Hi!
I would like to apologize, if I was unable to find a matching thread for my problem. I am rather new to Android and have great respect for unlocking and modding my device, but would like to do so. I own a TF300TL and are stopped at the very beginning. I am unable to find the matching TWRP for the device and would like to know, which would be the correct file, as I am afraid, that I could easily brick my device. Perhaps someone has done this with a TF300TL. At the moment, I have not yet unlocked the bootloader.
I have installed the latest stock rom on the device.
Do I have to flash the TG version of TWRP? And I am unsure, if I need -JB, -4.2? It is very difficult to understand.
Regards,
Matthias
xcommy said:
Hi!
I would like to apologize, if I was unable to find a matching thread for my problem. I am rather new to Android and have great respect for unlocking and modding my device, but would like to do so. I own a TF300TL and are stopped at the very beginning. I am unable to find the matching TWRP for the device and would like to know, which would be the correct file, as I am afraid, that I could easily brick my device. Perhaps someone has done this with a TF300TL. At the moment, I have not yet unlocked the bootloader.
I have installed the latest stock rom on the device.
Do I have to flash the TG version of TWRP? And I am unsure, if I need -JB, -4.2? It is very difficult to understand.
Regards,
Matthias
Click to expand...
Click to collapse
Try going to the TWRP website then search by your device. The differences are clearly explained there. I have the 300 and I have the late July OTA, I beeline it's 10.1.6.25.1 ire something close to that. In any event I had to use the 4.2 version. Be sure to use the blob file and not the IMG file.
Sent from the Awesome Lone Star State where the law abiding carry guns and the criminals think twice.
Hello
I am aware that there isn't any warranty at all here that anything you do won't have negative effects on your phone. I've flashed quite a few roms on phones like the oneplus one, sony xperia sp, samsung galaxy core plus, nexus 5x, lg cookie, moto defy plus,... I've had tens of soft bricks, but never anything I couldn't recover from.
Anyways, I'm sick and tired of the laggy MiFavor UI on this phone, and would like to install CM13. I've an A2016G. I've seen some EU folk have issues with Tenfar's unlocking method, having hard bricked them since they can't get into a certain (EDL?) mode.
My question is this: if I read every thread and follow every step very carefully, is there a major risk my axon 2016G turns into a 450 euro paperweight? Is there perhaps another unlock method that's 99% secure?
Thank you
Jan
Hate to be that guy, but is there no-one with some knowledge around this?
Thanks.
Controllerboy said:
Hate to be that guy, but is there no-one with some knowledge around this?
Thanks.
Click to expand...
Click to collapse
Let me be the second guy, I'm amazed no one replied...
I'm in the same predicament; do I stay stock and use a great piece of hardware with crap software, or do I dare take the plunch and be able to make the phone as it ought to be at the risk of ending up with a very expensive paperweight...
What the hell did ZTE think when developing the A2017G model. And why is there after all these month no clear answer/procedure for this model. Is it that rarely used? How come there is no solution even though the firehose files are out there?
Hope someone finds a fullproof solutions soon....
Cheerz,
/Cacti
Verstuurd vanaf mijn ZTE A2017G met Tapatalk
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Unlocking your bootloader and Flashing CM13 is pretty easy and I don't really think there is much risk of permanently bricking your phone. However as of right now it really isn't worth the effort. I flashed CM 13 yesterday and it ran well, but the camera wasn't working so I decided to go back to the stock software. So unless you don't need the camera I'd skip flashing for now.
lag?
Controllerboy said:
Hello
I am aware that there isn't any warranty at all here that anything you do won't have negative effects on your phone. I've flashed quite a few roms on phones like the oneplus one, sony xperia sp, samsung galaxy core plus, nexus 5x, lg cookie, moto defy plus,... I've had tens of soft bricks, but never anything I couldn't recover from.
Anyways, I'm sick and tired of the laggy MiFavor UI on this phone, and would like to install CM13. I've an A2016G. I've seen some EU folk have issues with Tenfar's unlocking method, having hard bricked them since they can't get into a certain (EDL?) mode.
My question is this: if I read every thread and follow every step very carefully, is there a major risk my axon 2016G turns into a 450 euro paperweight? Is there perhaps another unlock method that's 99% secure?
