Database Users

[Solution] How to DEFINITELY root LQ3! Step by step instructions provided

Hi there,
I recently got a Note from work, coming from two years of a Galaxy S, I understood most of the "scene" for the Note, but learned new stuff such as the dreaded 0x19 eMMC bug and Yellow Triangle (counter) when flashing via ODIN. Those things were new to me until now.
So, last night, I've spent it whole (from 2 AM to 7 AM) trying to make this work, figuring out a safe way to wipe a ICS that was filled with unsuccessful roots and left overs from previous flash. After searching, reading a lot, understanding and connected all together logically, I did it this way. Here it goes, hope it helps, since I've seen a lot of people having trouble to root this.
The premise is to start fresh with a wiped phone and go as straight as possible to ICS LQ3. If you don't want to wipe, you could avoid those steps and work around them. I wanted to share what I did so others could do it easier.
All these steps are just because LQ3 is too big to directly root (0 MB left in ROM, acording to Titanium Backup), so you have to work your way towards that.
Let's begin:
1) Flash N7000XXLC1_N7000OXALC1 Open Europe WIPE, Pre Rooted from this thread from bodivas via ODIN PC. Look for "LC1" and download it from HotFile.
What this achieves is to go back to a safe GB stock ROM & Kernel where you can safely wipe the phone via Recovery, plus it's a wipe ROM that'll do that too just when installed. This wont give you the yellow triangle or increase your custom flash counter, so don't worry.
2) Configure Play Store to download or side load the Mobile ODIN from ChainFire. I think you'll need the paid version, since I'm using the EverRoot option here, available only there.
3) Flash N7000XXLQ3 from this thread by dr.ketan or directly from SamMobile.com with Mobile ODIN with settings: Enable EverRoot, Inject Superuser (SuperSU), Inject Mobile ODIN and (optionally) Wipe data and cache and Wipe Dalvik cache for a "cleaner" migration to that new LQ3
* I've noticed that sometimes, after wiping data with Mobile Odin, you might get the "null null" error when typing with the keyboard, since it messes the CSC. What you have to do is reflash CSC (called "Cache" in Mobile Odin) without wiping again
This will flash the new LQ3 version while mantaining a partial root from the previous firmware.
4) Now if you go and open SuperSU it would say that there's a problem with the SU binary and can't be solved. What this means is that there's 0 space left in the ROM for it to update, so we need to solve this.
What you have to do is get Titanium Backup or a similar app to remove some system app and make space. What I've chosen to delete is "Setup Wizard 1.3" that is the wizard you first saw when you flashed your new firmware, so surely you won't be needing it again. It frees about 2 MB of space, but you could be deleting any other app instead of that one if you wanted.
5) Flash CF-Root-SGN_XX_SEB_LQ3-v5.6-CWM5 from this thread from ChainFire, or any other kernel of your choice, to install CWM and the latest SuperSU.
6) When the phone starts again, open SuperSU and it wil prompt it to update the binary.
Voilá! Everything is done: now you are in LQ3 with full root, SuperSU correctly working and with CWM installed. From now on, any new firmware that has a fully loaded ROM should work the same way to root.
Enjoy and hope this helped somebody out there Any questions, please let me know.
Regards,

Or http://forum.xda-developers.com/showthread.php?t=1647148. I tried it in lq3.

That obviously didn't work, was the first thing to try and there was not enough space for the Binaries to install, so at best you get a partial root, as worst (me) get no root at all and no chance to free any space for further rooting

Why not flashing CSC, CF-Kernel and LQ3 simultaneously? I did this and didn't need to inject or delete something. Just a sidenote

You could combine those flashes, that's correct, but what I wrote was what I did, each step producing one result in order to be able to trace the errors and know (if something) was working incorrectly or producing good results, and be able to pinpoint what it was.
I thought of this after several tries of other methods that failed, so this is a step by step (as title says) to root it, for people who stumbles upon the same problems I and many other have.

Partial Root?
There is not such thing as partial root. In the event that you have trouble pasting into /system, you have a corrupted /system partition. (not partial root)
To fix it:
Connect your phone to the computer via usb.
Ensure that your phone is recognized by ADB in command prompt by typing adb devices (ADB should respond with your device info)
Enter adb shell
Then enter the following syntax in adb shell:
#dd if=/dev/zero of=/dev/block/mmcblk0p9 bs=1M count=1
*ensure there is no typos when inputting code as it could cause damage to the device.
Reboot your device into CWM (make sure you are on a safe kernel/recovery!, preferably Abyss 4.2)
Now format /system under Mounts and Storage (/system will not mount automatically which will allow you to format your corrupted /system partition properly.)
Then perform Full Wipe (Factory Reset, Wipe Cache, Wipe Dalvik Cash)
Flash your desired Rom (let it settle) and you will be able to edit your /system again!!!
**** This info was provided by Entropy somewhere on the forum *****

Thanks for your comments,
By partial root I meant that root could be achieved but the SuperSU apk would give the error because of the lack of space. Maybe the term used wasn't the best

Dan_Aykroyd said:
That obviously didn't work, was the first thing to try and there was not enough space for the Binaries to install, so at best you get a partial root, as worst (me) get no root at all and no chance to free any space for further rooting
Click to expand...
Click to collapse
someone else figured the same thing as mentioned here:
http://forum.xda-developers.com/showpost.php?p=27527694&postcount=1811
which lead to this advise from the wise old Dr...
http://forum.xda-developers.com/showpost.php?p=27532325&postcount=1813
which in turn lead to this but some kind soul
http://forum.xda-developers.com/showpost.php?p=27533257&postcount=1814

Ok. I had DDLB2,
Downloaded XXLQ3 - Flashed over PC odin
Downloaded Chainfire CF-ROOT LQ3 Kernel from the Thread
Flashed that over PC Odin as well
Switched ON the Phone
Downloaded Triangle Away, Said it needed a Support file, Downloaded it,
- Rebooted in a special mode, Cleared status.
Switched ON phone, did a Factory Reset.
So far Everything is Good, and I have Root Access as well.

I have edited post and added modded SuperSu busybox installer
Read This
http://forum.xda-developers.com/showpost.php?p=26455511&postcount=2475
(edited at end of rooting instruction)

dr.ketan said:
I have edited post and added modded SuperSu busybox installer
Read This
http://forum.xda-developers.com/showpost.php?p=26455511&postcount=2475
(edited at end of rooting instruction)
Click to expand...
Click to collapse
Was post #3 of that thread also updated Dr.?
The reason I asked was that there was no msg in the post #3 mentioning a
18june12 update.
Thanks

i hav updated at two place, bith place i hav mentioned date. rest are old.
Sent from my GT-N7000 using xda premium

dr.ketan said:
I have edited post and added modded SuperSu busybox installer
Read This
http://forum.xda-developers.com/showpost.php?p=26455511&postcount=2475
(edited at end of rooting instruction)
Click to expand...
Click to collapse
I've saw the SuperSU Market update today, saw the "Fix some installation problems" log and wondered if it was related to this.
I don't need to try it now again, but I'm glad this was worked out. Hopefully it installs OK now but, what does it do to free space?

what i underatand by reading script
it moves google map and youtube before installing su binarry, then again it replaces map n youtue, now if space will remain low, map or youtube or both won't get install, then you can install it from market.
Sent from my GT-N7000 using xda premium

Yoga tab 3 Pro ROOT thread, instructions and needed files.

