Database Users

[Q][Solved] Where should I begin as a beginner?

Edit:
[Procedure] http://forum.xda-developers.com/showpost.php?p=64841837&postcount=27
Edit/
I am creating this thread dedicated for me and other beginners "noobs".
Where should I begin as a beginner?
I am looking to unlock and root with latest MM that motorola supplies.
Things you should know about me:
I have no idea how to use adb.
I have no idea how to unlock & root or even if I should but I don't like ads.
I have no idea which firmware to use.
http://forum.xda-developers.com/moto-x-style/development/pure-firmware-tuff-wip-t3224833
http://forum.xda-developers.com/mot...rom-stock-rooted-debloated-x1575-6-0-t3262242
I am completely lost.
I have not gotten my phone yet, I ordered it this morning and will be here Friday. I am just trying to compile sources and info.
Thanks a bunch guys, I really need help with this.

One piece of advice for starters just since you used the word noob. Never mod your phone on a low battery. You can mess a phone up enough to break offline charging, and without a removable battery that you can swap out or charge in a cradle that could get awkward in a hurry on this phone. I always make sure I'm >75% just in case. You can fastboot your way out of all kinds of trouble; but not if your battery is dead and your phone is so screwed up it is not offline charging.
Your phone will probably show up with Android 5.1.1 installed, at least I got mine about 3 weeks ago and it did. Once it is through initial setup it should want to apply an OTA to Android 6.0 right away; if not check for it in Settings -> About -> System updates and it should find one. Just let it update before you do any setup or app downloading.
Once you're on MM, before you do any setup you have to unlock your bootloader if you intend to root. You'll get all the warnings about voiding warranty and here there be dragons, so be prepared for that. Also, unlocking the bootloader will wipe your internal storage, so don't bother with any setup or app downloading before you do it.
Start with Heisenberg's thread. It is a great guide on how to setup your computer for adb and fastboot as well as all the syntax you need for unlocking the bootloader and installing a custom recovery. Make sure to get the 2.8.7.1 version of TWRP that is patched to work with the MM bootloader.
When you boot to TWRP recovery for the first time it will ask if you want to keep system read only. Keep system read only and make a backup immediately. I usually make one backup of boot, system, and data, and a separate one of just efs; don't worry if you don't understand, you'll figure it out when you get there. TWRP is all touch based and pretty intuitive. This way you have good, untouched system backup to fall back on just in case.
When it comes to rooting MM, don't use the old system install method. Flash a SuperSU from this experimental systemless root thread (I used this instead of the ivcarlos method linked to the Heisenberg thread because it is more automated and easier). I can vouch for the 2.62-20151210170034 version of SuperSU. I've used it to root stock MM on this phone 3 or 4x as I've restored backups and changed kernels. I've heard the 2.64 and above SuperSU versions are not working with this phone on MM, and the older traditional system root methods like the v2.49 version that is linked to the Heisenberg thread are causing bootloops on MM. Don't panic on first boot after the systemless root; it appears to bootloop once but comes up normally the second time.
One other thing, TWRP doesn't seem to be able to detect the systemless rooting method, and it really wants your phone to be rooted. If/when TWRP offers to automatically install SuperSU, don't let it - ever - it will keep asking. It must use the old method that causes bootloops on MM, not the new systemless method linked above.
Once you're all rooted and settled in, if you get sick of the unlocked bootloader warning you can fix it by reading up in this thread. Just be sure to read carefully and get the MM logo and not the LP logo.

Wow, thank you so much for the long type up.
Duly noted and this is a great start. May I continue here if I run into any problems?
I think ima have fun with this phone
I am into tinkering with devices, "sometimes linux" etc, like my PC OS win7x64 is modified big time, so I probably will catch on with unlocking rooting etc very quickly.
I got chillz and cannot wait!

Read a lot. Do a lot of reading on the topic before trying it. Basically learn all the possible errors or negative outcomes before they happen, so your not blindsided and are ready for anything that can happen.

gokart2 said:
Read a lot. Do a lot of reading on the topic before trying it. Basically learn all the possible errors or negative outcomes before they happen, so your not blindsided and are ready for anything that can happen.
Click to expand...
Click to collapse
Will do. I was reading, flashing can screw up the modem,wif and what ever else.
I hope I don't screw it up.

Hitti2 said:
Will do. I was reading, flashing can screw up the modem,wif and what ever else.
I hope I don't screw it up.
Click to expand...
Click to collapse
Good luck :good:
I just noticed one thing that might not be entirely clear in the Heisenberg thread. It says to enable adb in the Settings -> Developer Options menu, but by default you won't have a Developer Options menu.
To get one, go into Settings -> About Phone, scroll all the way to the bottom, and tap on build number about 8 or 10 times. Your phone will say something to the effect of congratulations now you're a developer, and you'll have the menu.
Edit: i just noticed it says how to enable developer options further down the page

ty, I will need it lol.
Dev options were on my S5 too. My pops showed me how to on the S5, kinda hoping it was the same way to enable them, turned out to be. Cool.

gokart2 said:
Read a lot. Do a lot of reading on the topic before trying it. Basically learn all the possible errors or negative outcomes before they happen, so your not blindsided and are ready for anything that can happen.
Click to expand...
Click to collapse
^^^This^^^
and remember what XDA is really for ...http://forum.xda-developers.com/showpost.php?p=2031989
with that, enjoy all the reading, and do not be afraid to look at other sites too, there are even videos around that can help guide you...
and there are fellow members here to help...but most questions have already been asked and answered, so search first! Cheers! :highfive:

This might sound so stupid.
So, I will begin with the recommendation of installing twrp as my first step.
http://forum.xda-developers.com/showpost.php?p=64545146&postcount=131
1) Be sure to get the newest TWRP that has been patched for M.
Click to expand...
Click to collapse
How do I go on installing this TWRP? Does it include flashing TWRP to the phone? Or is an app? I don't understand.
How many ROMs can be flashed to the phone, 2? TWRP & Marshmallow?

