Database Users

[GUIDE] Linux Ubuntu: Unlocking Bootloader / Rooting Nexus S

One thing I've noticed is there isn't a lot of documentation for getting set up and unlocking your bootloader on a Linux OS. Setting up your machine to get adb and fastboot to recognize your device takes a tiny bit of extra work on a Linux operating system, but what exactly needs to be done may not be clear to everyone. Whether it's because you're new to the Android SDK/adb, somewhat new to Linux, or can't simply can't seem to find the Vendor Code for the Nexus S. (For those who are looking specifically for this, it's '18d1', and I assume will be the same on all Nexus devices to come; If this means nothing to you right now, read on.)
Disclaimer: I take no responsibility if something goes wrong (if it does, it should be fixable though), Unlocking your bootloader voids your warranty (but you can lock it back), Unlocking the bootloader will wipe your entire phone, including USB Storage; so make a copy of all those family photos and other files you may have put onto the USB storage if you want to keep them.
For the sake of sanity, this guide assumes you are using Ubuntu. If you're using something else (or different applications), there are terminal commands offered, and you probably have an idea on how to adapt the given instructions to your Linux OS.
Preparation: Installing the Android SDK, ADB, Fastboot & Setting Up Your Nexus S to be Recognized
1. Download the Android SDK for Linux: http://dl.google.com/android/android-sdk_r08-linux_86.tgz
2. Save it in a folder of your choice. I chose to keep it in my Downloads folder, myself. If you'd like, you can rename it to the simpler name of 'AndroidSDK.tgz'. The rest of the guide will assume that you did, because I'm lazy, and it makes things simpler; it will also assume you saved it in Downloads. If you feel that you have the intuition to rename and edit the path names based on your own choices, then fine; but if you're utterly lost here, just stick with what I'm doing; download to 'Downloads', rename to 'AndroidSDK.tgz'.
3. Now that you have it, navigate to the folder you downloaded it to, right-click, and click 'Extract' to unzip it. If for some reason you cannot do this, open up a terminal and try this command:
Code:
tar zxvf /home/<your-user-name>/Downloads/AndroidSDK.tgz
You may have to adjust the command if you didn't save it under Downloads or didn't rename the file to AndroidSDK.tgz.
4. Now, we'll install adb and some other software packages by starting up the Android SDK and AVD Manager. Start it either by:
- Navigating to your AndroidSDK folder, going to the 'tools' folder and double-clicking the file called 'android'; if a popup opens asking you what you want to do with it click 'Run'.
- Using this command:
Code:
/home/<your-user-name>/Downloads/AndroidSDK/tools/android
5. In Android SDK and AVD Manager, click on "Available packages". Check the box next to "Android SDK Tools, revision 8" and "Android SDK Platform-tools", and click on "Install Selected" then "Install". When prompted click "Yes" to restart ADB.
6.You should now have a folder in /home/<your-user-name>/Downloads/AndroidSDK/ called "platform-tools".
7. Download fastboot here: http://developer.htc.com/adp.html
- Save it to the aforementioned platform-tools folder.
- Now, navigate to the file, right click it, click 'Properties', go to the 'Permissions' Tab and check 'Allow executing file as program'. Alternatively, run this command:
Code:
chmod +x /home/<your-user-name>/Downloads/AndroidSDK/platform-tools/fastboot
8. Now to set things up so adb and fastboot recognize your Nexus.
- Type this command into a terminal:
Code:
gksudo gedit /etc/udev/rules.d/51-android.rules
- Paste this into the blank file:
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="18d1", MODE="0666"
- Click save and close.
- Then, type the following terminal command:
Code:
sudo restart udev
9. Almost done with preparations! Run this command:
Code:
gedit .bashrc
And add this line to the top of the file:
Code:
#AndroidDev PATH
export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools
Then save the file and close.
10. Download this file and save it to /home/<your-user-name>/Downloads/AndroidSDK/platform-tools: http://www.mediafire.com/?4pe5y906zr67nfh
10.We're ready to go!
Unlocking the Bootloader on your Nexus S and Rooting
Once again, unlocking your bootloader wipes everything on your device, including USB storage. Make a backup of any files you want to keep.
1. On your Nexus S, go to Menu>Settings>Applications. Select "Development" and check the box next to "USB debugging"
2. Power off the phone, and then hold down the Volume Up button and the Power button simultaneously to get into Bootloader/Fastboot mode. Connect your Nexus to the computer via USB.
3. Run this command to unlock your bootloader: (Once again WIPES EVERYTHING!)
Code:
fastboot oem unlock
Hit Enter and on your phone you will be prompted to confirm the action. (Use Volume +/- buttons to choose, power button to confirm choice) Confirm. At this point you will have an unlocked bootloader.
4. Copy/paste the following into the Terminal window:
Code:
fastboot flash recovery /home/<your-user-name>/AndroidSDK/platform-tools/recovery-clockwork-herring.img
5. Use the Volume +/- buttons to choose the Recovery option, then press the power button.
6. In Recovery, go to 'mounts and storage' and choose 'mount USB storage'.
7. Go to this page: http://forum.xda-developers.com/showthread.php?t=682828
About 1/5 of the way down on that page, find the link for "su-2.3.6.1-ef-signed.zip", which is the link for the Froyo version of Superuser. Control-click (right click) on that link and choose "Download Link As..." Save that file to your desktop and then copy it to the main directory of your mounted phone.
8. Click 'Unmount'. Go back to 'mounts and storage' and choose 'mount /system'. Then Go Back and choose 'install zip from sdcard'>'choose zip from sdcard'>su-2.3.6.1-ef-signed.zip
9. When it's finshed installing, reboot. You are now rooted.
Special Thanks
Amin Sabet; I used your Mac guide as a reference and copy/pasted some things for convenience.
Koush; For first posting the unlocking information, developing ClockworkMod Recovery, and ROM Manager. You should probably hook him up with a donation. https://www.paypal.com/us/cgi-bin/w...63663d3faee8d9384d85353843a619606282818e091d0
Michael.B.; for suggesting adding the platform-tools folder to the .bashrc file.
Linus Torvalds; Without which we'd have neither Android nor Ubuntu.
Feel free to leave your comments on the guide below.

