WARNING DO NOT ATTEMPT TO DO THIS YOURSELF AS I HAVE SPECIAL TOOLS TO UNBRICK MY PHONES IM USING TO PERFECT THIS PROCESS.
I've recently stumbled into a process that allows the bootloaders to be unlocked on nearly all mediatek devices, with the help of a paid tool, and this process https://forum.xda-developers.com/t/mod-dev-mediatek-mtk-auth-bypass-sla-daa-utility.4232377/ It made unlocking the bootloaders, pulling full rom backups or restoring the backups possible.
First i accidently crashed the system and preloader manually on the Stylo 6 and was able to unlock the bootloader, then i repeated the process on 2 more Stylo 6's and 2 K51's. I sought out help and started working with Haise and the guys in the stylo 6 discord group until he got the files i pulled from my unlocked phones that he needed for his process that he came up with and then told me to stop the work that I started. After he removed me from his discord group for calling him out for no longer wanting to work with me so i could accomplish this goal that I set for myself. I reached out to the team at Hovatek for some guidance and I couldn't have restored my 2 hard bricked stylo 6's without them, in just about a months time i feel i learned half a years worth of knowledge, and i plan to share my findings in hope that this process can be recreated without a paid program.
I have complete rom backups of the stock system, unlocked bootloader system, and fully magisk rooted backups of both Stylo 6 and K51. I have compiled a 100 percent all files included scatter file based off of each rom backup, i will continue working with the Hovatek team to make this process of unlocking these bootloaders and many more bootloaders easy and free for everyone, I will be loading more files tonite so look out for links to the unlocked bootloader files, the scatter files, and a zip for those who brick their stylo 6's trying to recreate the process themselves.
Links to my drive for rooted stylo6 system back up made by Chimera
https://drive.google.com/file/d/1OjeT-8RVr85WYDDzTDAPt7poqTRZwIPs/view?usp=sharing
and a zip file of the scatter and files set up to rehabilitate your bricked stylo 6.
Stylo6unbricker.zip
drive.google.com
Meet Google Drive – One place for all your files
Google Drive is a free way to keep your files backed up and easy to reach from any phone, tablet, or computer. Start with 15GB of Google storage – free.
drive.google.com
The bootloader unlocked system backup, have at it and see if yall can come up with a way to unlock the bootloader without bricking.
I'm nearly finished getting the correct files and order and pre flash setup done so that SP Flash Tool can be used to unlock the bootloader and root the stylo6, I appreciate the team at Hovatek being there to give me some direction, and to bounce ideas and methods back and forth with me for the majority of this project, after I sorta stumbled into the first stylo 6 unlock I got unlock happy and I unlocked the next 2 stylo 6 phones I purchased before thinking about the steps I should take to narrow down how it happened, this was my first real attempt to do anything this in depth, but I set a personal goal for myself that I won't let anyone influence me to not get to the bottom of it and make it doable for everyone. I'm writing this as I'm waiting for a full stock rom back up to install so I'll eliminate the variables that have occurred from hard bricking one of my test dummy phones multiple times. The super.img is about halfway done, and then I will start what is hopefully the flash setup that I will be sharing with everyone. But if it fails I hope that some more experienced developers will let me bounce some ideas back and forth to find the right order of flashing and formatting so I don't have to keep bricking my 2 test dummy stylo6's, I prefer to keep the 3rd I have in total working order.
check out my proof for having the first unlocked and rooted stylo 6
I'm stuck on one last thing and could use all the help I can get, I am not finding a working way that will disable avb, I have found about 5 methods and I've tried them without success, I've even attempted these methods on an unlocked bootloader with root still with no success, so without this one last piece to my puzzle I may not be able to release a fully working method that everybody can use to unlock their own stylo6.
I have a flash setup that would flash every .img file that changes after the bootloader unlock, but with avb still enabled the flash is unsuccessful, If a method is figured out this way of unlocking will start development for many more phones as I've been able to unlock a few other mtk phones that have not been unlocked by anyone else that I've seen so far.
Wow, great work Warlockguitarman, this is really exciting!
A few ideas (some of which you may have already tried):
1. Flash a blank vbmeta image (this might brick the phone though?)
{Mod edit}
2. Extract zImage from boot.img, and modify it to remove dm-verity
How to disable dm-verity on Android with "user" build type ROM?
I have One Plus 6T Android device which has a ROM of build type user. This device is rooted with Magisk and I want to disable dm-verity on this device. I have tried to run adb disable-verity but I ...
android.stackexchange.com
[GUIDE][MTK][DM-Verity Bypass] LG K10 (2016)
Hey! CURRENTLY FOR TESTERS ONLY! I am posting a guide to bypass dm-verity on LG K10 (2016) MTK devices. Steps: (1) Reboot to TWRP. (2) Install > Select "no-verity-opt-encrypt-5.1.zip". (3) Reboot to System. This disables DM-Verity & Forced...
forum.xda-developers.com
3. Generate your own custom signing keys, and sign boot.img with it:
Signing boot images for Android Verified Boot (AVB) [v8]
Various Android devices support Android Verified Boot (AVB). A part of this is more commonly known as dm-verity, which verifies system (and vendor) partition integrity. AVB can however also verify boot images, and stock firmwares generally...
forum.xda-developers.com
arkdev said:
1. Flash a blank vbmeta image (this might brick the phone though?)
{Mod edit}
Click to expand...
Click to collapse
@arkdev I've edited your post and removed one link!
XDA Forum Rules (excerpt):
...
11. Don’t post with the intention of selling something.
Don’t use XDA to advertise your product or service. Proprietors of for-pay products or services, may use XDA to get feedback, provide beta access, or a free version of their product for XDA users and to offer support, but not to post with the intention of selling. This includes promoting sites similar / substantially similar to XDA-Developers.com.
Do not post press releases, announcements, links to trial software or commercial services, unless you’re posting an exclusive release for XDA-Developers.com.
Encouraging members to participate in forum activities on other phone related sites is prohibited.
Off-site downloads are permitted if the site is non-commercial and does not require registration.
Off-site downloads from sites requiring registration are NOT encouraged but may be permitted if both of the following conditions are met:
A) The site belongs to a member of XDA-Developers with at least 1500 posts and 2 years membership, who actively maintains an XDA-Developers support thread(s) / posts, related to the download.
B) The site is a relatively small, personal website without commercial advertising / links (i.e. not a competitor forum-based site with purposes and aims similar to those of XDA-Developers.com.)
...
Click to expand...
Click to collapse
Regards
Oswald Boelcke
Senior Moderator
https://forum.xda-developers.com/t/...her-k-model-lg-devices.4364489/#post-85982185. For those who haven't seen it yet here's my tutorial to unlock the bootloader and root your stylo 6
Warlockguitarman said:
Links to my drive for rooted stylo6 system back up made by Chimera
https://drive.google.com/file/d/1OjeT-8RVr85WYDDzTDAPt7poqTRZwIPs/view?usp=sharing
and a zip file of the scatter and files set up to rehabilitate your bricked stylo 6.