Hitti2 said:
This might sound so stupid.
So, I will begin with the recommendation of installing twrp as my first step.
http://forum.xda-developers.com/showpost.php?p=64545146&postcount=131
How do I go on installing this TWRP? Does it include flashing TWRP to the phone? Or is an app? I don't understand.
How many ROMs can be flashed to the phone, 2? TWRP & Marshmallow?
Click to expand...
Click to collapse
Sounds like you need to do more studying and reading
TWRP is not a ROM, it is a custom recovery image, which allows you to flash ROMs.
Start here..http://androiding.how/root-moto-x-pure/
Then go here..http://forum.xda-developers.com/mot...l-windroid-universal-android-toolkit-t3206883 for a good tool. (May have already been linked above...)

[Q] Where should I begin as a beginner?
At the beginning, of course.
Sorry couldn't resist...

Naddict said:
Sounds like you need to do more studying and reading
TWRP is not a ROM, it is a custom recovery image, which allows you to flash ROMs.
Start here..http://androiding.how/root-moto-x-pure/
Then go here..http://forum.xda-developers.com/mot...l-windroid-universal-android-toolkit-t3206883 for a good tool. (May have already been linked above...)
Click to expand...
Click to collapse
Tyvm.
Before I proceed, I need to backup, right? How do I go forth doing a backup?
Also, I am updated on MM, does those two links above work on MM?

Hitti2 said:
Tyvm.
Before I proceed, I need to backup, right? How do I go forth doing a backup?
Also, I am updated on MM, does those two links above work on MM?
Click to expand...
Click to collapse
after you unlock and install custom recovery, you use TWRP (the custom recovery) to create the backup...
as you are on MM, you cannot use the "all in one" application that I provided in the link...so you will have to manually install/flash your rom

Wow im so frustrated. I think i give up. There is no guides upto date to do exactly twrp, backup, install w/e n root for ota mm.
I'll donate 30 usd via paypal if someone can.

Hitti2 said:
Wow im so frustrated. I think i give up. There is no guides upto date to do exactly twrp, backup, install w/e n root for ota mm.
I'll donate 30 usd via paypal if someone can.
Click to expand...
Click to collapse
Clearly you are impatient (not trying to be rude here), - XDA truly is not a place to pay for someone to do it for you, XDA is about learning and development, there are several places that a search will get you what you need. Many members have also posted links above to vast amount of information (specifically this post and this entire thread here http://forum.xda-developers.com/showpost.php?p=64183396&postcount=151 and here too http://forum.xda-developers.com/showpost.php?p=64311581&postcount=171) that you should take time to read and then, as you move through these things then you ask questions.
Offering to pay to have someone do it for you is really not what this site is about.
Read, do google searches...it has been done a hundred time already mate, take the time to learn what it is you are doing before actually doing it.

I dont have 400 to spare for for another phone if i brick this one because i was pointed to all kinds of mixed links. Ionno ill wait till someone comes up with a guide then.
Thanks.
Edit:
Let it be known as well, because you know how to milk a cow doesn't mean I know how to milk a cow. Or change a complete motor out of a vehicle etc.

Not being a smartarsh either. I'll prob end up like this guy https://www.reddit.com/r/MotoX/comments/3z2e6g/stuck_rooting_moto_x_pure_on_60/
And I read this, http://forums.androidcentral.com/moto-x-pure-edition/622331-6-0-marshmallow-root.html#post4899736
Dunno which one to go for.
I'm done for today, I'll come back tomorrow to upset with this.

Hitti2 said:
I dont have 400 to spare for for another phone if i brick this one because i was pointed to all kinds of mixed links. Ionno ill wait till someone comes up with a guide then.
Thanks.
Edit:
Let it be known as well, because you know how to milk a cow doesn't mean I know how to milk a cow. Or change a complete motor out of a vehicle etc.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=2031989
Hitti2 said:
Not being a smartarsh either. I'll prob end up like this guy https://www.reddit.com/r/MotoX/comments/3z2e6g/stuck_rooting_moto_x_pure_on_60/
And I read this, http://forums.androidcentral.com/moto-x-pure-edition/622331-6-0-marshmallow-root.html#post4899736
Dunno which one to go for.
I'm done for today, I'll come back tomorrow to upset with this.
Click to expand...
Click to collapse
Looks to me like several folks in there offered suggestions on how to successfully get root ...and again, as my last helpful post here...you really need to read Heisenberg's thread, that guide works, and from what I can tell, you have to use systemless root.

