Related
I'm trying to restore my Shield TV back to stock. Following Neo's thread I get to the very end where I'm stuck with the message below. Can anyone help out with this message?
C:\Users\......................\Downloads\nv-recovery-image-shield-atv-5.1.0\nv-recovery-im
age-shield-atv-5.1.0>fastboot flash dtb tegra210-foster-e-p2530-0930-e02-00.dtb
error: cannot load 'tegra210-foster-e-p2530-0930-e02-00.dtb'
This is how (Or, what), you (need to do to), recover your Shield TV using the correct Recovery Image from nVIDIA.
NOTE its CRITICAL to make sure you use the correct Image Standard, or Pro 2015, or 2017 Model. Flashing the incorrect, or an older version e.g. Experience 3.x over the current Experience 5.x.x. Will most likely (Perma) -brick you Device.
That said you need to place your Device into Fastboot Mode. Than use the following commands...
Code:
fastboot flash staging blob
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img
fastboot reboot
Of these flashing system.img will take the longest. About Five-ish Minutes or so, as the Shield will first erase the contents of the /system before rewriting it again.
P.s. As an aside to this, and as a bit of advice, if your lucky enough to have a Pro version. Have a look at the few SSHD to SSD migration Threads on this Site, and contemplate making a Backup of your Device, and then storing said backups on Google Drive, and or a USB Stick. Should you ever find yourself in a brick situation. This WILL probably save your delicious Bacon.
I used the correct image. Device rebooted. How long should the Nvidia logo stay there on the first reboot? Wondering if I need to give it time or if I did something wrong.
From the link below what's then what's the difference in this thread?
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash userdata userdata.img
fastboot flash staging blob
fastboot flash dtb <DTB file name>
http://developer.download.nvidia.co...TV/Upgrade-2.1/HowTo-Flash-Recovery-Image.txt
Worrying about my device being bricked I was able to get back into fastboot. I'm assuming that means I can flash and flash again?
My device has some overscan going on so I can't read the complete fastboot menu options but I'm assuming I don't need to do anything with those for this to flash?
I find it odd that your using a "dtb" File as normally there isn't one. Perhaps way, way back when. But, I know Experience 3.x (i.e. Marshmallow), Recoveries never hosted such a File. Neither would any Experience 5.x (Nougat) Recovery.
This seems to suggest (to me), that you attempted to flash an otherwise correct, but older ROM., which is a HUGE NO NO!!!
It would seem that newer ROMs manage to alter the overall partition map of the SSHD / eMMC in such a way that revering to an older version will cause the Device to brick.
Besides the order is wrong. You need to go by what nVIDIA tells you to do (flashall *.bat / *.sh), and less what some outdated Website suggests. Again see above. dtb Files just (Well as far as the Pro goes...), Just don't exist anymore. I gather they had, but ONLY in the earliest Firmware ROMs.
One other thing... In some cases depending on how it goes... It may well Stick at the nVIDIA logo for up to Two plus Hours! As the Shield is rebuilding itself. In which case the best advice would be to leave it and go out for some Coffee, and a Crawler and check it out again well after the Two Hour mark. Of course this shouldn't happen on a 16Gb eMMC version. Which should be IMO near instantaneous. Alas the SSHD isn't quite that fast.
Ichijoe said:
I find it odd that your using a "dtb" File as normally there isn't one. Perhaps way, way back when. But, I know Experience 3.x (i.e. Marshmallow), Recoveries never hosted such a File. Neither would any Experience 5.x (Nougat) Recovery.
This seems to suggest (to me), that you attempted to flash an otherwise correct, but older ROM., which is a HUGE NO NO!!!
It would seem that newer ROMs manage to alter the overall partition map of the SSHD / eMMC in such a way that revering to an older version will cause the Device to brick.
Besides the order is wrong. You need to go by what nVIDIA tells you to do (flashall *.bat / *.sh), and less what some outdated Website suggests. Again see above. dtb Files just (Well as far as the Pro goes...), Just don't exist anymore. I gather they had, but ONLY in the earliest Firmware ROMs.
One other thing... In some cases depending on how it goes... It may well Stick at the nVIDIA logo for up to Two plus Hours! As the Shield is rebuilding itself. In which case the best advice would be to leave it and go out for some Coffee, and a Crawler and check it out again well after the Two Hour mark. Of course this shouldn't happen on a 16Gb eMMC version. Which should be IMO near instantaneous. Alas the SSHD isn't quite that fast.
Click to expand...