Stylo6unbricker.zip
drive.google.com
Click to expand...
Click to collapse
Does anyone have this uploaded somewhere? The link is dead... I am in need of carrier.bin for the Stylo 6.... Thank you...
Do you havea google drive link for the LG K51 boot.img? i have a devcie with the bootloader unlocked but cant find a stock img to use anywhere with magisk to flash it??? thanks a ton an love to tutorial!
Related
Update March 8 2017: As you can probably tell, this is very old. I have not worked on the device in several months and I have no idea if these methods are still safe. Please proceed with caution. I will be using one of these on a daily basis in the near future, so I probably will get back into development, and hope to release new content for the phone to help out the community. Please accept this as an official warning that the following is probably out of date and that you should be very careful should you decide to try it. The original post in it's entirety is spoilered below. You have been warned.
Update: A new update was released for the Prime model, V6.6, which replaces the preloader and completely breaks SPFT. If you unlocked your bootloader (so you can use fastboot) in any capacity before taking that update, there may be hope for you yet, but as of right now V6.6 is unsupported. Update: If you used this method to safely* take* the V6.6* update*, this will still work.
Update: I just checked the stats, and this has been downloaded more than 3 thousand times. I never thought my humble little conversion guide would help out so many people. I have also added a new mirror at [REDACTED], so anyone in North America who was having trouble with the Europe mirror, give that one a shot. It should be faster! I have updated all links in the guide to use the new North America mirror, and added a separate Europe mirror link after each link.
Hello! This is a tutorial for converting the Amazon Prime Edition BLU R1 HD to the OEM BLU version. This will overwrite the relevant partitions on your Amazon version of the device with the non-Amazon version. The physical model number on your device will still be a tell (obviously), but besides that, there will be no way to tell your device apart from the regular model! You can also use this method to convert non-Prime to Prime version, and undo OTAs or system modifications. This will restore a 100% out of the box image from either edition on your device.
This will work if you have software version...
V12
V6.1
V6.4
V6.5
SAFE V6.6 FROM THIS THREAD
This will NOT work on software version...
V6.6
The V6.6 update brought a new preloader that breaks our ability to use SPFT. I am currently working on ways to reverse the damage, but as of right now, there is no way to convert (or downgrade) from software V6.6
You can use this on any 16/2 R1 HD with supported software version to...
Convert to the non-Prime OEM version
Convert to the Prime version
Remove ads (via conversion to non-Prime version)
Unroot
Downgrade to V6.1
Downgrade to V12
Undo system alterations/tampers
Restore the system image to the way it was when you first opened the box
Unbrick a device (if bricked because of bad system/recovery/boot image)
There are a handful of reports about this working flawlessly on the 8/1 model as well. I have not personally tested this, so there is still some risk factor.
This only overwrites the system, recovery, and boot partitions. Any other partitions that have been altered will not be restored. In most cases, other partitions should not have been altered, so this is not a concern. I have a full system backup of all partitions, but there is currently evidence to suggest that it is not safe to flash all of the partitions, so I will not release that backup until more is known.
You *should* be able to safely pull this off without wiping your data. This does not require your phone to be rooted or have any other modifications. You can pull it straight out of the box and do this process! If your phone is rooted, you'll lose it. This will make your phone EXACTLY like the non-Prime version comes out of the box! You can also convert a non-Prime device (or a converted Prime device back) to a Prime device using the same method, but I'm not exactly sure why you would want to. I did this all on Linux, but the Windows should work fine too as long as you have drivers dealt with. If you don't have drivers dealt with, I'm not your guy. I'll just tell you to use a better operating system. You'll also need an archive program that can deal with tar.gz files, because that's how my computer zipped them.
And the standard disclaimer: If this bricks your phone or makes it become sentient and plot with other sentient phones to murder your entire family, it's not my fault. That's all on you, buddy.
Ok, without further ado, on to the tutorial!
First, you need these things. Some of the files are quire large, so it might take a while to download:
You'll need the latest version of Smart Phone Flash Tools, or SPFT for short. You can download that from this site, or from [REDACTED]. Please use the latest version for your OS.
You'll need to download the system image. If you're converting to the non-Prime version, [REDACTED]. If you're converting to the Prime version, [REDACTED]
You need the scatter file. This will tell SPFT where the partitions are. This is the same for both variants, so just download [REDACTED]
Once you have those things, you can start actually flashing your phone:
Power your phone completely OFF! This will not work if your phone is powered on. SPFT writes directly to the phone's memory, bypassing all security measures the phone has, so it requires the phone to be completely OFF to get safe and exclusive access to the memory. DO NOT PLUG IN YOUR PHONE YET!
Extract SPFT into a folder on your computer. If you can't figure out how to do that, please stop tinkering with your phone. It's only a matter of time until you break something.
Extract the system image into the same folder you put SPFT in. The three files (boot.img, recovery.img, system.img) should be in the same folder as all the other SPFT files, including the binaries.
Run SPFT. On Windows, simply double clicking the SPFT executable should do the trick. On Linux, you must run the flash_tool.sh script as root. Open a terminal emulator, cd to the SPFT folder, and run `sudo ./flash_tool.sh`. If you recieve an error about permissions, run `chmod +x flash_tool.sh` and try the first command again.
Go to the Download tab in SPFT and click the Scatter-loading button on the far right side. DO NOT click the Download Agent button. When the file picker dialog pops up, find and open the r1hd-spft-scatter.txt file you downloaded earlier.
You should see a list of partitions. Only three of them (boot, recovery, system) should be checked, and the location should point to the files you extracted from the tar.gz file earlier. If this is not the case, double-click the location block of the boot, recovery, and system partitions, and select the boot.img, recovery.img, and system.img files from your filesystem respectively. After selecting the files, the boxes should check themselves.
From the dropdown in the upper left of the partition list, make sure Download Only is selected. Any other option could damage your device.
Click the Download button in the upper left.
While your phone is OFF, plug it into your computer with a data safe USB cable. The cable that came in the box from the factory is ideal, but any good quality cable will work just fine.
SPFT should start overwriting your phone. If you receive an error from SPFT, unplug your phone, close SPFT, and repeat steps 4 through 9. The whole process takes about 10 minutes, after which you should see a window with a large green checkmark. Once you see that window, you can safely unplug your phone and start it up. You're all done!
And as a bonus, I've also included a guide for unlocking the bootloader, getting custom recovery, and rooting the device after you've done this in post #2. That makes this your one stop shop for getting a brand new Prime phone out of the box!!
HUGE THANKS TO @mrmazak FOR THEORIZING THIS METHOD AND GETTING ME THE NON-PRIME SYSTEM IMAGE TO USE!