Thank you
Jan
Click to expand...
Click to collapse
ok, where is this lag? I've been using it stock since I got it after the Note 7, which was very laggy, and have failed to notice any lag.
Zero lag here as well, buttery smooth at all times. Heads and shoulders above the Note 7 that I came from in terms of responsiveness and general performance.
Sent from my ZTE A2017 using Tapatalk
jawz101 said:
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Click to expand...
Click to collapse
On the US model, you can get an unlocked bootloader & all the trimmings without using tenfar's tool at all, although it's a bit more of a roundabout method.
Just unlocked mine working great.
Hi,
Just thought I'd add as I'm one of those who did end up in DFU mode permanently. I have a reasonable understanding of the issue at hand and I've been one of the few who have been vocal about not calling the current method safe of us.
My suggestion if you have a A2017G is not to bother using tenfar's tool unless you're willing to RMA or make use of your warranty. I'm not in a position where I can do that, but since most are there hasn't been much interest in a solution.
I don't have the firehose itself to begin working on fixing the issue, though I do have a rough idea of how do so using the partition table for TWRP but I don't think I have the time to learn how to put it all together myself. Particularly when I'm replacing my Axon 7 with a Mi Note 2.
What is needed is an unbrick tool, ZTE have made and released them for their own devices before, why they don't do that with Axon 7 is beyond me.
rendler said:
Zero lag here as well, buttery smooth at all times. Heads and shoulders above the Note 7 that I came from in terms of responsiveness and general performance.
Sent from my ZTE A2017 using Tapatalk
Click to expand...
Click to collapse
You must be using the US or CN model, because the EU model is laggy as hell. It's by far the laggiest ROM I used on a phone with high-end specs..
keessonnema said:
You must be using the US or CN model, because the EU model is laggy as hell. It's by far the laggiest ROM I used on a phone with high-end specs..
Click to expand...
Click to collapse
Yup, using Chinese model with 128GB of storage.
Sent from my ZTE A2017 using Tapatalk
Just my 2 cents having unlocked the bootloader on my A2017G. I used tenfar's tool to backup the boot and stock recovery images and flashed the TWRP recovery and didn't run into problems fortunately. I wouldn't recommend to flash the rooted boot.img by tenfar until (hopefully) we'll have a unbrick tool for the G version.
My recommendation ----- On the G version don't mess around with the bootloader! ----- My recommendation
I've been able to unlock the bootloader on B03, reflashed stock recovery with tenfar's tool and successfully updated to B05 from the SD card.
If you want root I recommend to go the unlock bootloader - flash SuperSU 3.65 route instead of flashing the pre-rooted boot.img from tenfar with a locked bootloader as chances of things going haywire seem to be greater with the second method on the G version.
In case you have any reservations I definitely recommend to wait for a unbrick method of the G version before you try any of this. If and when such a method will come is undetermined at this point in time.
@lag of G version: Can't confirm that on B05, everything running smooth so far. There are a few graphical glitches though (stock browser displaying left side first und has sometimes trouble to show the content fullscreen.
Pull down notification bar has double lined icon text slightly cut off on the bottom once you switch to landscape mode and pull down the notification bar.
jawz101 said:
I have the US model and I won't use tenfar's method on the phone for which it's intended. It's a questionable method
Click to expand...
Click to collapse
I've seen this said a couple of times (or maybe it's just you in different threads, I don't know), but I don't understand it. By its very nature, rooting your phone is "questionable". Why is tenfar's method/tool any worse than any other method or tool? Do you have some technical insight to provide (and if so, please do so) or is it just an opinion based on nothing? I certainly don't have any issue with the latter, but I find it odd that people without any technical expertise speak as if they're an authority of some kind.
rczrider said:
I've seen this said a couple of times (or maybe it's just you in different threads, I don't know), but I don't understand it. By its very nature, rooting your phone is "questionable". Why is tenfar's method/tool any worse than any other method or tool? Do you have some technical insight to provide (and if so, please do so) or is it just an opinion based on nothing? I certainly don't have any issue with the latter, but I find it odd that people without any technical expertise speak as if they're an authority of some kind.
Click to expand...
Click to collapse
It's probably me and a few others. Ok, answer me these questions:
What does the tool specifically modify on the phone?
