I dont take responsibility for possible damages!'
1. When you unlock the bootloader, all your data will be erased!
2. When you try to lock the bootloader, your data will be erased and you will lose the API.
3. YOU CAN RECEIVE OTA UPDATES WITH THE BOOTLOADER UNLOCKED!
Download the tool: https://forum.xda-developers.com/mi-a2/how-to/mi-a2-toolkit-unlock-bootloader-root-t3834585
1. Unlock the bootloader (I will not go into detail, the tool is intuitive, follow the tool's instructions!.)
2. Start your phone and enable USB debugging.
3. Put your cellphone in Fastboot.
4. In the tool, use option 4 (This will not install TWRP, just start) (follow the tool's instructions!)
5. When entering TWRP, if prompted, check "Keep system read only".
6. Open in the tool folder "Open CMD here"
7. Run the command: adb shell
8. Now enter the following command: "setprop persist.camera.HAL3.enabled 1" without quotation marks, and enter. - This command enables the required core API for GCAM.
9. Now type "exit" to exit adb.
10. Go back to the phone, in TWRP -> Reboot -> System -> Do Not Install
Ready.
I did this tutorial quickly. Any questions, use the comments!
Just a note. That tool is working with August security patch, but a lot of us received already September Security patch. And how do you know that we will receive OTA. Did you test by yourself? And btw, looks very easy and clear explained. For now I will wait for stable patch from Xiaomi, and updated Tool from the link you recomended. Thank you.
kaiwanted said:
Just a note. That tool is working with August security patch, but a lot of us received already September Security patch. And how do you know that we will receive OTA. Did you test by yourself? And btw, looks very easy and clear explained. For now I will wait for stable patch from Xiaomi, and updated Tool from the link you recomended. Thank you.
Click to expand...
Click to collapse
The tool just has the August picture. But the functions used for the gcam works in the September patch.
Yes. I have.
when i want to launch the TWRP, my device already plugged in and in fastboot mode, but it says "could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode". How to fix this? tks
asuturo said:
when i want to launch the TWRP, my device already plugged in and in fastboot mode, but it says "could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode". How to fix this? tks
Click to expand...
Click to collapse
I'm stuck at this too, i got the september update, already unlocked the bootloader but still can't install the twrp
"could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode"
Rafaelboxer said:
I'm stuck at this too, i got the september update, already unlocked the bootloader but still can't install the twrp
"could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode"
Click to expand...
Click to collapse
I think the September update change the active partition from A to B ( the August is A). Thats why it doesn´t work.
I´m also with September Update, and camera2api is the only thing i want to enable on Mi a2 ( don´t want to root and lose OTA) until a relliable TWRP is relleased.
This command should tell you which slot is active:
fastboot getvar current-slot
ki69 said:
I think the September update change the active partition from A to B ( the August is A). Thats why it doesn´t work.
I´m also with September Update, and camera2api is the only thing i want to enable on Mi a2 ( don´t want to root and lose OTA) until a relliable TWRP is relleased.
Click to expand...
Click to collapse
I got the september boot.img from another topic and rooted
Still no working solution for the ones that have setember update, and don´t want to root or use magisk??? I think the problem is that TWRP does not work with september update. Any easy way to downgrade to August again??
I'm thinking of installing Camera2API/GCamera, but I wonder if it's worth it. What are the real benefits? Does this make the camera compatible with more applications (eg Snapchat), avoiding them from making a screen of the camera ?
Hey guys i have some doubts.
I saw many threads saying to flash twrp into a partition (A or B) but i don't get why we have to flash it... So can someone clarify for me some stuff?
1 - fastboot boot twrp.img
I don't recall where the persist properties are stored but i believe it's not a partition that the OEM or google will constantly modify, right? So why making changes to the persist props in TWRP doesn't make it persist when booting into system? Is it possible to make it store it not temp?
Why there are people saying that flashing TWRP into, eg. part A, and booting into it, and then changing to part B, is working to enable the camera2 API? This should be the same as fastboot boot TWRP and then reboot it.
2 - As far as i remember, su permissions might be allowed in boot.img (.props file), so i thought that magisk patched image would have some su privilegies, but after booting from a patched image, su doesn't return anything. Does anyone knows what is the patched image from magisk? I heard about an app showing up after booting, so the patch is just a runnable with root?
3 - I also saw many threads changing sys build.prop directly. Horrible choice, but, does anyone knows if it possible to have a build.prop in OEM partition? From what i know, the build.prop will be concat. from all the folders related to the booting process. Has anyone tried to throw a build.prop into OEM with the persist enable? I believe that, since the folder is related to OEM only, and since we have no OEM making apps or whatever in an Android One phone, i think it is more safe than other partitions
ricardohnn said:
Hey guys i have some doubts.
I saw many threads saying to flash twrp into a partition (A or B) but i don't get why we have to flash it... So can someone clarify for me some stuff?
1 - fastboot boot twrp.img
I don't recall where the persist properties are stored but i believe it's not a partition that the OEM or google will constantly modify, right? So why making changes to the persist props in TWRP doesn't make it persist when booting into system? Is it possible to make it store it not temp?
Why there are people saying that flashing TWRP into, eg. part A, and booting into it, and then changing to part B, is working to enable the camera2 API? This should be the same as fastboot boot TWRP and then reboot it.
Click to expand...
Click to collapse
If you did a search on that 'persist' command, you'd find that it does persist, to many of the tables that type of information is stored in. It does not change the info in the properties file in 'System'. It does change the 'Data' partition, but that's okay, as there's only 1 of those (used no matters which slot boots up). The reason for booting on the non-active partition is a twrp / dual slot phone type of thing. I know it works as I've done it, but the 'setprop persist' changes the one and only Data partition, which both slots use, that's why it works.
ricardohnn said:
2 - As far as i remember, su permissions might be allowed in boot.img (.props file), so i thought that magisk patched image would have some su privilegies, but after booting from a patched image, su doesn't return anything. Does anyone knows what is the patched image from magisk? I heard about an app showing up after booting, so the patch is just a runnable with root?
Click to expand...
Click to collapse
I thought the patched image would have some su capabilities also, but it doesn't. It only installs the Magisk stub, which you can further install magisk from. Magisk is a great and sophisticated app. Has numerous Magisk modules which do a wide variety of things. But if you don't need any of those things, and don't need root, it's pretty over the top for just setting the cam2api, imho.
ricardohnn said:
3 - I also saw many threads changing sys build.prop directly. Horrible choice, but, does anyone knows if it possible to have a build.prop in OEM partition? From what i know, the build.prop will be concat. from all the folders related to the booting process. Has anyone tried to throw a build.prop into OEM with the persist enable? I believe that, since the folder is related to OEM only, and since we have no OEM making apps or whatever in an Android One phone, i think it is more safe than other partitions
Click to expand...