As always, if you have any questions, just ask in a thread reply or send me a private message on XDA. And by the way, hit the Thanks button in the lower right corner of the post if my guide helps you. It motivates me to keep this up to date and write more helpful guides. If you feel like giving me even more motivation and help fund future development, [REDACTED].
{OUTDATED}[GUIDE][OEM][Stock] Bootloader Unlock, TWRP, and root!
Update March 8 2017: As you can probably tell, this is very old. I have not worked on the device in several months and I have no idea if these methods are still safe. Please proceed with caution. I will be using one of these on a daily basis in the near future, so I probably will get back into development, and hope to release new content for the phone to help out the community. Please accept this as an official warning that the following is probably out of date and that you should be very careful should you decide to try it. The original post in it's entirety is spoilered below. You have been warned.
Ok, now you've converted your brand new Prime phone to the non-Prime version. How do you unlock this sucker? The conversion process actually unlocks the standard unlock method from the factory, so it's VERY simple! No hoops to jump through or anything. You'll need adb and fastboot. You can get those as part of the official Android developer kit, your distro's repos (on Linux) or Homebrew (on Mac). Of course, this guide works for the normal non-converted non-Prime version as well. This WILL wipe your phone, so make sure you back up any important data before doing this.
This guide is for the OEM (non-Prime) version. If you have the Prime version, convert it to OEM using the guide above BEFORE doing this guide.
The standard disclaimer from above still applies.
This guide is broken up into two parts. Unlocking the bootloader, and rooting the phone. If you are preparing to install Magisk, do the bootloader unlock, skip the rooting part and move on to the Magisk guide. You do not need the files above if you are only unlocking the bootloader. If your bootloader is already unlocked, skip the bootloader unlocking part and skip to rooting the phone. If you are preparing to install Magisk and your bootloader is already unlocked, you shouldn't be here. Also please note that the bootloader can sometimes re-lock itself after completing a conversion/restore from the guide above, especially to/from the Prime version, so if you're not sure, play it safe and re-unlock your bootloader.
Part 1 - Unlocking the bootloader:
Boot up your phone. If you haven't already gone through the initial setup process, go through it. The bootloader unlock process will wipe your phone, so skip as many questions as possible so you don't waste your time.
Open the Settings app, go to About device, fine the Build number (it's toward the bottom), and tap on it 8-10 times (until it says you are now a developer. If it says there's no need and you're already a developer, you can skip to the next step)
Go back to the main Settings menu. You should see a new option where About device used to be, Developer options! Click on it.
Toward the top of the long list of developer options, there is an option called "OEM unlocking". If it's switched off, switch it on. If it's switched on, switch it off and back on again. You may get a warning saying that device protection features won't work. Click Enable and proceed. You may also be prompted to enter your password/PIN/pattern lock if you have one.
Scroll down a little bit to reveal USB debugging. Switch it on if it's not already.
Connect your phone to your computer using a data safe cable. Do not disconnect it until the very end.
On your computer, open a terminal emulator (or Command Prompt with ADB access) and run `adb reboot bootloader`. If you get a message complaining about keys or authorization, check your phone. There should be a window asking for permission for your computer to access the device. Allow it and run the command again.
Your phone will reboot into fastboot mode.
On your computer, run `fastboot oem unlock`. On the phone you will get a warning message talking about the implications of unlocking the bootloader. Press Volume Up to accept them. If everything goes smoothly, your bootloader should now be unlocked. You're not ready to flash quite yet! Flashing at this stage WILL brick your phone, so it's important that you continue following the guide carefully.
On your computer, run `fastboot reboot`. Your phone should reboot anywhere from 3 to 5 times. If it reboots more than that, your phone is bricked and you need to start again by following the guide above again.
Once Android starts up again, you should see the setup wizard. Your bootloader is now unlocked!
Part 2 - rooting the phone:
BEFORE YOU PROCEED: If you want your phone to be encrypted AND rooted, it's important that you unlock the bootloader using the steps above first, then use the encryption APK to encrypt your phone BEFORE installing TWRP and rooting your device. This device is an exception to the general rule of flashing TWRP first and then rooting afterwards. Repeat, if you want your phone encrypted and rooted, unlock the bootloader FIRST, then encrypt SECOND, then flash TWRP THIRD, and root your phone LAST.
This is the guide for rooting the actual phone. You must unlock the bootloader using the steps above before doing this part.
First, you'll need these things on your computer.
The TWRP image for the R1 HD. You can download [REDACTED]).
A copy of the latest SuperSU zip from Chainfire. You can get it from the official forum post, or Chainfire's website.
Linux Users: On Linux, you must add `sudo` to the beginning of all fastboot commands, because most Linux distributions will not give you enough access to the hardware without being root.
And finally, the guide:
Hold Volume Up and Power until the phone turns on with the boot menu. Once the boot menu appears, use the volume keys to scroll to [Fastboot Mode] and press the power button to select it. It's the middle option.
On your computer, cd to the folder where you downloaded twrp-3.0.2-1-r1hd-lopestom.img and do `fastboot flash recovery twrp-3.0.2-1-r1hd-lopestom.img`.
On your computer, do `fastboot boot twrp-3.0.2-1-r1hd-lopestom.img`.
Once TWRP boots up, dismiss the prompt about mounting the system, go to Reboot, then choose Recovery. Your device will reboot back into TWRP. I know this step seems odd, but just trust me.
Make a backup if you want. It's not a bad idea, but seeing how you just unlocked your bootloader so your data is gone and we have the images in case you somehow brick the system, I doubt you actually need it.
In TWRP, go to Advanced, then ADB Sideload. Slide the confirmation slider all the way to the right to confirm.
On your computer, cd to the folder where you downloaded SuperSU and run `adb sideload [SuperSU-zip-name.zip]`, replacing the last argument with the name of the SuperSU zip you downloaded, of course. If your computer says "waiting for device" for a long time, cancel with Ctrl+C, run `adb kill-server`, then run the first command again but with `sudo` in front this time.
Reboot the phone. If everything worked correctly, you should now have a rooted phone with SuperSU, bootloader unlocked, and custom recovery! Yay for cheap phones!
As always, if you have any questions, just ask in a thread reply or send me a private message on XDA. And by the way, hit the Thanks button in the lower right corner of the post if my guide helps you. It motivates me to keep this up to date and write more helpful guides. If you feel like giving me even more motivation and help fund future development, [REDACTED].
reserved 3
reserved 4
reserved 5
Can you verify the image you uploaded for the non-Prime version? I'm getting unexpected EOF errors when extracting in Windows using 7Zip and TarTool, and I'm also getting an "operation not permitted" error when extracting using the built in Archive Utility in OS X.
abs0lute said:
Can you verify the image you uploaded for the non-Prime version? I'm getting unexpected EOF errors when extracting in Windows using 7Zip and TarTool, and I'm also getting an "operation not permitted" error when extracting using the built in Archive Utility in OS X.
