Database Users

[Tutorial] Camera2api ( Gcam ) Without ROOT

I dont take responsibility for possible damages!​'
1. When you unlock the bootloader, all your data will be erased!
2. When you try to lock the bootloader, your data will be erased and you will lose the API.
3. YOU CAN RECEIVE OTA UPDATES WITH THE BOOTLOADER UNLOCKED!​
Download the tool: https://forum.xda-developers.com/mi-a2/how-to/mi-a2-toolkit-unlock-bootloader-root-t3834585
1. Unlock the bootloader (I will not go into detail, the tool is intuitive, follow the tool's instructions!.)
2. Start your phone and enable USB debugging.
3. Put your cellphone in Fastboot.
4. In the tool, use option 4 (This will not install TWRP, just start) (follow the tool's instructions!)
5. When entering TWRP, if prompted, check "Keep system read only".
6. Open in the tool folder "Open CMD here"
7. Run the command: adb shell
8. Now enter the following command: "setprop persist.camera.HAL3.enabled 1" without quotation marks, and enter. - This command enables the required core API for GCAM.
9. Now type "exit" to exit adb.
10. Go back to the phone, in TWRP -> Reboot -> System -> Do Not Install
Ready.
I did this tutorial quickly. Any questions, use the comments!

Just a note. That tool is working with August security patch, but a lot of us received already September Security patch. And how do you know that we will receive OTA. Did you test by yourself? And btw, looks very easy and clear explained. For now I will wait for stable patch from Xiaomi, and updated Tool from the link you recomended. Thank you.

kaiwanted said:
Just a note. That tool is working with August security patch, but a lot of us received already September Security patch. And how do you know that we will receive OTA. Did you test by yourself? And btw, looks very easy and clear explained. For now I will wait for stable patch from Xiaomi, and updated Tool from the link you recomended. Thank you.
Click to expand...
Click to collapse
The tool just has the August picture. But the functions used for the gcam works in the September patch.
Yes. I have.

when i want to launch the TWRP, my device already plugged in and in fastboot mode, but it says "could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode". How to fix this? tks

asuturo said:
when i want to launch the TWRP, my device already plugged in and in fastboot mode, but it says "could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode". How to fix this? tks
Click to expand...
Click to collapse
I'm stuck at this too, i got the september update, already unlocked the bootloader but still can't install the twrp
"could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode"

Rafaelboxer said:
I'm stuck at this too, i got the september update, already unlocked the bootloader but still can't install the twrp
"could not detect the active partition used, please ensure your phone is plugged in and in fastbook mode"
Click to expand...
Click to collapse
I think the September update change the active partition from A to B ( the August is A). Thats why it doesn´t work.
I´m also with September Update, and camera2api is the only thing i want to enable on Mi a2 ( don´t want to root and lose OTA) until a relliable TWRP is relleased.

This command should tell you which slot is active:
fastboot getvar current-slot

ki69 said:
I think the September update change the active partition from A to B ( the August is A). Thats why it doesn´t work.
I´m also with September Update, and camera2api is the only thing i want to enable on Mi a2 ( don´t want to root and lose OTA) until a relliable TWRP is relleased.
Click to expand...
Click to collapse
I got the september boot.img from another topic and rooted

Still no working solution for the ones that have setember update, and don´t want to root or use magisk??? I think the problem is that TWRP does not work with september update. Any easy way to downgrade to August again??

I'm thinking of installing Camera2API/GCamera, but I wonder if it's worth it. What are the real benefits? Does this make the camera compatible with more applications (eg Snapchat), avoiding them from making a screen of the camera ?

Hey guys i have some doubts.
I saw many threads saying to flash twrp into a partition (A or B) but i don't get why we have to flash it... So can someone clarify for me some stuff?
1 - fastboot boot twrp.img
I don't recall where the persist properties are stored but i believe it's not a partition that the OEM or google will constantly modify, right? So why making changes to the persist props in TWRP doesn't make it persist when booting into system? Is it possible to make it store it not temp?
Why there are people saying that flashing TWRP into, eg. part A, and booting into it, and then changing to part B, is working to enable the camera2 API? This should be the same as fastboot boot TWRP and then reboot it.
2 - As far as i remember, su permissions might be allowed in boot.img (.props file), so i thought that magisk patched image would have some su privilegies, but after booting from a patched image, su doesn't return anything. Does anyone knows what is the patched image from magisk? I heard about an app showing up after booting, so the patch is just a runnable with root?
3 - I also saw many threads changing sys build.prop directly. Horrible choice, but, does anyone knows if it possible to have a build.prop in OEM partition? From what i know, the build.prop will be concat. from all the folders related to the booting process. Has anyone tried to throw a build.prop into OEM with the persist enable? I believe that, since the folder is related to OEM only, and since we have no OEM making apps or whatever in an Android One phone, i think it is more safe than other partitions

ricardohnn said:
Hey guys i have some doubts.
I saw many threads saying to flash twrp into a partition (A or B) but i don't get why we have to flash it... So can someone clarify for me some stuff?
1 - fastboot boot twrp.img
I don't recall where the persist properties are stored but i believe it's not a partition that the OEM or google will constantly modify, right? So why making changes to the persist props in TWRP doesn't make it persist when booting into system? Is it possible to make it store it not temp?
Why there are people saying that flashing TWRP into, eg. part A, and booting into it, and then changing to part B, is working to enable the camera2 API? This should be the same as fastboot boot TWRP and then reboot it.
Click to expand...
Click to collapse
If you did a search on that 'persist' command, you'd find that it does persist, to many of the tables that type of information is stored in. It does not change the info in the properties file in 'System'. It does change the 'Data' partition, but that's okay, as there's only 1 of those (used no matters which slot boots up). The reason for booting on the non-active partition is a twrp / dual slot phone type of thing. I know it works as I've done it, but the 'setprop persist' changes the one and only Data partition, which both slots use, that's why it works.
ricardohnn said:
2 - As far as i remember, su permissions might be allowed in boot.img (.props file), so i thought that magisk patched image would have some su privilegies, but after booting from a patched image, su doesn't return anything. Does anyone knows what is the patched image from magisk? I heard about an app showing up after booting, so the patch is just a runnable with root?
Click to expand...
Click to collapse
I thought the patched image would have some su capabilities also, but it doesn't. It only installs the Magisk stub, which you can further install magisk from. Magisk is a great and sophisticated app. Has numerous Magisk modules which do a wide variety of things. But if you don't need any of those things, and don't need root, it's pretty over the top for just setting the cam2api, imho.
ricardohnn said:
3 - I also saw many threads changing sys build.prop directly. Horrible choice, but, does anyone knows if it possible to have a build.prop in OEM partition? From what i know, the build.prop will be concat. from all the folders related to the booting process. Has anyone tried to throw a build.prop into OEM with the persist enable? I believe that, since the folder is related to OEM only, and since we have no OEM making apps or whatever in an Android One phone, i think it is more safe than other partitions
Click to expand...
Click to collapse
If you change 'System' directly you will not get any OTA updates, so yer right, don't change that. There's no need to consider changing it anywhere else, as the 'setprop persist etc' command populates all the tables for you. 'System' is not affected and OTA updates will continue. There's no removing Magisk, restoring boot image, reinstalling etc etc etc.
One thing I would warn others about, using the various 'Tools'. You don't know what commands they are running, so you can't be sure what they will do. I say that because one of the tools I recently downloaded and went through and found the commands in it. The first thing it did after booting TWRP was to mount 'System' as Read / Write!! Why does that matter? From what I've read, doing that stops OTA from happening. Just mounting it R/W will change the date stamp on it concerning modifications, and that's all the OTA needs to know to say 'it's been modified'.
good luck, cheers

Agree with the data persist, but why do you need to flash into the different partition and not only boot from it?
I don't disagree that it will work, i just want to know why not boot from fastboot directly instead of flashing into one of the backup partition. I know that fastboot boot command triggers different code than usual flow. But not that i remember that it would affect something.
Getprop | grep camera would return if enabled right? Or nope?

ricardohnn said:
Agree with the data persist, but why do you need to flash into the different partition and not only boot from it?
I don't disagree that it will work, i just want to know why not boot from fastboot directly instead of flashing into one of the backup partition. I know that fastboot boot command triggers different code than usual flow. But not that i remember that it would affect something.
Getprop | grep camera would return if enabled right? Or nope?
Click to expand...
Click to collapse
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers

AsItLies said:
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
Click to expand...
Click to collapse
I did manage to boot the last version of TWRP only first time, every other time ended in bootloops.
And I can sorry say that ADB did not work in booted TWRP, adb did not recognized the phone, so no commands could be typed.
For me, it is easier to flash patched_boot.img and install root temporarily, and then when job is done with activating camera2, uninstall root.
But hey, there are two easy ways, and everyone can choose which one is best suitable for them to try.
It would be of course easiest to just boot TWRP and enable camera2, but it doesn't work for now.

minnuss said:
I did manage to boot the last version of TWRP only first time, every other time ended in bootloops.
And I can sorry say that ADB did not work in booted TWRP, adb did not recognized the phone, so no commands could be typed.
For me, it is easier to flash patched_boot.img and install root temporarily, and then when job is done with activating camera2, uninstall root.
But hey, there are two easy ways, and everyone can choose which one is best suitable for them to try.
It would be of course easiest to just boot TWRP and enable camera2, but it doesn't work for now.
Click to expand...
Click to collapse
Yes, just 'booting' twrp has been problems for everyone, "that" doesn't work (not just now, but probably never).
But, following the Guide I wrote, and 'flashing it' does work. Right Now.

AsItLies said:
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers
Click to expand...
Click to collapse
About the setprop, even after the reboot isn't returning the prop, so that's why i am not sure if it is actually keeping it after twrp boot.
About the AB partition... well...
it's more or less like this...
let's say some simple partition scheme....
Preloader
Boot
System
Vendor
ODM
Data
So the phone will probably have many boot images type... like the usual boot.img or recovery.img (before treble) etc.
The boot.img will have the kernel image bla bla bla... since this is a google update, i believe that the AB partition procedures starts here (meaning all the relevant code of checking whether is A or B)
Google wanted to make things faster for the OEM (Samsung, LG etc) so they wanted to separate their ****s from google's one.
So (if things didn't change) you will have the following partitions now (actually i am not sure if they kept the system AB, but i believe so, since it seems to be working in other phones like that )
BootA
BootB
SystemA
SystemB
VendorA
VendorB
OEMA
OEMB
Data
So let's say google wants to update some security patches, from kernel til android, it will have to update boot and system. So in a OTA (changes if it is a google phone or a branded phone) before treble, it would update like... download the image containing boot and system into cache partition or data partition (depending the OTA size), after the download the update manager apk would set as a update booting and reboot your phone. Once booted, the phone would copy the partitions to the correct place (not being detailed) and rereboot. After the rereboot, if everything went normal, it would delete the downloaded image from your data/cache partition.
Now it's different like... instead of sending the update to the data partition and copying. It has a flag to set whether you are in A or B partition.
If you are (for eg.) in A partition, it will download the OTA to the B partition. (consider that in an untouched phone, A and B would have identical copies). So after downloading it, the flag is set to the B partition and reboot the phone. When booting, this time, it will not follow the A booting flow, like...
Before the update booting process would be
BootA
SystemA
VendorA
ODMA
Data
After the update the boot process will be
BootB
SystemB
VendorB
ODMB
Data
But i didn't update the vendor or ODM... why not keep in A? Because it's too hard to manage it.
So if anything fails in this update, it can easily go back into A booting process (which means you have a backup of your old boot).
Since system is too big, i am not sure if the system AB exists (it would just take up too much space... but anyway...).
It is also not a way to prevent bootloop, it is related to update. If an update fails (say, the image is corrupted or has no signature etc) the boot will change back, but if the update is "correct" it will boot as it should, even if the image is bad.
So again... when we do the fastboot boot boot.img, we are copying this boot into some cache or data to boot up, instead of our original boot. When we reboot, it will use the original boot. So, is there a difference from using twrp flashed and booted?
I know that fastboot boot will trigger different booting process (meaning signatures verifying etc) but don't think that it will not mount a partition or something...
Well... anyway... so after the reboot, when you setprop in TWRP, the getprop returned the prop correctly? I recall something about getprop not returning the prop but camera2 was enabled anyway with the setprop... well... can you just confirm one thing for me?
The steps you used was... fastboot flash patchboot and then reboot into twrp and then reboot back to usual partition.
You didn't do fastboot boot patched boot -> twrp -> reboot
Right?
---------- Post added at 09:44 AM ---------- Previous post was at 09:42 AM ----------
AsItLies said:
Yes, just 'booting' twrp has been problems for everyone, "that" doesn't work (not just now, but probably never).
But, following the Guide I wrote, and 'flashing it' does work. Right Now.
Click to expand...
Click to collapse
Oh didn't see this one. OK...
Damn... hmm... strange... well thanks anyway...
---------- Post added at 09:50 AM ---------- Previous post was at 09:44 AM ----------
AsItLies said:
The dual partition thing is new to everyone, I only understand bits and pieces, like everyone. But we do know there's no more 'recovery' partition, like we use to know. And we also know the way the dual works is that when an update occurs, if the device then try's to boot it and fails, it will automagically switch to the previous partition and boot it. Pretty sure we also know that booting and flashing are different with dual slot devices, but I'm not 100% sure how different.
I've tried booting twrp and just ended in bootloops. And that may be because of diff versions of TWRP, or it may be because of basic code all TWRP's have, not sure. But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images.
I do know for sure I didn't want to brick my phone (duh). So when I found a Magisk install guide, mentioned in my Guide thread, they used TWRP to install it. It sounded like an authoritative guide to me, re the part of getting TWRP to work. So I used that just to be able to run the setprop commands. Worked perfectly. Having to use the other (non active) partition **may** have something to do with avoiding triggering any automatic code to switch partitions unnecessarily, not sure, but not going to experiment any further to find out
Again, do some research on that setprop command, one of the things you'll find is that it doesn't populate all the appropriate tables until 'after' the device has been rebooted. So doing a getprop directly after doing the setprop won't work, not until it's been rebooted.
cheers
Click to expand...
Click to collapse
Oh by the way, i saw one part
"But TWRP is a recovery, not a boot image with the proper kernel, like the patched boot images. "
I think this is wrong (at least if TWRP team didn't change stuff), but all images are bootable images... (by all images i mean... boot.img recovery.img Flashing.img).
I once thought that they used a common kernel image, but in fact, all the booting process image has the kernel image copied (literally) to prevent brick. So even with a corrupted boot img, you still can boot into recovery or into download mode.
So that's why TWRP must have a kernel.

@ricardohnn, you seem hell bent on getting twrp to boot. Good luck. Let me know how that works out for you. In the meantime I'll be enjoying my cam2api working
cheers

AsItLies said:
@ricardohnn, you seem hell bent on getting twrp to boot. Good luck. Let me know how that works out for you. In the meantime I'll be enjoying my cam2api working
cheers
Click to expand...
Click to collapse
Actually TWRP boots fine with fastboot boot...
ADB runs smooth, but it just won't keep.
But you've made me envy LOL
I will think about flashing... later...

ricardohnn said:
Actually TWRP boots fine with fastboot boot...
ADB runs smooth, but it just won't keep.
But you've made me envy LOL
I will think about flashing... later...
Click to expand...
Click to collapse
What version of TWRP did you use, there is now two versions, I used last one, from a few days ago, and in first try I did manage to boot from fastboot, not flash it, but ADB did not worked.
So, if adb did work for you, maybe it was earlier version ?
Anyway, as you say, it is not permanent setprop, maybe because the twrp is not stable one, or maybe it needs to be flashed to work, not just booted.
I personally do not have doubts that this tutorial works, I just did not want to flash twrp. :good:

Root & TWRP!