Click to collapse
If you change 'System' directly you will not get any OTA updates, so yer right, don't change that. There's no need to consider changing it anywhere else, as the 'setprop persist etc' command populates all the tables for you. 'System' is not affected and OTA updates will continue. There's no removing Magisk, restoring boot image, reinstalling etc etc etc.
One thing I would warn others about, using the various 'Tools'. You don't know what commands they are running, so you can't be sure what they will do. I say that because one of the tools I recently downloaded and went through and found the commands in it. The first thing it did after booting TWRP was to mount 'System' as Read / Write!! Why does that matter? From what I've read, doing that stops OTA from happening. Just mounting it R/W will change the date stamp on it concerning modifications, and that's all the OTA needs to know to say 'it's been modified'.
good luck, cheers
Agree with the data persist, but why do you need to flash into the different partition and not only boot from it?
I don't disagree that it will work, i just want to know why not boot from fastboot directly instead of flashing into one of the backup partition. I know that fastboot boot command triggers different code than usual flow. But not that i remember that it would affect something.
Getprop | grep camera would return if enabled right? Or nope?
ricardohnn said:
Agree with the data persist, but why do you need to flash into the different partition and not only boot from it?
I don't disagree that it will work, i just want to know why not boot from fastboot directly instead of flashing into one of the backup partition. I know that fastboot boot command triggers different code than usual flow. But not that i remember that it would affect something.
Getprop | grep camera would return if enabled right? Or nope?
Click to expand...
Click to collapse
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers
AsItLies said:
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
Click to expand...
Click to collapse
I did manage to boot the last version of TWRP only first time, every other time ended in bootloops.
And I can sorry say that ADB did not work in booted TWRP, adb did not recognized the phone, so no commands could be typed.
For me, it is easier to flash patched_boot.img and install root temporarily, and then when job is done with activating camera2, uninstall root.
But hey, there are two easy ways, and everyone can choose which one is best suitable for them to try.
It would be of course easiest to just boot TWRP and enable camera2, but it doesn't work for now.
minnuss said:
I did manage to boot the last version of TWRP only first time, every other time ended in bootloops.
And I can sorry say that ADB did not work in booted TWRP, adb did not recognized the phone, so no commands could be typed.
For me, it is easier to flash patched_boot.img and install root temporarily, and then when job is done with activating camera2, uninstall root.
But hey, there are two easy ways, and everyone can choose which one is best suitable for them to try.
It would be of course easiest to just boot TWRP and enable camera2, but it doesn't work for now.
Click to expand...
Click to collapse
Yes, just 'booting' twrp has been problems for everyone, "that" doesn't work (not just now, but probably never).
But, following the Guide I wrote, and 'flashing it' does work. Right Now.
AsItLies said:
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers
Click to expand...
Click to collapse
About the setprop, even after the reboot isn't returning the prop, so that's why i am not sure if it is actually keeping it after twrp boot.
About the AB partition... well...
it's more or less like this...
let's say some simple partition scheme....
Preloader
Boot
System
Vendor
ODM
Data
So the phone will probably have many boot images type... like the usual boot.img or recovery.img (before treble) etc.
The boot.img will have the kernel image bla bla bla... since this is a google update, i believe that the AB partition procedures starts here (meaning all the relevant code of checking whether is A or B)
Google wanted to make things faster for the OEM (Samsung, LG etc) so they wanted to separate their ****s from google's one.
So (if things didn't change) you will have the following partitions now (actually i am not sure if they kept the system AB, but i believe so, since it seems to be working in other phones like that )
BootA
BootB
SystemA
SystemB
VendorA
VendorB
OEMA
OEMB
Data
So let's say google wants to update some security patches, from kernel til android, it will have to update boot and system. So in a OTA (changes if it is a google phone or a branded phone) before treble, it would update like... download the image containing boot and system into cache partition or data partition (depending the OTA size), after the download the update manager apk would set as a update booting and reboot your phone. Once booted, the phone would copy the partitions to the correct place (not being detailed) and rereboot. After the rereboot, if everything went normal, it would delete the downloaded image from your data/cache partition.
Now it's different like... instead of sending the update to the data partition and copying. It has a flag to set whether you are in A or B partition.
If you are (for eg.) in A partition, it will download the OTA to the B partition. (consider that in an untouched phone, A and B would have identical copies). So after downloading it, the flag is set to the B partition and reboot the phone. When booting, this time, it will not follow the A booting flow, like...
Before the update booting process would be
BootA
SystemA
VendorA
ODMA
Data
After the update the boot process will be
BootB
SystemB
VendorB
ODMB
Data
But i didn't update the vendor or ODM... why not keep in A? Because it's too hard to manage it.
So if anything fails in this update, it can easily go back into A booting process (which means you have a backup of your old boot).
Since system is too big, i am not sure if the system AB exists (it would just take up too much space... but anyway...).
It is also not a way to prevent bootloop, it is related to update. If an update fails (say, the image is corrupted or has no signature etc) the boot will change back, but if the update is "correct" it will boot as it should, even if the image is bad.
So again... when we do the fastboot boot boot.img, we are copying this boot into some cache or data to boot up, instead of our original boot. When we reboot, it will use the original boot. So, is there a difference from using twrp flashed and booted?
I know that fastboot boot will trigger different booting process (meaning signatures verifying etc) but don't think that it will not mount a partition or something...
Well... anyway... so after the reboot, when you setprop in TWRP, the getprop returned the prop correctly? I recall something about getprop not returning the prop but camera2 was enabled anyway with the setprop... well... can you just confirm one thing for me?
The steps you used was... fastboot flash patchboot and then reboot into twrp and then reboot back to usual partition.
You didn't do fastboot boot patched boot -> twrp -> reboot
Right?
---------- Post added at 09:44 AM ---------- Previous post was at 09:42 AM ----------
AsItLies said:
Yes, just 'booting' twrp has been problems for everyone, "that" doesn't work (not just now, but probably never).
But, following the Guide I wrote, and 'flashing it' does work. Right Now.
Click to expand...
Click to collapse
Oh didn't see this one. OK...
Damn... hmm... strange... well thanks anyway...
---------- Post added at 09:50 AM ---------- Previous post was at 09:44 AM ----------
AsItLies said:
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers
Click to expand...
Click to collapse
Oh by the way, i saw one part
"But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images. "
I think this is wrong (at least if TWRP team didn't change stuff), but all images are bootable images... (by all images i mean... boot.img recovery.img Flashing.img).
I once thought that they used a common kernel image, but in fact, all the booting process image has the kernel image copied (literally) to prevent brick. So even with a corrupted boot img, you still can boot into recovery or into download mode.
So that's why TWRP must have a kernel.