Click to expand...
Click to collapse
Yeah, that's because the image isn't fully uploaded. My internet is very slow, so it's taking a while to upload. Sorry about that. I was hoping it would be finished by the time I finished writing this, but alas, nope. I will have all files uploaded by tomorrow, along with .md5 files so you can verify the checksums, so come back then. Again, sorry. I guess I should have posted this _after_ I got those uploaded. Oh! And I have North America mirrors coming within the next couple months. It seems a little oxy-moronic to host files for a US only device on an EU server, but unfortunately, servers in the US are significantly more expensive.
ColtonDRG said:
Yeah, that's because the image isn't fully uploaded. My internet is very slow, so it's taking a while to upload. Sorry about that. I was hoping it would be finished by the time I finished writing this, but alas, nope. I will have all files uploaded by tomorrow, along with .md5 files so you can verify the checksums, so come back then. Again, sorry. I guess I should have posted this _after_ I got those uploaded. Oh! And I have North America mirrors coming within the next couple months. It seems a little oxy-moronic to host files for a US only device on an EU server, but unfortunately, servers in the US are significantly more expensive.
Click to expand...
Click to collapse
No problem - thanks for your work on this!
abs0lute said:
No problem - thanks for your work on this!
Click to expand...
Click to collapse
Just finished uploading the non-Prime version. I will start the other upload before sleeping and update the post removing the warning when I awaken, assuming everything has gone well. You're free to attempt a non-Prime conversion now. Just don't do it the other way around yet.
Sent from my LG G4 using XDA Labs
Can't wait to give this a shot. Well, at least after someone else reports success first...
followed post 1 convert to non prime steps on windows, did not do the bootloader unlock steps.
phone booted up ok, followed by android is upgrading x of 37.
phone working and no ad's on lock screen
the amazon apps are still there but appear to be disabled, causing errors at first boot.
disabled or uninstall the apps. - used cleanmaster
everything seems ok now
Hello, I have now finished uploading the files, so you can now safely flash away! Enjoy! @abs0lute
bupkis said:
Can't wait to give this a shot. Well, at least after someone else reports success first...
Click to expand...
Click to collapse
I report success. Of course I did everything in the guide here before posting it. I'm not irresponsible. It's completely safe. I just finished uploading the files, so please go ahead and give it a shot.
ColtonDRG said:
I report success. Of course I did everything in the guide here before posting it. I'm not irresponsible. It's completely safe. I just finished uploading the files, so please go ahead and give it a shot.
Click to expand...
Click to collapse
ok, away we go! :laugh:
When I try to download the scatter file it just opens the file in a new browser window.
>nevermind, figured it out...success!
...on to bootloader unlock, TWRP, root...
bupkis said:
...
When I try to download the scatter file it just opens the file in a new browser window.
...
Click to expand...
Click to collapse
Yeah, that's a problem with my server configuration. I'll fix it later. For now, you can save the file by opening it in a browser window and pressing Ctrl+S
I have completed the process successfully-TWRP, root, no ads but do still have all the Amazon apps so something is screwy but not the end of the world.
bupkis said:
I have completed the process successfully-TWRP, root, no ads but do still have all the Amazon apps so something is screwy but not the end of the world.
Click to expand...
Click to collapse
Nope, it's not screwy. The non-Amazon version does include a lot of the Amazon apps. You can uninstall some of them the normal way (they're pre-installed user apps), and others you can either disable or uninstall using your favourite system app remover.
Anyone else missing Encrypt section in Settings > Security after converting to non-prime?
When I try to load the scatter, SPFT says "Error: Initializing scatter file failed. Please check the name of scatter file which you load is legal." I downloaded it from both the primary link and your mirror, same error. Any ideas? Thanks.
EDIT: Looks like I downloaded the oldest version, not the newest version of SPFT. Whoops! I'll leave my mistake on here to help others who may assume the first link is the right one.
notfix said:
Anyone else missing Encrypt section in Settings > Security after converting to non-prime?
Click to expand...
Click to collapse
It is missing. How peculiar. I will attempt to implement a workaround in a little bit. Sorry about that.
Update: The Encryption activity exists on the phone, we just can't get to it from the settings menu. You can launch it by manually launching com.android.settings.Settings$CryptKeeperSettingsActivity using your preferred method for launching arbitrary activities. I will release an app that will launch this activity for you ASAP!
Preamble
Hello, all.
Soooo I've never posted on this forum before. I've mainly leeched the invaluable info for my personal gain. I'm sure many a googler has come here trying to figure out how to root their phone. And I'm sure many a "swimmer" in Schitz Creek has come here via Google to figure out how to save their device from what had been perceived as an upgrade. I'm speaking, of course, of trying to root/unlock a phone and finding said phone "bricked".
Well, it’s time to give back.
Because yesterday, I was neck deep in Schitz Creek. After a series of dumb decisions and a lack of knowledge, I bricked the phone I’d bought for my wife’s birthday. I was just trying to be able to delete the Asus bloatware and install titanium backup and greenify. By the way, since when did Facebook become a system app? How is this a thing? Anyways, my wife deserves better battery life. And it’s fun to feel like Cyber MacGuyver by rooting a phone. But the situation went awry. My wife kept telling me that everything was going to be alright, but I know the limitations of my knowledge.
Brief aside: I'm decently computer/phone savvy, but I would, in no way, consider myself an advanced user. Sure, to my family, I'm a computer wizard. But that doesn't mean a whole lot. To them, opening up a command prompt in Windows is seen as an act of magic. And I haven't had my planeswalker spark yet. However, I have successfully rooted, and in most cases unlocked the bootloader, for several phones (HTC desire, Galaxy S3 [three different models over three years], Asus Zenfone 5, LG G4 [once pre-motherboard-death and once post (after a downgrade)], and now the ZE552KL). So I know how to at least fumble my way around adb, fastboot, odin, and various recoveries. As long as you’re at this level, or willing to learn, then you should be able to follow these instructions. End aside.
Mistakes not to make
Let’s get down to brass tacks. I made two big mistakes that you shouldn’t make. Both mistakes stemmed from the basic mistake of using a root method other than this one: https://forum.xda-developers.com/zenfone-3/help/guide-how-to-root-zenfone-3-ze552kl-t3471524
The problem with not using this EXACT method is that some of the files/programs which you need to use have specific versions which will ensure an easypeasy root. Honestly, if you properly follow the instructions in the above post, you will most likely not run into any problems. The only addition I can make is that instead of steps 6 and 7, you might find it easier to install SuperSU.zip through TWRP instead of pushing and sideloading.
Mistake 1: Not using the proper TWRP file and SuperSU file
For some reason, there are multiple versions of these files. Your SuperSU file should be 4.8MB. Using the wrong SuperSU will break the dm-verity. Your TWRP should NOT be the latest experimental version. It should be the one from November or earlier of 2016. Using the wrong TWRP will leave you unable to use the touchscreen. Trust me. I know from experience.