***PLEASE DO NOT SKIP THE INSTRUCTION THAT SAYS MAKE A BACKUP*****
Lots of people are requesting help after not making a backup. And while people are able to help, the files are very large and takes up considerable bandwidth. Much better to EASILY create your own backup.
-------------------------------------------------------------------------
First of all a BIG thanks to @ionioni, this is all his work i am just re-uploading files and some sort of instructions. Much of the instructions are also lifted from ionioni, so thanks from me too!
That's right sources here: https://twrp.me
There Is currently no xposed support for intel 64 bit android
Neither I or the developer take any responsibility for damage to yourself or your tablet, by carrying out anything written here you accept full liability for your actions. I am quite sure xda forums feel the same.
****BIG WARNING , This is ONLY for the Yoga Tab 3 Pro models YT3-X90(F|X|L) Intel Atom powered CherryTrail SoC devices flashing any of these files to another device will more than likely result in BRICK!!****
ANOTHER BIG NOTE.....lollipop can only be rooted using supersu version 2.46 whilst marshmallow version ,as of writing, can ONLY get root using magisk!
You should backup all important data before attempting any of this as you will be losing all data during the process. Titanium backup is good for backing up and restoring apps, other personal files can be moved to external sd or copied to computer.
First off you will need to have fastboot installed on your PC if you havn't already. Find it here......
For windows. https://dl.google.com/android/repository/platform-tools-latest-windows.zip
For Mac. https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
For Linux. https://dl.google.com/android/repository/platform-tools-latest-linux.zip
To gain ROOT access.....
1. download and extract the twrp.img file from the zip attached (YOU MUST EXTRACT FROM THE ZIP!!!) and copy supersu.zip or magisk.zip to tablets external memory card. https://download.chainfire.eu/696/SuperSU/ (LOLLIPOP only supersu v2.46 is supported, other versions cause bootloop) or https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 for MARSHMALLOW.
2. unlock your tab if is not unlocked (this is mandatory in order to boot custom images like TWRP recovery):
a) Enable developer options ( Go settings, at bottom select "About tablet" then press "Build number" 7 times. congrats you are now a developer.)
b) Go back to settings and now at the bottom there is a new option "developer options" in developer options enable "OEM unlocking"
3.Restart in fastboot mode (hold volume + while powering on tablet)
4. In the same foler you have extracted your TWRP.img (in windows) hold shift key while right clicking in the explorer window, select open command window here.
5. At the command prompt (black window that opens) type "fastboot oem unlock" for LOLLIPOP or "fastboot flashing unlock" for MARSHMALLOW. at this point you will be prompted that you want to delete all data, this is obviously a security measure that cannot be avoided.
6. go to step 7.
7. In command window (the little black window you opened earlier) type "fastboot boot twrp-2.8.7.0(6)-x90.img" your tablet should now boot to TWRP. ( This is a live session TWRP has not been flashed to your tablet)
******MAKE A TWRP BACKUP!!!!!!!!!!********* DO NOT SKIP THIS STEP.
Modifying system files will mean that you are unable to take Lenovo OTA Updates, the only way to install new updates is to later restore your TWRP stock backup, then reROOT. thats just the way it is i am afraid.
8. in TWRP install SuperSU.zip (lollipop) or magisk.zip (marshmallow) located at your external memory card.
9. Thats it enjoy Your rooted tablet.
10. If you experience time changing upon reboot use your favourite method to edit build prop, I used buildprop editor found in the playstore. Find "persist.sys.timezone" and change it to your location, I had to set mine to Europe/London.
PS...your tablet will hang on every boot at bootloader error 3 to warn about the unlocked bootloader, PLEASE DO NOT lock your bootloader, this is a small annoyance and makes brick recovery much easier. (just restore your lovely TWRP stock backup.
In order to install new Lenovo OTA update you must restore your TWRP stock backup, then take the OTA, then go through the root process again making a new TWRP stock backup after applying the new OTA.
Just one more BIG WARNING, this twrp comes with an option to reboot to bios. Be warned if you don't know what you are doing and you mess something up in there, FULL BRICK! no one will be able to help you recover.
PPS...there seems to be some issues with using magisk modules on our tab. To install them one must download them and then manually install them from twrp.
https://download.chainfire.eu/696/SuperSU/

Now for the real magic.
this can be achieved with or without root! just make sure, as per the ROOT instructions, the first thing you do in TWRP is make a full backup.
As a yoga tab 3 pro owner you know that your tablet lags, crashes and is generally buggy, mine would frequently crash during periods of long sleep.
there is a solution to this problem that is rather simple but seems to yield huge results. if we just run our tablet with the data partition unencrypted it runs like any other nice android device.
once again myself or the developer take no resposibility for your actions if you would like to try this.
instructions by ionioni.
""encryption of the 'data' partition (the one that holds your installed apps, personal stuff etc) is forced on these devices (even with no password set) the 'data' partition is automatically encrypted at boot time if it 'sees' an un-encrypted 'data' partition. in order to disable the enforced 'data' encryption i made a script that will disable the forced encryption flag in the existing boot (partition) image (encryption can still be triggered by the user in the Settings->Security panel). this will not decrypt an encrypted 'data' partition! will just allow you to boot having an un-encrypted 'data' partition."".........ionioni
1. make sure that when you make your TWRP backup that you include the boot partition (it will be patched by the script to disable forced encryption).
2. copy attached x90-disable_encr.zip to your tab and install from TWRP (once finished it will create also a backup of your original boot partition in the folder where the zip is located, however this is only a safety backup as you should have already backed up your Boot partition when making your TWRP backup)
3. **DO NOT SKIP THIS STEP** to finish, reboot in fastboot mode and input "fastboot format data" in order to have a clean(un-encrypted) 'data' partition on the next boot (and it will no longer be automatically encrypted as long as you have the modified boot)
alternatively you can format 'data' from within TWRP if you use the attached 'data' enabled TWRP.
i can confirm that since i have been running my tablet unencrypted using ionionis zip that i hav had no lagging, no crashing. runs just like any other android device. The kernel memory hog still remains but it works silky smooth.

Should anything go wrong stock rom for MARSHMALLOW can be found here...
https://forum.xda-developers.com/thinkpad-tablet/general/yoga-tab-3-pro-debrick-method-t3776951

Thank you for continuing the work !
Do you have compared the difference between encrypted/decryptet - is it worth to do all the stuff (root, etc.) ?
If you have to say a number in percent, how faster will it be ? You've tested multi-user (2nd user) ? If i setup a second user the tablet is nearly unusable - it's better with disabled encryption?
Sorry that i have a lot of questions, but it sounds not that easy and i think about it if its worth to do it
edit:
if i make a full backup - where is the backup of TWRP stored? Do i need a sdcard? Will it be overwritten by OTA/Update/Rooting/Decryption?
thx for your answers already.

I havnt tried with a second user. I could try for you.
before unencryption performance was sluggish. after unencrypted its just fine.
I know it seems like a lot of detail but it is actually easier than it sounds.
You don't have to have root to run the unencrypted stuff but you still need to oem unlock and make a full backup. Backup must be on external media, either ext sd or usb otg.
Your data would not be mountable in twrp unless unencrypted already. And then if you ever accidentily encrypted you ay be forced to format losing your backups.
External media is the way to go.
Sent from my SAMSUNG-SGH-I317 using Tapatalk

If i try "decryption" than root is not far away (so i also get rid of some "lets say useless" system apps)
If ýou can try to check for multiuser you should have running facebook on both accounts (cause fb need a lot of ram and cpu)
maybe i will try it on weekend. i'll think about it....
What about the other peoples who own this tab?
gtx, juergen

Well I would always go ROOT, as it offers more choice, but of course the choice is ultimately yours.
I can try multi users but unfortunately I am one of those weirdos that does not use facebook. I guess I could try a couple of instances of chrome/Firefox.
Sent from my SAMSUNG-SGH-I317 using Tapatalk

Ok just set up a new user switched between them ran chrome on both with several tabs open. didn't seem too bad.
Indeed more feedback from other users who have benifitted from unencrypted data partition would be useful.
Sent from my SAMSUNG-SGH-I317 using Tapatalk

Thanks for your effort.

Hello,
BIG THANKS for your Root solution !
All working !!! thanks !!

All thanks to ionioni, this is all his work, i was just the guinea pig. Glad you have root, did you run the unencryption zip?
Sent from my Lenovo YT3-X90F using Tapatalk

Thanks ionioni and joesnose!
I rooted my device and ran the unencryption zip, it definitely makes everything a little smoother.
Also, I successfully mounted my exFAT sdcard with the help of lurker0's post here: http://forum.xda-developers.com/showthread.php?t=3126394.

Nice. Thanks for the exfat find.
Sent from my SAMSUNG-SGH-I317 using Tapatalk

joesnose said:
Indeed more feedback from other users who have benifitted from unencrypted data partition would be useful.
Click to expand...
Click to collapse
Since the old thread is locked, I'll repeat myself here:
I rooted my YT3-X90F and decrypted it as well. Result is better overall performance (some1 asked rating in percentage, I would say +40% speed & +60% response).
But, sadly, it still needs restart every ~24hours, because all the freezes and lags come back with time.
Advise:
For those who want to root this device only to make it work with Sixaxis controller - don't even start. Yoga T3 doesn't support required bluetooth drivers (huge shame on Lenovo).

doesn't seem to connect to the ds4 either. Just sticks at pairing.
Sent from my GT-N7105 using Tapatalk

Hi Joesnose and thanks for putting the instructions up (and of course, thanks to ionioni).
I have a couple of questions.
EDIT; oh pants, I have some more (possibly stupid) questions - just to be sure I know what I'm doing !
In the very first instructions about rooting:
1. I download the twrp.img.zip to my PC and unzip it to PC right ?
2. And the SuperSu goes in my ext SD card, not on the PC ?
3. I assume I must connect the YT3 Pro to the PC at some point ? When would that be ??
4. I don't understand instruction 7. It says type "fastboot boot twrp-2.8.7.0(6)-x90.img". Do I need to have that file downloaded or something ? What is twrp-2.8.7.0(6)-x90.img file ?
And what does it mean, "This is a live session TWRP has not been flashed to your tablet" ?
I can see that in the section about unencrypting the data partition that there is a file with a similar name to " twrp-2.8.7.0(6)-x90.img' but it has the words "data-enabled" in the fine name. I'm not sure what to do with this ??
5. At what point do I take a back-up of the original YT3 Pro stock image ? It's listed between 7 and 8 ? Do I do it right after 7 ? How do you make the back-up please ? And I guess I better store another copy somewhere safe, off the SD card too ?
6. If I just root this, can I then get OTA updates normally ? (without having to restore to stock).
7. And, if I do root and/or data unencryption, can the YT3 Pro be put back exactly how it was before changing anything ? Including it getting OTA updates normally ?
8. How do I make back-ups of apps while the YT3 Pro IF I wanted to restore those apps later on on an UNrooted YT3 Pro ? I don't know why I'd want an UNrooted YT3 Pro in the future, but for instance, if I used Titanium Backup, that needs root right ?? For instance, if I want to restore data from a Titanium Backup on an UNrooted YT3 Pro, will it work ? Or can I use something else ?
Sorry about all the questions - I can't believe I've rooted and installed custom ROMs for 4 devices - for some reason this seems different to the others and it was a while ago !
Thanks in advance