Click to collapse
Thank you for the detailed response. I wonder if that thread on here can be decommissioned. That's where I found the info about that dbt file. I left it at startup a few hours ago so I'll see if there is any change when I return.
Assuming since it's not the mechanical HD something is probably wrong. What does Nvidia tell me? Do they have steps on their site? I didn't think to go there since this shield I acquired already had regular Android on it figuring I needed the XDA or some other community.
I still couldn't get the flash dtb file name portion to work from the steps below. These were listed on Nvidia's steps. Anyways this worked! Back to stock.
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash vendor vendor.img
fastboot flash dtb <DTB file name> (Use result from "fastboot oem dtbname" in <DTB file name>)
fastboot reboot
@Liip008, so the only thing you did was to wait? (I can't see any different steps in your second post).
I'm trying to downgrade to Marshmallow but all I get is a black screen. Not even the logo displays. Nvidia should change really consider to change their instructions since someone may brick their device. For instance, the installation readme of 3.2 says "SHIELD UNITS WITH ANDROID MARSHMALLOW OR NEWER", thus implying downgrading shouldn't be a problem.
TWRP Custom Recovery for the Onn Android Tablet series
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model
Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.
Reserved also
grabbing this one too cuz why not
Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?
Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....
Amazing!! Gonna install and test 8" right now.
Has anyone tried a GSI on these tablets yet?
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.
WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!
Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.
@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.
Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?
Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.
Code:
/*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*/
Lineage OS 17.1
Properties
Selinux mode : Enforcing
Build type : user
Gapps : not included
LOS recovery : included
Known issues
FM radio
You have to wake up the phone to use the FOD
No charging icon when off
Maybe others you tell me
Installation
I'm not sure about that but you can try :
1 - Download latest stock android 10 ROM from here
2 - Install OrangeFox from here
3 - Set A as active slot, flash stock rom, orangefox installer zip, reboot recovery
4 - Set B as active slot, flash stock rom, orangefox installer zip, reboot recovery again (now you have A10 vendor blobs in both A/B slots)
5 - Flash custom ROM zip
5,5- Maybe factory reset on los recovery
6 - Flash OrangeFox installer
7 - Reboot recovery
8 - Flash Gapps / Magisk(optional)
9 - fastboot format:f2fs userdata
Troubleshoot
If wifi/bluetooth is not working, flash stock dtbo.img with fastboot flash dtbo.img
If ROM keeps rebooting to recovery, format userdata (wipes internal storage!) with fastboot format:f2fs userdata
Downloads
Download 28/03/2020
Checksum : 05a147341c33bf1e04b16bad721d2961
Download 21/03/2020
Checksum : e2fbec3542e8d9c164854103cceb38cf
Telegarm Group
Sources
ROM
Device tree
Kernel
Vendor
Credits
Big thank's to @Golbinex !
LineageOS team - ROM
@Harukey
@prakaship78
@charliespencerchaplin
XDAevDB Information
[ROM][10][UNOFFICIAL] Lineage OS 17.1, ROM for the Xiaomi Mi A3
Contributors
dantir
ROM OS Version: Android 10
ROM Kernel: Linux 4.x
Based On: Lineage OS 17.1
Created 2020-03-21
Last Updated 2020-03-28
Changelog
28/03/2020 : FOD fix
23/03/2020 : DO NOT USE THIS BUILD IT DOESN'T BOOT
21/03/2020 : first relase
Nice, will check it out once I get TWRP working again
Plans for official?
amnher said:
Plans for official?
Click to expand...
Click to collapse
I would love to but it's my first rom, I have a lot to learn.
Also I think to be official it must be perfect like no dtbo.img to flash.
fm radio
would there be a way to get fm radio working?
thank you
how to do this (If ROM keeps rebooting to recovery, format userdata (wipes internal storage!) with fastboot format:f2fs userdata)
I just cannot get it to boot, it always leads to a bootloop. I have followed the guide here and here and also installed latest Android 10 fastboot zip to both slots and flashed the twrp-patched boot image to boot to recovery (flashing regular images included in recovery threads will always boot to bootloader) to flash this, it just doesn't boot... Anyone had any luck?
Any way we could have this rom as permissive ?
In order to have gravitybox working we just need permissive selinux ?
vaykossil said:
Any way we could have this rom as permissive ?
In order to have gravitybox working we just need permissive selinux ?
Click to expand...
Click to collapse
Change it, if you use Gravitybox you should know how to root your phone.
Then is easy to change SELinux status, temporaly in a terminal
Code:
setenforce 0
If you want it to stick is better to have a script running at boot with Magisk instead of editing system config files.
The point is if you want permissive mode do it your self, the default state should be Enforced for everyone is a matter of security.