Ok, I will follow
Intro
This thread will serve as a location for basic how-to guides for the Moto X Pure. I'm going to start off with a couple of the more obvious ones and go from there. If anyone has any suggestions for additions please feel free to let me know.
Prerequisites:
You'll need a working adb/fastboot environment on your PC to get through some of these guides. Go here to download the Android SDK, which will give you most updated version of adb and fastboot. Scroll to the bottom of the page and find Other Download Options>SDK Tools Only, and grab the right version for your OS. While it's downloading create a folder in C:\ called SDK (C:\SDK). Once you've downloaded the zip you can extract it into your C:\SDK folder. Navigate to C:\SDK\android-sdk-windows and open SDK Manager.exe. In SDK Manager you need to install the following packages:
Tools> Android SDK Tools, Android SDK Platform-tools
Extras> Android Support Library
Once you have installed those, inside C:\SDK you should see some new folders, one of them will be called platform-tools, within that folder you should see fastboot.exe and adb.exe. I'll refer to this as your fastboot folder/directory or working folder/directory during this guide. To make sure adb is correctly installed, open a command prompt from within your fastboot folder (hold shift + right click, select open command prompt here) and issue this command:
Code:
adb version
If it returns a version number for Android Debug Bridge then you're good to go.
You'll find Motorla drivers here, download it and install, then reboot your PC.
You can test adb by connecting your device to your PC while booted into Android (making sure that adb/usb debugging is enabled in Settings>Developer Options) with the screen unlocked and issuing this command:
Code:
adb devices
It should return your device serial number, if so, adb is working.
You can test fastboot by connecting your device to your PC while booted into fastboot mode (power + volume down) and issuing this command:
Code:
fastboot devices
It should return your device serial number, if so, fastboot is working.
By attempting any of the processes listed this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches on fire, or turns into a hipster and claims to have been modified before it was cool.
Index
How To Unlock Your Bootloader
How To Install A Custom Recovery On Your Device
How To Make A Nandroid Backup With TWRP Recovery
How To Root Your Stock Rom
How To Install A ROM with TWRP Recovery
How To Install A Custom Kernel With TWRP Recovery
How To Make Sure You Can Pretty Much Always Recover From An Accidentally Wiped System
1. How To Unlock Your Bootloader
Go into About Phone in Settings, click on Build Number 7 or 8 times until it says you have enabled Developer Options. Go back to Settings and enter the newly opened Developer Options section, scroll and click on the Enable OEM Unlock option.
Power off your phone then boot into fastboot mode (power + volume down).
Connect your phone to your PC via usb cable.
Open a command prompt from within your fastboot folder (navigate to where you have fastboot.exe located on your PC, shift + right click anywhere within that folder, select open command prompt here).
Check your fastboot connection by issuing this command:
Code:
fastboot devices
It should return your device serial number, if not you need to make sure your drivers are installed correctly.
Once you've confirmed your fastboot connection issue this command:
Code:
fastboot oem get_unlock_data
It should return something like this:
Code:
(bootloader) 0A40040192024205#4C4D3556313230
(bootloader) 30373731363031303332323239#BD00
(bootloader) 8A672BA4746C2CE02328A2AC0C39F95
(bootloader) 1A3E5#1F53280002000000000000000
(bootloader) 0000000
Copy that code (with no spaces between the characters) and paste it somewhere for safekeeping, you'll use it in a minute.
Go to the Motorola bootloader unlocking page. You'll need to create an account with Motorola if you don't already have one. Once you're signed in you can scroll down to step 6 and paste the above code into the text field and hit the “can my device be unlocked” button.
Read the terms and conditions and accept them if you agree (you can't continue unless you accept).
Click the “request unlock key” button and an email with your unlock token will be sent to the email account that you signed up with.
Once you have retrieved the token from the email you can use it within the following command to unlock your bootloader:
Code:
fastboot oem unlock xxxxxxxxxx
(Replace the xxxxxxxx with your unique unlock token)
Your bootloader is now unlocked!
Reboot with this command:
Code:
fastboot reboot
It's now safe to disconnect your usb cable.
Please note: this will erase all user data from your device, it is best to do this before you really start using the device and installing apps or putting data on the internal storage
2. How To Install A Custom Recovery On Your Device
Prerequisites: unlocked bootloader.
Download the recovery of your choice, here's TWRP.
Make sure you check the md5 to verify its integrity (where possible).
Place the file in your fastboot folder (this is where fastboot.exe is located on your PC).
Put the phone in fastboot mode and connect it to your PC via usb cable.
Open a command prompt from within your fastboot folder (shift + right click, select open command prompt here), and enter the following commands:
Code:
fastboot flash recovery <filename>.img
(Replace <filename> with the actual filename of the recovery, the recovery filename in the command will change depending on which recovery you're flashing)
Wait for the recovery to flash, it'll only take a few seconds, you'll get a finished message in your command prompt window once it's done.
It's now safe to disconnect your usb cable.
Don't reboot the phone normally, use the volume buttons to highlight recovery and press the power button to select it. This will stop the stock OS from patching it with the stock recovery in boot. Once you've booted into TWRP like this once, you can reboot normally.
3. How To Make A Nandroid Backup With TWRP Recovery
Prerequisites: unlocked bootloader, TWRP recovery.
A nandroid backup is a very important thing to have before installing any custom software on your device. It's basically a backup of your stock system that you can fall back on if anything goes wrong or if you just want your stock ROM back. You can also use the backup tool to create a backup of your favourite ROM set up exactly the way you like it. The backup you create can be easily restored using the restore tool in TWRP recovery.
All you need to do is enter TWRP recovery, select the backup option from the TWRP home screen, check the system/data/boot boxes, and swipe to backup. The process will take a few minutes.
Click to expand...
Click to collapse
& I will follow
Hello guys!
I make my own ROOT (systemless, thanks for Chainfire) images for Moto X Style with Marshmallow (build MPH24.49-18). Its use "experimental" systemless SuperSU version 2.56 - more info on http://forum.xda-developers.com/show...35&postcount=2. No need replace bootloader or recovery. Still need unlocked booloader.
Because TWRP didn't work in this version of bootloader (0xA048), I cooked "su.img" in a Linux box and used "/data/local/tmp" as bridge (accessible by ADB).
WARNING! I am not responsible for any harm on your phone. When you're not sure if you can do it, leave it!
For use, you need
1) unlocked bootloader.
2) if your bootloader not unlocked, make sure you have copy of your data, because this process will erase your device.
3) install ADB and FASTBOOT on your pc using minimal ADB or Android SDK.
4) install ADB drivers from Motorola or Universal ADB.
5) download provided files.
6) download SuperSU ver. 2.56 from http://forum.xda-developers.com/apps...ellow-t3219344.
Steps:
1) extract files in a folder of your choice (su.img, boot.img).
2) extract Superuser.apk from SuperSU-v2.56-20151030013730.zip from common folder.
3) enable USB debugging on Android.
4) connect your device on pc.
5) open a command prompt in a new folder.
6) type "adb push su.img /data/local/tmp" without quotes.
7) type "adb install Superuser.apk" without quotes.
8) now reboot your device into fastboot mode by typing "adb reboot bootloader".
9) type "fastboot flash boot boot.img" without quotes.
10) type "fastboot reboot" without quotes.
And enjoy!
Now you have a rooted MotoX Style Marshmallow. To apply any OTAs, you only need reflash stock boot.
Click to expand...
Click to collapse
I still think its going to brick but uhwell.

