUALLY A WAY TO RECOVER, DO NOT ATTEMPT THIS PROCEDURE IF YOU DO NOT KNOW WHAT YOU ARE DOING. BAD THINGS CAN HAPPEN. YOU HAVE BEEN WARNED!!! YOU MAY BE LEFT WITH A USELESS BRICK!!! READ ALL FURTHER WARNINGS EXPERIMENTAL METHOD IN ORIGINAL DOWNLOAD FILE WORKS, I'M USING IT
If you want a NOOB guide look at this post: https://forum.xda-developers.com/nu...beginner-tutorial-unlock-bootloader-t4131585/
Also note a user has managed to fix the FP sensor post BL unlock, see this post here: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
Still, I suggest root bypass it's better.
MegaNZ Link for Root without unlocking the Bootloader, and without breaking the FP, also includes instructions for installing BlackMagic5G (explanation below), adding HD VOLTE, how to restore from a brick, and some other cool tricks: https://mega.nz/file/igphSCTD#OybJo9t1zwvJ0bdbAcN2BCqxWXAfHdhk3JFB4_5xkVc
I suggest you flash my BlackMagic5G and don't unlock your bootloader at all - just root. It's CN 2.52 ROM based. You'll get VOLTE, , GApps installed, Rooted with Magisk, TWRP, debloated, YouTube Vanced, AdAway, SmartPack Kernel Manager, etc. - looks like the Global / NA variant of the ROM. Almost perfect except still uses Messages and Phone from Nubia. Plus you will enable Face Unlock not available in the Global or NA versions of the ROM, and FP will still work! Click on the Google Search bar widget and the mic icon takes you to the Google Assistant, the left icon is Google Feed, type in the middle bar for a Google Search. Has 1Weather Free weather widget that looks great, and Google Calendar widget for your whole month of activities. Translate, Lens, Chrome, all the Google Apps are there. And the Chinese Nubia apps are nearly all GONE!
MegaNZ Link for BlackMagic5G Beta - IT'S ONLY THE DATA PARTITION + ROOTED KERNEL + NA SPLASH SCREEN, you NEED to 1) install the Red Magic 2.52 ROM below FIRST 2) Root using the first link posted above 3) Flash restore this from TWRP: https://mega.nz/file/r9hF2BwS#RrAXiFWSBNX8dLqfrH8nNHo_uigPC8uYXonwhALhGbo
MegaNZ Link for the Red Magic 5G CN 2.52 ROM: https://mega.nz/file/aoxBFAqY#EDt2OZBGTME4ZGKnERKpK_t-aJT_rWgD0aqBFkilRcY
*** NOW THE BOOTLOADER UNLOCK INSTRUCTIONS ***
Go to Settings / About phone / Build Number (NX659_J_ENCommon_V3.08 on North American Variant), click 7 times, Now you are a developer message appears, go back a menu to Settings / Other system settings / Developer options.
Enable:
OEM unlocking "Allow the bootloader to be unlocked"
USB debugging "Debug mode when USB is connected"
Install Minimal ADB and Fastboot (Windows 10 in this example): https://www.androidfilehost.com/?fid=746010030569952951
Default install path is:
C:\Program Files (x86)\Minimal ADB and Fastboot\
Go to the Search button on the bottom on Windows 10, type cmd, Command Prompt will appear in the menu. Right click it and Run as Administrator. All commands to be typed will be run in this Command Prompt window (referred to as terminal) unless otherwise stated to run on the phone.
Now Terminal window appears (it says Administrator: Command Prompt in the heading):
Text displayed is:
Microsoft Windows
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>
Typed in terminal:
cd "c:\Program Files (x86)\Minimal ADB and Fastboot"
I now connected the phone to a USB port on the PC.
On the phone, a Window appeared:
"Allow USB debugging?"
The computer's RSA key fingerprint is:
[36 digit code] Example:
C8:A17:E2:01:F6:A1
:368:10:E8:33:20:FB:
93:7D
Always allow from this computer (it's my computer so I clicked it since I trust the computer)
CANCEL / ALLOW (I clicked ALLOW)
Typed in terminal:
adb reboot bootloader
The phone reboots. Once the phone screen boots, in the center it says: Now you are in fastboot mode.
From the terminal I typed:
fastboot oem nubia_unlock NUBIA_NX659J
The terminal now displayed:
...
(bootloader) START update nubia fastboot unlock flag!!!
(bootloader) START set state to 1 ok!!!
In the terminal I typed:
fastboot flashing unlock *** DO NOT TYPE THIS IF YOU WANT TO KEEP A WORKING FP!!! READ TOP OF POST!!! AVOID THIS WITH THE EXPERIMENTAL METHOD OF ROOT WITH NO BL UNLOCK ***
Now a screen appeared on the phone with a big <!> red icon in the left corner. The rest in white text is a warning message. "By unlocking the bootloader, you will be able to install custom operating system on this phone. A custom OS is not subject to the same level of testing as the original OS, and can cause your phone and installed applications to stop working properly-
Software integrity cannot be guaranteed with a custom OS, so any data stored on the phone while the bootloader is unlocked may be at risk.
To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data on your phone.
Press the Volume keys to select whether to unlock the bootloader, then the Power Button to continue."
I selected UNLOCK BOOTLOADER and my device was completely erased. The factory OS loaded then. This process takes some time to complete.
Now the device rebooted with a warning message, and a big <!> yellow icon in the left corner.
"The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.