Good guide for beginners, I would throw in how to update their path so they can just type adb or fastboot
On Linux, edit your ~/.bash_profile or ~/.bashrc file. Look for a line that sets the PATH environment variable and add the full path to the tools/ and platform-tools directories to it. If you don't see a line setting the path, you can add one:
export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools
Click to expand...
Click to collapse
Be sure to update your username above.

Thanks a lot man, great guide. I didn't get my NS yet but this is gonna be very useful soon
ps: someone please stick this

Michael.B. said:
Good guide for beginners, I would throw in how to update their path so they can just type adb or fastboot
Be sure to update your username above.
Click to expand...
Click to collapse
Thanks for the tip. I added your tip and instructions for marking fastboot as executable.

Stuck due to the thread's usefulness

I forgot to ask: will this work for 64 bit systems?

nicholasbgr said:
I forgot to ask: will this work for 64 bit systems?
Click to expand...
Click to collapse
It should work just fine.

Thanks, got me rooted nice and quickly.

BlackOtaku said:
It should work just fine.
Click to expand...
Click to collapse
Yes but don't forget to install 32 libs.
Thanks for guide
Useful !
I'm waiting for cyanogen ROM so i'll able to install
Cheers

To confirm, yes it works on 64bit. I am running that

Thanks for the confirmation, guys

Good stuff, much appreciated.

I'm working on a simple shell script that should automate some of the more menial tasks while holding the user's hand through the process. I should have it up later today.
UPDATE: It's up! Link on the first page.
Sent from my Nexus S using XDA App

question:
If I use
Code:
fastboot boot recovery.img
instead of
Code:
fastboot flash recovery recovery.img
will i get OTA updates?

confiq said:
question:
If I use
Code:
fastboot boot recovery.img
instead of
Code:
fastboot flash recovery recovery.img
will i get OTA updates?
Click to expand...
Click to collapse
Or, I don't get OTA until i change OS with zip file (ex: su app) ?

confiq said:
Or, I don't get OTA until i change OS with zip file (ex: su app) ?
Click to expand...
Click to collapse
You shouldn't flash the recovery in the boot partition, I think that will cause problems with the phone period. :S
If you flash a custom boot.img (which this guide doesn't cover, though the script will flash Superboot) or kernel like Paul's Superboot, Supercurio's Voodoo Kernel, or Koush's insecure boot.img, OTA updates will fail to install. OTA updates will also reflash your recovery back to stock. One of the devs around here will probably start modifying them so they don't check the boot.img or reflash the recovery though.

Thanks for this! Worked perfectly

Hi all,
I have a strange problem. I can install ClockworkMod recovery but, when I reboot the phone, I don't have superuser installed and su doesn't work. If I reboot the phone, I have to install the recovery every time. It seems it isn't permanent.
Thanks
Matroska

matroska said:
Hi all,
I have a strange problem. I can install ClockworkMod recovery but, when I reboot the phone, I don't have superuser installed and su doesn't work. If I reboot the phone, I have to install the recovery every time. It seems it isn't permanent.
Thanks
Matroska
Click to expand...
Click to collapse
To fix the problem, before selecting zip file, you have to select mount /system. Then go to apply update.zip and proceed as usual.
Thanks

ok im stock
with this part fastboot oem unlock ware i put this code in my terminal of my pc ,,i put the cell in fasboot , i intall everiting if i put that code in my terminal
bash: /home/toshiba/.bashrc: line 2: syntax error near unexpected token `('
bash: /home/toshiba/.bashrc: line 2: `export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools# ~/.bashrc: executed by bash(1) for non-login shells.'
[email protected]:~$ fastboot oem unlock
fastboot: command not found
[email protected]:~$
what can i do or im doing wrong

[HOW-TO] Root / Install a ROM / Unroot / Revert to Stock (A KFFB Supplement)