Makishima said:
I just cannot get it to boot, it always leads to a bootloop. I have followed the guide here and here and also installed latest Android 10 fastboot zip to both slots and flashed the twrp-patched boot image to boot to recovery (flashing regular images included in recovery threads will always boot to bootloader) to flash this, it just doesn't boot... Anyone had any luck?
Click to expand...
Click to collapse
me too, I tried different recoverys, different steps but no luck, I just can't get it to boot.
Many thanks for the ROM!
I followed the current installation instructions on the start page (but i did NOT "5,5- Maybe factory reset on los recovery") and the rom seems to work very well (Fingerprint sensor, Bluetooth music box, ...).
After I booted to Lineage OS the first time the android logo appeared two times but then Lineage OS started correctly. I didn't need to flash the dtbo.img.
Initially I also did the step "5,5- Maybe factory reset on los recovery", but when I tried to boot to OrangeFox recovery from fastboot again the bootloader/fastboot screen was launched.
I found one minor issue: When you disable the screen lock then the background image is shifted a little bit for a short time. I also successfully tested data decryption in the provided OrangeFox recovery.
I would be glad if "Signature Spoofing" would be enabled so you can use microG with this rom.
I own the global version of the Mi A3.
facundonak said:
me too, I tried different recoverys, different steps but no luck, I just can't get it to boot.
Click to expand...
Click to collapse
I think you installed 23/03 build. Try the last one : 28/03 It should be better.
FOD works in general, but does it much slower than on stock ROM, and you have to wake up phone first...
Hey dantir,
Thanks for your efforts on this ROM. Been on lineageOS on multiple phones till date. Rooting for you to get this to a more stable state. Kindly request you to not abandon this ROM.
Thanks a lot.
Do magisk modules work well? call recording, busybox, etc ...?
hello
i have bootloop error
before to install lineageos my data partition was encrypted, so i formated it, in order to send via adb the lineageos zip
then i installed lineageos
this command has error :
fastboot format:f2fs userdata
/usr/bin/make_f2fs failed with status 1
fastboot: error: Cannot generate image for userdata
can you confirm we must flash lineageos in orangefox
after installing lineageos must i reboot in fastboot to execute this command : fastboot format:f2fs userdata
hello i installed the rom
how do you create this rom, can you post the instructions
i would like to create a custom rom with my app included as a system app
thnaks
noogpout said:
hello
i have bootloop error
before to install lineageos my data partition was encrypted, so i formated it, in order to send via adb the lineageos zip
then i installed lineageos
this command has error :
fastboot format:f2fs userdata
/usr/bin/make_f2fs failed with status 1
fastboot: error: Cannot generate image for userdata
can you confirm we must flash lineageos in orangefox
after installing lineageos must i reboot in fastboot to execute this command : fastboot format:f2fs userdata
Click to expand...
Click to collapse
Hey! Just use official TWRP (link), works fine with! Did not have to do anything special.
Also, this rom seems stable, gonna start using it as daily driver this weekend I guess. Thanks @dantir, will you keep this updated? You use it as a daily driver too? Any bugs found in the 28th version?
Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something
LaikaXv1 said:
Since there's a new generation of the Onn 8 tablets, and there currently isn't a rooting guide for them,
I figured I'd write one since I finally got mine to boot with magisk.
DISCLAIMER: I AM NOT RESPONSIBLE FOR BRICKED DEVICES. CONSIDER BACKING YOUR DEVICE UP BEFORE FOLLOWING THE INSTRUCTIONS LISTED IN THIS POST.
I won't bore you with useless details, let's just get into how to root this thing.
TOOLS:
You're going to need your vbmeta.img file to flash. You can use the one I have attached below, or supply your own from your own device dumps. Either way, you're gonna need that.
You will also need EITHER, the stock boot.img file for your tab (mine is also attached), or a magisk patched boot.img file, which I'll show you how to create if you don't already have one.
You will also need ADB and Fastboot installed on your PC for your platform, as well.
A guide on how to obtain that is available here if you don't already have it.
CREATING PATCHED MAGISK BOOT.IMG:
On your device, install the magisk manager apk.
inside the app, click on Install magisk, and supply the app with your boot.img file.
It should then open a terminal and patch the boot file, and output it to your download folder.
Now you've got a rooted boot.img file for your device. Alternatively, you can use the one I've supplied at the bottom of this post.
FLASHING ROOT ON YOUR DEVICE:
Here's the part where things get interesting.
Copy the patched boot.img to your pc from your tablet, and save it somewhere you'll remember. (preferably the same place you saved your vbmeta.img file.)