Frenchdroid said:
Hi Joesnose and thanks for putting the instructions up (and of course, thanks to ionioni).
I have a couple of questions.
EDIT; oh pants, I have some more (possibly stupid) questions - just to be sure I know what I'm doing !
In the very first instructions about rooting:
1. I download the twrp.img.zip to my PC and unzip it to PC right ?
2. And the SuperSu goes in my ext SD card, not on the PC ?
3. I assume I must connect the YT3 Pro to the PC at some point ? When would that be ??
4. I don't understand instruction 7. It says type "fastboot boot twrp-2.8.7.0(6)-x90.img". Do I need to have that file downloaded or something ? What is twrp-2.8.7.0(6)-x90.img file ?
And what does it mean, "This is a live session TWRP has not been flashed to your tablet" ?
I can see that in the section about unencrypting the data partition that there is a file with a similar name to " twrp-2.8.7.0(6)-x90.img' but it has the words "data-enabled" in the fine name. I'm not sure what to do with this ??
5. At what point do I take a back-up of the original YT3 Pro stock image ? It's listed between 7 and 8 ? Do I do it right after 7 ? How do you make the back-up please ? And I guess I better store another copy somewhere safe, off the SD card too ?
6. If I just root this, can I then get OTA updates normally ? (without having to restore to stock).
7. And, if I do root and/or data unencryption, can the YT3 Pro be put back exactly how it was before changing anything ? Including it getting OTA updates normally ?
8. How do I make back-ups of apps while the YT3 Pro IF I wanted to restore those apps later on on an UNrooted YT3 Pro ? I don't know why I'd want an UNrooted YT3 Pro in the future, but for instance, if I used Titanium Backup, that needs root right ?? For instance, if I want to restore data from a Titanium Backup on an UNrooted YT3 Pro, will it work ? Or can I use something else ?
Sorry about all the questions - I can't believe I've rooted and installed custom ROMs for 4 devices - for some reason this seems different to the others and it was a while ago !
Thanks in advance
Click to expand...
Click to collapse
Ok let me see if I can help.
1. Yes
2. Yes
3.you must have the yt3 connected to your pc as the commands will be sent from your pc. Tablet must be in fastboot mode.
4. Yes sorry, when you extract the twrp.zip the file is called "twrp-2.8.7.6(0)-x90.img"
the twrp recovery is not flashed to your tablet it is just loaded temporarily, in a live session. Once rebooted it is gone. Normal recovery is not overwritten.
To run the unencrytption script one must be in twrp.
5. As soon as you get twrp loaded make a backup to either external sd or usb and yes not a bad idea to have a backup of your backup.
6. No
7. Yes, simply restore your backup before taking an ota update.
8. not sure about this one.
Indeed it appears like a lot of instructions but once you get into it its just like any other device.
Hope that helps.
Sent from my GT-N7105 using Tapatalk

Big thanks for the answers - makes more sense now, especially the bit about a recovery session as I'm used to installing clockwork and using it on the device.

You can install twrp to your device but only do this after you have made a backup from a live session, making sure of course that your backup contains the original recovery.
Sent from my GT-N7105 using Tapatalk

joesnose said:
You can install twrp to your device but only do this after you have made a backup from a live session, making sure of course that your backup contains the original recovery.
Sent from my GT-N7105 using Tapatalk
Click to expand...
Click to collapse
Oh, ? At what point does twrp get installed and how do you do that?
And is it obvious how to include the original recovery in the backup?
I thought I had it nailed!

HELP: Problems with factory reset

CONTEXT: My phone no longer charges (USB port doesn't work), but I have insurance. VZW sent me a replacement phone and I need to send back the old phone after doing a factory reset. The phone won't factory reset and I need your help. I think this will be an easy one for you guys. Here is my sense of the problem. I rooted the phone when I got it right away right after it was released aprox 2.5 years ago. I downloaded the classic root files like Clockworkmod, Wanam Xposed, Titanium Backup, Busy Box Pro, ROM Manager, ROM Installer, ROM Toolbox Pro, Root Explorer, Super SU, ...etc. After that I never changed the ROM. So I still have OEM ROM with lots of app updates. I did change the recovery.img in order to use one of those apps. I think it was to use Clockworkmod. Anyways now when I go to factory reset the phone it says it is missing the recover.img file. My sense is if I put back that file on my phone in the right spot it will then allow me reset to stock. Does that sound right? If so how do I do that? If not what else should I try consider? Grateful for any help I can get! THANK YOU in advance.

Things are really dead around here as you can tell by the lack of responses, but to answer your question the only way to restore unrooted stock is by downloading the stock firmware and using ODIN. The recovery img file is in that firmware too. I suggest getting your USB port fixed or you are screwed. If you do that, then follow these steps:
Download stock firmware here: http://www.sammobile.com/firmwares/database/SM-N900V/
Download ODIN here: https://mega.nz/#!nZoThZ5a!TrPzLGDrtQJSmJfH8UkOFAkfc9wSLl_lPhrVusQoRJ8
After you unpack the zip files, turn off your phone. Then hit the power, home and volume down buttons all at the same time for download mode. Confirm by hitting volume up as instructed. Plug the phone into your PC and open ODIN. You should see the COM port open. Next select the AP option, then browse to the file you unzipped the firmware to. Double click and wait until the md5 is done being verified. Hit start and wait, it takes about 4 or 5 minutes. Once it's finished and the phone starts rebooting, unplug the phone and pull the battery (you don't want to let it boot all the way or you'll get FCs out the ying yang). Now replace the battery, boot into stock recovery by hitting power, home and volume up all at the same time. Recovery will come up and then do your factory reset. You should be good to go after that.

ArtfulDodger said:
Things are really dead around here as you can tell by the lack of responses, but to answer your question the only way to restore unrooted stock is by downloading the stock firmware and using ODIN. The recovery img file is in that firmware too. I suggest getting your USB port fixed or you are screwed. If you do that, then follow these steps:
After you unpack the zip files, turn off your phone. Then hit the power, home and volume down buttons all at the same time for download mode. Confirm by hitting volume up as instructed. Plug the phone into your PC and open ODIN. You should see the COM port open. Next select the AP option, then browse to the file you unzipped the firmware to. Double click and wait until the md5 is done being verified. Hit start and wait, it takes about 4 or 5 minutes. Once it's finished and the phone starts rebooting, unplug the phone and pull the battery (you don't want to let it boot all the way or you'll get FCs out the ying yang). Now replace the battery, boot into stock recovery by hitting power, home and volume up all at the same time. Recovery will come up and then do your factory reset. You should be good to go after that.
Click to expand...
Click to collapse
Thanks - is there any way to do this without the USB port? I can still get new files to the phone via the MicroSD card. Or use Root explorer to mess with all the files on the phone.

mozenter said:
Thanks - is there any way to do this without the USB port? I can still get new files to the phone via the MicroSD card. Or use Root explorer to mess with all the files on the phone.
Click to expand...
Click to collapse
Refer to this thread: http://forum.xda-developers.com/showthread.php?t=2426162. But keep in mind, your bootloader MUST be unlocked to use mobile ODIN. If you are on KK 4.3 & up, I think you might be SOL.

ArtfulDodger said:
Refer to this thread: http://forum.xda-developers.com/showthread.php?t=2426162. But keep in mind, your bootloader MUST be unlocked to use mobile ODIN. If you are on KK 4.3 & up, I think you might be SOL.
Click to expand...
Click to collapse
Thanks I apprecaite the effort! I tried Mobile Odin. I purchased Mobile Odin Pro, but it doesn't work with VZW variant of Galaxy Note 3. Any other ideas? Thanks again for all the help!

mozenter said:
Thanks I apprecaite the effort! I tried Mobile Odin. I purchased Mobile Odin Pro, but it doesn't work with VZW variant of Galaxy Note 3. Any other ideas? Thanks again for all the help!
Click to expand...
Click to collapse
Sorry, sounds like without that USB port you are stuck with that phone then unless you can get it repaired. Thanks for the update, I kind of wondered if anything got resolved. Good luck!

ArtfulDodger said:
Sorry, sounds like without that USB port you are stuck with that phone then unless you can get it repaired. Thanks for the update, I kind of wondered if anything got resolved. Good luck!
Click to expand...
Click to collapse
One last attempt to get this fixed. I really just need to know where the recovery imagine is located in the note 3. Here again is a quick summary of the issue. I also just posted in the CWD thread.
"I have a Galaxy Note 3. I successfully put CWD on it when I purchased it several years ago. The USB port no longer charges the phone. I have insurance with VZW, but I need to send the phone back in stock. I can't put the phone back in stock because I have the CWD recovery image is in there. I recall I left the old recovery image on the phone and just changed the extension. So all I need to do to fix the phone is go back into the folder where the recovery image is and delete the CWD image and change original image extension back to its original form (which I think is IMG). The problem is I don't where on the phone these recovery images are. Can anyone help me with this situation? Thanks!!!"

mozenter said:
One last attempt to get this fixed. I really just need to know where the recovery imagine is located in the note 3. Here again is a quick summary of the issue. I also just posted in the CWD thread.
"I have a Galaxy Note 3. I successfully put CWD on it when I purchased it several years ago. The USB port no longer charges the phone. I have insurance with VZW, but I need to send the phone back in stock. I can't put the phone back in stock because I have the CWD recovery image is in there. I recall I left the old recovery image on the phone and just changed the extension. So all I need to do to fix the phone is go back into the folder where the recovery image is and delete the CWD image and change original image extension back to its original form (which I think is IMG). The problem is I don't where on the phone these recovery images are. Can anyone help me with this situation? Thanks!!!"
Click to expand...
Click to collapse
The recovery image is the recovery partition and you have overwritten it. You MAY be able to dig an image out of a firmware such as founf on sammobile but you still need a way to flash it. Without an unlocked bootloader or USB port.. I believe you're out of luck. You should simply send the phone back to VZW... I seriously doubt the shop it really goes to cares if it's stock or not.
Sent from my SM-N900V using Tapatalk