So far so good, I've got it unlocked.
I apologize for my ignorance. I am gonna take it a step at a time.
Doing step one "unlocking" was scary but it went good.
Wish me luck!

[Guide] enable cam2api only - no root

After having read many threads on this subject, it seems to become overly complicated by root, not root, lock, unlock, ota updates, no ota updates, etc etc.
So some basic information first, about what this guide accomplishes and what it doesn't;
1) No root involved, not installed at any time.
2) No changes to 'System' (OTA *should* work - I've yet to verify though)
3) BootLoader has to be unlocked (and stay unlocked, re locking causes a wipe - at least for me it did)
4) Your device will show up as 'uncertified' in PlayStore
5) There's no 'tool' involved, you aren't tied to any specific software version (or Magisk version obviously)
6) You will need TWRP (I used TWRP-3.2.3-jasmine-20180804.img) and also the boot.img for your current **previous version** software.
I of course take no responsibility for any negative results you experience, it's a use at your own risk Guide, as they all are.
I. Remove any accounts (gmail etc) on the device. Also remove finger print unlock and pattern (pin etc).
II. Enable developer options; OEM unlock and adb debugging
III. Connect to pc and verify 'adb devices' see's your device. Then type 'adb reboot bootloader'
IV. Once in fastboot, verify with 'fastboot devices'. Then do 'fastboot OEM unlock' (device will wipe and reboot)
(again enable Dev options and then enable adb debugging, then again do 'adb reboot bootloader')
V. Now check which is the active partition with 'fastboot getvar currdent-slot', make a note of it being a or b.
VI. Install TWRP on the NON active partition with 'fastboot flash boot_b <name of twrp>.img' (or boot_a if that is NON active).
VII. Now set that partition active with; 'fastboot set_active b' (or a - whichever one u installed TWRP to).
VIII. Now we'll type 'fastboot reboot' BUT, before hitting enter, hold down Vol UP. Keep it down until twrp boots.
IX. Once in TWRP ('adb devices' should work), we'll type 'adb shell', then once at the shell command prompt, type:
'setprop persist.camera.HAL3.enabled 1' and <enter> then type; 'setprop persist.camera.eis.enable 1' <enter> (These values won't be propagated to any tables until after a reboot, so don't check them now) then exit adb shell with 'exit' <enter>.
X. Now we press the 'Reboot' in TWRP but choose the original slot (you jotted down above right?). So if you booted TWRP on slot B, here you will choose slot A to set active in reboot.
XI. Once rebooted you can get a Cam2API checker on playstore and verify results. I'd also suggest rebooting to fastboot mode and flashing (your specific for your current **Previous** software) boot.img in place of TWRP - I'd guess that will remove any trace of modifications so OTA 'should' work - have not been able to verify that part yet, as mentioned above.
A little long and time consuming, hopefully not too verbose. But, you can now install GCam ports and they should function properly. This is the one I installed MGCamera_5.1.0.18_R4X_v.5.1.19.apk and cursory indications are all is working well.
Hopefully you've read to here before starting (you really should do that you know, always), because here's a question to ask yourself; Is this worth it? I mean, absolutely the GCam processing software is better, but you need to ask yourself if it's worth the trouble and lack of security and possible bricking, to you?
If you do decide to go ahead, proceed slowly, take your time. If you have any questions or doubts, this is the original thread I used (with my modifications outlined above). So any credit really goes to this guide:
https://www.theandroidsoul.com/xiaomi-mi-a2-root/
EDIT to ADD (10/08/18): as noted above, TWRP was flashed to the NON active Partition. What that means is the non-active partition has the *previous* update on it, not the newest. So when re-flashing that non active boot partition (after using TWRP) you should use the boot.img from the previous version you had installed. That will hopefully remove any trace of TWRP having been installed.

Great, this is really what i was searching.