Mistake 2: KEEP TWRP READ ONLY
Disabling read only has no current benefits. It will just break the dm-verity. Your device will still be able to be written to if you keep TWRP read only. I have no idea why it’s called “read only”.
How to unbrick the phone
I’m sure some of you skipped straight to here. While I can’t blame you, please at least read the above paragraph. It will help you.
First I will describe the situation the phone was in, and then I will explain how I saved it. Before I continue, I want to give a big shout out to Niemer. Without their helpful post, I would’ve had no idea what to do. Thanks!
Situation the phone was in
--TWRP could not be used because the touchscreen wasn’t working.
--The dm-verity was messed up (i.e. “not started in enforcing mode").
Before you look at the solutions, make sure that your phone shows up in the windows device manager as an ADB device/ASUS ADB device/ADB composite device/etc. no matter which step you’re in. Google it to figure out how if you don’t already know.
The solution
Part 1 - Create and flash a system image which will restore your dm-verity
step 1. download the latest system “update” from the asus drivers website. I have a WW version of the phone, so I downloaded “WW_V13.20.10.152”. It’s a 1.76GB file, so be patient. I haven’t tested this method with other versions of the phone, but they should work in theory.
step 2. go into the updater script file (META_INF → com → google → android → updater-script). Open it with notepad ++.
step 3. delete from the beginning of the file up until the line “ui_print("Target: asus/WW_Phone/ASUS_Z012D:6.0.1/MMB29P/13.20.10.152-20161222:user/release-keys");”
The code that you are deleting checks to make sure that your phone is the proper model. But there is a good chance that it will mistakenly identify your phone as a phony. So we need to get rid of this code.
step 4. save the updater-script file
step 5. create a copy of the modified system update zip file. You should now have two 1.76GB files (or maybe slightly different if your phone is a CN, JP, or other model. Once again, I have a WW version of the phone). Name one of the files “realupdate.zip” and name the other “dmsaver.zip”. The names aren’t actually important.
step 6. enter dmsaver.zip. delete these four files: file_contexts, system.new.dat, system.patch.dat, and system.transfer.list. Exit out of the file. It should now be about 60MB.
step 7. turn on your ZE552KL and enter fastboot mode
step 8. in a cmd screen from your main folder (i.e. the one with adb, fastboot, and all the other files, including the ones you just created), type in the command “fastboot flash system dmsaver.zip”
step 9. if successful, you have just restored the dm-verity. You should now no longer get that sinister red text which has been ruining all your fun.
Part 2 - Install a proper version of TWRP
(This is only important if your version of TWRP won’t let you do anything because you can’t use your touch screen)
Download the version of TWRP that is included in the how-to-root post I linked to above. Also, you can download the oldest version (NOT the newest) from a sharing website which is linked to in a post on the ASUS website. It’s not in english though. Flash it to your phone in fastboot mode using the “fastboot flash recovery” command. Make sure you turn your phone off before turning it back on, or your recovery might not activate correctly.
Part 3 - Install a new version of your system.
Go into TWRP and install the zip file “realupdate.zip” that you created in Part 1 - step 5.
Part 4 - Root your phone
Follow the instructions in the link I posted earlier. It comes from this website, so you know it’s good. This time, though, you probably don’t need to unlock the bootloader
Part 5 - Breathe a sigh of relief
Parting words
I really hope this guide can be of assistance to you. The full procedure for fixing “my” phone wasn’t really recorded anywhere (although once again, big shout out to Niemer for their post). I went through hundreds of iterations of seemingly random fastboot, recovery, and adb actions before everything worked out. Because of this, I feel quite fortunate to have saved the phone, and I really wanted to give back. This community has been super helpful to me over the last seven years, and this is my chance to reciprocate. I sincerely hope that this post will help you.
I hope I didn’t forget anything. I have a sneaking suspicion that I did. In any event, if you have any questions, please post them, and I’ll try to be of assistance. Happy rooting!
thank you man but i start Part1 step8 "fastboot flash system dmsaver.zip" it's successful then i go into TWRP and install the zip file “realupdate.zip” dm-verity show again.
Thank again.
Raw firmware
I have the same issue. My phone was branded "tim italy". When i bought it, I flashed the WW version via asus flash tool, and I'm currently able to update till the last M version, which is the ......152.
If i try to update to Android N, my phone will not boot, giving me the corruption message and shutting down after 10 seconds. I also tried to perform the dm restore procedure; the dm error disappeared but the system is stuck on the Asus boot screen
I believe that the only solution is to flash a Nougat RAW firmware via asus Flash tool. Does Anyone have a download link for the N version ?
thank you, you helped me, now im on N
I guess the version matters then. So be careful with which firmware you download/install. If anyone has success with other versions, please share how you did it
I am stuck on Step 8. i put the 2 zips in where my adb and fastboot is located, and then proceed to type 'fastboot flash system...' and then it wont let me flash, any help?
Device Locked
When I flash the dmsaver.zip, receive the error "FAILED (remote: not allowed in locked state)". Apparently this with the bootloader locked, but I already unlocked before. Someone can help me unlock the bootloader again?
Further hyperlinks & solution ideas
Check out my solution and Ideas in those in links I posted in this thread at 4th of septembre 2017:
https://forum.xda-developers.com/ze...-zenfone-3-zoom-ze553kl-t3657239#post73661437
The hyperlinks in my post might also be useful, I hope.
Would be glad about your feedback, if it helped! :good:
how do you update the script file ..can u just post the file that u made somehow or email it or attach it to a message?
cant get it to work followed the instructions still getinf error code 7 trying to install lineage os
If you have lineage OS version not is a zip file but all the images (boot.img, system.img, ...) then you could try to flash the images through ADB...
if someone have the no verity issue, can you try a method for me please?
it consists on:
re-flash the rom kernel via fastboot
and run:
Code:
fastboot oem reset-dm-verity
Followed all the steps and twrp still has no touch function.
Tried all different twrp versions.
OS Version is a key
Hi everybody that has the same issue, I hope you read that so you can fix your problem.
So what I did was downloading old version of OS that autor mentioned "WW-13.20.10.152". It is necessary to download this version even if there are more newer versions. Then follow tutorial and you should be fine.
So again, thanks OP for posting this. You helped me a lot!
Dear and knowledgeable readers!
Being a longtime lurker, your tireless work and dedication to the community have enabled me to unlock and root many different android devices over the years and I am deeply grateful this place exists.
Right now, I plan on adding the recently released
Lenovo Smart Tab M10 FHD Plus 2nd Gen [ZA5T0302SE / TB-X606F, I believe]
in the WLAN/4GB/64GB variant to my collection. Having grown accustomed to the luxury of root access, I was wondering if anyone already had some experience with rooting the device and would be willing to share his / her knowledge with me.