@ricardohnn, you seem hell bent on getting twrp to boot. Good luck. Let me know how that works out for you. In the meantime I'll be enjoying my cam2api working
cheers
AsItLies said:
@ricardohnn, you seem hell bent on getting twrp to boot. Good luck. Let me know how that works out for you. In the meantime I'll be enjoying my cam2api working
cheers
Click to expand...
Click to collapse
Actually TWRP boots fine with fastboot boot...
ADB runs smooth, but it just won't keep.
But you've made me envy LOL
I will think about flashing... later...
ricardohnn said:
Actually TWRP boots fine with fastboot boot...
ADB runs smooth, but it just won't keep.
But you've made me envy LOL
I will think about flashing... later...
Click to expand...
Click to collapse
What version of TWRP did you use, there is now two versions, I used last one, from a few days ago, and in first try I did manage to boot from fastboot, not flash it, but ADB did not worked.
So, if adb did work for you, maybe it was earlier version ?
Anyway, as you say, it is not permanent setprop, maybe because the twrp is not stable one, or maybe it needs to be flashed to work, not just booted.
I personally do not have doubts that this tutorial works, I just did not want to flash twrp. :good:
Related
Hi, I am a happy owner of the HP Slate 7 Extreme which is basically the same device as you guys are using.I am still on the 4.2 Jelly bean since HP are not pushing over the air updates with our devices.I want to use the script from the development forum "[Script] [Utility] Nvidia Tegra Note 7 Kitkat Unlock BL, Restore, Recovery, & Root", I want to know if anyone has tried to use it with the Slate Extreme or if it simply should work on the Jelly Bean aswell. Thanks guys.
still have freeze/hang issue..
http://forum.xda-developers.com/showthread.php?t=2663449&page=2
mofared said:
still have freeze/hang issue..
http://forum.xda-developers.com/showthread.php?t=2663449&page=2
Click to expand...
Click to collapse
What about the 4.3+ ?
crazyhacker202 said:
What about the 4.3+ ?
Click to expand...
Click to collapse
i have not test that yet but i believe it should work because i have tested the 4.4.2 and 4.2.2 evga ROM from here using the cwm install from sdcard method..
http://forum.xda-developers.com/showthread.php?t=2627671
The only thing that puzzles me now is i am unable to perform a system recovery from HP update.zip using cwm.
http://h10025.www1.hp.com/ewfrf/wc/...en&cc=us&dlc=en&sw_lang=&product=6608632#N147
So right now i am stuck with 4.2.2 evga ROM all is good and functional.
I have read some post that by updating OTA fix issue in 4.4 but i have no idea on how to get the OTA update.
p/s: This is my first tablet and root attempt...
edit:
i found out that rootjunky has already released the 4.4.2 with 2.3 OTA i will give it a try and feedback later
mofared said:
i have not test that yet but i believe it should work because i have tested the 4.4.2 and 4.2.2 evga ROM from here using the cwm install from sdcard method..
http://forum.xda-developers.com/showthread.php?t=2627671
The only thing that puzzles me now is i am unable to perform a system recovery from HP update.zip using cwm.
http://h10025.www1.hp.com/ewfrf/wc/...en&cc=us&dlc=en&sw_lang=&product=6608632#N147
So right now i am stuck with 4.2.2 evga ROM all is good and functional.
I have read some post that by updating OTA fix issue in 4.4 but i have no idea on how to get the OTA update.
p/s: This is my first tablet and root attempt...
edit:
i found out that rootjunky has already released the 4.4.2 with 2.3 OTA i will give it a try and feedback later
Click to expand...
Click to collapse
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
There was an individual who has received the 4.4.2 update from HP on his Slate Extreme over at the HP forums. I believe he stated he received 20 units donated directly from HP and was wondering why only 1 of them received the update. I believe the reason stated is that he most likely received a non-retail unit by accident. Not sure if he ever dumped the ROM or even knows how. I don't know either otherwise I'd try to contact him to get him to do so.
Re-write recovery partition?
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
I did flash the modified update.zip but CWM doesn't give me the option to re-write the recovery partition. I go straight to "Install from sdcard complete". How is that re-write done?
*Update* All done - Had to select NO to questions on reboot (Replace recovery and root). Thanks so much - back to stock 4.2.2
Belmichel said:
I did flash the modified update.zip but CWM doesn't give me the option to re-write the recovery partition. I go straight to "Install from sdcard complete". How is that re-write done?
*Update* All done - Had to select NO to questions on reboot (Replace recovery and root). Thanks so much - back to stock 4.2.2
Click to expand...
Click to collapse
See my HP Slate 7 Extreme Root post: http://forum.xda-developers.com/showthread.php?t=2850893
What am I supposed to open updater-script with?
---------- Post added at 03:47 AM ---------- Previous post was at 03:31 AM ----------
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
---------- Post added at 04:25 AM ---------- Previous post was at 03:47 AM ----------
I downloaded a script editor and deleted the first three lines of updater script but it still fails to flash.
Finally success!
Robo_Leader said:
First, nope, you'll still get freezing. I've tried all the ROMs.
Second, If you want to go back to HP's recovery, do the following:
Create a copy of update.zip and navigate to META-INF\com\google\android and open up updater-script
Delete the first three lines.
Transfer your new update.zip to your device and flash. Allow it to re-write the recovery partition.
NOTE THAT YOUR DEVICE WILL NOT ADVANCE PAST THE BOOT ANIMATION. THIS IS NORMAL.
Copy the original update.zip to a SD card and insert it into the device.
Now go to the HP recovery partition that now exists on your device and follow HP's restore instructions.
You're done, the stock 4.2.2 that came with your device is now installed.
Had to figure this out the hard way after I lost my original backup.
To the original poster, you can get it to work, but you need to make modifications to the script's fastboot commands (they will require "fastboot -i 0x03F0" before they will do anything) and you will need to setup your machine for ADB with the Slate 7 Extreme. It won't work out of the box, you can find support for that here: http://h30434.www3.hp.com/t5/Android-Tablets-e-g-HP-Slate-7/ADB-drivers/td-p/2574571
Click to expand...
Click to collapse
I have the 4450 extreme and one the things that was a little different- is that I had put the update zip on the sd card prior and it did the update on its own... WEIRD but acceptable! rooted and on 4.4.2- thanks man!
I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot (previously this): This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk (Previously this): The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip (previously this): A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt (previously this): A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.
It Worked! But...
mike-s said:
I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot: This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk: The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip: A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt: A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.
Click to expand...
Click to collapse
I was able to unlock my bootloader using the above method and it worked. My s7e rebooted and everything was working normally. I loaded the bootloader again to go in and do a cache wipe and my 3 year old bumped into me as I was holding down the volume+ and power buttons. Now I'm stuck in ADX mode (black screen but recognized by my pc, have tried connecting to charger, volume+ and power, volume - and power, nothing works) . I've read that Advent has released adx files for the Vega Note 7 and you can use Tegra Note 7 Super Tools to restore the Nvidia Note 7. I'm wondering if I can use the update.zip file and the nvflash files from Nvidia to restore my tablet from ADX mode.