This how-to originally started out as a part of the Kindle Fire For Beginners (KFFB) guide, but evolved into this supplemental guide. Because of its origin, this guide assumes the reader is already familiar with KFFB, so reading it is a mandatory prerequisite. Users who post questions in this thread already covered in KFFB will be directed to go back and read it again.
My motives for writing this guide are very much in line with the reasons why I wrote KFFB. I'm hoping users will take the time to learn what they are doing and why they are doing it instead of crossing their fingers and hitting a button on an automated program. While I understand this is the more tedious route to their destination, the knowledge gained here can be used to get back on track when things go wrong or methods inevitably change over time.
The first post in this series details the process of rooting and installing a ROM on a stock device. The two share many of the same preliminary steps, so it makes sense to go over both at the same time.
Preparations
Again, please read Kindle Fire For Beginners before continuing. The conventions introduced in KFFB (e.g. having KFU installed in "C:\kfu") will continue to be used here. Make sure the battery is fully charged. A drained battery is not something you'll ever want to encounter and especially not while in the middle of this process. Create a new folder "C:\kfu\software" on your hard drive. Downloaded software to be installed on the Kindle Fire will be moved there.
Download and install WinMD5Free to some place on your Computer. The developers for most of the software you'll download for the Kindle Fire will provide an MD5 checksum. The checksum is used to verify the integrity of downloaded file, so you can be sure that you haven't gotten a bad download or a corrupted file. Tell WinMD5Free what file you want to check and compare the calculated checksum with the one provided by the developer. If the two match, you can be confident about installing it on your Kindle Fire.
For all required software listed in this document...
Extract (unzip) the files from the compressed archive (unless otherwise noted)
Verify the MD5 checksums if they have been provided
Move them to the C:\kfu\software folder
As with any other how-to guide, it's always a good idea to just read through the document first to get a basic idea of the process involved. Once you are comfortable with the concepts, then go back through and actually perform the steps required.
Getting to fastboot mode
The first step to modifying the Kindle Fire is to get the device into fastboot mode. The easiest and safest way to do this on a stock device is to use a factory cable. The factory cable is safe because it does not require the bootmode to be changed on the device. If something unexpected happens, you'll be able to disconnect the factory cable and reboot straight back into the stock software.
If you choose not to use a factory cable and change the bootmode to get into fastboot mode, you'll be taking a small gamble that you'll be able to issue fastboot commands to the device and change the bootmode back to normal. If you cannot change the bootmode back for some reason (e.g. your device drivers for fastboot mode fail to recognize the device), the device will be stuck in fastboot mode until you find a way to do so. In nearly every case, if you are able to issue the adb commands to get into fastboot mode, you should be able to send the fastboot commands necessary to get out of it. This is just a fair warning out of an abundance of caution... make sure you've done everything to ensure the ADB device drivers have been installed properly.
If you have a factory cable, you can turn the Kindle Fire off and connect the cable to the device, then the computer. The Kindle Fire will power up and put you directly into fastboot mode. You can then skip the rest of this section and go directly to flashing a recovery and bootloader. Otherwise...
Required software:
pokey9000's fbmode​
1) Boot up the Kindle Fire normally and connect a USB cable to the device and computer.
2) Copy pokey9000's fbmode program into a user writeable location on the Kindle Fire...
Code:
adb push C:\kfu\software\fbmode /data/local/tmp/
3) Change the permissions on the fbmode program so it can be executed (run) on the device...
Code:
adb shell chmod 755 /data/local/tmp/fbmode
4) Execute (run) the fbmode program to change the bootmode to fastboot...
Code:
adb shell /data/local/tmp/fbmode
5) Reboot the device...
Code:
adb reboot
Note: In case you are wondering why the "adb shell idme bootmode 4002" command previously discussed in KFFB was not used here, that command requires root privileges not available in the stock configuration. Without root privileges, the above workaround is required.
Installing a recovery and custom bootloader
Required software:
FIREFIREFIRE bootloader
TeamWin Recovery Project (TWRP) recovery
Note: Do not extract the contents of the FIREFIREFIRE bootloader zip file. It will be flashed as-is with TWRP recovery.​
1) Install the TWRP recovery...
Code:
fastboot -i 0x1949 flash recovery C:\kfu\software\openrecovery-twrp-2.2.2.1-blaze.img
2) Set the bootmode to recovery (5001)...
Code:
fastboot -i 0x1949 oem idme bootmode 5001
3) Reboot the device into TWRP recovery. If you used a factory cable to get into fastboot mode, turn off the device by holding down the power button for about 20 seconds. Replace the factory cable with a generic USB cable and the device will start up again automatically. Otherwise...
Code:
fastboot -i 0x1949 reboot
4) Copy the FIREFIREFIRE bootloader zip file to the /sdcard directory on the Kindle Fire...
Code:
adb push C:\kfu\software\fff-u-boot_v1.4a.zip /sdcard/
5) From the main menu of TWRP, press the "Install" button to flash the FFF bootloader onto the bootloader partition. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
6) Optional: Make a nandroid backup of the stock software. From the main menu of TWRP, press the "Backup" button and then "Swipe to Back Up" to create a snapshot of the stock system. If you change your mind later about rooting or have second thoughts about the ROM, just "Restore" the backup and return to the stock configuration.
Rooting the stock software
Users interested in flashing a custom ROM may elect to skip this section. Rooting the stock software is not a requirement to flash a custom ROM because the custom ROM will completely overwrite the stock software. However, if you are undecided on the question of rooted stock vs. custom ROM, root the stock software first and try that out for a while. The option to flash a custom ROM will still be available at a later time.
The following method of rooting the Kindle Fire stock software has been tested on 6.3.x and 6.2.x systems. Skip step #5 when rooting 6.2.x systems because the root checker does not exist in those versions.
Required software:
Superuser by ChainsDD
Note: Two separate files will be needed from the contents of this zip file: the su binary from the system\bin folder and the Superuser.apk file from system\app folder.​
This section assumes the device is already booted into TWRP recovery.
1) Remount the /system partition in read/write mode...
Code:
adb shell mount system
2) Copy the su binary onto the device...
Code:
adb push C:\kfu\software\su /system/xbin/
3) Change the owner of the su binary to root...
Code:
adb shell chown root:root /system/xbin/su
4) Set permissions for the su binary to run as root...
Code:
adb shell chmod 6755 /system/xbin/su
5) Disable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
6) Change the bootmode back to normal...
Code:
adb shell idme bootmode 4000
7) Reboot the system...
Code:
adb reboot
8) Once the Kindle Fire has rebooted into the system, install the Superuser app...
Code:
adb install C:\kfu\software\Superuser.apk
Congratulations! You have gained root privileges on the stock Kindle Fire software!
Installing a custom ROM
It should go without saying, but users who intend on staying with a rooted stock device need to skip this section. Flashing a custom ROM will overwrite the stock software and leave no trace of the original Kindle Fire interface.
Required software:
Any ROM you choose to install. Check the KF Development List as a starting point.
Note: Do not extract the contents of the ROM archive. The recovery program will need the actual zip file to install.​
This section assumes the device is already booted into TWRP recovery.
1) Carefully read the ROM thread for specific directions and warnings provided by the developer when flashing any new ROM.
2) Copy the custom ROM zip file to the /sdcard directory on the Kindle Fire...
Code:
adb push C:\kfu\software\ROM.zip /sdcard/
You must replace the "ROM.zip" part of the above command to the actual name ROM's zip file you've downloaded.
3) From the main menu of TWRP, "Wipe -> Factory Reset" to remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature.
4) From the main menu of TWRP, "Install" to flash the ROM onto your device. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
5) From the main menu of TWRP, "Reboot -> System" to boot into the newly flash ROM.
Congratulations! You have completely replaced the stock Kindle Fire software with a custom ROM!
Cleaning up
The zip files pushed onto the /sdcard during installation are only necessary during the installation process and do not need to take up space on the device after completing the install. Use a file manager or mount the storage device on the host computer to delete the files and reclaim the used space.
Coming soon...?
I've got some other topics in mind, but like I did with the KFFB, I'll see how users respond to this post before I continue. Please feel free to comment and make suggestions. I may not respond to everything, but I will keep the helpful comments in mind if/when I decide to expand this how-to guide. Thanks for reading.
Credits
jcase - For providing the basis for this guide and lending his expertise in rooting devices
pokey9000 - For his work on FFF and providing the fbmode exploit
TeamWin and Dees_Troy - For providing the TWRP recovery and continuing its development
ChainsDD - For the Superuser package​