Note: I am no expert at this. I used this to get TWRP and root, but it there is no guarentee it won't brick your phone. Only do this if you know what your doing. Before you start you must have an unlocked bootloader, which will delete all your data. Here's the instructions (If you need help, feel free to post a comment):
Download Magisk's installer zip on your phone from https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 (Google Pay only works with Magisk v19.0+)
Download arter97's kernel .img to your PC. This kernel currently is the only reliable way to get TWRP. https://forum.xda-developers.com/razer-phone-2/development/arter97-kernel-razer-phone-2-t3914996
Reboot your phone into bootloader mode (Turn off then back on while holding vol down).
Make sure your phone is recognized by Windows before proceeding. Follow this guide to setup the proper drivers and fastboot.
Flash arter97's kernel by running
Code:
fastboot flash boot arter97-kernel-*.img
If you run into any issues, then you will probably need to specify the slot to flash. Reboot back into your system.
Turn on Android Debugging and run
Code:
adb shell getprop ro.boot.slot_suffix
and make note if the output is _a or _b
Reboot back into bootloader
If _a use
Code:
fastboot flash boot_a arter97-kernel-*.img
if _b use
Code:
fastboot flash boot_b arter97-kernel-*.img
Reboot to recovery (either through bootloader mode or hold vol up while rebooting).
Install the Magisk .zip from TWRP.
Be amazed by the possibilities.
Old instructions (Should always work to get root):
Download the factory image from here: https://developer.razer.com/razer-phone-dev-tools/
Extract and copy the boot.img file to your device
Download and install Magisk Manager. If you have an SD card make sure it's installed on your internal storage, not the SD card.
Tap install, select Patch Boot Image File, and select the boot.img (If using the default file manager click the overflow menu and show internal storage)
Copy the patched_boot.img back over to your PC
Flash the patched_boot.img to your device via fastboot (Turn off then back on while holding vol down) and run
Code:
fastboot flash boot patched_boot.img
.
If you run into any issues, then you will need to specify the slot to flash.
Turn on Android Debugging and run
Code:
adb shell getprop ro.boot.slot_suffix
and make note if the output is _a or _b
Reboot back into bootloader
If _a use
Code:
fastboot flash boot_a patched_boot.img
if _b use
Code:
fastboot flash boot_b patched_boot.img
Reboot, and open up magisk manager to confirm everything is working. After an OTA update you may have to re-apply due to it using a different slot.
Note: the phone wasn't properly recognized by my computer when in bootloader mode so I had to install the Google adb drivers and manually set the driver used to Google Bootloader Interface (or something like that)

I found you needed to specify boot_a or boot_b specifically as the bootloader tended to mess up the suffix(it tried "bootb_b"????). So I had to first run "fastboot getvar all" to check the current slot.
I also found the commands are executed much more reliably if you enter the command first and press enter so fastboot goes into the "waiting for device" state and then boot into the bootloader and afterwards plug in the cable so fastboot executes the command as soon as it connects.

figured itd be as easy as that. this will be my first up to date device in years, att sending it to me in the mail. should get it by the 6th . but glad to see theres root! hopefully lineage to follow <3

Twiggy000b said:
figured itd be as easy as that. this will be my first up to date device in years, att sending it to me in the mail. should get it by the 6th . but glad to see theres root! hopefully lineage to follow <3
Click to expand...
Click to collapse
I know the feeling, my last device was the Nexus 5

my last "decent" device was the essential phone. then i went to the xperia xa2 ultra, then the iphone 6 then.... zte quest. -.-

CurtisMJ said:
I found you needed to specify boot_a or boot_b specifically as the bootloader tended to mess up the suffix(it tried "bootb_b"????). So I had to first run "fastboot getvar all" to check the current slot.
I also found the commands are executed much more reliably if you enter the command first and press enter so fastboot goes into the "waiting for device" state and then boot into the bootloader and afterwards plug in the cable so fastboot executes the command as soon as it connects.
Click to expand...
Click to collapse
Lol, bootb_b:laugh:. For me at least it worked fine without specifying the slot, though I may change the instructions to specify the slot

CalebQ42 said:
With the release of the factory images we can achieve root via Magisk boot image patching. Note: I am no expert at this. I used this to achieve root, but it there is no guarentee it won't brick your phone. Only do this if you know what your doing. Before you start you must have an unlocked bootloader. Here's the instructions (If you need help, feel free to post a comment):
Download the factory image from here: https://developer.razer.com/razer-phone-dev-tools/
Extract and copy the boot.img file to your device
Download and install Magisk Manager. If you have an SD card make sure it's installed on your internal storage, not the SD card.
Tap install, select Patch Boot Image File, and select the boot.img (If using the default file manager click the overflow menu and show internal storage)
Copy the patched_boot.img back over to your PC
Flash the patched_boot.img to your device via fastboot (Turn off then back on while holding vol down and run `fastboot flash boot patched_boot.img`.
Reboot, and open up magisk manager to confirm everything is working.
Note: the phone wasn't properly recognized by my computer so I had to install the Google adb drivers and manually set the driver to Google Bootloader interface (or something like that)
I also tried to install some Android Pie GSIs, but none of them worked.
Click to expand...
Click to collapse
Does this destroy all data? Do I need to unlock bootloader? Does it matter where I place the boot.img on my device?

CalebQ42 said:
Lol, bootb_b:laugh:. For me at least it worked fine without specifying the slot, though I may change the instructions to specify the slot
Click to expand...
Click to collapse
Interesting. The bootloader isn't exactly what I'd call a masterpiece of coding (weird cause I still maintain the ROM is excellent) so it might have just been a momentary glitch.
---------- Post added at 10:54 PM ---------- Previous post was at 10:53 PM ----------
ctakah27 said:
Does this destroy all data? Do I need to unlock bootloader? Does it matter where I place the boot.img on my device?
Click to expand...
Click to collapse
Yes, yes and not really (you get a file chooser so you just need to locate it)

I updated the post a bit with instructions on how to flash to a specific slot.
Tonight I'm going to try compiling TWRP for the first time ever (unless someone beats me to in). Wish me luck!

CalebQ42 said:
I updated the post a bit with instructions on how to flash to a specific slot.
Tonight I'm going to try compiling TWRP for the first time ever (unless someone beats me to in). Wish me luck!
Click to expand...
Click to collapse
Good luck it's a easier process compare to years ago. I would do it but I have no need for root or custom recovery. If you fail on the TWRP I will do it in time for people.

Is this working on the AT&T version of this phone? Or would you need to flash the global firmware in order for this to work? Looking to upgrade to this phone and I want to be sure I can get root. The rest looks to be coming fairly quickly.

CalebQ42 said:
I updated the post a bit with instructions on how to flash to a specific slot.
Tonight I'm going to try compiling TWRP for the first time ever (unless someone beats me to in). Wish me luck!
Click to expand...
Click to collapse
jonchance_84 said:
Is this working on the AT&T version of this phone? Or would you need to flash the global firmware in order for this to work? Looking to upgrade to this phone and I want to be sure I can get root. The rest looks to be coming fairly quickly.
Click to expand...
Click to collapse
They have the image for AT&T
EAIaIQobChMIwYzbk7j_3gIVRZRpCh0RMwdoEAEYASAAEgLPifD_BwE

Warrior1988 said:
They have the image for AT&T
EAIaIQobChMIwYzbk7j_3gIVRZRpCh0RMwdoEAEYASAAEgLPifD_BwE
Click to expand...
Click to collapse
I see the separate firmware. I'm only asking because of past shadyness from AT&T trying to tell manufacturers what to do. Years ago on my Xperia x10, if on AT&T firmware, you needed to flash the global generic firmware to get around their crap.

CalebQ42 said:
With the release of the factory images we can achieve root via Magisk boot image patching. Note: I am no expert at this. I used this to achieve root, but it there is no guarentee it won't brick your phone. Only do this if you know what your doing. Before you start you must have an unlocked bootloader, which will delete all your data. Here's the instructions (If you need help, feel free to post a comment):
Download the factory image from here: https://developer.razer.com/razer-phone-dev-tools/
Extract and copy the boot.img file to your device
Download and install Magisk Manager. If you have an SD card make sure it's installed on your internal storage, not the SD card.
Tap install, select Patch Boot Image File, and select the boot.img (If using the default file manager click the overflow menu and show internal storage)
Copy the patched_boot.img back over to your PC
Flash the patched_boot.img to your device via fastboot (Turn off then back on while holding vol down) and run
Code:
fastboot flash boot patched_boot.img
.
If you run into any issues, then you will need to specify the slot to flash.
Turn on Android Debugging and run
Code:
adb shell getprop ro.boot.slot_suffix
and make note if the output is _a or _b
Reboot back into bootloader
If _a use
Code:
fastboot flash boot_a patched_boot.img
if _b use
Code:
fastboot flash boot_b patched_boot.img
Reboot, and open up magisk manager to confirm everything is working. After an OTA update you may have to re-apply due to it using a different slot.
Note: the phone wasn't properly recognized by my computer so I had to install the Google adb drivers and manually set the driver to Google Bootloader interface (or something like that)
I also tried to install some Android Pie GSIs, but none of them worked.
Click to expand...
Click to collapse
Would this procedure be the same as far as mac/win?