Any suggestions?
Mike-S, Thanks for the in depth how-to. I tried to sell my Extreme 4450 and the guy that I sold it to said when he received it was in boot loop. I got it back and it is indeed the one I sent him, however, now I have a bricked tab that doesn't even allow fastboot. I have, like others tried calling HP, tried installing per you instruction and finally considered just throwing away or selling. I almost seems like the recovery was wiped... I can get to uploading from SD and have tried using your info to accomplish with no success. Any suggestions? I hate to smash it or try and sell if I can fix it.
Thank you in advance for anyone's help
som1special2 said:
however, now I have a bricked tab that doesn't even allow fastboot. I have, like others tried calling HP, tried installing per you instruction and finally considered just throwing away or selling.
Click to expand...
Click to collapse
Damn, I'm sorry to say that I'm unsure if i'll be able to help much or at all. All i can suggest is look and see if there is any pre-boot subsystem that connects to your pc via usb, similar to the mediatek "preboot mt65xx" which can sort of provide a last gasp chance of recovery.
help with ROM
Hi there,
Need desperate help. I followed the instructions here but ended up with no OS in the s7e. I kept on trying to install a signed ROM via ADB, it reaches 100% senidng but always failed inside TWRP. Not succesful even with CWM. I even tried installing from SD card but no success. Please help, thank you.
Anyone still around here?
Mike S ... not sure you (or anyone else) is paying any attention to this thread anymore (and the HP Slate 7 Extreme at this point is a fairly old device) ... but I can't get any of these methods to work and my S7E (model 4450) is basically useless right now. When cold (i.e. not booted up in prior 30mins or so), I can boot it normally, but within about 10mins, it will "crash" to the all-white HP splash screen and will never recover. Holding the power button just has it go through initial startup, get to the white HP splash screen, and sit there until the battery runs down. I haven't been able to root it yet, so the bootloader still shows "locked". What's ironic is that this device is really all I need -- I don't play high-end games and mostly just stream shows -- but now it's completely unusable. I'm not sure which is easier ... trying to get this to root or just buying something else?
So far, to root, I've tried towelroot and Cydia Impactor, but both of those returned errors as others have reported. I tried following the steps that Mike S put up here, but without my tablet being rooted, adb and fastboot don't even detect my device from the PC (though the PC detects it because I'm able to see it in Windows Explorer and drag files to the storage) ... so it seems like I can't even get to install CWM or anything further.
Maybe the right thing to do is just to dump the paperweight ... it used to work so well but about 6 months ago this stupid HP white screen crash started happening, and since then it's become a regular thing that only takes about 10 mins (at most) before it craps out. I can get to the bootloader and onboard recovery mode, but that doesn't let me load anything.
Not sure where to go next but any advice would be appreciated!
--AJ
MGrad92 said:
Mike S ... not sure you (or anyone else) is paying any attention to this thread anymore (and the HP Slate 7 Extreme at this point is a fairly old device) ... but I can't get any of these methods to work and my S7E (model 4450) is basically useless right now. When cold (i.e. not booted up in prior 30mins or so), I can boot it normally, but within about 10mins, it will "crash" to the all-white HP splash screen and will never recover. Holding the power button just has it go through initial startup, get to the white HP splash screen, and sit there until the battery runs down. I haven't been able to root it yet, so the bootloader still shows "locked". What's ironic is that this device is really all I need -- I don't play high-end games and mostly just stream shows -- but now it's completely unusable. I'm not sure which is easier ... trying to get this to root or just buying something else?
So far, to root, I've tried towelroot and Cydia Impactor, but both of those returned errors as others have reported. I tried following the steps that Mike S put up here, but without my tablet being rooted, adb and fastboot don't even detect my device from the PC (though the PC detects it because I'm able to see it in Windows Explorer and drag files to the storage) ... so it seems like I can't even get to install CWM or anything further.
Maybe the right thing to do is just to dump the paperweight ... it used to work so well but about 6 months ago this stupid HP white screen crash started happening, and since then it's become a regular thing that only takes about 10 mins (at most) before it craps out. I can get to the bootloader and onboard recovery mode, but that doesn't let me load anything.
Not sure where to go next but any advice would be appreciated!
--AJ
Click to expand...
Click to collapse
Get your device drivers right (try androidsdk if it's still not getting recognised) and fastboot the stock system images (fastboot is not root dependent). By the way why were you trying those weird rooting methods ??? Just flash supersu from cwm/twrp and be done with it.
Thanks ... I'll try androidsdk. I actually am a root n00b and so I was trying to figure out the simplest way to go. I guess I guessed wrong! But of course before I can get that working I need the right drivers ... So I'll try that first. I was thinking the drivers were OK since my PC recognized the S7E when Android loaded (before it crashed to the white screen).
Couldn't get androidsdk to work
Hello again... I never could get androidsdk to work. My computer never recognized the tablet to be able to fastboot. *sigh* As much as I hate to give up, I don't know what else to do.... I might try another PC?
Looking for update.zip for S7E
mike-s said:
I didn't have any luck doing it this way. I ended up getting there by a slightly different avenue.
My s7e was totally non functional beyong fastboot and recovery mode being operational. I ended up downloading tegratools 2.2. Using the fastboot included in that I unlocked my boot loader with fastboot by the command
Code:
fastboot -i 0x03F0 oem unlock
(The '-i 0x03F0' is a code relating to the specific model, apparently without this the tablet will ignore your command. Please also remember that the unlock factory resets the tablet.)
It may be overboard again, but I also formatted all the system partitions
Code:
fastboot -i 0x03F0 erase boot
fastboot -i 0x03F0 erase system
fastboot -i 0x03F0 erase userdata
fastboot -i 0x03F0 erase cache
fastboot -i 0x03F0 erase preinstall
fastboot -i 0x03F0 reboot
I uploaded cwm recovery from the above version of tegratools to my s7e as it seems a bit more forgiving with signatures than the stock recovery. I used that to upload a version of update.zip with the "assert" lines removed from META-INF\com\google\android\updater-script. I also self signed the .zip to reduce the likelyhood of my upload being rejected by the tablet, it may not be needed, but I did it anyway.
Code:
adb sideload slate7update-signed.zip
when completing the firmware flash, apparently there is a common problem of the kernel not flashing correctly when recovery takes place and giving an "Error 7", this is the problem I think you solved by re-writing the unmodified firmware (but that didn't work for me)
Anyway I had to fix it by dropping back to fastboot and flashing it to "staging", which puts the kernel in a placeholder until the next boot, at which point the kernel will be written to the correct spot. Because of this writing to the correct partition, you will notice a quick double-boot as the updated kernel is written to the correct point in firmware.