You'll need to shut down your device, then power it into fastboot mode by holding Vol+ and Power at the same time. This should bring up a menu with three options: Recovery, Fastboot, And Normal.
You'll want to use Vol+ to scroll to fastboot, then press Vol- to select and boot into fastboot.
Connect your device to your pc and open your ADB and fastboot program.
In the command prompt, type "fastboot devices".
This should spit out the serial number of your device followed by the word "fastboot".
If there is no device present, make sure you have android USB drivers installed properly.
Given that your device is connected properly, type the following commands. (without the quotes.)
"fastboot flash --disable-verity --disable-verification --skip-reboot boot /path/to/your/magisk_boot.img"
then
"fastboot flash --disable-verity --disable-verification vbmeta /path/to/your/vbmeta.img"
If all goes well and you get no errors, you should be safe to reboot, and you should have root now!
Once booted, open Magisk, and you should see that V22 is installed and running. You can now install edxposed via the magisk module manager if you'd like xposed installed, since TWRP currently isnt available for this model and lots of android 10 devices don't support it.
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
Click to expand...
Click to collapse
NOTE: SAFETYNET CHECK DOES NOT PASS, WE'LL NEED TO LOOK INTO THAT.
I'm glad to see that there is finally a root solution for this device. I have 2 Onn 8 first gen, Android 9 tablets and I use the Magisk module: Universal SafetyNet Fix to
pass.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Let us all know if this works. I work in a Walmart electronics department and have not bought one of the 2nd gen devices because I had assumed that it could not be rooted. I am temped just for a new challenge, even though I really don't need a new device.
Have you been able to create a backup of the stock rom? Is it flashed with spflashtool like the older device?
Thanks
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
Ah, I didn't hit reply. Oops!
I'm not new to XDA persay, but I'm not usually the one making guides and actually saying things haha.
Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)
Boox17 said:
Doesn't seem to work for me
Keeps failing says
(remote: not allowed in locked state)
Click to expand...
Click to collapse
It sounds like maybe you did not unlock the bootloader first?
martyfender said:
It sounds like maybe you did not unlock the bootloader first?
Click to expand...
Click to collapse
Yeah exactly what it was
I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30
I'm stuck in a boot loop. Does this work with a 100011885 that has Android 11 or did I just brick it cause I didn't pay attention.
I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img
bowb said:
I think I have extracted the boot.img using spflashtool on the 100011885 with Android 11. abootimg seems to like it and I can extract the kernel and initrd.img I have tried booting with fastboot boot but it blackscreens the tablet. I have not tried re-flashing this image as I don't know if it will actually work.
start location and size
0x00000000085c0000
0x0000000002000000
boot.img
and another boot image found at
A5C0000
boot2.img
Click to expand...
Click to collapse
Did you get this working?
Valiante said:
Did you get this working?
Click to expand...
Click to collapse
No.
LaikaXv1 said:
I'll get the ROM backup uploaded to Google drive once I'm done updating windows.. it's taking forever, but I do have the dumps. Yes, spflashtool is what you'll need to flash the stock backup.
As for the magisk module, that seems to do the trick! Magist safetynet check reports a success for both basicIntegrity and ctsProfile.
Thanks for the tip!
Click to expand...
Click to collapse
did you happen to upload this image yet? if so, got a link?
I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?
pj_dev said:
I followed this guide for a ONN 100003561 (didn't look closely at the numbers) and this is what I get when trying to flash the vbmeta:
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (11520 KB) OKAY [ 0.287s]
Writing 'vbmeta' FAILED (remote: 'size too large')
I tried using a different vbmeta and when I restarted my tablet and got blank black screen. Tried twrp and now I can't get anything to work. Never tried rooting an Android device before, just trying to get all the annoying stuff off and now it looks like I bricked it.
Any advice from anyone?
Click to expand...
Click to collapse
Unfortunately, the numbers are important. Are you able to get to fastbootd? If you can get to fastbootd, I would recommend trying to change to boot slot. Newer androids actually have two boot partitions for updating purposes. You can check which boot partition you're using with `fastboot getvar current-slot` which should return "a" or "b". Then do `fastboot set-active x` and replace x with whichever slot is NOT active as determined by the previous command. If the other boot slot is still intact, this would hopefully result in a bootable device. I haven't tried this myself, but this is what I would try if I were in your situation.