After doing some additional research, it seems the boot image that should be flashed to get back to 'normal' (after twrp) should be the boot image that was being used ** previous ** to your current boot image.
I'm not sure if this will make a difference in OTA updates or not.
But essentially, when an A/B slot phone is updated, the unused slot is updated, then a reboot happens with that slot as active. So the previous slot (the one to 'fall back to' in case of issues) doesn't change. Thus, the boot image of that slot should be the * previous * version you were on.
So I've flashed the boot image from the 1st September update, as that was what I was running prior. I'll update this thread with whatever happens in the next update.
cheers

Works like a charm!
Thank you for sharing!

AsItLies said:
After doing some additional research, it seems the boot image that should be flashed to get back to 'normal' (after twrp) should be the boot image that was being used ** previous ** to your current boot image.
I'm not sure if this will make a difference in OTA updates or not.
But essentially, when an A/B slot phone is updated, the unused slot is updated, then a reboot happens with that slot as active. So the previous slot (the one to 'fall back to' in case of issues) doesn't change. Thus, the boot image of that slot should be the * previous * version you were on.
So I've flashed the boot image from the 1st September update, as that was what I was running prior. I'll update this thread with whatever happens in the next update.
cheers
Click to expand...
Click to collapse
A good update to this guide is you put that information on first post and put also the files of the boot.img off every update, for the noob people like me, something like:
1-Original Boot Image
2- August Update Boot Image
3- First september update Boot Image
4-Second september update boot image.
So people can check what is the installed version, and the version they should get to use with this gide without the problem off getting a Briked Phone.
Tks for your help.

ki69 said:
A good update to this guide is you put that information on first post and put also the files of the boot.img off every update, for the noob people like me, something like:
1-Original Boot Image
2- August Update Boot Image
3- First september update Boot Image
4-Second september update boot image.
Do people can check what is the installed version and the version they should get to use with this gide without the problem off getting a Briked Phone.
Tks for your help.
Click to expand...
Click to collapse
I've updated the original post, but part of the reason for the comment is so others could see something "New" has been said / added. Just updating won't do that.
All of the various boot and patched boot images are readily available in numerous other Guides / Posts. I don't think there's a reason to repeat them here. Just look around a bit, they are easily found.

AsItLies said:
I've updated the original post, but part of the reason for the comment is so others could see something "New" has been said / added. Just updating won't do that.
All of the various boot and patched boot images are readily available in numerous other Guides / Posts. I don't think there's a reason to repeat them here. Just look around a bit, they are easily found.
Click to expand...
Click to collapse
I think when you invites a friend to a sunday family lunch at your home, you should provide the complete lunch. It's not your "obligation", but is kind and cool, plus, maybe later your friend can do the same for you. The same situation here.
Is cool, doesn't cost a thing and people will get grateful and enjoy more your contribuition, and providing the right files, you can help them avoid getting the wrong files and messing their phones.
But, as I said: it's not your obligation, is just a "being cooler thing". :good:

kadu20es said:
I think when you invites a friend to a sunday family lunch at your home, you should provide the complete lunch.
Click to expand...
Click to collapse
Cute analogy, I'll remember it next time I'm looking for lunch.
Here's another more appropriate analogy: 'Give a man a fish, and he eats for the day. Teach a man to fish and he eats for the rest of his life'.
See, you need to do some of the leg work. If you can't, maybe you shouldn't be doing this at all?

In TWRP shall I select ADB sideload for shell to work.

ali7_has said:
In TWRP shall I select ADB sideload for shell to work.
Click to expand...
Click to collapse
Re Read what is in the directions:
Once TWRP is booted we type 'adb devices'.
Then type 'adb shell' at the command prompt.
No where does it indicated using 'ADB sideload' does it?
As said Ali, I'd suggest (again) doing some research on using ADB. Check the various adb commands. Try them out first, before following this guide. Do the same with Fastboot. Read the various documentation. Doing things blindly, well, it's your phone...

@MikeChannon (and @oka1 )Hi Mike, would you please lock this thread? I'm going to create another, much simpler (and less confusing) guide to accomplish the same thing using the patched boot image. I'll title it" [Guide] enable cam2api w/patched_boot - no root ". I don't have a link for it yet, but it will be easy to find.
Thanks!

AsItLies said:
Re Read what is in the directions:
Once TWRP is booted we type 'adb devices'.
Then type 'adb shell' at the command prompt.
No where does it indicated using 'ADB sideload' does it?
As said Ali, I'd suggest (again) doing some research on using ADB. Check the various adb commands. Try them out first, before following this guide. Do the same with Fastboot. Read the various documentation. Doing things blindly, well, it's your phone...
Click to expand...
Click to collapse
Sorry bro, it was driver problem unable me to connect adb in TWRP, it was active only in sideload. problem resolved by uninstalling the driver &installing again..
by the way there is no need to go to the Previous boot.img, I was on v9.6.10 and I flash the same than update it to v9.6.13 with no problem.
thanks a lot for the awesome it was so helpful.

Follow this link for a simpler way to do this. I'm embarrassed I didn't realize it before.
https://forum.xda-developers.com/mi-a2/how-to/simple-to-enable-cam2api-using-t3851926

From the Moderator
Per the OP
He is making a new thread, please see the previous postings for information.
...................... THIS THREAD IS NOW CLOSED .........................
Thx, ~~~~ oka1

Very simple way to enable cam2api using patched_image

Not even going to keep this for the learning experience, it's not worth it.