Code:
fastboot -i 0x03F0 flash staging "c:\fastboot-s7e\blob"
I hope this helps.
Oh and to those curious, the beats version appears incompatible with the standard s7e, I tried modifying a rom in the same way as above and it just went to a blank screen. My guess is they've done some form of sanity check in the kernel, given that every "beats" version I've read about in tablets has been a software-only modification. I've not bothered trying to use the beats version rom with the s7e kernel, I'll leave that for someone else to try in greater depth as I'm just happy that I got everything working again.
references:
Fastboot: This is a copy of the twrp/cwm roms as well as fastboot & adb taken from tegratools 2.2 mentioned above.
SignApk: The java files and self signing certificate I used to sign the .zip file. It was actually a bit of a pain to find a working signapk.jar that had the valid certificates included, most were broken in one way or another when trying to sign on ubuntu 12.04.
slate7update-signed.zip: A signed copy of update.zip with META-INF\com\google\android\updater-script modified to remove the assert validation lines sanity checks, be careful with this, you could nuke your tablet if you use it on an incompatible bit of hardware.
guide.txt: A full how-to with a number of things I've omitted from this response.
To those wondering, I collated the above procedure from a dozen different links on a good four or five websites, including a number of threads here on XDA. Thank you to anyone out there that contributed to the information I found, you really made my day so much better in being able to recover my tablet.
Click to expand...
Click to collapse
Hey Mike, you wouldn't still happen to have that signed update.zip since you've don't have it on Dropbox anymore?
After having read many threads on this subject, it seems to become overly complicated by root, not root, lock, unlock, ota updates, no ota updates, etc etc.
So some basic information first, about what this guide accomplishes and what it doesn't;
1) No root involved, not installed at any time.
2) No changes to 'System' (OTA *should* work - I've yet to verify though)
3) BootLoader has to be unlocked (and stay unlocked, re locking causes a wipe - at least for me it did)
4) Your device will show up as 'uncertified' in PlayStore
5) There's no 'tool' involved, you aren't tied to any specific software version (or Magisk version obviously)
6) You will need TWRP (I used TWRP-3.2.3-jasmine-20180804.img) and also the boot.img for your current **previous version** software.
I of course take no responsibility for any negative results you experience, it's a use at your own risk Guide, as they all are.
I. Remove any accounts (gmail etc) on the device. Also remove finger print unlock and pattern (pin etc).
II. Enable developer options; OEM unlock and adb debugging
III. Connect to pc and verify 'adb devices' see's your device. Then type 'adb reboot bootloader'
IV. Once in fastboot, verify with 'fastboot devices'. Then do 'fastboot OEM unlock' (device will wipe and reboot)
(again enable Dev options and then enable adb debugging, then again do 'adb reboot bootloader')
V. Now check which is the active partition with 'fastboot getvar currdent-slot', make a note of it being a or b.
VI. Install TWRP on the NON active partition with 'fastboot flash boot_b <name of twrp>.img' (or boot_a if that is NON active).
VII. Now set that partition active with; 'fastboot set_active b' (or a - whichever one u installed TWRP to).
VIII. Now we'll type 'fastboot reboot' BUT, before hitting enter, hold down Vol UP. Keep it down until twrp boots.
IX. Once in TWRP ('adb devices' should work), we'll type 'adb shell', then once at the shell command prompt, type:
'setprop persist.camera.HAL3.enabled 1' and <enter> then type; 'setprop persist.camera.eis.enable 1' <enter> (These values won't be propagated to any tables until after a reboot, so don't check them now) then exit adb shell with 'exit' <enter>.
X. Now we press the 'Reboot' in TWRP but choose the original slot (you jotted down above right?). So if you booted TWRP on slot B, here you will choose slot A to set active in reboot.
XI. Once rebooted you can get a Cam2API checker on playstore and verify results. I'd also suggest rebooting to fastboot mode and flashing (your specific for your current **Previous** software) boot.img in place of TWRP - I'd guess that will remove any trace of modifications so OTA 'should' work - have not been able to verify that part yet, as mentioned above.
A little long and time consuming, hopefully not too verbose. But, you can now install GCam ports and they should function properly. This is the one I installed MGCamera_5.1.0.18_R4X_v.5.1.19.apk and cursory indications are all is working well.
Hopefully you've read to here before starting (you really should do that you know, always), because here's a question to ask yourself; Is this worth it? I mean, absolutely the GCam processing software is better, but you need to ask yourself if it's worth the trouble and lack of security and possible bricking, to you?
If you do decide to go ahead, proceed slowly, take your time. If you have any questions or doubts, this is the original thread I used (with my modifications outlined above). So any credit really goes to this guide:
https://www.theandroidsoul.com/xiaomi-mi-a2-root/
EDIT to ADD (10/08/18): as noted above, TWRP was flashed to the NON active Partition. What that means is the non-active partition has the *previous* update on it, not the newest. So when re-flashing that non active boot partition (after using TWRP) you should use the boot.img from the previous version you had installed. That will hopefully remove any trace of TWRP having been installed.
Great, this is really what i was searching.
After doing some additional research, it seems the boot image that should be flashed to get back to 'normal' (after twrp) should be the boot image that was being used ** previous ** to your current boot image.
I'm not sure if this will make a difference in OTA updates or not.
But essentially, when an A/B slot phone is updated, the unused slot is updated, then a reboot happens with that slot as active. So the previous slot (the one to 'fall back to' in case of issues) doesn't change. Thus, the boot image of that slot should be the * previous * version you were on.
So I've flashed the boot image from the 1st September update, as that was what I was running prior. I'll update this thread with whatever happens in the next update.
cheers
Works like a charm!
Thank you for sharing!
AsItLies said:
After doing some additional research, it seems the boot image that should be flashed to get back to 'normal' (after twrp) should be the boot image that was being used ** previous ** to your current boot image.
I'm not sure if this will make a difference in OTA updates or not.
But essentially, when an A/B slot phone is updated, the unused slot is updated, then a reboot happens with that slot as active. So the previous slot (the one to 'fall back to' in case of issues) doesn't change. Thus, the boot image of that slot should be the * previous * version you were on.
So I've flashed the boot image from the 1st September update, as that was what I was running prior. I'll update this thread with whatever happens in the next update.
cheers
Click to expand...
Click to collapse
A good update to this guide is you put that information on first post and put also the files of the boot.img off every update, for the noob people like me, something like:
1-Original Boot Image
2- August Update Boot Image
3- First september update Boot Image
4-Second september update boot image.
So people can check what is the installed version, and the version they should get to use with this gide without the problem off getting a Briked Phone.
Tks for your help.
ki69 said:
A good update to this guide is you put that information on first post and put also the files of the boot.img off every update, for the noob people like me, something like:
1-Original Boot Image
2- August Update Boot Image
3- First september update Boot Image
4-Second september update boot image.