Unroot or Revert to Stock Software
This second post in the series details the procedures required to undo the steps taken in the first. Use it to unroot or revert back to the stock software like it just came from the factory. If you tried out the rooted stock software or a custom ROM for a while, but just prefer the no-frills stock software, you've come to the right place.
Unrooting the stock software
Required software:
None​
This section assumes the device is already booted into the system software.
1) Uninstall the Superuser app
Code:
adb uninstall com.noshufou.android.su
2) Optional: Set the bootmode to recovery. Alternatively, use the recovery selection feature in FFF to boot into recovery during startup without manipulating the bootmode setting here. If you are more comfortable setting the bootmode directly...
Code:
adb shell su -c 'idme bootmode 5001'
3) Reboot the device into recovery...
Code:
adb reboot
4) Mount the data partition...
Code:
adb shell mount data
5) Optional: Delete the files that the Superuser app left behind...
Code:
adb shell rm -rf /data/data/com.noshufou.android.su
6) Mount the system partition...
Code:
adb shell mount system
7) Re-enable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted.bak /system/bin/check_rooted
8) Delete the su binary from the device...
Code:
adb shell rm /system/xbin/su
9) From the main menu of TWRP, "Reboot -> System" to restart the device into the system software.
Congratulations! You have unrooted the stock Kindle Fire software!
Reverting to stock software
Required software:
Amazon Kindle Fire Software Update​
Warning: Installing the Amazon Kindle Fire Software Update will not only replace the system software, but also overwrite the bootloader and recovery with the stock versions. Any custom bootloader and recovery like FFF and TWRP will be overwritten in the process.
This section assumes the device is already booted into TWRP recovery.
1) Copy the update bin file to the /sdcard as update.zip
Code:
adb push C:\kfu\software\update-kindle-6.3.1_D01E_4107720.bin /sdcard/update.zip
2) From the main menu of TWRP, "Wipe -> Factory Reset" to remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature.
3) From the main menu of TWRP, press the "Install" button to flash the stock software onto your device. Navigate to the /sdcard directory on the left and select the "update.zip" file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
4) Optional: From the main menu of TWRP, "Wipe -> SD Card" to remove all files on the USB mountable storage space. This step will permanently delete all of the files that appear on a computer when the device is connected as a USB storage device.
5) From the main menu of TWRP, "Reboot -> System" to restart the device into the system software.
Congratulations! You have reverted the device to a completely stock Kindle Fire!

KFFB Supplement Post #3
Reserved...

Great explanations!
I wanted to thank you for explaining everything clearly so that people can understand what they are doing when installing their bootloader, recovery and new ROMs.
Thanks again... plee3

Thanks so much!
This worked flawlessly. I had gotten stuck trying to root with KFU (I think the driver is slightly funky in fastboot - so KFU failed to flash either recovery or bootloader and left me in fastboot mode) but using the '-i 0x1949' option with fastboot made everything work perfectly.

Once again you have done a beautiful guide. You are very good at this, and always look forward to more guides from you.
Keep um coming !!
Cheers

Thibor69 said:
Once again you have done a beautiful guide. You are very good at this, and always look forward to more guides from you.
Keep um coming !!
Cheers
Click to expand...
Click to collapse
I know, right?

can i follow this to root 6.3.1?

xXezmacXx said:
can i follow this to root 6.3.1?
Click to expand...
Click to collapse
Yes, it's been tested to work from 6.2.0 and up.

Needs Sticky
Great Work. Gets my vote (and really needs) to be sticky'd.
Thanks for listening
Sincerely,
William
[Kindle Fire: gedeROM v1.25 [KeyClicks Added] {3.0 Kernel, CM9, Android 4.0.4} - Stock Kernel]
[HTC Evo 4G Supersonic: MikG 3.11 ROM - Chop Suey Custom Kernel]
[Retired: HTC CDMA Hero: Gingerbread Hero Deck ROM - Stock Kernel]
end.

Thanks to all. I'm glad some of the readers got some use out of it.
Docs009 said:
Great Work. Gets my vote (and really needs) to be sticky'd.
Thanks for listening
Sincerely,
William
[Kindle Fire: gedeROM v1.25 [KeyClicks Added] {3.0 Kernel, CM9, Android 4.0.4} - Stock Kernel]
[HTC Evo 4G Supersonic: MikG 3.11 ROM - Chop Suey Custom Kernel]
[Retired: HTC CDMA Hero: Gingerbread Hero Deck ROM - Stock Kernel]
end.
Click to expand...
Click to collapse
If you think this guide will be useful to other users here, you can ask the moderators to review the thread and possibly make it a sticky. I would ask, but it seems a bit... uncouth to nominate my own post for sticky status.
Thanks for reading!