I'm sorta confused.
If it was rooted a few years ago & it was a retail device, a "true" replacement recovery (e.g. CWM) wouldn't boot because of the Samsung signing checks. This isn't a Developer Edition device, is it?
If it had SafeStrap installed, then:
- that already comes with a pseudo-recovery which is a mod of TWRP.
- the whole thing boots out of /system using the stock boot partition, and all it's magic happens inside of /system (with some loopback blobs for the non-stock slots stored in /data)
Does the OP know that a "factory reset" is an Android misnomer? There is no "resetting" back to factory of a device which has had customization of the /system partition. That has to be done either manually or through restoration of backups. The android "Factory Reset" only wipes the /data file system. It doesn't magically repair random customizations to /system, and that's what causes the "Custom" icon during boot.
About the only way I can think that the OP can resolve this is if he happens to have a Safestrap (pseudo-) TWRP backup of the stock slot. I guess the approach would be to:
- get the correct release "recovery.img" file out of the Odin Stock tarball, and "dd" it to the recovery partition ( mmcblk0p15 on the SM-N900V)
- restore the original, virginal "stock slot" backup onto the stock slot from the Safestrap+TWRP backup
- make sure to set the active slot to the stock slot
- reboot, go back into Safestrap recovery and:
- delete all other slots
- uninstall Safestrap.
This of course would only be feasible if the stock slot backup was taken immediately after installation of SafeStrap, so it's uninstall would restore /system to approximately the same condition as Stock. Maybe after running that ROM for a little bit the TIMA attribution would revert the "Custom" status indicator. It might even allow a download of an OTA.
There is another method of restoring to stock without USB that I can think of, but it would involve the bootloader unlock and booting a real (true) custom recovery, which would blow the Knox Warranty bit, so - given the OP's desires - I don't see much point in it.
donc113's comments should be considered as well: what is the chance that the warranty returns department is going to "go all CSI" on your returned phone? They probably have to deal with hundreds of dead phones per day. I suppose it depends a bit on luck and who is doing the warranty returns, but there have been more than one person on XDA report "I just returned the phone in it's trashed state and didn't bother to clean anything up, and no complaints."
good luck

donc113 said:
The recovery image is the recovery partition and you have overwritten it. You MAY be able to dig an image out of a firmware such as founf on sammobile but you still need a way to flash it. Without an unlocked bootloader or USB port.. I believe you're out of luck. You should simply send the phone back to VZW... I seriously doubt the shop it really goes to cares if it's stock or not. Sent from my SM-N900V using Tapatalk
Click to expand...
Click to collapse
I have an unlocked bootloader, but no USB port. So any ideas you have would greatly be apprecaited. VZW cares a lot. It will cost me $300 if I can't fix it.

mozenter said:
I have an unlocked bootloader, but no USB port. So any ideas you have would greatly be apprecaited. VZW cares a lot. It will cost me $300 if I can't fix it.
Click to expand...
Click to collapse
Did you unlock the bootloader or is that the way it came? Since you put CWM on it a long time ago... I would think that it's a developer edition and if so... It will be engraved inside with "Developer Edition" under the battery.
If it is a developer edition.... To the best of MY knowledge (i certainly could be wrong) Verizon never sold them... Only Samsung did... Thus Verizon never had a warranty on it.
But, no matter what version it is, since you loaded a non VZW recovery...you can not put back 100% to stock because the "warranty fuse" is blown and can not be reset.
I presume you have tried Odin to flash a stock firmware load that includes stock recovery but that requires the USB port be working (but doesn't require the charge circuit to work).
Beyond Odin... I have no other ideas.
Sent from my SM-N900V using Tapatalk

mozenter said:
I have an unlocked bootloader, but no USB port. So any ideas you have would greatly be apprecaited. VZW cares a lot. It will cost me $300 if I can't fix it.
Click to expand...
Click to collapse
Read this all the way through - twice at a minimum. You should understand how and why every step works before you begin. You should also verify md5 signatures of any files transferred around from place to place. (busybox and twrp both have "md5sum" command). You know - compute the MD5's after extracting them from the Odin archives, and then verify the same md5 sigs after you move/copy them to the phone /sdcard
Your idea that a "factory reset" with the stock recovery alone is going to return your phone back to factory stock is not sound.
You can rewrite the /system partition by booting into a custom recovery and using one other small trick*. If you were to then also overwrite the recovery partition with the stock recovery in the same (custom recovery boot) session, you would be able to:
1) boot into the stock recovery and
2) use the stock recovery (and a stock /system) to perform a factory reset.
This would give you a completely stock phone that has been factory reset, but with one small flaw: that your Knox warranty flag was blown to 0x1. (From everything you've said we think it is already blown, though)
twrp-3.0.2-0-hltevzw-4.3.img dd'ed into the recovery partition will let you do these operations via a terminal command session from the screen of the phone. No USB port needed, no ADB needed. All you will need to do is get the .img files onto the phone, either with a SDcard or wirelessly on a LAN/dropbox, etc.
0) Get the Stock Odin Tarball corresponding to your (rooted) ROM release (e.g. sammobile.com) ; use "tar" or 7-zip to extract "recovery.img" and "system.img" from this tarball.
1) Download twrp-3.0.2-0-hltevzw-4.3.img from twrp.me and get it onto your /sdcard (internal)
2) Get the stock "recovery.img" file (from the Odin tarball) onto your phone's /sdcard
*3) Convert the "system.img" file (from the Odin tarball) into a non-sparse system image file via the "simg2img" command, e.g.
<Unix-prompt>$ simg2img system.img system-nonsparse.img
I don't know if the Windows version of Google/Android developer tools has the "simg2img" tool; if not you are going to have to do this in a Linux VM (e.g. Ubuntu).
4) Get the latter file ("system-nonsparse.img") onto your phone /sdcard
5) From a root shell (in your current rooted ROM, use a terminal emulator and type "su" to get a root prompt)
dd if=/sdcard/twrp-3.0.2-0-hltevzw-4.3.img bs=2048 of=/dev/block/mmcblk0p15
this installs the custom TWRP recovery to your recovery partition
6) Boot into the TWRP recovery. Using Advanced->Terminal in TWRP, then:
7) dd if=/sdcard/recovery.img bs=2048 of=/dev/block/mmcblk0p15
(this step puts the stock recovery back onto the phone)
8) dd if=/sdcard/system-nonsparse.img bs=2048 of=/dev/block/mmcblk0p23
(this step puts the full stock /system back onto the phone)
9) Do a "reboot recovery" in TWRP. This will put you into the stock recovery, from which you can do a full factory wipe.
Voila! Factory Firmware and wiped - but with a blown Knox Warranty flag.
* the "one other small trick" is to convert the "system.img" file found in the stock Odin tarball to a non-sparse image using the Android tool "simg2img". Normally this unpacking job is handled by the bootloader when Odin is uploading the (sparse) system.img file to the phone, but you would be putting system.img back onto the phone by raw-writing it with "dd" the same way you would manually flash a recovery image to the recovery partition (using "dd").
The thing is, based on everything you have said so far, your phone already has a blown Knox Warranty flag. (Either that or you had a Developer Edition phone, or are confused about the difference between a true custom recovery and a fake one that lives inside safestrap). But what the heck, if that's the case, at least the phone will look fully stock if it is booted normally, and that's at least a little bit of an improvement.
This won't fix the Knox Warranty fuse; the only thing it will fix is the appearance of the "Custom" icon during booting. (Getting this to go away might even require booting the fully reset stock ROM and letting it run for a while as well so that the stock attribution processes can complete).
If you do this, you have to understand the whole process all the way through, as you will only have one chance at it. As soon as you have re-written the /system partition and put the stock recovery back on the phone, root is gone at that point. (Additionally note that step 8 CAN NOT be accomplished with the normal ROM booted - it can only be done from a custom recovery. You will lock up the system and the write will fail if you try it from the "regular" ROM.)
good luck.