I understand all of that, I am simply asking if someone has tried this with the AT&T variant yet. I want to know before I go order this phone.

I love a rooted phone, but as far as I know, if you unlock the bootloader, Netflix will no longer work in HD mode. To me, this is a deal-breaker. If anyone knows about a work-around, I'd love to know.

Razer phone 2 root
so im kinda new to rooting this type of phone and to the android boot scheme in general. i have a razer phone 2 and have attempted (febaly) to root it using this meathod. after installing the google adb drivers i was unable to see the device from my pc when it was in fastboot and unable to send commands, after installing the drivers again with windows update it ran even though no device was detected with this message
">fastboot flash boot patched_boot.img
Sending 'boot_b' (19268 KB) OKAY [ 0.523s]
Writing 'boot_b' OKAY [ 0.179s]
Finished. Total time: 0.718s"
it then blackscreened, i then tried a factory reset from recovery, and it is now in a bootloop... any advice?
update: no longer in boot loop but now is full blackscreen after a glitchy install screen

andy1011 said:
so im kinda new to rooting this type of phone and to the android boot scheme in general. i have a razer phone 2 and have attempted (febaly) to root it using this meathod. after installing the google adb drivers i was unable to see the device from my pc when it was in fastboot and unable to send commands, after installing the drivers again with windows update it ran even though no device was detected with this message
">fastboot flash boot patched_boot.img
Sending 'boot_b' (19268 KB) OKAY [ 0.523s]
Writing 'boot_b' OKAY [ 0.179s]
Finished. Total time: 0.718s"
it then blackscreened, i then tried a factory reset from recovery, and it is now in a bootloop... any advice?
update: no longer in boot loop but now is full blackscreen after a glitchy install screen
Click to expand...
Click to collapse
Since it's already wiped the easiest way to fix it is to probably flash the full factory image. Did you happen to update to the MR2 update prior to following this guide? Doing this on MR2 will soft brick. Not entirely sure in what way, but I assume it would be similar to what you experienced. If you were still on MR0 you can actually just fastboot flash the original kernel image to fix it. I just finished rooting MR2 so I'll post that next

CurtisMJ said:
Since it's already wiped the easiest way to fix it is to probably flash the full factory image. Did you happen to update to the MR2 update prior to following this guide? Doing this on MR2 will soft brick. Not entirely sure in what way, but I assume it would be similar to what you experienced. If you were still on MR0 you can actually just fastboot flash the original kernel image to fix it. I just finished rooting MR2 so I'll post that next
Click to expand...
Click to collapse
this is what im trying to do. however i have no way of flashing to the device as adb is unable to see the device.

andy1011 said:
this is what im trying to do. however i have no way of flashing to the device as adb is unable to see the device.
Click to expand...
Click to collapse
Adb and fastboot are separate things. You should only need download mode and fastboot. What are you trying to use ADB for? If in doubt, the guide on Razer's website should be quite sufficient
EDIT: You can get to download mode by holding Vol Down and Power Button while the device is off. You can force reboot by holding down power for approx 15s as well

Severe Issues after uninstalling Magisk - Motorola XT1926-7 G6 Plus

I will try to be as brief as possible, but explain in detail what happened to my moto g 6 plus XT1926-7.
I was running the stock firmware from the:
RETLA
Channel from march 27, 2019:
XT1926-7_EVERT_RETLA_9.0_PPWS29.116-11-2
I unlocked the bootloader using the info provided by motorola.
I used a TWRP installer which I found in this website and successfully installed twrp 3.2. I quickly realized that this version did not decrypt the data partition.
No problem, using the boot command in fastboot, I can load TWRP 3.3 which does decrypt the data partition.
I installed magisk V19.2
I then installed 2 magisk modules:
Viper equalizer
Pixel 3 ( something ) which makes the UI a little nicer.
The phone worked with no problems for months until the July OTA "update unsuccessful" nag screen started showing up every 10 seconds.
I read from several sources that an unlocked bootloader phone from motorola won´t take OTA updates. Fine. I lived with it for a couple of weeks until the nagging screen became unbearable.
I decided to unroot, relock the bootloader get the OTA and move on with my life.
I uninstalled magisk from the magisk manager and the phone immediately went into boot loop.
I´ve been using TWRP for years now with several phones, and each time i´ve had a problem, i just restored from the last backup ( which i do at least once a month ) and move on.
This time i used the full twrp backup from a couple of weeks ago, but it didn´t work.
The phone still bootlooped. It either rebooted at the "verity disabled" screen or it went straight into TWRP 3.2
I decided to use the original backup i did several months back when i first installed magisk and it didn´t work either. First time in years that a TWRP backup didn´t work.
I read in several threads on several websites that the only thing left to do was to flash stock rom from motorola in fastboot basically file by file.
So I did it and flashed the original stock rom for my device from the RETLA channel:
XT1926-7_EVERT_RETLA_8.0.0_OPWS27.113-89-5
The phone booted into android but both IMEI and wifi mac address were gone. So no carrier signal and no wifi.
I read from several threads that a backup from the EFS and persist partitions would solve this, so I tried both backups of these partitions i had, but nothing worked.
fastboot would read the IMEI number with the get vars command, but android would not recognize them.
Then i found a post here from a couple of days ago of a person who had the same problem and by flashing the latest stock rom fixed this.
So i downloaded:
XT1926-7_EVERT_RETLA_DS_9.0_PPWS29.116-11-6
from the RETLA channel and again proceeded to flash via fastboot file by file.
this time android booted and it did load the both IMEIs and the wifi mac address BUT, wifi disconnects every 10 seconds and the carrier signal is worse.
I then tried the lenovo assistant as suggested in another thread in this website and used the flash / recover feature. Same thing happened. android boots but wifi signal is lost every 10 seconds and carrier signal gets cut off at regular intervals and is very weak.
This has rendered my phone basically useless. I had been using a Moto G2 for many years with no problem and i bought this one just a couple of months ago.
I don´t mind flashing the phone again, and i´m good at following step by step procedures.
It would be super cool if someone would point me in the right direction on how to fix this.
Thanks in advance