Gotta tell you, there should be some warnings/things to look out for in this guide. If you install all the latest Android SDKs (I pretend to develop in my spare time) it loads the wrong drivers. It will show up as "Android Device" or something like that. The correct drivers have it show up as "Android Composite Device". If you have the SDK in your path (which you need for Eclipse) after the first reboot it might load the wrong drivers again as it did with me which are the wrong ones and basically you won't be able to communicate with the Kindle again.
Took me almost an hour to get this thing off the "Kindle Fire" loading screen because of this problem/unawareness.

ExploreMN said:
Well, I followed the instructions. Got as far as "adb shell reboot" after the fbmode command. Now it just sits at "kindle fire" and shows up as an unknown device in device manager.
Is there anyway to recover from this or did I just junk my fire?
Click to expand...
Click to collapse
Your Kindle Fire is fine... it's in fastboot mode. The computer is most likely the problem. You'll have to make sure your device drivers are working properly, so the computer can send fastboot commands to the device.
http://forum.xda-developers.com/showpost.php?p=23747671&postcount=2

kinfauns said:
Your Kindle Fire is fine... it's in fastboot mode. The computer is most likely the problem. You'll have to make sure your device drivers are working properly, so the computer can send fastboot commands to the device.
http://forum.xda-developers.com/showpost.php?p=23747671&postcount=2
Click to expand...
Click to collapse
Thanks Kinfauns. I actually got it fixed without even reading about it...I get a little medieval on things that frustrate me and eventually got it figured out...I edited my post to warn people about what tripped me up!

ExploreMN said:
Gotta tell you, there should be some warnings/things to look out for in this guide. If you install all the latest Android SDKs (I pretend to develop in my spare time) it loads the wrong drivers. It will show up as "Android Device" or something like that. The correct drivers have it show up as "Android Composite Device". If you have the SDK in your path (which you need for Eclipse) after the first reboot it might load the wrong drivers again as it did with me which are the wrong ones and basically you won't be able to communicate with the Kindle again.
Took me almost an hour to get this thing off the "Kindle Fire" loading screen because of this problem/unawareness.
Click to expand...
Click to collapse
Well, I actually tell you at the beginning of this guide to read my guide for beginners. In that guide, I tell you to use the driver installer included in KFU. Any how-to guide has to make some set of assumptions and I made the assumption that you'd actually follow the previous set of instructions before proceeding onto the next. I think you'd agree that I cannot possibly account for every possible deviation a user might take away from my actual directions. If I even attempted such a thing, this guide would turn into Encyclopedia Britannica.
In addition, I also gave you ample warning about putting your device into fastboot mode by manipulating the bootmode. I made a clear suggestion for you to get a factory cable and use it to get into fastboot mode the "safe" way. I've never seen any other rooting guide/utility even make mention of this possibility, so I've gone above and beyond what you'd get anywhere else.
With those things together, I believe I've done the very best I can to minimize the possibility that you might get stuck and have to "get a little medieval" on your device. Regardless, I'm glad you got it figured out. Good luck with the rest of it.

kinfauns said:
Well, I actually tell you at the beginning of this guide to read my guide for beginners. In that guide, I tell you to use the driver installer included in KFU.
Click to expand...
Click to collapse
True enough. Just didn't think it would keep reloading the drivers from the SDK if the SDK was in the path for Eclipse. I'm guessing anyone who set up Eclipse would not think this is an issue and might get stuck like I did...so it's still worth mentioning. (to me at least)

The second installment of this how-to guide has been posted. Included are instructions on unrooting and reverting back to the stock software. Suggestions and comments are always appreciated. Thanks!

Thank you for the excellent guide.
For what it's worth, this guide is very helpful for the admitted "noob" who has somehow failed with a utility like KFU and needs to go back and work through the pieces step by step. Thank you for laying out an instruction manual with enough detail to not only do the steps needed - but also to begin to understand what I'm doing.
I've rooted my KF (thanks to your assistance) so that I could install Swype. I then was able to use OTA-Rootkeeper to "hide" my SU file so that I can use Amazon media on my Fire as I want to, but still get the benefits I wanted from a rooted device (primarily the use of the Android Market, "Google Play", and the use of Swype).
For those that don't *really* want to unroot but do want to still use the Amazon content tools, I HIGHLY recommend the OTA-Rootkeeper utility.
Thanks again!

Kinfauns,
My Kinde Fire was bricked, with power problems. So I did the short trick to repair the bootloaders, using the linux stick and this script here, provided by firekit: usb_fix_parts_and_install_fff_twrp
When I look into device manager i have "Android Phone - Android Composite ADB Interface", at printers and devices the name shows as Kindle.
Can I go direct to these instructions here?
Rooting the stock software
Users interested in flashing a custom ROM may elect to skip this section. Rooting the stock software is not a requirement to flash a custom ROM because the custom ROM will completely overwrite the stock software. However, if you are undecided on the question of rooted stock vs. custom ROM, root the stock software first and try that out for a while. The option to flash a custom ROM will still be available at a later time.
The following method of rooting the Kindle Fire stock software has been tested on 6.3.x and 6.2.x systems. Skip step #5 when rooting 6.2.x systems because the root checker does not exist in those versions.
Required software:
Superuser by ChainsDD
Note: Download the latest zip for Gingerbread/ICS (the filename should end in "efghi-signed.zip"). Two separate files will be needed from the contents of this zip file: the su binary from the system\bin folder and the Superuser.apk file from system\app folder.
This section assumes the device is already booted into TWRP recovery.
1) Remount the /system partition in read/write mode...
Code:
adb shell mount system
2) Copy the su binary onto the device...
Code:
adb push C:\kfu\software\su /system/xbin/
3) Change the owner of the su binary to root...
Code:
adb shell chown root:root /system/xbin/su
4) Set permissions for the su binary to run as root...
Code:
adb shell chmod 6755 /system/xbin/su
5) Disable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
6) Change the bootmode back to normal...
Code:
adb shell idme bootmode 4000
7) Reboot the system...
Code:
adb reboot
8) Once the Kindle Fire has rebooted into the system, install the Superuser app...
Code:
adb install C:\kfu\software\Superuser.apk
Congratulations! You have gained root privileges on the stock Kindle Fire software!
Click to expand...
Click to collapse