What is a "firehose mbn" anyway? Tenfar mentioned it is how it gains access to the phone. I don't know if that is a tool to do so or if it's a file that gets put on the phone in a more permanent chipset-level storage only meant to be altered by Qualcomm or phone manufacturers. I'm find with replacing a recovery, kernel, ROM- the boot.img or anything lower than that is closed source for a reason. Probably because it's talking directly to the hardware and code at that lower level can circumvent anything in a kernel, recovery or ROM.
Would it affect Snapdragon SmartProtect?
https://www.qualcomm.com/products/snapdragon/security/smart-protect
Why do virus scanners call it a Windows trojan if it's an Android hack?
Yes, I call it questionable because I have questions. Since the file is encrypted you can't answer those questions for me. All I can gather is everyone who has used it has basically said "I used it and it did what I wanted it to do so it must be safe."
---------- Post added at 10:20 AM ---------- Previous post was at 09:46 AM ----------
@rczrider
Here are the posts in the thread by a security expert asking questions about the method.
http://forum.xda-developers.com/search.php?searchid=430010789
Here is tenfar's response to him
http://forum.xda-developers.com/axo...r-unlokced-t3441204/post68301899#post68301899
Here's a post from him on ZTEUSA
https://community.zteusa.com/message/50425
Here's a blog post he made about it
https://blog.onedefence.com/signed-firehose-images-and-why-theyre-dangerous/?pk_campaign=zte-forums
jawz101 said:
It's probably me and a few others. Ok, answer me these questions:
What does the tool specifically modify on the phone?
What is a "firehose mbn" anyway? Tenfar mentioned it is how it gains access to the phone. I don't know if that is a tool to do so or if it's a file that gets put on the phone in a more permanent chipset-level storage only meant to be altered by Qualcomm or phone manufacturers. I'm find with replacing a recovery, kernel, ROM- the boot.img or anything lower than that is closed source for a reason. Probably because it's talking directly to the hardware and code at that lower level can circumvent anything in a kernel, recovery or ROM.
Would it affect Snapdragon SmartProtect?
https://www.qualcomm.com/products/snapdragon/security/smart-protect
Why do virus scanners call it a Windows trojan if it's an Android hack?
Yes, I call it questionable because I have questions. Since the file is encrypted you can't answer those questions for me. All I can gather is everyone who has used it has basically said "I used it and it did what I wanted it to do so it must be safe."
---------- Post added at 10:20 AM ---------- Previous post was at 09:46 AM ----------
@rczrider
Here are the posts in the thread by a security expert asking questions about the method.
http://forum.xda-developers.com/search.php?searchid=430010789
Here is tenfar's response to him
http://forum.xda-developers.com/axo...r-unlokced-t3441204/post68301899#post68301899
Here's a post from him on ZTEUSA
https://community.zteusa.com/message/50425
Here's a blog post he made about it
https://blog.onedefence.com/signed-firehose-images-and-why-theyre-dangerous/?pk_campaign=zte-forums
Click to expand...
Click to collapse
OK, It would be nice if people would inform themselves about this but unfortunately this is the state of XDA now... so here we go
- Firehose is a protocol used to communicate to the qcom chipset directly at a level lower than OS. Since there are security measures in place, in order to talk to it you need a signed firehose withe a coresponding certificate that is burned into the SBL. This is what ZTE uses to directly flash the units at factory and can also be used at repair centers. Tenfar is in possession of such a file and his flasher utilizes it to write modified boot and recovery that would otherwise be discarded by SoC's security protocols. Since it's obfuscated code to hide the firehose plus in addition uses comm libs and code that probably reads and writes other files, it is no wonder it gets flagged by AV software. I had ODIN flagged by Avast once.
- The boot.img is not closed-source, it is actually kernel and ramdisk and can be unpacked so you can see what's inside. It can be compared to stock as well and in fact that is exactly what his are, patched stock boot images. The boot image has been patched in order to allow the modified boot img with root to boot since SecureBoot is still in place due to locked bootloader. In addition is modifies SE Linux to allow root to run. And that brings us to why this tool exists in the first place. It is to allow you to bypass SecureBoot and have root and was created in the period before unlock method was provided by ZTE. It is still the only method to use on non-US model. It is a hack tool by definition and has made development on this phone move ahead way further then it would.