Especially, I was wondering if this guide for the TB-X605F, which I have successfully used in the past for my older model, would (in principle) be applicable, as long as I could obtain the corresponding firmware for the newer one, which might be available here (as soon as GD wills it).
Any advice / support would be highly appreciated!
[Sidenote]: To my best ability, I wasn’t able to find an existing thread on the topic of rooting the device in question and I hope to have chosen the right forum to post it in (or if the general Q&A would have been the better fit?). If not, dear mods, please be lenient with me and simply move the thread to the proper subforum.
Brotinger said:
Dear and knowledgeable readers!
Being a longtime lurker, your tireless work and dedication to the community have enabled me to unlock and root many different android devices over the years and I am deeply grateful this place exists.
Right now, I plan on adding the recently released
Lenovo Smart Tab M10 FHD Plus 2nd Gen [ZA5T0302SE / TB-X606F, I believe]
in the WLAN/4GB/64GB variant to my collection. Having grown accustomed to the luxury of root access, I was wondering if anyone already had some experience with rooting the device and would be willing to share his / her knowledge with me.
Especially, I was wondering if this guide for the TB-X605F, which I have successfully used in the past for my older model, would (in principle) be applicable, as long as I could obtain the corresponding firmware for the newer one, which might be available here (as soon as GD wills it).
Any advice / support would be highly appreciated!
[Sidenote]: To my best ability, I wasn’t able to find an existing thread on the topic of rooting the device in question and I hope to have chosen the right forum to post it in (or if the general Q&A would have been the better fit?). If not, dear mods, please be lenient with me and simply move the thread to the proper subforum.
Click to expand...
Click to collapse
If you download the lmsa tool, plug in the tablet and go to recovery it will download the full stock firmware. Then you can find it c/program data/LMSA/downloads.
I did that then downloads magisk manager. Extract the boot.img from firmware and put in storage of tablet. Then used magisk manager and patch the boot.img it will tell where it is stored. Extract from tablet and put it in same folder as adb/fast boot. Then put tablet in fastboot and fastboot flash boot magisk-patched.img. then fastboot reboot. The will be rooted with magisk
I forgot. You must unlock bootloader to do this.
Dear 11mackey11,
thank you so very much for caring enough to share your knowledge with me!
So the guide I mentioned earlier is pretty much applicable for the newer model as well? What a relief!
I am also grateful for the hint on how to obtain the stock firmware. For all the dirty things I did to my devices in the past, it never became necessary to put the LMS-Assistant to use, but I will gladly change that now.
As soon as my device arrives, I will try to root it as you suggested and will report back how I fared.
Again, many thanks!
It took me some time to finally get to it … delivery problems with the device … busy work schedule …
… anyhow, I now took the leap and am happy to report that, thanks to your advice, I was able to add another rooted device to my ever-growing collection. “Worked like a charm”, as they use to say.
To repeat myself, I am very grateful for you taking the time to respond to my question and reassuring me that this was the path to follow.
Honestly, thanks!
Brotinger said:
It took me some time to finally get to it … delivery problems with the device … busy work schedule …
… anyhow, I now took the leap and am happy to report that, thanks to your advice, I was able to add another rooted device to my ever-growing collection. “Worked like a charm”, as they use to say.
To repeat myself, I am very grateful for you taking the time to respond to my question and reassuring me that this was the path to follow.
Honestly, thanks!
Click to expand...
Click to collapse
Hi. I just purchased the same tablet. I would appreciate it if you could write up a guide on this forum. It would be a help for everyone.
I'm not even sure how you unlock the bootloader on this thing!
Hi and congratulations on your purchase! The TB-606F is a solid device in my book.
Although I have by now rooted more than a dozen android devices and guess I have at least somewhat of an idea of what I am doing, I am by far no pro on the issue. Basically, I consider myself more a “guide user” than a “guide creator”, still.
But as I have benefited from the kind- and helpfulness of this community many times before, I can’t leave this call for help unanswered.
The thing is, nonetheless, I would really like to refer anyone poised to root their TB-606F to the guide for the TB-605F which I linked to in my initial post. Rooting the TB-606F, in principle, demands the user to undertake the same steps as for rooting the TB-605F.
There are, from the top of my head, only two noticeable differences or variations from that guide which I discovered:
1) firmware
As I still haven’t found a reliable source to obtain the necessary stock firmware by download from the web, the advice of fellow user 11mackey11 comes in very handy who, in response to my initial post, pointed me to the LSMA to download the firmware from your very own device.
2) unlocking bootloader
At least with my device, the fastboot commands known to me to usually unlock the bootloader (as are “fastboot oem unlock-go”, “fastboot oem unlock” or “fastboot flashing unlock”) did not do the trick. I had to resort to the command line of “fastboot flashing unlock” to finally make some progress. This might be an outlier with me device, though, as 11mackey11 did not mention the issue.
Again, I will gladly provide any assistance I can offer, but as for writing up a guide, I would mostly carbon copy turboperson123’s guide for the TB-605F mentioned above anyhow and it does not seem right to take credit for his contributions.
But if you had any specific question, please don’t hesitate to ask and I will answer it to my best knowledge (which might not be much).
Tutorial
I found this tutorial specific to the X606F https://forum.frandroid.com/topic/2...u-lenovo-tab-m10-fhd-plus-tb-x606f-sans-twrp/ alas in French but Google translate makes a decent job out of it
b4nd0ler0 said:
I found this tutorial specific to the X606F https://forum.frandroid.com/topic/2...u-lenovo-tab-m10-fhd-plus-tb-x606f-sans-twrp/ alas in French but Google translate makes a decent job out of it
Click to expand...
Click to collapse
I want to apply it to my device, have you tried this method?
Yes, tried and failed miserably. The tablet is not correctly rooted as reported by Root Checker. The su binary is there and shows it's Magisk but no root proper.
Will try again and report back when done.
b4nd0ler0 said:
Yes, tried and failed miserably. The tablet is not correctly rooted as reported by Root Checker. The su binary is there and shows it's Magisk but no root proper.
Will try again and report back when done.
Click to expand...
Click to collapse
thanks, I'm waiting for news from you. The tablet is sold very much in our country. like this in the world. I'm sure the developers will do something about this device.
b4nd0ler0 said:
I found this tutorial specific to the X606F https://forum.frandroid.com/topic/2...u-lenovo-tab-m10-fhd-plus-tb-x606f-sans-twrp/ alas in French but Google translate makes a decent job out of it
Click to expand...
Click to collapse
I rooted my device with this method
this method doesn't work
Hello dear Android users...
I've got the 3/64GB version of this device (ZA5T0300US) and this method of rooting did not work for me. When I check root in Magisk Manager, it says ctsProfile:false & basicIntegrity:true, so root doesn't work. I tried multiple times and every time had this same result. My ROM version is TB_X606F_USR_S100055_2001030016_V5.196_BMP_ROW (extracted ROM folder name). Are you sure your root actually 100% worked? What is your ROM version?
adroid_user said:
Hello dear Android users...