bftb0 said:
Read this all the way through - twice at a minimum. You should understand how and why every step works before you begin. You should also verify md5 signatures of any files transferred around from place to place. (busybox and twrp both have "md5sum" command). You know - compute the MD5's after extracting them from the Odin archives, and then verify the same md5 sigs after you move/copy them to the phone /sdcard
Your idea that a "factory reset" with the stock recovery alone is going to return your phone back to factory stock is not sound.
You can rewrite the /system partition by booting into a custom recovery and using one other small trick*. If you were to then also overwrite the recovery partition with the stock recovery in the same (custom recovery boot) session, you would be able to:
1) boot into the stock recovery and
2) use the stock recovery (and a stock /system) to perform a factory reset.
This would give you a completely stock phone that has been factory reset, but with one small flaw: that your Knox warranty flag was blown to 0x1. (From everything you've said we think it is already blown, though)
twrp-3.0.2-0-hltevzw-4.3.img dd'ed into the recovery partition will let you do these operations via a terminal command session from the screen of the phone. No USB port needed, no ADB needed. All you will need to do is get the .img files onto the phone, either with a SDcard or wirelessly on a LAN/dropbox, etc.
0) Get the Stock Odin Tarball corresponding to your (rooted) ROM release (e.g. sammobile.com) ; use "tar" or 7-zip to extract "recovery.img" and "system.img" from this tarball.
1) Download twrp-3.0.2-0-hltevzw-4.3.img from twrp.me and get it onto your /sdcard (internal)
2) Get the stock "recovery.img" file (from the Odin tarball) onto your phone's /sdcard
*3) Convert the "system.img" file (from the Odin tarball) into a non-sparse system image file via the "simg2img" command, e.g.
<Unix-prompt>$ simg2img system.img system-nonsparse.img
I don't know if the Windows version of Google/Android developer tools has the "simg2img" tool; if not you are going to have to do this in a Linux VM (e.g. Ubuntu).
4) Get the latter file ("system-nonsparse.img") onto your phone /sdcard
5) From a root shell (in your current rooted ROM, use a terminal emulator and type "su" to get a root prompt)
dd if=/sdcard/twrp-3.0.2-0-hltevzw-4.3.img bs=2048 of=/dev/block/mmcblk0p15
this installs the custom TWRP recovery to your recovery partition
6) Boot into the TWRP recovery. Using Advanced->Terminal in TWRP, then:
7) dd if=/sdcard/recovery.img bs=2048 of=/dev/block/mmcblk0p15
(this step puts the stock recovery back onto the phone)
8) dd if=/sdcard/system-nonsparse.img bs=2048 of=/dev/block/mmcblk0p23
(this step puts the full stock /system back onto the phone)
9) Do a "reboot recovery" in TWRP. This will put you into the stock recovery, from which you can do a full factory wipe.
Voila! Factory Firmware and wiped - but with a blown Knox Warranty flag.
* the "one other small trick" is to convert the "system.img" file found in the stock Odin tarball to a non-sparse image using the Android tool "simg2img". Normally this unpacking job is handled by the bootloader when Odin is uploading the (sparse) system.img file to the phone, but you would be putting system.img back onto the phone by raw-writing it with "dd" the same way you would manually flash a recovery image to the recovery partition (using "dd").
The thing is, based on everything you have said so far, your phone already has a blown Knox Warranty flag. (Either that or you had a Developer Edition phone, or are confused about the difference between a true custom recovery and a fake one that lives inside safestrap). But what the heck, if that's the case, at least the phone will look fully stock if it is booted normally, and that's at least a little bit of an improvement.
This won't fix the Knox Warranty fuse; the only thing it will fix is the appearance of the "Custom" icon during booting. (Getting this to go away might even require booting the fully reset stock ROM and letting it run for a while as well so that the stock attribution processes can complete).
If you do this, you have to understand the whole process all the way through, as you will only have one chance at it. As soon as you have re-written the /system partition and put the stock recovery back on the phone, root is gone at that point. (Additionally note that step 8 CAN NOT be accomplished with the normal ROM booted - it can only be done from a custom recovery. You will lock up the system and the write will fail if you try it from the "regular" ROM.)
good luck.
Click to expand...
Click to collapse
Thanks you rock. I REALLY appreciate the effort. I fully realize that Knox won't be fixed. This is NOT a developer phone. These instructions a little over my head as I'm not that experienced with custom ROMs. I have really only dabbled a little bit with my last few phones.

mozenter said:
Thanks you rock. I REALLY appreciate the effort. I fully realize that Knox won't be fixed. This is NOT a developer phone. These instructions a little over my head as I'm not that experienced with custom ROMs. I have really only dabbled a little bit with my last few phones.
Click to expand...
Click to collapse
There is a possibility... That there is a script called install_recovery.sh or install_original_recovery.sh in your /system/etc directory. You must have root to execute them IF they even exist.
It depends on when and how CWD was installed.
Sent from my SM-N900V using Tapatalk

Extract Google Authenticator database from unrooted S4 i9505?

Hi everyone!
I have a Samsung Galaxy S4 GT-i9505 running Android 5.0.1 build oj2.
It has a Google Authenticator database on it which I would like to extract, so I can migrate it over to a new phone.
I would rather not have to cancel and renew all my 2fa accounts currently stored withing Google Authenticator.
It seems I need root access to access the database file.
I found some references to things like motochopper, psneuter, providing temporary root, and I tried a couple of those, but it seems my S4 has been properly patched.
I tried compiling and executing a copy of Towelroot I found on GitHub under /geekben/towelroot, but that didn't work either (maybe I did not correctly compile...)
Priority #1 is not losing access to my Google Authenticator database (no bricking, no factory reset, ...)
What are my options? Does a simple root exploit exist for my S4 that would allow me to copy the db file? I was unable to find it.
I read something about a custom recovery, and then using nandroid to backup, which, I think, would allow me to extract the db from the backup?
I'm not sure about the risks involved; if flashing the custom recovery fails for whatever reason, do I still have 'normal' access to my S4?
Is it at all possible to flash a custom recover without first wiping everything on my S4? I'm reading mixed information.
Any other options perhaps?
Also, my S4 just finished downloading an OTA upgrade to 'something' (it's not showing what it has downloaded, about 490Mb in size) and I may have postponed the upgrade by rebooting.
Perhaps an upgrade to Android 6.0? I don't know if that would be better or worse for what I'm trying to do here...
Thanks in advance for any pointers...

CF-Autoroot via Odin is what you use to root the S4. This will trip Knox, but at this point it shouldn't be an issue as the I9505 hasn't been produced for a couple years now. However, if you downloaded Authenticator from the Play Store Google should have backed up the database, unless doing so creates a security hole.
Backing up and restoring the Authenticator data can be done with ES File Explorer, as I routinely do it with my copy of Authenticator when I need to do a clean install of my N6's custom ROM. Other apps like Titanium Backup may also work, but I don't use Titanium Backup so I don't know how well it would work with Authenticator. Go here for a tutorial on how to backup both app and data using ES File Explorer. Ignore the requirement for the Pro version. The copies of ES File Explorer that I offer from the link in my signature have the ability to backup app and data. Just make sure both of your devices are rooted and have ES File Explorer installed.
EDIT: The one thing that tutorial doesn't mention is that you need to enable root in ES File Explorer; the setting for that can be found in the menu, accessed by tapping on the three lines at the upper left. It also doesn't mention that after enabling root you need to go into the settings, tap on App, and make sure everything on the page is checked before backing up. Otherwise, the app data will not be backed up when you back up the apps.

Ok, this is what I'm reading about Odin and CF-Autoroot at android.wonderhowto.com at /how-to/android-basics-root-with-cf-auto-root-0167401/ (sorry not allowed to post links):
CF Auto Root works by unlocking your device's bootloader, which means that if your bootloader is not already unlocked, you will lose all of the data on your device.
And there are many more articles hinting that my phone will get wiped if I unlock the bootloader, for an S4 as well as other models.
So.... I'm a little confused here. I never touched my S4 with anything special, so I'm guessing that it's bootloader will be locked?
So this will wipe my S4? I can't do that - I'm looking to save and copy my Google Authenticator database as priority #1, not looking to root my phone. I may do so later but rooting is not prio #1.

You're in a bit of a catch-22 here. There's no guarantee you won't lose your data if you run CF-Autoroot, but you have no choice BUT to run CF-Autoroot if you want to retrieve the Authenticator database at all. Since the database is in the /data partition, unavailable to a normal user, root is required in order to access that partition to retrieve the database, and in order to root you have to risk having your data wiped. To restore the database to your other phone also requires root, for the same reason.
The only devices that had locked bootloaders were in the US, so you should be ok running CF-Autoroot. But there are no guarantees here.

Thanks for your input.
Indeed there's a catch-22 here, except that I also have the option of, one by one, cancelling and renewing all my 2fa accounts and not root at all. I'm trying to decide what to do here, as obviously, renewing all ma 2fa in case of dataloss (losing access to my accounts in the process) will be much more difficult than simply re-doing all my 2fa accounts while I still have access. Rooting my new phone is less of an issue as it contains no important data at the moment.
I think I also read about installing a custom recovery, and using that to make a nandroid backup, which would then allow me to extract the file I need from the backup. Is that a possibility? And, if yes, would this be less risky than using CF-Autoroot? Would my S4 still be able to boot and function normally if I flash some total garbage file as a recovery partition? So I could try and flash a custom recovery, and if that fails for some reason, my S4 will still boot as usual?
Thanks

You can install a custom recovery, make a nandroid backup, and retrieve the database that way. You would then have to transfer the nandroid to the other phone, install a custom recovery to the other phone, and then restore just the data. To me that's a lot of work for little gain. Rooting and using ES File Explorer or Titanium Backup to retrieve the data is far simpler to do and causes less headaches.
As to flashing a custom recovery being less risky than CF-Autoroot, no. It's the same level of risk as both the custom recovery and CF-Autoroot are installed in the same fashion. The only difference is that CF-Autoroot runs a temp environment, roots the device, and then commits seppuku.