Hi! Tks for you suport.
I have 2 questions if you can help me. I´m a noob for this phone, but i used to update mu Xperia with Remix and i unsdestand a little bit of installing costum firmware.
1- Do we need after this to install again stock boot.img? Because i read in were and MIUI forum that patch boot.img will not give OTA updates.
But installing stock will not remove Camera2api also?
2- I Have V9.6.13.0.ODIMIFE ( second september update) i try to seach for patch boot.img for A2 in were, but i only find the full stock image
in https://forum.xda-developers.com/mi-a2/how-to/fastboot-xiaomi-mi-a2-fastboot-images-t3824849
I read what you said about teaching to fishing rather give a fish, but if for this thime you could put the link, in future updates we all will be more confortable do do other updates.
Kind regards

ki69 said:
1- Do we need after this to install again stock boot.img? Because i read in were and MIUI forum that patch boot.img will not give OTA updates.
But installing stock will not remove Camera2api also?
Click to expand...
Click to collapse
Ki, this is a great example of where one needs to look carefully at the command, and do some research. If you look closely the code says "boot" patched_boot. The point there is that it doesn't say "flash". Booting it won't flash it. That command will read it from your hard drive into rom memory of the device, and NOT write it to the flash memory of the device. I.E. The boot.img on the device will not change, so no reason to flash it again.
ki69 said:
2- I Have V9.6.13.0.ODIMIFE ( second september update) i try to seach for patch boot.img for A2 in were, but i only find the full stock image
in https://forum.xda-developers.com/mi-a2/how-to/fastboot-xiaomi-mi-a2-fastboot-images-t3824849
Click to expand...
Click to collapse
Bring up all the topics in the MiA2 Guide(s) forum. At the top right is "Search This Forum". So... obviously... type in; patched_boot.
The first thread, OTA Jasmine (etc) has many posts with links to specific versions of (magisk) patched_boot images. (hint; search that thread also if you don't want to page through the posts!) - and don't forget to thank (use thank button!) cpkv5 for his efforts of extracting the boot.img and patching it for everyone, and making it available for easy download!

AsItLies said:
So to enable Cam2API w/out root, and continue to get OTA updates;
1) You need to be familiar with using ADB and FASTBOOT. Pls look at easily searchable documentation for them. Have them installed and usable on your pc / laptop. Try some of the commands out before using this guide, to get use to them / verify working.
2) You have to unlock the bootloader, which will wipe the device. It will also have to stay unlocked, which means your phone will be considered 'uncertified' in Play Store. Because we don't have NFC, and I don't do any banking apps on my phone... no worries for me.
3) You need the patched_boot.img for your current software version. The patched image (and the original boot image) are readily available. Just search the MiA2 forums and you'll find numerous links to new and previous images for the various software versions that have existed for our MiA2's.
So, you should already know how to enable adb and to OEM unlock in developer options (pls SEARCH if not!). So make an adb connection to do:
Code:
adb devices
The above will verify your pc sees the phone, obviously.
Code:
adb reboot bootloader
The above is an easy way to get to fastboot mode.
Code:
fastboot devices
The above will verify fastboot sees our device
Code:
fastboot oem unlock
The above unlocks the bootloader and wipes / reboots device. Again recheck to be sure in Dev options adb is on.
Code:
adb reboot bootloader
Above to get back to fastboot mode.
Code:
fastboot boot patched_boot.img
The above will now boot the device. Be sure the patched boot image is in the directory you are issuing the command from, and again, it needs to be the patched image that corresponds to the current software version you are using.
At this point, I'd recommend to not do anything with the device. It should be booted and appear normal. Back at our command prompt;
Code:
adb devices
Assuming we still see our device:
Code:
adb shell
The above will now put our command prompt into a linux shell, and then type the following:
Code:
setprop persist.camera.HAL3.enabled 1
and then
Code:
setprop persist.camera.eis.enable 1
At this point, it's about done. The above settings will get propagated to the appropriate tables after rebooting the device. They won't change system settings. So OTA updates should work.
Next, we just type 'exit' in the command prompt to exit the adb shell. Lastly we again issue 'adb reboot bootloader' and once we're back into fastboot, just issue 'fastboot reboot'.
That's it. We never flashed anything, only booted the patched image. So nothing really gets touched, that could inhibit OTA updates. When we do the reboot, it will read the original (untouched) boot image and boot as normal. This also keeps us from touching the other 'Slot' (not really needed). This is much simpler than using TWRP imho.
Click to expand...
Click to collapse
THANKS MATE, I REACHED TO FINAL STAGE & BOOTED IN TO THE PATCHED IMAGE BUT
AFTER putting command prompt into a linux shell it gives error failed to set property. please help i am awiting your reply.

Abbey Bhatt said:
THANKS MATE, I REACHED TO FINAL STAGE & BOOTED IN TO THE PATCHED IMAGE BUT
AFTER putting command prompt into a linux shell it gives error failed to set property. please help i am awiting your reply.
Click to expand...
Click to collapse
Yes I saw that Abbey, just updated the original post. At this point pls use the TWRP method I mentioned in similar thread. That works for sure.
I thought the Magisk patched boot image would have the same abilities (in this sense) as twrp, but it seems it does not. Will update if I find a solution.