Do people can check what is the installed version and the version they should get to use with this gide without the problem off getting a Briked Phone.
Tks for your help.
Click to expand...
Click to collapse
I've updated the original post, but part of the reason for the comment is so others could see something "New" has been said / added. Just updating won't do that.
All of the various boot and patched boot images are readily available in numerous other Guides / Posts. I don't think there's a reason to repeat them here. Just look around a bit, they are easily found.
AsItLies said:
I've updated the original post, but part of the reason for the comment is so others could see something "New" has been said / added. Just updating won't do that.
All of the various boot and patched boot images are readily available in numerous other Guides / Posts. I don't think there's a reason to repeat them here. Just look around a bit, they are easily found.
Click to expand...
Click to collapse
I think when you invites a friend to a sunday family lunch at your home, you should provide the complete lunch. It's not your "obligation", but is kind and cool, plus, maybe later your friend can do the same for you. The same situation here.
Is cool, doesn't cost a thing and people will get grateful and enjoy more your contribuition, and providing the right files, you can help them avoid getting the wrong files and messing their phones.
But, as I said: it's not your obligation, is just a "being cooler thing". :good:
kadu20es said:
I think when you invites a friend to a sunday family lunch at your home, you should provide the complete lunch.
Click to expand...
Click to collapse
Cute analogy, I'll remember it next time I'm looking for lunch.
Here's another more appropriate analogy: 'Give a man a fish, and he eats for the day. Teach a man to fish and he eats for the rest of his life'.
See, you need to do some of the leg work. If you can't, maybe you shouldn't be doing this at all?
In TWRP shall I select ADB sideload for shell to work.
ali7_has said:
In TWRP shall I select ADB sideload for shell to work.
Click to expand...
Click to collapse
Re Read what is in the directions:
Once TWRP is booted we type 'adb devices'.
Then type 'adb shell' at the command prompt.
No where does it indicated using 'ADB sideload' does it?
As said Ali, I'd suggest (again) doing some research on using ADB. Check the various adb commands. Try them out first, before following this guide. Do the same with Fastboot. Read the various documentation. Doing things blindly, well, it's your phone...
@MikeChannon (and @oka1 )Hi Mike, would you please lock this thread? I'm going to create another, much simpler (and less confusing) guide to accomplish the same thing using the patched boot image. I'll title it" [Guide] enable cam2api w/patched_boot - no root ". I don't have a link for it yet, but it will be easy to find.
Thanks!
AsItLies said:
Re Read what is in the directions:
Once TWRP is booted we type 'adb devices'.
Then type 'adb shell' at the command prompt.
No where does it indicated using 'ADB sideload' does it?
As said Ali, I'd suggest (again) doing some research on using ADB. Check the various adb commands. Try them out first, before following this guide. Do the same with Fastboot. Read the various documentation. Doing things blindly, well, it's your phone...
Click to expand...
Click to collapse
Sorry bro, it was driver problem unable me to connect adb in TWRP, it was active only in sideload. problem resolved by uninstalling the driver &installing again..
by the way there is no need to go to the Previous boot.img, I was on v9.6.10 and I flash the same than update it to v9.6.13 with no problem.
thanks a lot for the awesome it was so helpful.
Follow this link for a simpler way to do this. I'm embarrassed I didn't realize it before.
https://forum.xda-developers.com/mi-a2/how-to/simple-to-enable-cam2api-using-t3851926
From the Moderator
Per the OP
He is making a new thread, please see the previous postings for information.
...................... THIS THREAD IS NOW CLOSED .........................
Thx, ~~~~ oka1
Hello guys,
after testing around for days i thought it might be helpfull to post the honestly pretty easy procedure to install stock Oreo, root it and remove encryption if needed.
Disclaimer:
I am not responsible for bricked devices, dead SD-cards, lost data, etc.
Back up your data, app settings, be sure you remember your passwords, your device will be empty!
Edit: It seems, theres a bug that, if you read this post on XDA labs, won't show you everything, it seems like it randomly skips some parts.
What you need:
Unlocked Bootloader
Motorola USB drivers
15 sec adb and fastboot uploaded by myself since the original links aren't working anymore https://multifilemirror.com/hgxxyrfyd7rx.
I originally got them from here (you may have to go into your device manager and select the adb drivers for your phone f.e. when you want to use adb push in recovery, see original xda site).
This will also install the google drivers.
TWRP 32bit (v.3.2.3-0)
TWRP 64bit (v.3.2.1-0)
Disable Dm-Verity & ForceEncrypt from here
Magisk and MagiskManager. Newest should probably work, i used Magisk-18.0 and MagiskManager-6.1.0
Most recent Oreo firmware (edit 08.19)
(I used this Oreo firmware found in this post)
Steps:
Be sure you backed up your data and app settings, your pictures, downloads, etc. It will all be lost!
Please read all steps before you begin.
Extract the firmware into your adb folder (where you installed adb, should contain 4 files), copy both twrp (32 & 64 bit) in there, too.
Boot into bootloader (hold power+vol down) and open a terminal inside your adb folder (shift+rightclick) and type in
Code:
fastboot flash recovery name_of_twrp64bit_file.img
Boot into recovery (select recovery with vol buttons, then press power) and make a backup of EFS partition and persist folder (use file manager under advanced) and make another backup of system, boot and data and save both backups and persist to your SD-card or better your computer, too.
reboot into bootloader and check if your bootloader version is B.8.31 or above.
If it is B.8.31 or above DON'T FLASH BOOTLOADER!!! Because if you flash bootloader of the same version or below, it would hardbrick your device!
That also means if you f.e. want to downgrade to Nougat, just ignore following lines:
Code:
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
Also, unless youre sure your persist is absolutly ok (check here), please also omit the following lines:
Code:
fastboot erase modemst1
fastboot erase modemst2
They would reset your IMEI and usually it gets restored from your persist, but only if its not buggy.
Even if your persist is fine, as far as i know theres no harm in not using this commands (my persist is fine and i didnt use them).
Now paste following commands in your command promt in adb, in case you are BELOW B.8.31, add the bootloader commands from above between the first and second line:
Code:
fastboot oem fb_mode_set
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash dsp adspso.bin
fastboot flash oem oem.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot erase customize
fastboot erase clogo
fastboot oem fb_mode_clear
fastboot reboot
Please make sure that it really flashed all sparsechunk 0-8.
Let your phone reboot itself after installation is done, then return to bootloader and flash twrp 64bit:
Code:
fastboot flash recovery name_of_twrp64bit_file.img
Boot into recovery, since your device is encrypted it will ask for a password, click cancel, then go to WIPE and click on FORMAT DATA and confirm with yes.
This will remove the encryption of your data partition.
Go back to twrp main page and click on REBOOT then RECOVERY.