Visit this link on another device:
g.co/ABH"
Now the device reloads the firmware apparently and wipes all user data. Upon setting up the phone, the fingerprint display registration comes up and asked to place my finger on the back of the phone. There is no fingerprint sensor on the back of the Redmagic 5G! It is under the screen! So this step must be skipped. The ROM setup is corrupt or incomplete, a beta possibly. I setup the phone then went into Settings / Security to try to add a fingerprint. The button to add fingerprint then appears. Once I click the button, I get this error:
Loss of fingerprint calibration data
Loss of fingerprint calibration data was detected.
Currently unable to complete fingerprint entry,
please contact Nuia after-sales service via
4007006600
See the XDA post for recalibrating the FP: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
ROOT FOR ALL DEVICES:
(These files are included in the tools download zip, Magisk 20.4 and MagiskManager-v7.5.1.apk, but this is the official source as updates post): Go to XDA and Download Magisk Manager and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power, release the power button once the screen shows it loading, hold the volume up down until you see TWRP pop up). Flash Magisk from TWRP Install / Zip / sdcard / Magisk.zip reboot and you'll have root.
BL unlock first method was tested on North American variant and it works. But it breaks your FP sensor and gives you an annoying boot prompt.
If at any time you want to remove the OEM Bootloader unlock, you plug into the PC, go to the terminal for Minimal ADB and Fastboot, type:
adb reboot fastboot
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing lock (screen will prompt to relock BL, choose to Relock)
The phone should reboot and install the original software. BUT...
If it says you are corrupted well, you have more issues.
You'll have to reflash the stock recovery.img, reboot to stock recovery, wipe data, wipe cache, and flash the CN update.zip rom to a flash drive FORMATTED TO FAT32 (annoying as hell) But you NEED a USB-C to OTG Adapter to attach a Flash Drive / SDCARD this way). If you don't have one, you better reflash TWRP using the prior instructions and flash the update.zip from there. Install, select the update.zip, flash. Wipe Data, Cache, ART/Dalvik. Reboot.
Now it should WIPE the entire phone and be back to normal Android 10 setup non rooted, no unlocked bootloader. Always beware of data loss doing root functions!!! Always be prepared to setup your phone entirely over again. Google Backup is very good to turn on before you do any of this stuff if you have already installed apps.
*** WARNING - THIS BYPASS METHOD COULD GO AWAY AT ANYTIME. IT SHOULD EVENTUALLY BE FIXED BY NUBIA ***
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
You were able to actually install TWRP? Not just boot it? I thought A10 devices cant have twrp permanently installed?
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
mslezak said:
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
Click to expand...
Click to collapse
So its not permanent? Thats what I thought.
Well it could be permanent...
VZTech said:
So its not permanent? Thats what I thought.
Click to expand...
Click to collapse
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
mslezak said:
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
Click to expand...
Click to collapse
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Can anyone send me backup of the super partition?
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Future updates...
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
Yes what I've been told by prior Redmagic Users 3 and 3S is the ROM is released, as long as your boot.img is not patched with Magisk, it can be installed through the menus in Settings / About Phone / Update or someplace like that. You just download the ROM to the appropriate folder on the phone.
So far I have 1 link to a China ROM update here: https://ui.nubia.cn/rom/detail/65
Now on how to install the ROM, I use the Chrome browser set to autotranslate webpages. Most of the Chinese will be translated from here: https://bbs.nubia.com//thread-1136030-1-1.html
Basically it's going to wipe your device clean, and you can use a Nubia backup tool which will save all your items to a folder. Which then you should copy to your PC before installing the new ROM. Then it gives you instructions to get that data back onto your updated device.
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
VZTech said:
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
Click to expand...
Click to collapse
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
You should be able to flash the latest ROM via EDL mode if you've ever used EDL mode before, it usually requires shorting pins together in the device, although some recoveries will let you just boot into EDL mode if the phone still boots. It will be detected. Although on this device with the dynamic partition, I don't know how you would flash these in EDL mode... dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm that do not look like fastboot flashable parts. Possibly the unbrick tool for Redmagic 3/3S could be modified to do this for you.
mslezak said:
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
Click to expand...
Click to collapse
Yes those .img files can easily be fastboot flashed. Unfortunately it wont solve his problem. He needs the nubia unbrick tool, which is tough to get. I dont understand why Nubia makes things difficult. They should provide proper Fastboot files.
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
apersomany said:
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
Click to expand...
Click to collapse
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
mslezak said:
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
Click to expand...
Click to collapse
Thank you so much!
Okay I can't add anything special but daaamn this community is amazing. So much help I love you all
To relock BL repeat the instructions with 1 different command
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
Just in case if somebody need a Chinese version of official ROM v2.46 for RedMagic 5G.
Code:
https://mega.nz/file/vc0DiabR#npahTop-JXZ9Mwv-lA7G6DxTG2qqOOAf6AwW8NdEEKw
mslezak said:
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
Click to expand...
Click to collapse
we found out that using the cn rom it all works without even unlocking the bootloader, even while oem unlock was disabled in dev options but there is some kind of vbmeta img required. a full guide is incoming.
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
You can flash their NX659J-update.zip files directly from TWRP that's how we restored our bricked devices already. So OTA updates no, but you can download them anyway and flash from TWRP directly. Yes we have to figure out a concrete restore method which isn't 100% working yet. I.e. all your data is lost this way apparently AT THIS MOMENT... MORE TO COME.