I've got the 3/64GB version of this device (ZA5T0300US) and this method of rooting did not work for me. When I check root in Magisk Manager, it says ctsProfile:false & basicIntegrity:true, so root doesn't work. I tried multiple times and every time had this same result. My ROM version is TB_X606F_USR_S100055_2001030016_V5.196_BMP_ROW (extracted ROM folder name). Are you sure your root actually 100% worked? What is your ROM version?
Click to expand...
Click to collapse
This method is working!
Use the Official Lenovo website to access your original "rom" file and get the "boot.img" file.
Program: Lenovo Rescue And Smart Assistant https://lnv.gy/3d8FHLi
For an article on how to download the Rom file via the program, see here. (Step 3)
https://bit.ly/2yE1nQf
Good Luck!
adroid_user said:
Hello dear Android users...
I've got the 3/64GB version of this device (ZA5T0300US) and this method of rooting did not work for me. When I check root in Magisk Manager, it says ctsProfile:false & basicIntegrity:true, so root doesn't work. I tried multiple times and every time had this same result. My ROM version is TB_X606F_USR_S100055_2001030016_V5.196_BMP_ROW (extracted ROM folder name). Are you sure your root actually 100% worked? What is your ROM version?
Click to expand...
Click to collapse
You did not enable Magisk Hide
mingkee said:
You did not enable Magisk Hide
Click to expand...
Click to collapse
That was it! Thanks! You're smarter & more helpful than Google!!! ))
Hi.
After i root the tablet, i tried to delete youtube and gdrive. Then i restart the tablet but it stuck in fastboot mode. Not booting.
i couldn't install stock rom. What i must do
I did this..
i patched the boot img from the lenovo program. and i like to shut down my devices when i dont use them and now i cant make it boot. im stuck in a bootloop and its says orange alert when i boot the device. i can only get into the fastboot menu. when i try to boot with vol + and power nothing happens and when i release it starts up again in a bootloop. i cant shut it down either. it just loops and loops. cant do the rescue thing with the program either.. anybody that knows how i can fix this?
I have an out of topic question regarding this tablet.
Can The Lenovo M10 Plus (2nd Gen) 10.3" TB-X606F Output Display via HDMI to TV ???
I tried using a powered USB-C to HDMI adapter to output/mirror the tablet to a TV, but it didn't work.
Brotinger said:
Hi and congratulations on your purchase! The TB-606F is a solid device in my book.
Although I have by now rooted more than a dozen android devices and guess I have at least somewhat of an idea of what I am doing, I am by far no pro on the issue. Basically, I consider myself more a “guide user” than a “guide creator”, still.
But as I have benefited from the kind- and helpfulness of this community many times before, I can’t leave this call for help unanswered.
The thing is, nonetheless, I would really like to refer anyone poised to root their TB-606F to the guide for the TB-605F which I linked to in my initial post. Rooting the TB-606F, in principle, demands the user to undertake the same steps as for rooting the TB-605F.
There are, from the top of my head, only two noticeable differences or variations from that guide which I discovered:
1) firmware
As I still haven’t found a reliable source to obtain the necessary stock firmware by download from the web, the advice of fellow user 11mackey11 comes in very handy who, in response to my initial post, pointed me to the LSMA to download the firmware from your very own device.
2) unlocking bootloader
At least with my device, the fastboot commands known to me to usually unlock the bootloader (as are “fastboot oem unlock-go”, “fastboot oem unlock” or “fastboot flashing unlock”) did not do the trick. I had to resort to the command line of “fastboot flashing unlock” to finally make some progress. This might be an outlier with me device, though, as 11mackey11 did not mention the issue.
Again, I will gladly provide any assistance I can offer, but as for writing up a guide, I would mostly carbon copy turboperson123’s guide for the TB-605F mentioned above anyhow and it does not seem right to take credit for his contributions.
But if you had any specific question, please don’t hesitate to ask and I will answer it to my best knowledge (which might not be much).
Click to expand...
Click to collapse
Hey, thanks for all this useful info. I'm a noob when it comes to rooting. I have hit an issue, that you guys could probably easily advice me. I have got up to where you enter "fastboot flashing unlock" it comes back with something like "waiting for any device". How do I get past this point? I have tried pressing volum up as I saw on a guide however no luck.
unlock not possible
CMX939 said:
Hey, thanks for all this useful info. I'm a noob when it comes to rooting. I have hit an issue, that you guys could probably easily advice me. I have got up to where you enter "fastboot flashing unlock" it comes back with something like "waiting for any device". How do I get past this point? I have tried pressing volum up as I saw on a guide however no luck.
Click to expand...
Click to collapse
I have the same issue, "waiting for device" and adb dies.
I assume, the latest lenovo updates (Android 9) block unlocking.
The current! LMSA tool does not allow to restore an old separately downloaded firmware
What is the point of installing twrp and custom ROMs and magisk etc when we can't even remove this annoying Bootloader unlocked warning telling any would be thief to steal it. Im starting this here forum too see what we can do to change this. I have previously owned at ZTE Axon 7 4gb ram 64gb gold has a Snapdragon 820 in it. Your asking wtf does this have to with the op5t relax I'm getting to that. ZTE phone was amazing for awhile. Custom ROMs, kernels, recoveries etc. When you install custom ROM on unlocked bootloader you get the warning every time you boot up. A couple of devs or more I believe through XDA came up with a bootloader warning remover zip and custom splash images for the Axon 7 and it worked perfectly no more boot warning God I loved that. Now what I would like to do is to find away to modify that very script to work with the op5 and op5t. Basically the warnings are jpegs and the remover zip removes them from the bootloader and replaces it with the splash IMG or modified no splash IMG eliminating the warning completely. Wouldn't it be nice op5 and op5t users to flash custom ROMs and not have to worry about that annoying warning like forever. I will upload the ZTE post about the bootloader remover zip and splash images and see if some devs can't figure out how to modify that script. I know codeworx is one of the op5t maintainers who might be interested in this. I'll post again soon. Let me know who else is interested first thanks.