- The security concerns raised were more along the line of how bad it is that the signed firehose is in the wild, not so much to what tenfars tool does or how it does it. The expert even wanted the firehose to be posted on the forum(SMH), which tenfar refused since he did not wanted it to spread and hence obfuscated the code. The signed firehose would present a security vulnerability if someone came in physical contact with your phone since they could dump data or load something on it without your knowledge, as pointed out on the sec blog and other posts, but it has nothing to do with whether you use tenfars tool or not.
- Smart Protect is an API feature that the an AV app would have to use, it exists in the SoC but does nothing on it's own so is irrelevant but i figured i'd clarify it (again)
Most either understand that or don't care. This is the XDA, where we break our warranties and bypass SafetyNet in order to have different emojis Thanks to tenfars tools i have noticed that ZTE has broken the FDE on their stock builds since TWRP was able to decode /data with default password even though it shouldn't. So in my book it's a net plus, at least i know how unsafe it is now.
xtermmin said:
On the US model, you can get an unlocked bootloader & all the trimmings without using tenfar's tool at all, although it's a bit more of a roundabout method.
Click to expand...
Click to collapse
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
And thank you @peramikic for the answer. I've been googling forever on the mbn stuff but never found much on what it exactly is save that it's a manufacturer's tool. This clears up a lot for me. My biggest concern was if an mbn was something that actually rewrites code on the chip itself. Sounds like it's just an external tool a manufacturer uses to put their image onto the phone.
jawz101 said:
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
And thank you @peramikic for the answer. I've been googling forever on the mbn stuff but never found much on what it exactly is save that it's a manufacturer's tool. This clears up a lot for me. My biggest concern was if an mbn was something that actually rewrites code on the chip itself. Sounds like it's just an external tool a manufacturer uses to put their image onto the phone.
Click to expand...
Click to collapse
No problem. The mbn itself is just a file format. In this case it has information about emmc partitions. It is also signed with proper certificate. That let's it talk to the chip and is pretty much just a low lever read/write interface.
As far as that method linked, it will work only if you are on the B20 release, US model only. The file looks for a particular build signature as well as partition signatures so it will not flash on anything else.
peramikic said:
No problem. The mbn itself is just a file format. In this case it has information about emmc partitions. It is also signed with proper certificate. That let's it talk to the chip and is pretty much just a low lever read/write interface.
As far as that method linked, it will work only if you are on the B20 release, US model only. The file looks for a particular build signature as well as partition signatures so it will not flash on anything else.
Click to expand...
Click to collapse
Yeah. At this point I think I'm too lazy to futz with downgrading, patching, then upgrading, and all that. Probably just go with the tenfar tool then 0_o
jawz101 said:
Would that be this method?
http://forum.xda-developers.com/axon-7/how-to/bootloader-unlock-t3437778/page1
Click to expand...
Click to collapse
Yeah, I used that method because I was already on B20, and my PC runs linux so :effort: to setup a Windows VM to use tenfar's tool. Using that (ZTE's official B20_Boot) and ZTE's official B20 image, you can have an unlocked BL and be on B29 without using tenfar's tool.
tl;dr: Whatever version you're on -> B20 -> B20_Boot -> unlock BL -> B20 -> OTA to B27 -> OTA to B29 (-> flash TWRP, SuperSU, whatever)
Hello XDA community,
This is my first post on here and I hope I'm not doing something wrong in terms of protocol, but I have a rough idea on finding a root for this phone that needs support and refining from you guys, the XDA community.
My idea is this: If we can find a way to downgrade the phone software back to before the December 2016 security patch, we can run a Dirty Cow root exploit (, which is ready to go on GitHub, ) to temp root this device (or any device, in theory). Once we have temp root, we could run a program like SunShine or whatever else to turn that temp root to perm root. (SunShine currently says that, to full root this device, it needs some kind of temp root.)
Now going back to the first part about downgrading the software to before the December 2016 security update, I initially thought we could achieve this through mfastboot or RSD Lite, since they allow flashing of officially signed Motorola firmwares. However, I read that when upgrading the Moto Z, and presumably all other variants, from Android MM to Android N, the (locked) bootloader is updated, too, and will not allow downgrading, resulting in a prevalidaton error. This is where I need your help.