Thanks again for your input; much appreciated. I'm trying to learn and understand what is happening, and with all the slightly different combinations out there, it is sometimes difficult to know what applies to my S4 and what is not applicable.
So there is at least the boot loader, the recovery image, and the main android image (file system?). Perhaps a kernel partition also?
These will probably be separate flash partitions within the same flash chip.
The boot loader will always be started when I power up the device. When no special key combination is pressed at power-up, the boot loader will simply load the Linux kernel which will eventually load the main operating system which will end up launching android.
With some special key combination is pressed, the boot loader will launch the recovery image in stead.
I wonder, what would happen if, using Odin, I write a completely invalid data file to the recovery image (I pick the wrong image, or the image is corrupt, or by accident I pick a jpg file of my cat in Odin, or the process is interrupted due to a sudden power loss on my phone or even my computer running Odin), and suppose Odin will just go ahead thus destroying the recovery image. My recovery partition is now corrupt, unusable and will crash the system when launched.
Does this brick my phone? Will I still be able to boot normally? Will I still be able to use Odin and try flashing the recovery image a 2nd tine?

2kman said:
Does this brick my phone?
Will I still be able to boot normally?
Will I still be able to use Odin and try flashing the recovery image a 2nd time?
Click to expand...
Click to collapse
No.
Yes.
Yes.

[Guide] Hacking, customizing and managing Huawei Mate 9 - a comprehensive overview