DuendePaladino said:
Kinfauns,
My Kinde Fire was bricked, with power problems. So I did the short trick to repair the bootloaders, using the linux stick and this script here, provided by firekit: usb_fix_parts_and_install_fff_twrp
When I look into device manager i have "Android Phone - Android Composite ADB Interface", at printers and devices the name shows as Kindle.
Can I go direct to these instructions here?
Click to expand...
Click to collapse
If you used that script in Firekit, you should have FFF 1.2 and TWRP 2.0.0 installed, so technically, yes.... you can boot into TWRP and start following those directions. However, I would recommend that you upgrade your bootloader and recovery to the versions I have in the previous section... FFF 1.4a and TWRP 2.1.1. I won't go into all the reasons why, but they are "better" and likely to keep you out of trouble in the future. Since you already have FFF installed, it will be easy for you to get into fastboot mode. Once you are in fastboot mode, start with flashing TWRP and continue on from there.

FULL Disk ENCRYPTION + ROOT Easy steps >>> HOW TO root & encrypt entire device

FULL Disk ENCRYPTION + ROOT Easy steps >>> HOW TO root & encrypt entire device
How to encrypt your rooted device. I wrote these instructions based on my Note 4 (T-Mobile branded N910T3 ) BUT they will work for ANY device!
THE SHORT OF IT:
YOU SIMPLY NEED TO ECRYPT YOUR DEVICE FIRST PRIOR TO ROOTING. YOU CAN ROOT IT AFTER IT IS ENCRYPTED, NOT BEFORE.
tested on Android 4, 5, & 6.
Once you root or install various roms you lose the ability to encrypt your device. This issue manifests itself in the form of either hanging, rebooting, or the animation just sitting there but not actually doing anything when you try to use the full disk encryption feature built into all modern versions of android. Below are the steps on how to get this native encryption feature working while still maintaining your root & favorite rom.
Credit goes to chatty kathy, i mean bruzzy who graciously and verbosely provided instructions on how to encrypt my rooted 12.2" Samsung Galaxy Note Pro (AT&T branded SM-P907A) here: http://forum.xda-developers.com/showthread.php?t=2791587
McFood on androidforums.com also reiterated much of the same here: http://androidforums.com/threads/how-to-encrypt-a-rooted-device.866968/
As usual: Use this guide at your own risk!
Quick Overview:
Unroot if rooted. Encrypt. Reroot. The only thing special is that you have to manually kick start SuperSU when rooting after the encryption is in affect. See steps 12 & 13.
INSTRUCTIONS:
-------------------
0. Make a backup to your external SD card of your entire system FIRST such as a nandroid backup via a custom recovery (Philz Touch, TWRP, etc). I even do modem, etc. just in case you ever need.
1. Ensure your device is not rooted and also not encrypted (if already rooted, skip to step 3; if already encrypted, decrypt or do a factory-reset - don't try CF-Auto-Root on an encrypted device, it'll soft-brick)
2. Root the device (I used this sticky: http://forum.xda-developers.com/not...y-steps-n910t3-dofc-dog1-how-to-root-t3177225 )
3. Temporarily un-root the device (when using SuperSU: go to Settings and remove the tick at the option "Activate Superuser")
4. Reboot
5. Activate the device encryption (the battery must be at least at 80% and the device must be plugged in the wall charger)
6. The device will restart after a short period of time and start the encryption (this will take some time, but you should see a progress bar indicating how far it is)
7. After the encryption is finished the device will reboot and ask for the password, just log in
8. If not yet done, flash a custom recovery where you have console access or can use ADB as root (I used TWRP)
9. Boot into recovery. (POWER + VOLUME UP + HOME button together at the same time)
10. Mount /system (it's not mounted automatically, at least not in the version I used - TWRP 2.7.1.0).
11. Open a console or ADB shell to run the basic linux commands in red in the next two steps on the phone ((In TWRP it is under Advanced & then Terminal Command and start the console in any directory, it doesn't matter, i would choose the root directory / ))
11-continued: Laymans terms: go to Advanced in TWRP and then Terminal Command. Just press select to start shell in the root directory "/ ".
once you are at the prompt you simply type in the commands in red in steps 12 & 13.
12. Copy the su binary (if you use SuperSU you run this command: cp /system/xbin/daemonsu /system/xbin/su )
13. Execute the installation (if you use SuperSU run this command: /system/xbin/su --install )
14. Reboot
15. Send the NSA a message and tell them to lick your balls. Oh wait nevermind they have a backdoor in AES... FTP = Fukt The Police :cyclops:

OP space
The real trick here is disabling (step 3) and then manually re-enabling (steps 12 and 13) root which you manually re-enable after the encryption is complete. The order is key. You cannot encrypt the device while rooted.
go to Advanced in TWRP and then Terminal Command. Just press select to start shell in the root directory "/ ".
once you are at the prompt you simply type in those commands:
cp /system/xbin/daemonsu /system/xbin/su
::THEN PRESS ENTER TO EXECUTE THE COPY COMMAND::
Then type:
/system/xbin/su --install
:RESS ENTER TO EXECUTE THE su COMMAND running the installation.::
Now reboot and you are done!
If you don't have TWRP installed there are other options to be able to run the command. Most custom recoveries either allow you to bring up a console window like that or they allow you to run commands on your device through your PC using ADB, either way it will work, you are just copying files with the first command and executing one of them to install on the second.