Once back in twrp, either copy Disable Disable_Dm-Verity_ForceEncrypt.zip and Magisk-18.zip and MagiskManager-6.1.apk to your SD-card or use
Code:
adb push name_of_file /external_sd
or
adb push name_of_file /sdcard
to copy the files to your SD-card (external_sd) or Internal-Storage (sdcard). For this you may have to manually configure your adb drivers in device manager, see here under Notes.
In twrp go now to INSTALL and flash "disable-dm-verity&encrypt" an then REBOOT and SYSTEM.
Return to recovery and flash "Magisk-18.0.zip", wipe Cache/Dalvik at the end and reboot System
Once System has rebooted, install MagiskManager-6.1.0.apk from your SD-card.
MagiskManager should say that Magisk is installed and in settings under security, your phone should be decrypted.
Note: MagiskManager will only show full information when it has internet access, all you see without is if Magisk is installed.
If you want to encrypt your device again, do it but flash twrp 32bit, too, if it asks for a password, it should be your usual password which you also have to enter on every boot.
Some explanation:
Why twrp 64bit?
Because twrp 32bit is able to bypass encryption, however, it causes some problems:
In fact, probably every twrp without the bypass encryption feature would work f.e. older 32bit version 3.1.0. but 64bit offers some features as EFS backup.
If you flash 32bit directly it can bypass the standard encryption but formatting data fails every time when you booted System previously.
When you reboot recovery and format data again it works, but it needs to fail first, just rebooting into recovery 2 times doesnt work.
I dont know what would happen if you (after using your phone normally) reboot recovery and f.e. want to do a backup from data, though im sure i testet it out, but i probably forgot.
You need it later when you want to encrypt your phone again, for me it didnt decrypt data after i reencrypted my phone using my password.
Why reboot System between flashing Disable-encryption and Magisk?
If you do not, you get heavy lags in the first 2 minutes after rebooting System, MagiskManager will say that Magisk isnt installed and then your phone will crash and reboot. But after that 2. reboot everything works fine again, Magisk is back, no lags.
I remembered this post from Johny Cipeli, between flashing no-verity and magisk he wrote to reboot, so i tried and it worked without lags and crash.
You don't need to remove encryption:
You can root your phone without flashing Disable_dm-verity_and_force-encrypt, use then twrp 32bit, dont format data, just flash magisk.
I can say that it should work, because that was one of my first attempts (and it worked for me), however i didnt write down what i was doing so i cant tell you step by step.
Additional:
In case you're searching Viper4Arise for Oreo, the Aroma installer won't work, use the Magisk module and install in MagiskManager. You can download it here from Zackptg5
If youre also annoyed by that One-Nav vibration, you can try using ExKernelManager app and activate the powersave mode. Although i think its officially not for G5, the app works, maybe that only refers to the Kernel and not to the app.
I tried Flyhigh Kernel, it didnt boot after flashing it, if you know a working Kernel for G5 which can disable One-Nav vibration, please write an answer.
My device:
Rooted Stock Oreo 8.1.0: OPP28.85-16
Bootloader: B.8.31
Model: XT1676 reteu
Stock Kernel
Thanks to:
Snoop05 for 15 sec adb and fastboot.
TheFixItMan for twrp.
Zackptg5 for "Universal DM-Verity, ForceEncrypt, Disk Quota Disablers".
topjohnwu for Magisk.
freeZbies for Official Oreo 8.1.0 OPP28.85-16 Fastboot Firmware.
Wolfcity, woozie.2007 and TheFixItMan for answering many of my questions!
- reserved -
ok friend, thank you for this. I think you dont need to flash twrp 64, i only flash official twrp 32, which indeed doesnt have the option for backup persist, but only efs. Maybe is someone else that will try your method to decrypt, I will try next time when I flash the stock, maybe to the next patch update. Good luck and A happy new year !!!
---------- Post added at 01:31 AM ---------- Previous post was at 01:26 AM ----------
LE: You cant root without format data partition, because flashing twrp, when twrp decrypt data you cant see anything on data partition, so you need to format it even if dont need to decrypt the phone
Nice guide @G5-User7080 .
For me everything seems to be correct, I can´t say anything device specific as I own a potter but there shouldn´t be big differences.
There´s one sentence I´m not sure about:
G5-User7080 said:
Because if you flash bootloader of the same version or below, it would hardbrick your device!
That also means if you f.e. want to downgrade to Nougat, just ignore following lines.....
Click to expand...
Click to collapse
It´s clear that downgrading the bootloader can hardbrick your device but why should there be any risk in flashing the same bootloader?
If I flash the fastboot firmware I´m on shouldn´t it be ok? Where did you get that information from?
I´m about to do that on a device of a friend of mine , he is rooted on 7.0 and wants to go the way to flash the firmware he´s on and after that take the OTA up to Oreo.
He could flash the Oreo firmware directly but he prefers to use the firmware from which he knows it´s working and is the correct one.
Very careful guy.
Edit: I just recognized that the part you called steps incl.the part I quoted isn't visible in XDA Labs, I'm only able to see it in mobile browser. Also some download links aren't there, on XDA Labs there is only the one for the 64bit recovery visible, not the one for 32bit. Maybe it's some kind of format problem, bb codes or else.
Some screenshots from XDA Labs and Chrome mobile to show the differences.
Wolfcity said:
It´s clear that downgrading the bootloader can hardbrick your device but why should there be any risk in flashing the same bootloader?
If I flash the fastboot firmware I´m on shouldn´t it be ok? Where did you get that information from?
Click to expand...
Click to collapse
I read this more then one time, although i could just find one source for now: "Flashing bootloader of equal or minor version will hardbrick your device" from Oreo Fastboot firmware.
I dont know why flashing bootloader of the same version would do lead to a hardbrick, but didnt want to try it out myself, also i see no problem in not flashing the bootloader when you already have the same version.
Wolfcity said:
Edit: I just recognized that the part you called steps incl.the part I quoted isn't visible in XDA Labs, I'm only able to see it in mobile browser. Also some download links aren't there, on XDA Labs there is only the one for the 64bit recovery visible, not the one for 32bit. Maybe it's some kind of format problem, bb codes or else.
Click to expand...
Click to collapse
Thats weird, i dont have XDA labs (thats the mobile app, right?), i wrote it on XDA desktop version and only used the size, code, color and list tags, hmm maybe it has problems with the sorted list, for every other part i used the unsorted ones with dots instead of numbers.
Quick test:
Test One:
this is made
in an unordered
list, using
list tags
Test Two:
this is now made
in an ordered list
counting from one to four
using list=1 tags
Can you read both lists with each four points?
And thanks for mentioning the bootloader thing,.. i realized i forgot to paste the lines in to flash bootloader in case you are below b8.31 ehee..
Wolfcity said:
Some screenshots from XDA Labs and Chrome mobile to show the differences.