This is how I managed to fix my Moto G6 plus
I was able to fix my phone so I will reply to my own post:
It took me almost 4 days to fix the phone. It took a lot of reading and MANY hours of trial and error, so I´m going to describe what I did in order to help anybody with the same problem to save themselves a LOT of time.
As it happens, I found out that a lot of people have run into the same problem of bootloops after uninstalling magisk and then even after flashing the stock rom, had no wifi and no carrier signal. Hence, a useless phone.
Prerequisites for this solution:
Be able to boot your phone into bootloader mode.
If you don´t know what bootloader mode is, do your research. It´s very simple to get to it. Just power off your phone and then press the power and volume down buttons simultaneously for a couple for a couple of seconds. How to use it is another matter entirely. Again... do your research.
1. Before disaster strikes... Do not use an installer script to force install TWRP on a phone which has A / B boot slots. If you plan to install Magisk later, do not force instal TWRP. Moto G6 Plus is such a phone. This is written very clearly in the Magisk troubleshoot wiki. I wish I had read this before.
If you want to use TWRP ( and you should ), load TWRP 3.3 or newer temporarily from fastboot with the boot command. It will be able to decrypt your phone´s data. TWRP 3.2 does not.
To decrypt you will need to have a pin or pattern unlock set previously on your phone.
I used a script to force install twrp 3.2 to my phone. It´s useless since it can´t decrypt the phone and it was surely the cause of all this mess.
I´m not blaming TWRP or Magisk. This mess was all my fault. I´ll tell you about it later.
2. I have a TWRP 3.3 full decrypted backup of ALL the partitions of the phone from last week. I always do regular backups. I´ve been using TWRP for years and it has always served me well. This time it didn´t. My bad, not TWRP´s. I flashed the backup to the phone and it kept bootlooping. I flashed the backup about 20 times!
3. If you´re in this mess already because you forced install TWRP and you uninstalled magisk and your phone is bootlooping, you will probably have to wipe your phone and flash the stock ROM appropriate to your model. Trust me, if you´re not an android / linux guru, your only way to get your phone back will be to wipe your phone completely. I realized this the hard way.
Don´t flash the original ROM for the G6 plus ( android 8 ). Use the latest build. It seems motorola took note of so many people having the "no carrier / no wifi signal" problem, so they have included a fix for this in the latest android 9 releases. This has worked for other people, It worked for me. I don´t know for sure if it will work for you.
4. Here´s one important piece of info. For motorola phones it is very important to have a backup of these two partitions:
EFS
PERSIST
I´m not 100% percent sure of all the info they have or the entire purpose that they serve, but I now know 1 thing. These two partitions have critical and unique information about your phone.
They provide the unique IMEI info. Wifi Mac address info. Baseband info, which is all the technical carrier signal communications stuff, etc..
How do you back up these partitions? Use a custom recovery like TWRP or similar. If you want to mod your phone, please do your research on the software you are going to install. I usually do it, this time around I just winged it, and look where it got me.
5. Here´s another important piece of information to take note of BEFORE disaster strikes. Write down on a piece of paper and store in a safe place ( a txt file on your pc will do ) the following:
Your phone´s exact model Nº. Mine is:
XT1926-7
Go to settings: tap System, tap about phone and write down which software channel you are on.
Mine is: RETLA
This is important because it determines which stock ROM you will need to download, as not all ROMS for this device are the same. The XT1926-7 is a dual SIM phone so NO. Not all versions of the stock rom will work.
6. In order to download the correct stock ROM for your phone, on your computer, go to:
mirrors .lolinet .com /firmware/moto/evert/official/
This website is one of several which offer stock roms for motorola phones. You can use this one or search around for another one.
The website will show you a directory structure of all the different software channels available for the motorola Moto G6 Plus. Choose the folder appropriate for your phone.
Remember mine was the RETLA channel?
These are the only channels which offer stock roms for the XT1926-7
RETLA
or
TEFCO
or
TEMX
or
TIGCO
If your phone is factory unlocked you will probably have to use the RETLA versions.
Within the correct folder, look for the latest ROM for your model. Pay close attention to the name of the rom. The first section will indicate what model it´s intended for. For example, in the RETLA folder there´s ROMS for 2 different models:
XT1926-6
XT1926-7
The correct file for my phone was:
XT1926-7_EVERT_RETLA_DS_9.0_PPWS29.116-11-6_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
Please do your research and download the right file for your phone. If you´re not careful, it will lead to bigger problems.
Please also download the original factory version of android 8 ( oreo ) made for your phone. you´re gonna need 2 files from that ROM. In my case the file was:
XT1926-7_EVERT_RETLA_8.0.0_OPWS27.113-89-5_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml
The stock roms are about 2 gigs in size.
6. Next you´ll need to download the right tools to flash the stock rom to your phone.
I´m assuming you have downloaded and installed the latest motorola USB drivers for your computer and installed them. If you haven´t. The time is now.
The internet will tell you to download the Android SDK platform tools. This package will give you fastboot and ADB.
Don´t download it. The "vanilla / run of the mill" version of fastboot won´t help you.
Motorola created a modified version of fastboot for their phones, which flashes a motorola phone in specific ways. It´s called: mfastboot
I saw the procedure differences while running mfastboot in the DOS window. In the end I was able to fix my phone because of the differences which mfastboot offers. You´re gonna have to trust me on this one.
Since the motorola version of fastboot is small in size, i´m going to attach it to this comment. Look for the attached file named:
mfastboot_adb_tools.zip
7. Create a folder on your hard drive. It doesn´t matter how you call it. Just remember where it is. Unzip / decompress the entire contents of the file:
mfastboot_adb_tools.zip
you just downloaded to that folder. it should look like this:
Then unzip / decompress the entire contents of the:
XT1926-7_EVERT_*YOUR-CHANNEL*_DS_9.0_PPWS29.116-11-6
to the same folder. it should look like this:
Now we will need just 2 files from the:
XT1926-7_EVERT_*YOUR_CHANNEL*_8.0.0_OPWS27.113-89-5
Unzip these two files to the same folder where you have unzipped everything else:
8. It is now time to boot your G6 Plus into bootloader mode. With the phone turned off, press the power and volume down buttons simultaneously for about 5 seconds.
You´ll get a black screen with the android robot laying on its back. At the bottom of the screen you will see a piece of text which reads:
Connect USB Data cable.
Do it. Connect the usb cable to your computer and then connect it to the phone. the connect data cable message will change to a green sentence which reads:
Transfer mode: USB connected
9. On your computer, return to the folder where you placed all the files. Look for a blank space with no files within that folder and press the shift key + mouse right click. out of the context menu you get, select:
open command window here
You will get a black screen with a white prompt.
Now let´s make sure your phone is connected to your computer. In that black window type:
mfastboot devices
The result should be your phones serial number followed by the word fastboot.
If you got nothing or any sort of error it means you phone is not connected properly or some drivers are missing. troubleshoot that and come back when your phone is actually connected.
10. OK... let´s start flashing the files. The following series of commands I copied from another post in this website. I did not come up with this set of commands and I will repeat that i´m no expert. This worked for my particular situation and by no means i can guarantee that it will work with your phone. All I´m saying is that if you´re desperate and at the current moment you have a soft bricked phone, go ahead and try this.
In that black window, start copying these commands 1 by 1. Wait for them to execute and get an OK message from the phone. If you get an error try that command again. to paste the command in the black window ctrl + v does not work. you have to right click your mouse on top of that window and paste the command that way. When you´ve pasted the command, press enter to execute.
These are the commands:
Code:
mfastboot getvar max-sparse-size
mfastboot oem fb_mode_set
mfastboot flash partition gpt.bin
mfastboot flash bootloader bootloader.img
mfastboot flash modem_a NON-HLOS.bin
mfastboot flash fsg_a fsg.mbn
mfastboot erase modemst1
mfastboot erase modemst2
mfastboot flash bluetooth_a BTFM.bin
mfastboot flash dsp_a dspso.bin
mfastboot flash logo_a logo.bin
mfastboot flash boot_a boot.img
mfastboot flash system_a system.img_sparsechunk.0
mfastboot flash system_a system.img_sparsechunk.1
mfastboot flash system_a system.img_sparsechunk.2
mfastboot flash system_a system.img_sparsechunk.3
mfastboot flash system_a system.img_sparsechunk.4
mfastboot flash system_b system_b.img_sparsechunk.0
mfastboot flash system_b system_b.img_sparsechunk.1
mfastboot flash oem_a oem.img
mfastboot flash oem_b oem_other.img
mfastboot flash vendor_a vendor.img_sparsechunk.0
mfastboot flash vendor_a vendor.img_sparsechunk.1
mfastboot erase carrier
mfastboot erase userdata
mfastboot erase ddr
mfastboot oem fb_mode_clear
press power button on the phone and restart it.
It might take a while to boot, but if and when you see and hear the "hello moto" greeting, it means your phone has been fixed.
You might end up with a restored phone, but no wifi and no carrier signal. Then what you will need to do is to flash the backup of your EFS and Persist partitions using TWRP, and then retry the whole procedure again.
This is the way I fixed my Moto G6 plus.
It wasn´t a perfect fix for me. Since I had forced installed TWRP 3.2 with an installer script, that did something to the boot partition and now even after reflashing the entire phone I don´t have any type of recovery.
No stock recovery of any kind. It´s not a problem since we can boot TWRP temporarily from mfastboot and in bootloader mode just like the procedure we did with the stock rom. All the rest is back to perfect working condition.
I was also able to make a new full phone backup.
I will tell you this, now I know that all this mess is not TWRP´s or Magisk´s fault. They are fine programs. It was my fault due to a lack of research. I shouldn´t have mixed them both in the way I did.
I forced installed TWRP to my phone because it was what I was used to and I didn´t read any instructions for Magisk which I had never used. I come from the SU era.
I hope this wall of text will be of help to anyone going through the same situation with a Moto G6 plus.
Unfortunately nobody replied to my original post so I had to solve this on my own. The good thing is that I did manage to fix it.
I will repeat it one more time. I´m not an android expert. Not by far. I´m not saying this procedure will work for your particular problem. I´m only sharing what worked for me and I hope it will work for you. If it doesn´t. Keep looking and researching.
GOOD LUCK.