Abbey Bhatt said:
THANKS MATE, I REACHED TO FINAL STAGE & BOOTED IN TO THE PATCHED IMAGE BUT
AFTER putting command prompt into a linux shell it gives error failed to set property. please help i am awiting your reply.
Click to expand...
Click to collapse
hey mate after rebooting, magisk appeared in app drawer, did i flashed patched boot image. by using this code? please advise

AsItLies said:
Ki, this is a great example of where one needs to look carefully at the command, and do some research. If you look closely the code says "boot" patched_boot. The point there is that it doesn't say "flash". Booting it won't flash it. That command will read it from your hard drive into rom memory of the device, and NOT write it to the flash memory of the device. I.E. The boot.img on the device will not change, so no reason to flash it again.
Click to expand...
Click to collapse
Yes, i didn´t read carefully, but my question has because i read that we need magisk after put patche boot.img, then enable, then remove magisk then flash stock boot.img
I read that you update the firt post informing of the need of that.
AsItLies said:
Bring up all the topics in the MiA2 Guide(s) forum. At the top right is "Search This Forum". So... obviously... type in; patched_boot.
The first thread, OTA Jasmine (etc) has many posts with links to specific versions of (magisk) patched_boot images. (hint; search that thread also if you don't want to page through the posts!) - and don't forget to thank (use thank button!) cpkv5 for his efforts of extracting the boot.img and patching it for everyone, and making it available for easy download!
Click to expand...
Click to collapse
Sorry, i only find this one:
https://forum.xda-developers.com/showpost.php?p=77295065&postcount=22
that have magisk, but with that like i said before i will mess with system/root, the thing i did´t want. so for me is not the path i want to take. I prefer the patch you give in:
https://forum.xda-developers.com/mi-a2/how-to/guide-enable-cam2api-root-t3848058
And because is a diferente path i think that that thread should be reopen by mods.

Abbey Bhatt said:
hey mate after rebooting, magisk appeared in app drawer, did i flashed patched boot image. by using this code? please advise
Click to expand...
Click to collapse
It shouldn't have flashed it, should have just booted it. I just uninstalled the magisk in app drawer myself. It looks as though a part of the magisk patched boot image installs that 'stub' part of magisk, to then allow a full install I'm sure. So that seems to happen whether you flash it or boot it.

ki69 said:
Yes, i didn´t read carefully,
Sorry, i only find this one:
Click to expand...
Click to collapse
You're looking in the ROM forums, not the indicated GUIDES forum.

AsItLies said:
It shouldn't have flashed it, should have just booted it. I just uninstalled the magisk in app drawer myself. It looks as though a part of the magisk patched boot image installs that 'stub' part of magisk, to then allow a full install I'm sure. So that seems to happen whether you flash it or boot it.
Click to expand...
Click to collapse
hey i am now wish to follow method presented in this thread
https://forum.xda-developers.com/mi-a2/how-to/guide-enable-cam2api-root-t3848058
but at stage of fastboot getvar currdent-slot
it showing failed. no any partition showed

Abbey Bhatt said:
hey i am now wish to follow method presented in this thread
https://forum.xda-developers.com/mi-a2/how-to/guide-enable-cam2api-root-t3848058
but at stage of fastboot getvar currdent-slot
it showing failed. no any partition showed
Click to expand...
Click to collapse
Not sure what's going on. When I do the same the result is:
fastboot getvar current-slot
current-slot: b
Finished. Total time: 0.000s
Did you flash it by mistake instead of boot it? Have you tried to do a 'fastboot set_active' ?

AsItLies said:
Not sure what's going on. When I do the same the result is:
fastboot getvar current-slot
current-slot: b
Finished. Total time: 0.000s
Did you flash it by mistake instead of boot it? Have you tried to do a 'fastboot set_active' ?
Click to expand...
Click to collapse
Humble request,
If you don't know about device or appropriate procedure don't post irrelevant things. As I know this device is tricky and more chances for hard brick if something goes wrong.

Abbey Bhatt said:
Humble request,
If you don't know about device or appropriate procedure don't post irrelevant things. As I know this device is tricky and more chances for hard brick if something goes wrong.
Click to expand...
Click to collapse
out and out flagrant request, if you can't follow directions, don't even try what is suggested.
There's no way anything I indicated would brick a phone. I've done it. Mine is not bricked. As indicated the setprop commands won't work with patched boot image. Then all you have to do is exactly what the procedure says and it's back to normal.
You're the reason people don't bother to post guides.
I do know about device and relevant procedure, it's not irrelevant. Your inability is what's irrelevant.

AsItLies said:
out and out flagrant request, if you can't follow directions, don't even try what is suggested.
There's no way anything I indicated would brick a phone. I've done it. Mine is not bricked. As indicated the setprop commands won't work with patched boot image. Then all you have to do is exactly what the procedure says and it's back to normal.
You're the reason people don't bother to post guides.
I do know about device and relevant procedure, it's not irrelevant. Your inability is what's irrelevant.
Click to expand...
Click to collapse
Hero how's your age how long been in this you are the people who doesn't know things and phones and wage all around being as op. Now cut this crappy out and first learn and then come for advice.

Abbey Bhatt said:
Hero how's your age how long been in this you are the people who doesn't know things and phones and wage all around being as op. Now cut this crappy out and first learn and then come for advice.
Click to expand...
Click to collapse
I'm sorry you screwed up your device. But it's not my fault. Nothing I indicated, if followed, would have caused that.
I'd suggest quitting the childish attempts at personal attacks. Your problems are not my fault.

@oka1 Hi again, sorry, this is the 2nd time! Please close this thread, and delete if possible. It' no longer provides any benefit.
Thanks! Won't happen again.

[RECOVERY] TWRP for Onn Android Tablets (unofficial) - 2019-11-30

TWRP Custom Recovery for the Onn Android Tablet series​
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model

Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.

Reserved also

grabbing this one too cuz why not

Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?

Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....

Amazing!! Gonna install and test 8" right now.

Has anyone tried a GSI on these tablets yet?

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.

WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!

Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.

@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!

You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...

diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.

Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?

Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?

If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.

(GUIDE) Root Onn 8 Gen 2 100011885

Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.

Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something

LaikaXv1 said:
Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
Click to expand...
Click to collapse
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
I'm glad to see that there is finally a root solution for this device. I have 2 Onn 8 first gen, Android 9 tablets and I use the Magisk module: Universal SafetyNet Fix to
pass.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Let us all know if this works. I work in a Walmart electronics department and have not bought one of the 2nd gen devices because I had assumed that it could not be rooted. I am temped just for a new challenge, even though I really don't need a new device.
Have you been able to create a backup of the stock rom? Is it flashed with spflashtool like the older device?
Thanks

I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!

LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
Ah, I didn't hit reply. Oops!
I'm not new to XDA persay, but I'm not usually the one making guides and actually saying things haha.

Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)

Boox17 said:
Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)
Click to expand...
Click to collapse
It sounds like maybe you did not unlock the bootloader first?

martyfender said:
It sounds like maybe you did not unlock the bootloader first?
Click to expand...
Click to collapse
Yeah exactly what it was

I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30

I'm stuck in a boot loop. Does this work with a 100011885 that has Android 11 or did I just brick it cause I didn't pay attention.

I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img

bowb said:
I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img
Click to expand...
Click to collapse
Did you get this working?

Valiante said:
Did you get this working?
Click to expand...
Click to collapse
No.

LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
did you happen to upload this image yet? if so, got a link?

I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?

pj_dev said:
I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?
Click to expand...
Click to collapse
Unfortunately, the numbers are important. Are you able to get to fastbootd? If you can get to fastbootd, I would recommend trying to change to boot slot. Newer androids actually have two boot partitions for updating purposes. You can check which boot partition you're using with `fastboot getvar current-slot` which should return "a" or "b". Then do `fastboot set-active x` and replace x with whichever slot is NOT active as determined by the previous command. If the other boot slot is still intact, this would hopefully result in a bootable device. I haven't tried this myself, but this is what I would try if I were in your situation.
If this doesn't work, I would try flashing stock with sp flash tool, which doesn't need fastboot if you can't access that. It's a leaked mediatek tool, so there isn't an official site to get it from unfortunately. I got it from here: https://androidmtk.com/smart-phone-flash-tool but use your discretion. And get v5, because that's what most of the guides use. Then you can try flashing the 3561 stock firmware here: https://forum.xda-developers.com/t/stock-stock-backups-images-otas.3998227/post-82619259
If you can get it to boot at this point and want to de-walmart it, I would recommend just flashing a GSI rather than messing around with the stock rom. You can find the GSI's here: https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list

LaikaXv1 said:
Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something
Click to expand...
Click to collapse
Lol, remember those copy-pasted guides where they provide the wrong TWRP images and it messes up the device

So the 8" Onn actually has a boot-ramdisk it appears. On the 7" Onn Surf (100005206), there is no boot-ramdisk, so the alternative is patching a recovery.img and allowing Magisk to hijack the /recovery partition. The only drawback is, anytime you need to reboot, using hardware keys as though booting into recovery is necessary.

inzane105 said:
I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30
Click to expand...
Click to collapse
I'm in a similar situation, my friend got an RCA Atlas 10 Pro-S from Goodwill for $1. It had an FRP lock on it though, and we ultimately managed to get to the home screen by enabling TalkBack and watching the support video to open the browser. Then, we installed Lawnchair to access the home screen. The settings app worked, but Developer Options would not open.
GetDroidTips has published a software called Miracle Box, claiming that it can unlock MediaTek bootloaders, as well as bypass FRP. However, a VirusTotal scan indicates that it is likely malware. I tried running it in a virtual machine and it asked if I wanted to run a process impersonating "svchost.exe" as Administrator. I airgapped the virtual machine, and Miracle Box said it needed Internet access for licensing, however GetDroidTips said it was free. I suspect that this was a fake software crack.
I am aware of a program called SP Flash Tool, but that won't work because I am on Linux, and not Windows. I doubt it would work under WINE, as it requires special device-specific drivers that also only work on Windows. I have a spare Lenovo IdeaPad 110-15ACL, however I don't have the drivers needed to set up Windows 7 on it. I could, of course, use Windows 10, but I have heard it is bad for flashing, and it is very slow anyway. (I did, however, buy an SSD for it, perhaps this will speed it up enough to be somewhat usable?)
I also found an open-source MediaTek exploit script called MTKTools. It did not work, and it told me to hold all hardware buttons before plugging the device in. It still did not detect the tablet. It told me that I could also short TP1 to ground, however I could not find Test Point 1 on the tablet's motherboard.
There are no custom recoveries or FRP unlocking guides for this device, likely because it's an obscure Android 7.1 tablet from back in 2014. I wouldnt be able to flash them anyway as the bootloader is locked. It has 2 GB of RAM and the processor cores are Cortex-A35s so I'm not sure that this is worth unlocking. On the other hand, it costs over $100 from Walmart.
I am worried that the device was stolen, as it had a password, and once I reset it from Recovery mode, it had an FRP lock. If it is indeed stolen, I can't return it, due to the "as is" nature of Goodwill, and besides, I have disassembled it several times as well. Should I be concerned about the ethical implications of unlocking this device?

Does this work on Android 11? I have the Onn. 100011885 model, according to my settings app.