? on steps 12 + 13
"12. Copy the su binary (if you use SuperSU you run this command: cp /system/xbin/daemonsu /system/xbin/su )
13. Execute the installation (if you use SuperSU run this command: /system/xbin/su --install )"
Where in TWRP do I do this?
Also, do I need to be in the rom I am choosing as my daily driver when i start this process? What do i do if I change roms?

?
Bueller?

V3racious said:
6. The device will restart after a short period of time and start the encryption (this will take some time, but you should see a progress bar indicating how far it is)
Click to expand...
Click to collapse
This part never happens for me, it just gets stuck on the boot animation. I've disabled superuser. What else can I do? This is really frustrating.

livejamie said:
This part never happens for me, it just gets stuck on the boot animation. I've disabled superuser. What else can I do? This is really frustrating.
Click to expand...
Click to collapse
Exactly. I tried this before and got the same results.

jrkart99 said:
Exactly. I tried this before and got the same results.
Click to expand...
Click to collapse
I just gave up on root for now.

Breakdown of steps 12 & 13
jrkart99 said:
"12. Copy the su binary (if you use SuperSU you run this command: cp /system/xbin/daemonsu /system/xbin/su )
13. Execute the installation (if you use SuperSU run this command: /system/xbin/su --install )"
Where in TWRP do I do this?
Also, do I need to be in the rom I am choosing as my daily driver when i start this process? What do i do if I change roms?
Click to expand...
Click to collapse
For steps 12 and 13 you go to Advanced in TWRP and then Terminal Command. Just press select to start shell in the root directory "/ ".
once you are at the prompt you simply type in those commands:
cp /system/xbin/daemonsu /system/xbin/su
::THEN PRESS ENTER TO EXECUTE THE COPY COMMAND::
Then type:
/system/xbin/su --install
:RESS ENTER TO EXECUTE THE su COMMAND running the installation.::
Now reboot and you are done!
If you don't have TWRP installed there are other options to be able to run the command. Most custom recoveries either allow you to bring up a console window like that or they allow you to run commands on your device through your PC using ADB, either way it will work, you are just copying files with the first command and executing one of them to install on the second.
To answer your other question: YES you need to choose your ROM first, otherwise you have to do this all over again. Install your ROM first, root it next if your rom doesn't come pre-rooted, manually disable root, and lastly encrypt the device.

livejamie said:
This part never happens for me, it just gets stuck on the boot animation. I've disabled superuser. What else can I do? This is really frustrating.
Click to expand...
Click to collapse
Can you verify that you have in fact disabled root first? You cannot encrypt a rooted device. Also what is the model number of your device? What version of Android are you using?

Try this method after SuperSU is installed.
http://forum.xda-developers.com/showthread.php?p=56037508
Good luck
Sent from my Nexus 7 using Tapatalk

Hello,
I have sprint note 4.. I have installed HybridX Android 5.1.1 on it.. which have root and everything ready.
I go to system apps, from there disable SuperSu and then reboot in safe mode and start encryption.. These are the steps I read on another page..
However, my phone gets stuck on the sprint spark yellow screen as soon as I say ok to encrypt.. it will restart and gets stuck on there.
I have tried without restarting in safe mode.. but the same result.
What can I do to encrypt my Sprint Note 4.
Thanks

Hello,
I am on Galaxy Note 3 with N7 Darklord ROM and both methods don't work.
Root is disabled, but when I run encryption, the phone restarts in 2-3 minutes
and nothing is encrypted
Please advise how to encrypt the device! Thanks!

5.0.1 Should be fine to root + encrypt
Hi all,
Just to confirm that the only version I managed to root and encrypt is 5.0.1.
I have a Note 4 910F and this worked;
- Flash stock via odin
- Root (chainfire via odin)
- Install Busybox
- Install Terminal Emulator, then run su -> pkill -KILL daemonsu (same as other instructions on this forum)
- Encrypt the phone
Again, this only worked on 5.0.1 (N910FXXU1BOC5_N910FBTU1BOB2_N910FXXU1BOC4_HOME.tar)
All other versions got stuck on encryption screen.

In short, all you have to do is ENCRYPT the device FIRST then ROOT it AFTERWARDS. It will not work once the device is rooted. I have not had a chance to try unrooting through SuperSU or disabling the daemonsu through a terminal emulator as mentioned so I am not sure if this works but it definitely works if you encrypt PRIOR to rooting. I can confirm it works on Marshmallow as I just did so on a Note 4.

Now has anyone had any luck making backup images of their encrypted devices? If so what custom recovery software and version are you running on your device?

Is there a way to stop H91810p schedule update?

As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?

TempezT said:
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
Click to expand...
Click to collapse
if you're rooted, go to /cache and rename update.zip to something else. then create a zero length file using the name update.zip. lastly set the permissions on that file to read only

Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!

Damn I dont have a computer in hand. Guess i have to wait until im back home in October. Cross fingers this thing don't restart cause that freaking patch is already scheduled.

MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Click to expand...
Click to collapse
Okay someone in my base lend his laptop but its low end(sony viao core2 duo) dunno how well this work for flashing purposes, also I wanted to point before doing the process that my phone was unlocked permanently by tmobile unlock app and wanted to know if this can affect the unlocking or any other function of my v20.

Following those instructions to root will not gid rid of your carrier unlock.

You might be able to go to Settings>>Storage and delete Cached data.

Zacharee1 said:
You might be able to go to Settings>>Storage and delete Cached data.
Click to expand...
Click to collapse
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.

TempezT said:
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
Click to expand...
Click to collapse
You can always restore to stock with the H918. Backup and root.

Zacharee1 said:
You can always restore to stock with the H918. Backup and root.
Click to expand...
Click to collapse
Thanks!
The issue Im having now is that I cant find how to root H91810k which is the current version my phone has besides the schedule update. Any info on that?

You have to find the KDZ for 10d and flash it with LGUP. Then you can use EasyRecowvery to root.
Flashing KDZs will wipe your data, so use LG Bridge to make a backup.

MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on.......
Click to expand...
Click to collapse
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!

wewantutopia said:
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
Click to expand...
Click to collapse
No problem! Glad it helped, I will probably update the post a bit, and then I'll re-post it to its own thread in a few days. As I noticed this section is a bit disorganized...

MDMAchine said:
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Click to expand...
Click to collapse
just wanted to add that SOMETIMES the update.zip is not in /cache. had this happen to me when I had the LGV10 and it just happened to me now. I had recently wiped my device to start from scratch and after initially setting up my device I got the update icon and indeed /cache/update.zip existed. a few reboots later for various reasons the update icon/notification disappeared, as did /cache/update.zip. I thought I was in the clear until last night when I got the update icon/notification again, but this time it was not in /cache. it somehow changed to /data/data/com.google.android.gms/app_download. so if you can't find it in /cache, look there!

[Guide] OnePlus 8T EASY ROOT (for all unlocked variants)

DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
Visit this thread for more information
________________________________________________________
CAVEAT
I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFO​The basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).​
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone. ​
Updating with OTAs should be the same process as the other guides here.​
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.​
Prerequisites:
ADB and Fastboot installed.​
An unlocked bootloader and USB debugging enabled.​
Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)​
________________________________________________________
STEPS:​
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktop​for Mac, type cd desktop or cd /Users/yourname/Desktop​
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/b​b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device. ​​
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.​b. Use Select and Patch a File on boot_a.img​
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.​b. Use Direct Install (Recommended) to root your internal boot.img​
10. Reboot and verify it worked.

Forgot to tag it... if an admin is able to do so I'd appreciate it.

Just applied for a bootloader unlock today. When i get approved ill attempt this guide.
I am currently on T-Mobile 11.0.5.7.KB09CB.

Unlike other methods prvoided here for the 8T I got this method to work. Thank you very much!
clarification update: I own the t-mobile kb2007 model of phone

a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
Some prework I had to do for my OnePlus 8T KB2005
-ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
-ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
-With device in bootloader/fastboot, run: fastboot flashing unlock
-verify with your phone to accept
-phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
-renable OEM lock and USB debug
-restart back into bootloader/fastboot
-now you are ready to root

Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!

After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance

lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
I'm having the same issue although its more tied in with removing youtube as a system app for vanced

lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
Actually Is not possible on devices borned with android 10 or above.

giacomowrc said:
Actually Is not possible on devices borned with android 10 or above.
Click to expand...
Click to collapse
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?

Mpolo87 said:
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Click to expand...
Click to collapse
Yes of course.

Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFO​The basic rundown is:
Use the semi-broken TWRP package to give temporary su access through adb.​
Extract boot_a.img and boot_b.img to your computer.​
Reboot into OxygenOS and copy boot_a.img and boot_b.img back to your phone.​
Use Magisk to patch both images.​
Copy the patched images back to your computer.​
Use fastboot to temporarily boot using the patched image, giving you temporary root.​
Use Magisk to direct install for permanent root.​
Prerequisites:
ADB and Fastboot installed.​
An unlocked bootloader and USB debugging enabled.​
________________________________________________________
STEPS:​
1. Get the semi-broken TWRP .img. This won't give you a gui but will give you su access over adb. You DON'T want to flash this, we're just booting with it temporarily.
2. Restart your phone into fastboot mode.
3. On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here). Run the following:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb pull /sdcard/boot_b.img boot_b.img
4. Copy the extracted files to a user accessible area of your phone.
5. Install the latest Magisk Canary release to your phone.
a. Select the Install option.​b. Use Select and Patch a File on both boot_a.img and boot_b.img​c. You should rename them or make note of the new names given by Magisk. You'll need to use one or the other depending on which partition is active. ​
6. Copy the patched .img files back to your computer.
7. Restart your phone back into fastboot mode.
8. On your computer, run:
Code:
fastboot getvar all
9. Find which A/B partition is active on this line: (bootloader) current-slot:a/b
10. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot patched-boot-a/b.img
11. You now have temporary root access, to make it permanent open Magisk:
a. Select the Install option.​b. Use Direct Install (Recommended) to root your internal boot.img​
12. Reboot and verify it worked.
Click to expand...
Click to collapse
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.

sameog said:
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
Click to expand...
Click to collapse
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.

Mpolo87 said:
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Click to expand...
Click to collapse
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.

Please note: I love this guide. It's cohesive and well-written. I just need pictures to "see" on what and where to do. I'm visual.
UPDATE: I followed the tuturial to the best of my ability and I got nothing. I'm giving up and taking a step back.
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./fastboot boot recovery.img
Sending 'boot.img' (64964 KB) OKAY [ 1.660s]
Booting OKAY [ 0.084s]
Finished. Total time: 1.939s
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
OnePlus8T:/ # dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.194981 s, 492 M/s
OnePlus8T:/ # dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.185497 s, 518 M/s
OnePlus8T:/ # exit
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_a.img boot_a.img
/sdcard/boot_a.img: 1 file pulled, 0 skipped. 27.7 MB/s (100663296 bytes in 3.470s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_b.img boot_b.img
/sdcard/boot_b.img: 1 file pulled, 0 skipped. 32.0 MB/s (100663296 bytes in 2.997s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb reboot
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows>

sameog said:
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Click to expand...
Click to collapse
You're missing the command "cd" before the path to change the directory to the new one. It should be cd C:\Users\Mr. Lew\Desktop\oneplus 8t boot image then press enter. Now you can reference any file in that folder by just the name without its entire path as a prefix being required.

A difficult method

zengin said:
Diğer yöntemden hiç de kolay değil.
Click to expand...
Click to collapse
huh?

Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.

sameog said:
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
Click to expand...
Click to collapse
While this is a temporary solution, it is also a bad solution because you can land with not being able to boot your phone every time an incremental update comes along.