hello, i have the exact same problem but my stock rom dowes not have any system_b file ( my rom is RETAR) what should i do?
Edit: sorry, i had another update file, pien not oreo. On oreo zip it appears
---------- Post added at 01:07 AM ---------- Previous post was at 12:21 AM ----------
Ok, so now i followed your guide exactly as you did it but it doesn't boot. It bootloops
Do you know what's happening?

juampapo546 said:
hello, i have the exact same problem but my stock rom dowes not have any system_b file ( my rom is RETAR) what should i do?
Edit: sorry, i had another update file, pien not oreo. On oreo zip it appears
---------- Post added at 01:07 AM ---------- Previous post was at 12:21 AM ----------
Ok, so now i followed your guide exactly as you did it but it doesn't boot. It bootloops
Do you know what's happening?
Click to expand...
Click to collapse
Sorry for spamming the thread, i got out of the boorloop by installing again the oreo stock rom (with no imei nor mac). After doing it i did the whole procedure again and it booted but still having the wifi/mobile data resetting. I will redo everything againand if after several times i get to nothing i will post another question here.
Sorry and thank you

Still doesn't work

juampapo546 said:
Still doesn't work
Click to expand...
Click to collapse
Do you have a backup of your EFS and Persist partitions from when the phone was in working condition?
You could use those to restore you Emei and wifi mac address and then flash Pie again.

lcmp said:
Do you have a backup of your EFS and Persist partitions from when the phone was in working condition?
You could use those to restore you Emei and wifi mac address and then flash Pie again.
Click to expand...
Click to collapse
No, I don't have one. I thought that in this guide I didn't need the backup but apparently there is no solution for now if there is no backup.
Thank you

juampapo546 said:
No, I don't have one. I thought that in this guide I didn't need the backup but apparently there is no solution for now if there is no backup.
Thank you
Click to expand...
Click to collapse
Like I said in my post, i´m not an expert. I just posted the procedure which worked for me.
I did have a backup of those partitions and I used them several times and it did not work. Are you using mfastboot instead of regular fastboot?
I would try the procedure several times.
Buena Suerte.

lcmp said:
Like I said in my post, i´m not an expert. I just posted the procedure which worked for me.
I did have a backup of those partitions and I used them several times and it did not work. Are you using mfastboot instead of regular fastboot?
I would try the procedure several times.
Buena Suerte.
Click to expand...
Click to collapse
I tried it several times but as I said previously there is no point doing it with no backup ( not my words, I talked to a guy that develops most of the g6 Plus roms and told me for now there is no solution without the backup, it was over the Spanish telegram group. I highly recommend it, if you want to join talk to me at the PM because I can't share social network on posts)
Thank you for your advise, if I am able to solve it I will let you know

lcmp said:
Like I said in my post, i´m not an expert. I just posted the procedure which worked for me.
I did have a backup of those partitions and I used them several times and it did not work. Are you using mfastboot instead of regular fastboot?
I would try the procedure several times.
Buena Suerte.
Click to expand...
Click to collapse
I screwed up my efs/persist and didn't have a backup (a few months ago).
So can I please have a copy of the backed up efs and persist partitions? I should be able to go through and replace any ids (mac address and imei) with my own. If I figure it out, I'll write a guide on it too .
I have the same device model as you (XT1926-7 RETLA).
I've also been looking at this (https://forum.xda-developers.com/razr-i/development/pds-partition-fix-risky-faint-heart-t2813292) which is for a different problem with a different phone where someone posted their pds/persist partition, but it looks like the data in those partitions are just stored plainly in binary.

stevendoesstuffs said:
I screwed up my efs/persist and didn't have a backup (a few months ago).
So can I please have a copy of the backed up efs and persist partitions? I should be able to go through and replace any ids (mac address and imei) with my own. If I figure it out, I'll write a guide on it too .
I have the same device model as you (XT1926-7 RETLA).
I've also been looking at this (https://forum.xda-developers.com/razr-i/development/pds-partition-fix-risky-faint-heart-t2813292) which is for a different problem with a different phone where someone posted their pds/persist partition, but it looks like the data in those partitions are just stored plainly in binary.
Click to expand...
Click to collapse
Well yes, but actually no. You can't use another's device efs/persist because these files can only be read by the device that created them
However I found a magisk module that fixes several persist issues. It is called PIXELARITY

However I found a magisk module that fixes several persist issues. It is called PIXELARITY
Click to expand...
Click to collapse
Does this actually fix the persist issues permanently? Or does it just work around them while it is installed? I am in the same boat as others without a proper backup of efs/persist. If it fixes anything I will be happy.
Also, how are you getting the Magisk module installed? I have no wifi or cell service so the Magisk app can't download the module. Tried just downloading the module repo .zip file and manually installing from that, but magisk is not recognizing it as a valid module. I almost never install Magisk at all let alone modules, so I am a bit in the dark on the general procedures.
Edit: Wound up getting it installed with a USB ethernet dongle to get some form of connection. But the PIXELARITY mod did absolutely nothing in my case. Flashed stock and I have IMEI and Wifi MAC Address back, but they are now both cutting out in the same way as yours. The Magisk module did nothing there either.

I forgot to post it, for mi actually it just partially worked ( permanent). I said partially because I lost my IMEI.
I am now trying to use the efs that doesn't have an IMEI to patch it up with mine and maybe make it "universal" and share it to other people and they just patch their IMEI.
However it is quite complicated and I am not having a really advanced progress on this.
---------- Post added at 12:33 PM ---------- Previous post was at 12:29 PM ----------
I have just seen the edit.
What worked for me I believe it was a chance and I can't recall exactly what I did before it "workerd", I did a lot of things, as I believe you also did.
I would try following the guide up here and installing the module, maybe that's what I did.

Fixed the signal drop with no backups here the link
https://forum.xda-developers.com/g6-plus/how-to/guide-how-to-solve-wifi-mobile-data-t3994827

Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!

Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
WARNING: ANY BOOTLOADER UNLOCK METHOD INVOLVES THE RISK OF BRICKING YOUR DEVICE PERMANENTLY. WHILE THERE IS USUALLY A WAY TO RECOVER, DO NOT ATTEMPT THIS PROCEDURE IF YOU DO NOT KNOW WHAT YOU ARE DOING. BAD THINGS CAN HAPPEN. YOU HAVE BEEN WARNED!!! YOU MAY BE LEFT WITH A USELESS BRICK!!! READ ALL FURTHER WARNINGS EXPERIMENTAL METHOD IN ORIGINAL DOWNLOAD FILE WORKS, I'M USING IT
If you want a NOOB guide look at this post: https://forum.xda-developers.com/nu...beginner-tutorial-unlock-bootloader-t4131585/
Also note a user has managed to fix the FP sensor post BL unlock, see this post here: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
Still, I suggest root bypass it's better.
MegaNZ Link for Root without unlocking the Bootloader, and without breaking the FP, also includes instructions for installing BlackMagic5G (explanation below), adding HD VOLTE, how to restore from a brick, and some other cool tricks: https://mega.nz/file/igphSCTD#OybJo9t1zwvJ0bdbAcN2BCqxWXAfHdhk3JFB4_5xkVc
I suggest you flash my BlackMagic5G and don't unlock your bootloader at all - just root. It's CN 2.52 ROM based. You'll get VOLTE, , GApps installed, Rooted with Magisk, TWRP, debloated, YouTube Vanced, AdAway, SmartPack Kernel Manager, etc. - looks like the Global / NA variant of the ROM. Almost perfect except still uses Messages and Phone from Nubia. Plus you will enable Face Unlock not available in the Global or NA versions of the ROM, and FP will still work! Click on the Google Search bar widget and the mic icon takes you to the Google Assistant, the left icon is Google Feed, type in the middle bar for a Google Search. Has 1Weather Free weather widget that looks great, and Google Calendar widget for your whole month of activities. Translate, Lens, Chrome, all the Google Apps are there. And the Chinese Nubia apps are nearly all GONE!
MegaNZ Link for BlackMagic5G Beta - IT'S ONLY THE DATA PARTITION + ROOTED KERNEL + NA SPLASH SCREEN, you NEED to 1) install the Red Magic 2.52 ROM below FIRST 2) Root using the first link posted above 3) Flash restore this from TWRP: https://mega.nz/file/r9hF2BwS#RrAXiFWSBNX8dLqfrH8nNHo_uigPC8uYXonwhALhGbo
MegaNZ Link for the Red Magic 5G CN 2.52 ROM: https://mega.nz/file/aoxBFAqY#EDt2OZBGTME4ZGKnERKpK_t-aJT_rWgD0aqBFkilRcY
*** NOW THE BOOTLOADER UNLOCK INSTRUCTIONS ***
Go to Settings / About phone / Build Number (NX659_J_ENCommon_V3.08 on North American Variant), click 7 times, Now you are a developer message appears, go back a menu to Settings / Other system settings / Developer options.
Enable:
OEM unlocking "Allow the bootloader to be unlocked"
USB debugging "Debug mode when USB is connected"
Install Minimal ADB and Fastboot (Windows 10 in this example): https://www.androidfilehost.com/?fid=746010030569952951
Default install path is:
C:\Program Files (x86)\Minimal ADB and Fastboot\
Go to the Search button on the bottom on Windows 10, type cmd, Command Prompt will appear in the menu. Right click it and Run as Administrator. All commands to be typed will be run in this Command Prompt window (referred to as terminal) unless otherwise stated to run on the phone.
Now Terminal window appears (it says Administrator: Command Prompt in the heading):
Text displayed is:
Microsoft Windows
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>
Typed in terminal:
cd "c:\Program Files (x86)\Minimal ADB and Fastboot"
I now connected the phone to a USB port on the PC.
On the phone, a Window appeared:
"Allow USB debugging?"
The computer's RSA key fingerprint is:
[36 digit code] Example:
C8:A17:E2:01:F6:A1
:368:10:E8:33:20:FB:
93:7D
Always allow from this computer (it's my computer so I clicked it since I trust the computer)
CANCEL / ALLOW (I clicked ALLOW)
Typed in terminal:
adb reboot bootloader
The phone reboots. Once the phone screen boots, in the center it says: Now you are in fastboot mode.
From the terminal I typed:
fastboot oem nubia_unlock NUBIA_NX659J
The terminal now displayed:
...
(bootloader) START update nubia fastboot unlock flag!!!
(bootloader) START set state to 1 ok!!!
In the terminal I typed:
fastboot flashing unlock *** DO NOT TYPE THIS IF YOU WANT TO KEEP A WORKING FP!!! READ TOP OF POST!!! AVOID THIS WITH THE EXPERIMENTAL METHOD OF ROOT WITH NO BL UNLOCK ***
Now a screen appeared on the phone with a big <!> red icon in the left corner. The rest in white text is a warning message. "By unlocking the bootloader, you will be able to install custom operating system on this phone. A custom OS is not subject to the same level of testing as the original OS, and can cause your phone and installed applications to stop working properly-
Software integrity cannot be guaranteed with a custom OS, so any data stored on the phone while the bootloader is unlocked may be at risk.
To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data on your phone.
Press the Volume keys to select whether to unlock the bootloader, then the Power Button to continue."
I selected UNLOCK BOOTLOADER and my device was completely erased. The factory OS loaded then. This process takes some time to complete.
Now the device rebooted with a warning message, and a big <!> yellow icon in the left corner.
"The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.
Visit this link on another device:
g.co/ABH"
Now the device reloads the firmware apparently and wipes all user data. Upon setting up the phone, the fingerprint display registration comes up and asked to place my finger on the back of the phone. There is no fingerprint sensor on the back of the Redmagic 5G! It is under the screen! So this step must be skipped. The ROM setup is corrupt or incomplete, a beta possibly. I setup the phone then went into Settings / Security to try to add a fingerprint. The button to add fingerprint then appears. Once I click the button, I get this error:
Loss of fingerprint calibration data
Loss of fingerprint calibration data was detected.
Currently unable to complete fingerprint entry,
please contact Nuia after-sales service via
4007006600
See the XDA post for recalibrating the FP: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
ROOT FOR ALL DEVICES:
(These files are included in the tools download zip, Magisk 20.4 and MagiskManager-v7.5.1.apk, but this is the official source as updates post): Go to XDA and Download Magisk Manager and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power, release the power button once the screen shows it loading, hold the volume up down until you see TWRP pop up). Flash Magisk from TWRP Install / Zip / sdcard / Magisk.zip reboot and you'll have root.
BL unlock first method was tested on North American variant and it works. But it breaks your FP sensor and gives you an annoying boot prompt.
If at any time you want to remove the OEM Bootloader unlock, you plug into the PC, go to the terminal for Minimal ADB and Fastboot, type:
adb reboot fastboot
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing lock (screen will prompt to relock BL, choose to Relock)
The phone should reboot and install the original software. BUT...
If it says you are corrupted well, you have more issues.
You'll have to reflash the stock recovery.img, reboot to stock recovery, wipe data, wipe cache, and flash the CN update.zip rom to a flash drive FORMATTED TO FAT32 (annoying as hell) But you NEED a USB-C to OTG Adapter to attach a Flash Drive / SDCARD this way). If you don't have one, you better reflash TWRP using the prior instructions and flash the update.zip from there. Install, select the update.zip, flash. Wipe Data, Cache, ART/Dalvik. Reboot.
Now it should WIPE the entire phone and be back to normal Android 10 setup non rooted, no unlocked bootloader. Always beware of data loss doing root functions!!! Always be prepared to setup your phone entirely over again. Google Backup is very good to turn on before you do any of this stuff if you have already installed apps.
*** WARNING - THIS BYPASS METHOD COULD GO AWAY AT ANYTIME. IT SHOULD EVENTUALLY BE FIXED BY NUBIA ***

mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
You were able to actually install TWRP? Not just boot it? I thought A10 devices cant have twrp permanently installed?

That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.

mslezak said:
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
Click to expand...
Click to collapse
So its not permanent? Thats what I thought.

Well it could be permanent...
VZTech said:
So its not permanent? Thats what I thought.
Click to expand...
Click to collapse
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.

mslezak said:
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
Click to expand...
Click to collapse
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe

Can anyone send me backup of the super partition?
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)

Future updates...
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
Yes what I've been told by prior Redmagic Users 3 and 3S is the ROM is released, as long as your boot.img is not patched with Magisk, it can be installed through the menus in Settings / About Phone / Update or someplace like that. You just download the ROM to the appropriate folder on the phone.
So far I have 1 link to a China ROM update here: https://ui.nubia.cn/rom/detail/65
Now on how to install the ROM, I use the Chrome browser set to autotranslate webpages. Most of the Chinese will be translated from here: https://bbs.nubia.com//thread-1136030-1-1.html
Basically it's going to wipe your device clean, and you can use a Nubia backup tool which will save all your items to a folder. Which then you should copy to your PC before installing the new ROM. Then it gives you instructions to get that data back onto your updated device.

apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.

VZTech said:
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
Click to expand...
Click to collapse
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---

apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
You should be able to flash the latest ROM via EDL mode if you've ever used EDL mode before, it usually requires shorting pins together in the device, although some recoveries will let you just boot into EDL mode if the phone still boots. It will be detected. Although on this device with the dynamic partition, I don't know how you would flash these in EDL mode... dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm that do not look like fastboot flashable parts. Possibly the unbrick tool for Redmagic 3/3S could be modified to do this for you.

mslezak said:
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
Click to expand...
Click to collapse
Yes those .img files can easily be fastboot flashed. Unfortunately it wont solve his problem. He needs the nubia unbrick tool, which is tough to get. I dont understand why Nubia makes things difficult. They should provide proper Fastboot files.

I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.

apersomany said:
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
Click to expand...
Click to collapse
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.

mslezak said:
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
Click to expand...
Click to collapse
Thank you so much!

Okay I can't add anything special but daaamn this community is amazing. So much help I love you all

To relock BL repeat the instructions with 1 different command
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse

Just in case if somebody need a Chinese version of official ROM v2.46 for RedMagic 5G.
Code:
https://mega.nz/file/vc0DiabR#npahTop-JXZ9Mwv-lA7G6DxTG2qqOOAf6AwW8NdEEKw

mslezak said:
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
Click to expand...
Click to collapse
we found out that using the cn rom it all works without even unlocking the bootloader, even while oem unlock was disabled in dev options but there is some kind of vbmeta img required. a full guide is incoming.

VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
You can flash their NX659J-update.zip files directly from TWRP that's how we restored our bricked devices already. So OTA updates no, but you can download them anyway and flash from TWRP directly. Yes we have to figure out a concrete restore method which isn't 100% working yet. I.e. all your data is lost this way apparently AT THIS MOMENT... MORE TO COME.

100003562 Onn 10.1 Android 11 (Bootloader Unlock, Magisk Root)

Hey folks I spent some time working on this yesterday (dumping Rom, Patching etc) so I thought I'd share. I am including the files I used to get this work.
This is for 100003562 Walmart Onn Tablet
I can't comment on other Onn models because I don't have any.
If your tablet goes into meltdown mode, I'm not responsible. I'm sharing the process that worked for me.
*These files are from:
*Android 11, Security Update 5AUG21 --> They probably won't work with any other version so I can't answer questions related to using them for that.
I don't recommend you try these on any other model unless you do it at you own risk.
*Strangely enough, this update doesn't have any of the Walmart apps installed or the bottom button on the taskbar. It asks if you want to install them when you are setting up the tablet*
I chose no.
Steps:
1. Enable USB Debugging, (while in Dev Options go to OEM Unlocking a tick that, (don't know if 100% necessary but I did it in my process)
and fire up a CMD or Powershell Window.
2. ADB:
adb devices (to make sure you are connected)
adb reboot bootloader
~boots to bootloader~
3. FASTBOOT
fastboot devices (to make sure you are connected)
(WARNING: the next command will factory reset the tablet)
fastboot flashing unlock
(follow volume key prompt to unlock and then device will reboot and bootloader is unlocked.)
You will see "orange state" as it boots if it worked properly. I don't have any interest in removing this message so you'll have to go elsewhere if you do.
4. Repeat steps 1-2 and get back into bootloader.
FASTBOOT:
fastboot devices
fastboot flash vbmeta <path to vbmeta.img>
fastboot flash boot <path to migisk patched.img>
fastboot reboot
5. Done
Notes:
I use Magisk Manager to do a direct install patch after I get root. (also don't know if 100% necessary, but it makes me feel better)
I'm including the stock boot.img in case you want to create your own patch with Magisk Manager. I used 24.1 (24100)
I'll answer what I can if you run into issues.
Cheers!

Reserved.

hey i was actually just about to go into the rabbit hole of pulling the boot.img, then i saw this. my tablet is stuck on the 5jan21 patch and wont update. could you tell me how you dumped the rom? also did you have to modify the vbmeta file? thanks

Mayday_Channel said:
hey i was actually just about to go into the rabbit hole of pulling the boot.img, then i saw this. my tablet is stuck on the 5jan21 patch and wont update. could you tell me how you dumped the rom? also did you have to modify the vbmeta file? thanks
Click to expand...
Click to collapse
i used sp flash and wwr. you can prob pull the boot.img pretty easily, but if you tried to take an OTA and it got corrupted, that might not work anyway. the vbmeta an empty one. this boot.img is from the most up to date ota which i got yesterday. i ordered a refurb version of this tablet and started messing with it yesterday. i have a copy of the full ROM dump as well. let me know if you need pieces and I can get them to you. you might be able to flash a few of the partitions and get it running again. can you get into fastboot?

which sp flash version? im on the latest 5.2152, every time i try to dump the full rom, it hangs on 0% readback. same with trying the boot.img. what was the full rom length, just to confirm? i got 0x750000000 from wwr

Mayday_Channel said:
which sp flash version? im on the latest 5.2152, every time i try to dump the full rom, it hangs on 0% readback. same with trying the boot.img. what was the full rom length, just to confirm? i got 0x750000000 from wwr
Click to expand...
Click to collapse
I used 5.1524. i had this issue as well and had to update the com port drivers. i used Iobit driver booster for this and it found the right driver. and yes thats the correct length for the one i dumped. i have the full thing on mega if you just want to flash it with sp flash tool.

that would be very nice. please post. thank you

Mayday_Channel said:
that would be very nice. please post. thank you
Click to expand...
Click to collapse
File folder on MEGA
mega.nz

goldensun1893 said:
File folder on MEGA
mega.nz
Click to expand...
Click to collapse
i got rid of userdata and cache to shrink it some.

thanks man

Mayday_Channel said:
thanks man
Click to expand...
Click to collapse
let me know how it works

could i please get the cache & userdata partitions? id like to keep a complete rom for archive. it seems to have flashed ok, but it broke wifi and its still stuck on january 5 patch. oh well, thats why i have 2 of these

ill drop them on there. be warned the userdata.img is something like 28GB. If you have the NV RAM Warning: ERR 0x10, there are a few tuts on here to fix that. Its common with SP Flash and MTK chips.

I think I figured out why it doesn't work. Spft isn't flashing super.img. even if I edit the scatter file to add super.img. I'll do some more trouble shooting at lunch

alright lets goooo. fixed it. just needed to change a few things in the scatter file and change the vbmeta files to img. next ill start experimenting on patching lk.bin to remove the ORANGE STATE text. thanks for the rom dump

NICE! I took a leap of faith and did this on my Oct 5th 2021 Security update build and it appears to have worked and Im rooted with magisk!!! I added a few additional steps to your commands just in case
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot erase cache
fastboot flash boot magisk_patched-24100_w97F6.img
fastboot reboot
I found a USB ADB fastboot driver that was signed and worked on my windows 10 x64 system but I had to go through the "Have Disk" manual driver install and installed even though it wasnt supposedly designed for my hardware. So insane the hoops to do this...
MT65XX-USB-VCOM-drivers\MT65XX USB VCOM drivers\Google_USB_Driver_rev4
Had trouble updating to Magisk to 24.3 however, not sure what pitfall I hit.
Wondering if I should be happy with root or try and flash TWRP and try a different ROM.

Iam in need of some help i am not sure if i have to install something to the tablet or pc but when i do the command "fastboot flashing devices" on my tablet just says on the bottom left =>FASTBOOT mode... and it doesnt change and on my pc it says <waiting for device> idk what am doing wrong can someone help me

beachmiles said:
NICE! I took a leap of faith and did this on my Oct 5th 2021 Security update build and it appears to have worked and Im rooted with magisk!!! I added a few additional steps to your commands just in case
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot erase cache
fastboot flash boot magisk_patched-24100_w97F6.img
fastboot reboot
I found a USB ADB fastboot driver that was signed and worked on my windows 10 x64 system but I had to go through the "Have Disk" manual driver install and installed even though it wasnt supposedly designed for my hardware. So insane the hoops to do this...
MT65XX-USB-VCOM-drivers\MT65XX USB VCOM drivers\Google_USB_Driver_rev4
Had trouble updating to Magisk to 24.3 however, not sure what pitfall I hit.
Wondering if I should be happy with root or try and flash TWRP and try a different ROM.
Click to expand...
Click to collapse
Followed the same steps and managed to get it working on my tablet that was on the same secpatch. However I also ran into an issue updating magisk. It acts like it worked fine and then when it reboots it asks to patch again.

Had to patch boot file manually and flash via fastboot. Still get an annoying popup when opening magisk but it's now updated to the latest 25.0.
To update run the following:
Root using ops method
Start your device and make sure that everything is rooted and working
adb reboot bootloader
fastboot flash boot [PATH TO MAGISK PATCHED 25000]
fastboot reboot
Tested on Oct521 SecPatch on a devices already rooted with OPs method. Do this at your own risk. Make backups, etc etc.​

hi nice work. sorry for my english. but i have a problem on mi onn tablet 1000035652 android 11. i try to root whit our method on fastboot no problem the tablet is unlock a message appears of the erase all data if unlock bootloader and press up volume then restart tablet so configure again and proced to fourt 4 point to flash vbdata and boot and in fastboot window okay flash then reboot and the tablet power on to the config screen then appear a message of controller apps stop then reboot and reboot infinite loop and i try to lock bootloader gain or reflash boot.img stock but no solution and i search for a alast update.zip or way to reinstal stock firmware can anyone help me ?