If this doesn't work, I would try flashing stock with sp flash tool, which doesn't need fastboot if you can't access that. It's a leaked mediatek tool, so there isn't an official site to get it from unfortunately. I got it from here: https://androidmtk.com/smart-phone-flash-tool but use your discretion. And get v5, because that's what most of the guides use. Then you can try flashing the 3561 stock firmware here: https://forum.xda-developers.com/t/stock-stock-backups-images-otas.3998227/post-82619259
If you can get it to boot at this point and want to de-walmart it, I would recommend just flashing a GSI rather than messing around with the stock rom. You can find the GSI's here: https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list
LaikaXv1 said:
Here's a couple pics just showing I actually DID do this, and I'm not just ****posting or something
Click to expand...
Click to collapse
Lol, remember those copy-pasted guides where they provide the wrong TWRP images and it messes up the device
So the 8" Onn actually has a boot-ramdisk it appears. On the 7" Onn Surf (100005206), there is no boot-ramdisk, so the alternative is patching a recovery.img and allowing Magisk to hijack the /recovery partition. The only drawback is, anytime you need to reboot, using hardware keys as though booting into recovery is necessary.
inzane105 said:
I have a 100011886 that I got used and has FRP lock, will this process work on it as well? Only rooted Fire tablets before, so this would be new to me and if I brick it not much will be lost. But any insight as to what I will need that isn't included in your post would be great! It seems pretty thorough though.
Edit: I've tried it, and I have done pretty much everything thanks to being able to get to the browser with one of those language keyboard tricks, but I can't enable dev mode and turn on OEM unlock so I can't unlock the bootloader. Really want to know what to do so I don't have a paper weight At least it was only $30
Click to expand...
Click to collapse
I'm in a similar situation, my friend got an RCA Atlas 10 Pro-S from Goodwill for $1. It had an FRP lock on it though, and we ultimately managed to get to the home screen by enabling TalkBack and watching the support video to open the browser. Then, we installed Lawnchair to access the home screen. The settings app worked, but Developer Options would not open.
GetDroidTips has published a software called Miracle Box, claiming that it can unlock MediaTek bootloaders, as well as bypass FRP. However, a VirusTotal scan indicates that it is likely malware. I tried running it in a virtual machine and it asked if I wanted to run a process impersonating "svchost.exe" as Administrator. I airgapped the virtual machine, and Miracle Box said it needed Internet access for licensing, however GetDroidTips said it was free. I suspect that this was a fake software crack.
I am aware of a program called SP Flash Tool, but that won't work because I am on Linux, and not Windows. I doubt it would work under WINE, as it requires special device-specific drivers that also only work on Windows. I have a spare Lenovo IdeaPad 110-15ACL, however I don't have the drivers needed to set up Windows 7 on it. I could, of course, use Windows 10, but I have heard it is bad for flashing, and it is very slow anyway. (I did, however, buy an SSD for it, perhaps this will speed it up enough to be somewhat usable?)
I also found an open-source MediaTek exploit script called MTKTools. It did not work, and it told me to hold all hardware buttons before plugging the device in. It still did not detect the tablet. It told me that I could also short TP1 to ground, however I could not find Test Point 1 on the tablet's motherboard.
There are no custom recoveries or FRP unlocking guides for this device, likely because it's an obscure Android 7.1 tablet from back in 2014. I wouldnt be able to flash them anyway as the bootloader is locked. It has 2 GB of RAM and the processor cores are Cortex-A35s so I'm not sure that this is worth unlocking. On the other hand, it costs over $100 from Walmart.
I am worried that the device was stolen, as it had a password, and once I reset it from Recovery mode, it had an FRP lock. If it is indeed stolen, I can't return it, due to the "as is" nature of Goodwill, and besides, I have disassembled it several times as well. Should I be concerned about the ethical implications of unlocking this device?
Does this work on Android 11? I have the Onn. 100011885 model, according to my settings app.
Hi, folks!
I tried install LineageOS but something go wrong and my phone bricked. I read about MSM tool but I'm arch linux user i can't find alternatives for linux. Maybe someone help me figure out. Please don't judge me it's my first expiration with android.
I ran into the same issue when I flashed the OP8 rom over my OP8P tonight (Though not LineageOS), The following article seemed to help out.
[ROM][STOCK][FASTBOOT][OP8P] Stock Fastboot ROMs for OnePlus 8 Pro
Moderator Information This project is not under active development, take precautions when you are installing it. Things are changing with the advent of project treble and seamless updates. OnePlus will no longer release ROMs flashable via...
forum.xda-developers.com
I personally had to swap to my other slot using `fastboot --set-active=b` then using `fastboot reboot fastboot` to get into fastbootd for most of the commands to work. ( Fastbootd will be listed at the top of the screen )