Hi,
I received my dual-sim Huawei Mate 9 Europe version a few weeks back. I selected this as the natural choice after running Samsung Note 3 for several years. There was no other phone that quite fit the bill as this one -
Big screen
Excellent battery
Excellent performance
I am a reasonably advanced user of my android phones - keeping them rooted, unlocked, flashing different roms are just by my alley
However after tinkering around with this new baby, I realized that this is quite different than what I was used to with Note 3.
Never before had I to read so many different forum threads to gain a full understanding of how to do things that I could do very easily with my Note 3 earlier without the need to have an indepth knowledge - just copy the steps and execute was good enough to get what I wanted. i.e.
The bureacratic boot loader unlocking process (never had to deal with this before from Samsung)
Rooting
Flashing custom recovery
Flashing custom rom
Backing up and restoring the different partitions through custom recovery
Flashing stock rom in case things don't work out as expected with the new rom
etc. etc.
I have spent several days reading practically all the forum threads on Mate 9, in order to get a good overview of how to manage this awesome device.
I am usually prone to forgetting things. So I knew after a few weeks, there will be something else that will catch my fancy and whatever I have learnt about Huawei Mate 9 after investing so many days will have gone to waste and I would have to scour the threads again if I need to do something with my Mate 9.
So I started to write down a basic guide in a text file to act as a refresher capsule whenever I decide to open the hood again after a few months
I also wanted to share my summarized learning capsule back to the community, since I have learnt so many from the various threads and the experiences from so many people.
This prompted me to actually create an XDA account (even though I have been a voracious consumer of XDA for several years, but never created an account).
Just one last tip - if you are a new user of Mate 9 trying to understand all the concepts from scratch, then try to read this guide in its entirety. Some concepts are introduced in the beginning, which might be confusing at the start, but you will understand it well after it is covered again towards the later part of the guide. Once you have a good hang of the different concepts involved, then you can jump directly to the specific section for reference.
So enough background to this thread and now out with the content.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Phone Information
--------------------------------------------------------------------------------------------------------------------------------------------------------
The Model number of my phone is MHA-L29. It is a dual sim phone hence L29 at the end.
Single sim version has model number MHA-L09 i.e. L09 at the end.
The firmware version that I am running is : MHA-L29C432B156
Here is the breakup of how to read this number or the naming convention
Naming convention
L29 = Dual sim
C432 = Europe region (there are other regions as well e.g. C636 for Asian and so on)
B156 = version (this is the actual version number of the firmware)
--------------------------------------------------------------------------------------------------------------------------------------------------------
How to best use the phone
--------------------------------------------------------------------------------------------------------------------------------------------------------
For best results in order to get the full power from the hood, you will use the phone with
bootloader is unlocked
phone is rooted
either Custom recovery of TWRP or Stock recovery will be on the phone depending on the situation.
For daily usage, keep stock recovery on your phone since in case of tough situations requiring unbricking etc. stock recovery is the best to have around.
You will also remove the crapware/bloatware. It is difficult to list all the bloatwares, since they differ based on the region.
Factory resets
Reset due to minor issues
In such situations, typically your data partition is messed up but other partition (system) is fine.
If you have software issues due to software which has been additionally installed or phone has become slow etc. then boot to recovery (stock recovery) and do a factory reset. If you are running custom recovery (TWRP), then first you will need to flash the stock recovery. Then do a factory reset through the stock recovery. This action will format the data partition and copy the necessary stuff from the system partition over.
Restart the system.
Reset due to major issues
In such situations, typically your data as well as system partition is messed up. This will typically happen in case you have software issues due to un-installation of core system applications (as a root user) which have resulted in them being removed from the system partition and now you cannot restore them by an ordinary factory reset (since factory reset does not modify/reset the system partition, it only resets the data partition).
This step also requires you to have initially backed-up the system partition using TWRP. If you haven't backed-up the system partition, then you can also extract the system partition by using Huawei Update Extractor tool on the stock firmware of your region and version, which will give you the image file of the system partition that can be used further below.
Steps -
If you are running stock recovery, then first you will need to flash custom recovery (TWRP).
Using TWRP wipe the system partition.
Reboot to recovery.
Format (not wipe) the data partition.
Reboot to recovery.
Wipe the dalvik cache and cache.
Now from the already backed up TWRP partition backups
(a) restore the system partition (or the system partition image file extracted using Huawei Update Extractor)
(b) restore the data partition.
Reboot to recovery.
Wipe the dalvik cache and cache.
Restart the system.
The above should be enough for full reset. An alternative to 7.(b) above is to flash the 2 zip files containing region specific and other related system applications (you might get "error 7", but that is normal).
Upgrades
You can continue to receive over the air (full or incremental) upgrades from huawei even in a rooted and bootloader unlocked phone.
However in order to apply the received updates, you will need stock recovery, as only stock recovery has the capabilities to install the received updates. Thus before applying any update, if you are running custom recovery (TWRP), then first you will need to flash the stock recovery.
Make sure you backup all your private data and do a full installation (instead of incremental). You can select to install the full package by clicking on the 3 dots on top right corner of update screen and selecting to download the full installation package.
After this process, do a full factory reset, so your system is fully reset and updated based on the latest version.
It might happen that after the update, bootloader is locked again and you have lost your root privileges. In that case follow the steps below for unlocking the bootloader and rooting the phone again.
Also after this step, do the below.
Download the new stock firmware from hwmt.ru (as below) and the related 2 zip files zip files containing region specific and other related system applications for the new version and back them up
Make a TWRP backup of all the partitions and and back them up.
This is necessary as you might need them for other activities e.g. flashing stock recovery of the new version, doing full factory resets etc.
--------------------------------------------------------------------------------------------------------------------------------------------------------
General information on Rooting / Bootloader unlocking / Firmware
--------------------------------------------------------------------------------------------------------------------------------------------------------
The device that you get from the factory is bootloader locked with a region specific firmware.
Partitions
The phone has several different partitions (e.g. boot, data, system etc.)
The "BOOT" partition contains the boot image which boots the system and reads from other partitions
The "DATA" partition contains the user private data (e.g. contacts etc.) and is encrypted by the boot partition (Android Nougat feature). When the Android operating system starts, the boot partition decrypts the data partition and then reads it. This is the reason why other "parallel" softwares like TWRP will not be able to read from data partition, since when they read it, then it is already encrypted. Due to this TWRP will be able to backup(clone) all the other partitions except for data partition, as data partition is encrypted on the first boot of a new system. The other way to backup the data partition is to make the backup before you have booted the system (which results in encryption of the partition).
You can do this by the following steps -> "format (not wipe)" the data partition through TWRP + reboot again to TWRP + flashing the 2 zip files containing region specific and other related system applications (you might get "error 7", but that is normal). After this immediately backup the data partition.
The "RECOVERY" partition contains the stock recovery which you can replace with custom recovery TWRP
The "RECOVERY2" partition contains the "Huawei eRecovery mode" and "Huawei updater mode"
Unlocking bootloader
You can unlock the bootloader with the help of unlocking code. You get this from Huawei. Read further below on how to go about it.
Rooting phone
In order to root the phone there are 2 ways
Old method
This requires you to patch your boot partition and replace the stock boot image (which encrypts the data partition), with a custom boot image which does not encrypt the data partition.
After this you format (not wipe) the data partition, so that it is replaced by an unencrypted data partition and then you root the system in which the root exploit is directly injected in the unencrypted data partition.
New method
This does not require you change your boot image. You basically just install the custom recovery TWRP and then root using the PHH super user zip file. Read further below on how to go about it.
Recovery
If you are rooting using the new method, then you will replace the stock recovery with TWRP.
The disadvantage of TWRP recovery is that it is only the Stock Recovery that has the capability to do a proper "Factory Reset" the phone. Basically when you do a factory reset, then you "format (not wipe)" the data partition. But Huawei firmwares, also have some region specific and other related system applications (e.g. themes, camera, system updates etc.), which are also installed on the data partition. The stock recovery recognizes this and does the factory reset carefully (either by removing everything except for necessary system applications OR by doing a complete format (not wipe) of data partition but then re-applying the necessary system applications). TWRP also can do a "factory reset", but TWRP will simply format the data partition dumbly and not take care of re-installing the necessary system applications on the data partition. If you happen to do a "factory reset" or format "data" partition through TWRP, then you will need to manually flash the zip files containing region specific and other related system applications. You can get those zip files (e.g. update_data_public.zip & update_hw_eu.zip) through the same routine for downloading stock firmware detailed below. When installing these zip files through TWRP, you might get "error 7", but that is normal and you can ignore it.
Stock recovery is also useful for managing OTA updates. Typically when you download firmware updates, then they boot to stock recovery for further processing.
Hence even if you have installed TWRP, you will need to flash stock recovery for factory resets or handling new firmware updates.
Thus as mentioned before, for regular daily usage, keep stock recovery on your phone.
In order to get the stock recovery image, you can extract the stock recovery image file by downloading the "update.zip" of the target firmware and extract the "UPDATE.APP" file and then running the "Huawei Update Extractor" tool on it. Commands to flash the obtained stock recovery image file are similar to the command to flash TWRP recovery below.
Note, when you run the "Huawei Update Extractor" on UPDATE.APP file, then you will see RECOVERY.img, as well RECOVERY2.img
RECOVERY refers to the stock recovery and RECOVERY2 refers to huawei eRecovery mode & huawei updater mode.
Stock firmware
Huawei has region based firmwares e.g. in my case, the region is europe (C432)
There are stock firmwares of each region. However except for 2 regions (C636 and AL00), all other stock firmwares cannot be directly flashed. This is by design from Huawei. Even though the stock firmwares are easily available for all regions, but it is only for these 2 regions that firmwares have the PACKAGE_TYPE token set to OFFLINE_UPDATE. The PACKAGE_TYPE tokens for other region's stock firmwares are set to ONLINE_UPDATE, which makes it not possible to flash those through Huawei Updater.
Thus if you are majorly messed up or bricked, then the only way out is to rebrand your phone to a C636 (i.e. changing the OEMINFO partition from C432 (europe) to C636) and then flash that stock firmware for C636.
https://forum.xda-developers.com/mate-9/how-to/guide-rebrand-chinese-al00-mate9-to-t3554656
https://funkyhuawei.club/rebranding
In order to flash the C636 stock firmware, download the "update.zip" of the target firmware and extract the "UPDATE.APP" file into the "dload" folder created at the root of an external SD card and then starting the phone in a "Huawei Updater mode".
In order to get back to your region (C432), you will then have to use tools like "Firmware Finder" (FF), which spoof Huawei servers through DNS and network and make it possible for the updater to download and flash their stock firmwares thinking it is downloading it online from the huawei servers. You might not be able to update to the latest firmware using FF (since Huawei doesn't authenticate for latest versions sometimes), but you can try to update to an older version first and once that is sorted out, then you can update directly within system update settings to move to the latest update.
As a short-cut and if situation permits, you can also use FF, to directly flash your own region's firmware, without needing to go through the C636 route first.
However if that doesn't work, then flashing the C636 as described above is the only way out.
Also the eRecovery mode or recovery through hisuite only works if you are on a C636 region firmware.
Some useful links -
https://forum.xda-developers.com/mate-9/how-to/guide-rebrand-chinese-al00-mate9-to-t3554656
https://forum.xda-developers.com/mate-9/development/oeminfo-library-t3555353
https://funkyhuawei.club/rebranding
https://forum.xda-developers.com/mate-9/how-to/guide-rebrand-chinese-al00-mate9-to-t3554656/page5
https://forum.xda-developers.com/ma...urb175v1-0-t3575146/post71812906#post71812906
https://forum.xda-developers.com/showpost.php?p=71804525&postcount=393
https://forum.xda-developers.com/ma...lost-ideas-t3561569/post71208272#post71208272
https://forum.xda-developers.com/mate-9/how-to/guide-installing-b138-using-firmware-t3557089
--------------------------------------------------------------------------------------------------------------------------------------------------------
FRP Lock (Factory Reset Protection)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Sometimes during normal usage of the phone, if the phone detects some security anomaly, it would engage the FRP lock .
It has also been found that the phone enters FRP lock mode also when you do a "Reset to default" in the developer mode. So try to avoid doing that.
Basically what happens when you reset the developer mode is that the "OEM Unlock" setting goes back to disabled, and typically when OEM Unlock is disabled, then FRP lock is enabled. However if the bootloader is unlocked, then you will find that it is not possible to change the "OEM Unlock" setting in developer mode, because if bootloader is unlocked then this setting is greyed out and not possible to change.
In short ->
Bootloader is Locked -> "OEM Unlock" setting is greyed out
"OEM Unlock" is enabled -> FRP Lock is Unlocked
"OEM Unlock" is disabled -> FRP Lock is Locked
FRP lock is to prevent mis-use of the phone in case of theft. Since it requires you to enter your google sign-on information again after doing a factory reset before you can use the phone..
FRP lock disables entering any fastboot command, which is a big issue since it means you cannot do anything in bootloader mode i.e. no flashing another recovery, no lock/unlock OEM etc.
In order to check if your phone is FRP locked or not, enter the bootloader mode. Over there it will be mentioned "FRP Lock" or "FRP Unlock", the former indicating that the phone is FRP locked.
In such scenarios, the only way out of the FRP lock mode is to flash the stock firmware again (which means your phone will be restored to totally factory condition i.e. bootloader will be locked, phone will be unrooted).
At the point when the phone enters FRP Lock, if you happen to have stock recovery, then you have a better situation as compared to if you have custom recovery (TWRP).
This is because if you have stock recovery, then you can simply use FF to flash your region's stock firmware. However if you have TWRP, then you have to flash the C636 version (asian) using Huawei Updater mode and then move on to your region's stock firmware.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Using Firmware Finder (FF)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Firmware Finder basically spoofs the Huawei servers by using a local proxy server leading the phone to thinking that there is a firmware update available, and thus allowing you to flash the firmware you wish (with some restrictions of course).
Using Firmware Finder requires you to have stock recovery.
If you are trying to install European regional firmware from scratch, then start by installing version B138 through FF and then move to higher versions using normal system update (or if you are not getting prompted for a normal system update automatically, then of course update through FF.)
For getting the full version of B156 (2.2 GB) through FF, at the time of writing this it was not yet authenticated by Huawei, so if you try to download it you will get authentication error after the download is completed and being verified. Thus, you will instead need to download a partial update of 409 MB through FF (if you are moving from B138 to B156). If you are moving from B126 to B156 then you will need to download the partial update of 473 MB through FF. This will allow you to have B156 on your phone.
The limitation of FF is that it only allows you to install firmwares which are authenticated(approved) by Huawei. Thus in order to install the latest and greatest, you might not be able to use FF. In such cases you can use paid services such as FunkyHuawei which allows you to install even non authenticated(approved) latest and greatest Huawei firmwares.
Though personally, I feel that it is for a good reason that Huawei does not authenticate the latest and greatest since they are beta versions and it is not that big an issue to not have them on the phone.
FF has 2 APKs for the phone - one is the actual application and the second one is a proxy server. The usage is simple - you find the firmware to install using the main application and then send the selected firmware over to download through the proxy server application on the phone. You will also need to change your Wifi settings to add a local proxy server (localhost:8080) before trying to check through system update on availability of new firmware.
FF firmware download on the phone has 3 phases.
Phase 1
The first phase requires you to modify the wifi network config to have localhost and 8080 as proxy to go through the FF Proxy application, which will spoof the Huawei servers and allow the handshake to happen to download the right firmware.
Phase 2
Once the download has started, then move on to the second phase, in which you pause the download, and then once again modify the wifi network config to remove the proxy configuration and then resume the download. This will allow you to download the update at full speed without any proxy intervention
Phase 3
The third phase starts at the last phase of the download in which you pause the download at last remaining 1%. After that you turn off wifi and start mobile data and resume the download from there. This is good because after the download is complete, the firmware will be verified and a last authentication handshake will be done to huawei server, and this doesn't need to be spoofed or be through wifi. Instead it is better that it should be originating through your mobile network.
i.e. a spoofed connection is only required in the first phase of the download
After updating from FF, you will need to do a factory reset of the phone. Then proceed with normal installation, bootloader unlocking, custom recovery installation, rooting. If necessary also flash the 2 zip files containing region specific and other related system applications. After this revert back to stock recovery and do a factory reset again. After this the phone is fully clean and ready to use.
--------------------------------------------------------------------------------------------------------------------------------------------------------
How to download stock firmware
--------------------------------------------------------------------------------------------------------------------------------------------------------
Go to this site (replace the MHA-L29C432 part of the string at the end with the model number of your own Mate 9 device)
http://hwmt.ru/oth/HWFF/info/view.php?find_model=MHA-L29C432
In the "Тип" column, you should only filter by FULL (no OTA, as that update is only eligible for usage by a paid service called funkyhuawei)
Check that the link in the "Список изменений" column is almost the same as "Файл обновления" column. Only difference should be the last part which should be changelog.xml in former and update.zip in the latter.
Now using the link, change the last part of the link to filelist.xml
This will give the xml path with the details of the files as part of that version.
Example
Code:
<vendorInfo logfile="changelog.xml" name="common" package="update.zip" subpath=""/>
<vendorInfo logfile="" name="public" package="update_data_public.zip" subpath="public"/>
<vendorInfo logfile="" name="hw/eu" package="update_hw_eu.zip" subpath="hw/eu"/>
Now change the url to download the above 3 zip files using the subpath i.e
Code:
$URL/update.zip
$URL/public/update_data_public.zip
$URL/hw/eu/update_hw_eu.zip
--------------------------------------------------------------------------------------------------------------------------------------------------------
Information on entering the various modes on the phone
--------------------------------------------------------------------------------------------------------------------------------------------------------
Engineer mode
In a powered ON phone
enter the following on the dialler
*#*#2846579#*#*
Huawei Updater mode
In a powered OFF phone
hold volume up + volume down + power for a long time (around 10 seconds)
Recovery mode
In a powered OFF phone
hold volume up + power
In a powered ON phone
enter the following through the command line on computer
adb reboot recovery
Huawei eRecovery mode
In a powered OFF phone
power on the phone through the power button
at the prompt that "Your device has been unlocked and cannot be trusted", it will tell you to press the power up button for 3 seconds to enter the eRecovery mode
Download mode / Fastboot mode / Bootloader mode
In a powered OFF phone
keep the volume button pressed down
connect the USB cable to the computer and the phone
In a powered ON phone
enter the following through the command line on computer
adb reboot bootloader
--------------------------------------------------------------------------------------------------------------------------------------------------------
Information on using adb or fastboot commands on your phone
--------------------------------------------------------------------------------------------------------------------------------------------------------
Make sure that "Minimal ADB and Fastboot" program is installed on your computer
Make sure USB debugging is enabled in phone settings
Make sure all reasonable permissions have been allowed as per the developer options
Make sure that hisuite is installed (which will ensure that USB drivers are installed)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Information on unlocking the bootloader
--------------------------------------------------------------------------------------------------------------------------------------------------------
Steps to obtain unlock code
Entry page for unlocking bootloader is
http://emui.huawei.com/en/
Then click on Download. And then click on "Unlock bootloader"
OR
Visit this page
https://emui.huawei.com/en/plugin/unlock/detail
Enter the required details on the form
Steps to unlock the bootloader
Make sure that USB Debugging is enabled on the phone and the phone has been verified to connect to the computer and phone has permanently accepted the RSA id and connected in debug mode.
Also make sure that "Enable OEM Unlock" has been enabled in the developer options.
Put the phone in "Download mode / Fastboot mode / Bootloader mode"
Enter the following commands
fastboot oem unlock $CODE
fastboot reboot
In the above command, replace $CODE with the actual code received from Huawei
--------------------------------------------------------------------------------------------------------------------------------------------------------
Information on installing custom recovery (TWRP)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Copy the "twrp-3.0.2-2-hi3660.img" file to the "Minimal ADB and Fastboot" directory
Put the phone in "Download mode / Fastboot mode / Bootloader mode"
Enter the following commands
fastboot flash recovery twrp-3.0.2-2-hi3660.img
fastboot reboot
--------------------------------------------------------------------------------------------------------------------------------------------------------
Information on rooting the phone
--------------------------------------------------------------------------------------------------------------------------------------------------------
Make sure that the version of TWRP installed is twrp-3.0.2-2-hi3660
Copy superuser-r275.zip into an external SD card
Boot into TWRP recovery mode and install the above zip file
Restart the phone in normal mode and install the "Superuser_2.0_Beta_9.apk" application
--------------------------------------------------------------------------------------------------------------------------------------------------------
Attachments referred in the guide
--------------------------------------------------------------------------------------------------------------------------------------------------------
https://drive.google.com/drive/folders/0B4pklpmVwGHqOWs3SlpWOEdUcUk