Click to expand...
Click to collapse
wtf, it just skips random parts ?!!!
I have no idea what could cause this.. ill better add a note at the beginning of the post...wow
To flash the same vers of bootloader is not a problem, only the below one will hardbrick the phone
G5-User7080 said:
wtf, it just skips random parts ?!!!
I have no idea what could cause this.. ill better add a note at the beginning of the post...wow
Click to expand...
Click to collapse
Your lists are both readable.
I took a look at the BB codes as it's known that some of them are not working on XDA Labs like SIZE or HIGHLIGHT. In that case the BB codes are shown in the text but there's nothing missing.
Maybe it has something to do with the use of
[*] in your text?
Edit: Have you changed something in your text now? It seems to be complete on XDA Labs now too...
Wolfcity said:
Your lists are both readable.
I took a look at the BB codes as it's known that some of them are not working on XDA Labs like SIZE or HIGHLIGHT. In that case the BB codes are shown in the text but there's nothing missing.
Maybe it has something to do with the use of
[*] in your text?
Edit: Have you changed something in your text now? It seems to be complete on XDA Labs now too...
Click to expand...
Click to collapse
the [*] just create new lines for a list, and yes, i edited it two times, first, i added that one should use the bootloader commands in case of being below b831 and then i added the info about missing things on xda labs, but i didnt change anything on the lists itself,...
TWRP Custom Recovery for the Onn Android Tablet series
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model
Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.
Reserved also
grabbing this one too cuz why not
Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?
Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....
Amazing!! Gonna install and test 8" right now.
Has anyone tried a GSI on these tablets yet?
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.
WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!
Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.
@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.
Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?
Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.
Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something
LaikaXv1 said:
Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
Click to expand...
Click to collapse
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
I'm glad to see that there is finally a root solution for this device. I have 2 Onn 8 first gen, Android 9 tablets and I use the Magisk module: Universal SafetyNet Fix to
pass.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Let us all know if this works. I work in a Walmart electronics department and have not bought one of the 2nd gen devices because I had assumed that it could not be rooted. I am temped just for a new challenge, even though I really don't need a new device.
Have you been able to create a backup of the stock rom? Is it flashed with spflashtool like the older device?
Thanks
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
Ah, I didn't hit reply. Oops!
I'm not new to XDA persay, but I'm not usually the one making guides and actually saying things haha.
Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)
Boox17 said:
Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)
Click to expand...
Click to collapse
It sounds like maybe you did not unlock the bootloader first?
martyfender said:
It sounds like maybe you did not unlock the bootloader first?
Click to expand...
Click to collapse
Yeah exactly what it was
I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30
I'm stuck in a boot loop. Does this work with a 100011885 that has Android 11 or did I just brick it cause I didn't pay attention.
I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img
bowb said:
I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img
Click to expand...
Click to collapse
Did you get this working?
Valiante said:
Did you get this working?
Click to expand...
Click to collapse
No.
LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
did you happen to upload this image yet? if so, got a link?
I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?
pj_dev said:
I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?
Click to expand...
Click to collapse
Unfortunately, the numbers are important. Are you able to get to fastbootd? If you can get to fastbootd, I would recommend trying to change to boot slot. Newer androids actually have two boot partitions for updating purposes. You can check which boot partition you're using with `fastboot getvar current-slot` which should return "a" or "b". Then do `fastboot set-active x` and replace x with whichever slot is NOT active as determined by the previous command. If the other boot slot is still intact, this would hopefully result in a bootable device. I haven't tried this myself, but this is what I would try if I were in your situation.
If this doesn't work, I would try flashing stock with sp flash tool, which doesn't need fastboot if you can't access that. It's a leaked mediatek tool, so there isn't an official site to get it from unfortunately. I got it from here: https://androidmtk.com/smart-phone-flash-tool but use your discretion. And get v5, because that's what most of the guides use. Then you can try flashing the 3561 stock firmware here: https://forum.xda-developers.com/t/stock-stock-backups-images-otas.3998227/post-82619259
If you can get it to boot at this point and want to de-walmart it, I would recommend just flashing a GSI rather than messing around with the stock rom. You can find the GSI's here: https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list
LaikaXv1 said:
Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something
Click to expand...
Click to collapse
Lol, remember those copy-pasted guides where they provide the wrong TWRP images and it messes up the device
So the 8" Onn actually has a boot-ramdisk it appears. On the 7" Onn Surf (100005206), there is no boot-ramdisk, so the alternative is patching a recovery.img and allowing Magisk to hijack the /recovery partition. The only drawback is, anytime you need to reboot, using hardware keys as though booting into recovery is necessary.
inzane105 said:
I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30
Click to expand...
Click to collapse
I'm in a similar situation, my friend got an RCA Atlas 10 Pro-S from Goodwill for $1. It had an FRP lock on it though, and we ultimately managed to get to the home screen by enabling TalkBack and watching the support video to open the browser. Then, we installed Lawnchair to access the home screen. The settings app worked, but Developer Options would not open.
GetDroidTips has published a software called Miracle Box, claiming that it can unlock MediaTek bootloaders, as well as bypass FRP. However, a VirusTotal scan indicates that it is likely malware. I tried running it in a virtual machine and it asked if I wanted to run a process impersonating "svchost.exe" as Administrator. I airgapped the virtual machine, and Miracle Box said it needed Internet access for licensing, however GetDroidTips said it was free. I suspect that this was a fake software crack.
I am aware of a program called SP Flash Tool, but that won't work because I am on Linux, and not Windows. I doubt it would work under WINE, as it requires special device-specific drivers that also only work on Windows. I have a spare Lenovo IdeaPad 110-15ACL, however I don't have the drivers needed to set up Windows 7 on it. I could, of course, use Windows 10, but I have heard it is bad for flashing, and it is very slow anyway. (I did, however, buy an SSD for it, perhaps this will speed it up enough to be somewhat usable?)
I also found an open-source MediaTek exploit script called MTKTools. It did not work, and it told me to hold all hardware buttons before plugging the device in. It still did not detect the tablet. It told me that I could also short TP1 to ground, however I could not find Test Point 1 on the tablet's motherboard.
There are no custom recoveries or FRP unlocking guides for this device, likely because it's an obscure Android 7.1 tablet from back in 2014. I wouldnt be able to flash them anyway as the bootloader is locked. It has 2 GB of RAM and the processor cores are Cortex-A35s so I'm not sure that this is worth unlocking. On the other hand, it costs over $100 from Walmart.
I am worried that the device was stolen, as it had a password, and once I reset it from Recovery mode, it had an FRP lock. If it is indeed stolen, I can't return it, due to the "as is" nature of Goodwill, and besides, I have disassembled it several times as well. Should I be concerned about the ethical implications of unlocking this device?
Does this work on Android 11? I have the Onn. 100011885 model, according to my settings app.