Interested... :good:
kirknado18 said:
What is the point of installing twrp and custom ROMs and magisk etc when we can't even remove this annoying Bootloader unlocked warning telling any would be thief to steal it. Im starting this here forum too see what we can do to change this. I have previously owned at ZTE Axon 7 4gb ram 64gb gold has a Snapdragon 820 in it. Your asking wtf does this have to with the op5t relax I'm getting to that. ZTE phone was amazing for awhile. Custom ROMs, kernels, recoveries etc. When you install custom ROM on unlocked bootloader you get the warning every time you boot up. A couple of devs or more I believe through XDA came up with a bootloader warning remover zip and custom splash images for the Axon 7 and it worked perfectly no more boot warning God I loved that. Now what I would like to do is to find away to modify that very script to work with the op5 and op5t. Basically the warnings are jpegs and the remover zip removes them from the bootloader and replaces it with the splash IMG or modified no splash IMG eliminating the warning completely. Wouldn't it be nice op5 and op5t users to flash custom ROMs and not have to worry about that annoying warning like forever. I will upload the ZTE post about the bootloader remover zip and splash images and see if some devs can't figure out how to modify that script. I know codeworx is one of the op5t maintainers who might be interested in this. I'll post again soon. Let me know who else is interested first thanks.
Click to expand...
Click to collapse
The more people with one plus 5t phones we can get interested in this project the better. It will force the developers to do something about it. So everyone interested please chime in with your thoughts on this. I loved it on the Axon 7 and the one plus 5t blows the axon away in ram and storage. Axon 7 still love the front firing speakers though lol. So please share your thoughts I'm trying to get as many oneplus 5and 5t users as I can. So show your love modders what do you think. You love custom ROMs like I do. You like to mess with your device to see what it can do. So do I but the bootloader warning has gots to go. If you'd like to check this out look up remove bootloader warning axon 2017g in chrome read up. I'll get the URL for this soon and it give you an idea of what I'm taking about thank
interested
I'm pretty sure a number of users would want this.. and I get it. It doesn't bother me that much though.
Personally, whenever that splash warning pops up, I just press the power button twice to pause then continue. This cuts the wait time for that warning and phone initiate the actual boot process right away and I'll be on my way.
Sent from my OnePlus 5T using XDA Labs
I'm also interested
This has been discussed before. The warning on the 5/5T isn't an image like it was on older devices. Since it's not an image, it's not a simple replace 'warning image' with another picture. You would need to modify the bootloader to ignore the verity check so the actual warning goes away.
I have seen one person get rid of the warning and that required him to build and sign all of his own packages. Essentially, he re-locked the bootloader and since all of his items were signed (properly) the device would continue to boot.
Edit: Found the post.
superatmel said:
You have to sign boot.img and recovery.img to remove the warning.
I have managed to eliminate it by signing those two images.
In my oneplus 5 and 5t I have twrp installed and with rom lineageos without warning.
Who wants to try to send me your boot and recovery and return it for you to try.
Remember that you have to close the bootloader whereby the phone will be wipe
Process:
fastboot oem unlock
unlock bootloader
You have to go back to fastboot mode
fastboot flash boot boot.img
fastboot recovery recovery_name.img
fastboot oem lock
Wuala
It can be done in any rom from firmware 5.1.5
Click to expand...
Click to collapse
kirknado18 said:
...
Click to expand...
Click to collapse
@kirknado18 THREAD CLOSED as a subject matter related thread already exists, to which the relevant posts from above have been copied: https://forum.xda-developers.com/oneplus-5t/help/remove-unlocked-bootloader-warning-t3841712
XDA Forum Rules (excerpt):
...
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
...
Click to expand...
Click to collapse
Just thought id let let you guys know if I manage to pull and write I'll keep you all updated but would need help of someone who knows how to Dev or at lest understand what I'm trying to say to post guide that's if it works fingers crossed
Ok so far I've for read and dump working in edl bootloader unlocked
I hope to get a Dev to help format this better as I am not one but basicly what I did was remove licence vererifacation on all update material and adb/fastboot and edl related stuff with lucky patcher after setting up a storage link with spatcher and then reinstalled through spatcher and odexed it all I also formatted an old recover IMG and installed that on spatcher and with all that together you can basicly enter com port 4 on edl rather than 3 that allows some basic read write functions then because I had removed varifactaion on the shell.apk it allowed me to unlock boot loader without keys then I reset every thing and did a adb reboot fastboot and used miricle box to unlock boot loader again without mods and even though it couldn't find keys it allowed it
Forgot to mention to trigger crash dump you load a dsu and boot from it
crashdumpexploit said:
I hope to get a Dev to help format this better as I am not one but basicly what I did was remove licence vererifacation on all update material and adb/fastboot and edl related stuff with lucky patcher after setting up a storage link with spatcher and then reinstalled through spatcher and odexed it all I also formatted an old recover IMG and installed that on spatcher and with all that together you can basicly enter com port 4 on edl rather than 3 that allows some basic read write functions then because I had removed varifactaion on the shell.apk it allowed me to unlock boot loader without keys then I reset every thing and did a adb reboot fastboot and used miricle box to unlock boot loader again without mods and even though it couldn't find keys it allowed it
Click to expand...
Click to collapse
Hi, I'm a tech journalist and would love to have a chat about your found exploit.
Any chance to get in touch via e.g. Discord?
HerrTiSo said:
Hi, I'm a tech journalist and would love to have a chat about your found exploit.
Any chance to get in touch via e.g. Discord?
Click to expand...
Click to collapse
Hello and dood afternoon, @HerrTiSo
Welcome to XDA! I hope you'll always have a beneficial time on XDA.
However, we'd appreciate if discussions and the exchange of information or knowledge is publicly done on XDA as the XDA members only benefit from public sharing of them. It'd be great if you refrain from pushing our members to social media in future. Thanks for your cooperation.
Regards
Oswald Boelcke
Senior Moderator
Sure, thanks for the clarification. Let's see if we can figure this out on here.
crashdumpexploit said:
Just thought id let let you guys know if I manage to pull and write I'll keep you all updated but would need help of someone who knows how to Dev or at lest understand what I'm trying to say to post guide that's if it works fingers crossed
Ok so far I've for read and dump working in edl bootloader unlocked
I hope to get a Dev to help format this better as I am not one but basicly what I did was remove licence vererifacation on all update material and adb/fastboot and edl related stuff with lucky patcher after setting up a storage link with spatcher and then reinstalled through spatcher and odexed it all I also formatted an old recover IMG and installed that on spatcher and with all that together you can basicly enter com port 4 on edl rather than 3 that allows some basic read write functions then because I had removed varifactaion on the shell.apk it allowed me to unlock boot loader without keys then I reset every thing and did a adb reboot fastboot and used miricle box to unlock boot loader again without mods and even though it couldn't find keys it allowed it
Forgot to mention to trigger crash dump you load a dsu and boot from it
Click to expand...
Click to collapse
Yeah sure you did...LOL
Hey, is there any news?
crashdumpexploit said:
... you can basicly enter com port 4 on edl rather than 3 ...
Click to expand...
Click to collapse
I'll give you the benefit of the doubt, it's possible that you have some information not known to us mortals.
But if you're talking ComPorts you're talking though your hat.
Please clarify. Something like:
"Yeah, I'm getting this VID/PID and there is interface #0 which is a bidirectional bulk, but I'm also getting interface #1 which is a CDC for something interesting..."
(OP not seen since March.)