Top work ???

Good job...:good::good::good::good::good::good::good:

Nice. Thanks.

Good summary.
Add the supersu SuperSU-v2.79-MATE9-init.d_support.zip.
This is the method to get busybox and viper4android installed, for they use fix paths of supersu.
My device: Mate 9 supersu b156 Mediapad X2 GEM 701->703 B212 KangVIP (AJ mod)

Hi saurabhg9, I just starting reading you incredible Mate 9 summary guide and had to stop only to say that I simple love the way you explain everything, so simple, so clear, so useful... Thanks a lot for you to share your refreshing capsules, they are just the medicine my Mate 9 and I needed! :good::good::good:
Going back to continue the treatment!
Edit to ask for a little help... Recently I installed the L09C432B181 using Funky services and used it rooted by THIS method and all was going fine. Then I decided to give a try to RomAur but went back to stock restoring system and data. All well apart from root, so I rerooted flashing the 3 zips again but no way to get proper root back. It works but doesn't ask permission any more, the log is empty and it ask for binaries update in each boot. My main reason for root is to control the phone with gestures but only one of the commands of GMD app works.
I tried your 2.-Reset due to major issues using the twrp backup system and data without any result. Tried also the root superuser-r275.zip from the last section with no success either.
Tried as a last option spend another Funky credit in the B182 but always get the same "getting package info failed" error, what should be happening?
Any idea? Maybe extract a clean system and flashing it by adb (edit: tried but get "target reported max download size 471859200 bytes" error)?
Thanks again!

Thanks Peppus!
Sounds like you might need a clean start for your phone and do a "full reset".
In order to do that, I suggest doing a clean stock install of C432B138 using FF and then update to B156.
After that you could unlock the bootloader and root. This will atleast give you a clean base to start with for further experimenting depending on where you would like to go from there.

Epic work, but there are too many things which are absent and can cause mess up knowledge.
No info about MHA-AL00
No info how hard to unlock bootloader on MHA-AL00
No info what is difference between simple root and root with additional functional like dm-verity...
And more, and more....
P.s. I don't want to blame, cause I know that it is too hard to gather information from thousands threads.

5[Strogino] said:
Epic work, but there are too many things which are absent and can cause mess up knowledge.
No info about MHA-AL00
No info how hard to unlock bootloader on MHA-AL00
No info what is difference between simple root and root with additional functional like dm-verity...
And more, and more....
P.s. I don't want to blame, cause I know that it is too hard to gather information from thousands threads.
Click to expand...
Click to collapse
Thanks for the feedback!
I really wish there was a "wiki" functionality at XDA, so guides such as these could be developed with the joint knowledge of its members.
Unfortunately, that is also reflecting above, where most of the content is based on my own personal experience and what I have learnt in past few days based from various threads. and what works for me.
If you could provide me the specific text to be updated above (in regards to the things that you mentioned above), I would gladly add it
I am sure lot of others, including me would benefit from such.
Cheers!
Saurabh

saurabhg9 said:
Thanks Peppus!
Sounds like you might need a clean start for your phone and do a "full reset".
In order to do that, I suggest doing a clean stock install of C432B138 using FF and then update to B156.
After that you could unlock the bootloader and root. This will atleast give you a clean base to start with for further experimenting depending on where you would like to go from there.
Click to expand...
Click to collapse
Hi, that is what Audioralf recommended me and I was trying to avoid but I think it is the only option I have now. Thanks for your interest :good:

Peppus said:
Hi, that is what Audioralf recommended me and I was trying to avoid but I think it is the only option I have now. Thanks for your interest :good:
Click to expand...
Click to collapse
Yes - clean scratch install is good!
I do mine at far lesser problems than yours

saurabhg9 said:
Yes - clean scratch install is good!
I do mine at far lesser problems than yours
Click to expand...
Click to collapse
By the way, does anybody know which is the latest build installed in a L09C432? by Firmware Finder? Thanks!

My good guess would be for b138, since the version numbers for L29 and L09 are quite similar at least for the c432 region.
Try doing a FF install for L09C432B138. Then partial update using FF to 156, if you are not prompted by system update automatically

Hi,
Just updated the guide with some new information relating to -
* FRP Lock
* Using Firmware Finder
Also updated various miscellaneous parts of the guide with additional information and clarification.

hi
this guide is just awesome
top work
for the mate 9 beginners now all is crystal clear
thx for the guide and explenation
greetz benji

Benji1983 said:
hi
this guide is just awesome
top work
for the mate 9 beginners now all is crystal clear
thx for the guide and explenation
greetz benji
Click to expand...
Click to collapse
Thanks!
Glad you found it useful.

Hi,
Thx for your awesome collection of how-to's and how everything works!!!!
Tried to start with all the stuff like you did, but some things were/are too strange for me, so i decided to wait until i found an "encyclopedia" like this :good:
Saved a lot of time i guess
So again thx for your great work. Appreciate that

saurabhg9 said:
...In order to get back to your region (C432), you will then have to use tools like "Firmware Finder" (FF), which spoof Huawei servers through DNS and network and make it possible for the updater to download and flash their stock firmwares thinking it is downloading it online from the huawei servers. You might not be able to update to the latest firmware using FF (since Huawei doesn't authenticate for latest versions sometimes), but you can try to update to an older version first and once that is sorted out, then you can update directly within system update settings to move to the latest update...
Click to expand...
Click to collapse
Hi saurabhg9, do you mean that you can rebrand to another region using Firmware Finder? I thought that you only can install the same region roms by it.
Thanks for the update!
Cheers!

Yes.
There are 2 steps to rebranding.
First step is to ensure that your oeminfo files match that of the targeted region. This can be easily done through twrp.
Second step is to flash that regions firmware using FF.
As mentioned in my guide, you might not be able to flash the bleeding edge versions (you need paid services i..e. funky for that). But if you keep things simple and reasonable then you can get the huawei approved ones of most of the regions (e.g. B156 through FF has been verified personally by me for Europe. I haven't tried higher versions since even this version is fairly new and good)

Also I have read that to flash C636, you do not even need to flash the oeminfo of that region (asia).
Haven't verified this personally but have read some guys do it successfully while they were trying to revive their messed up Europe (C432) phones and they had just placed the C636 UPDATE.APP in dload folder and installed it using the Huawei Updater Mode (3 button method)