The question is: How can we downgrade the firmware back to MM, or some other before-December firmware, to use Dirty Cow for root. Please leave ANY suggestions in the comments.
Thank you for your time and help. I have faith that we will be able to solve this together.
I don't think you can downgrade. But i've been running this for the past 9 or so months to prevent the forced updates: https://forum.xda-developers.com/moto-z-play/themes/app-moto-z-play-apps-stop-ota-motocare-t3538812
(no idea if that would work on the z force)
Well I know there are many videos on YouTube claiming to downgrade certain Moto devices through RSD Lite or mfastboot for different budget Moto devices, but I suspect they are all fake. Nonetheless, I hope there is a legitimate way to downgrade.
I forgot to mention that if you can get a replacement Moto Z Force from Verizon, which is very easy to do in my area, they ship you a refurbished replacement, which runs marshmallow and has no updates installed, but I don't have the opportunity to get another replacement, so for anyone else, that's one way you could "downgrade" and try Dirty Cow to root the device.
I'm just going by this topic https://forum.xda-developers.com/moto-z/how-to/dont-upgrade-to-nougat-ota-t3524456
but i don't really know for sure
Wow. Now I wish I'd known about this MUCH sooner. Its too late for me. Well, in that case, try to see if you can revert back to marshmallow if you unofficially upgraded to nougat and check what month of security patches you are on. If it's before the December 2016 security patch, then you can run Dirty Cow and get temporary root. With temp root you can most likely find a way to make it permanent root.
Hi everyone, I want to clarify one thing before saying the possible method, I had this device but now no longer because I had to lend it so I can't test it but when I read this method I immediately thought to see if it works on K10, if someone tries it and then it works, please tell them it could be useful to find a way to exploit the bootloader.
The guide is a root method for some MediaTek chipsets and the K10 one should be included.
Link for the guide:https://forum.xda-developers.com/android/development/amazing-temp-root-mediatek-armv8-t3922213
XRed_CubeX said:
Hi everyone, I want to clarify one thing before saying the possible method, I had this device but now no longer because I had to lend it so I can't test it but when I read this method I immediately thought to see if it works on K10, if someone tries it and then it works, please tell them it could be useful to find a way to exploit the bootloader.
The guide is a root method for some MediaTek chipsets and the K10 one should be included.
Link for the guide:https://forum.xda-developers.com/android/development/amazing-temp-root-mediatek-armv8-t3922213
Click to expand...
Click to collapse
Seems to be working... Knocking on wood...
https://forum.xda-developers.com/lg-k10/how-to/finally-root-lg-k10-2017-m250-t3935581
This most likely will help you to restore that laf partition or yours... :good:
???
I have mentioned this at 4pda.ru forum. There is some that have now confirmed it working.
http://4pda.ru/forum/index.php?s=&showtopic=797785&view=findpost&p=85796151
My nothing ... the phone I lent it, having had the Xiaomi Mi A2 and being satisfied, I lent my K10 but wandering around for root exploits and bootloaders for the Meizu, I found this and thought, "Come on , let me share this guide in the K10 forum I could help people who haven't had the luck to switch phones but at least find exploits and put Android Pie on K10 "eeee, something happened, I read threads and I saw on the forums people who have successfully rooted, this will greatly help the exploit search for the K10 bootloader.
>Come on , let me share this guide in the K10 forum I could help people
That is what these forums are all about... most annoying thing is when
some first ask for help and then after receiving guidance just say "i figured
it out, this thread can be closed". WTF, come ooon... at least one should say
what helped if nothing else...
So, you have lent it. Still. it's probably nicer to have if it's fully functional, receiving updates, etc...
Mine has still Nougat in it. Haven't used it that much and there is some posts that the latest
updates makes it to drain the battery. But it might be because some mix these firmwares,
m250n into m250ds or whatever... IDK...
Deleted
CXZa said:
>Come on , let me share this guide in the K10 forum I could help people
That is what these forums are all about... most annoying thing is when
some first ask for help and then after receiving guidance just say "i figured
it out, this thread can be closed". WTF, come ooon... at least one should say
what helped if nothing else...
So, you have lent it. Still. it's probably nicer to have if it's fully functional, receiving updates, etc...
Mine has still Nougat in it. Haven't used it that much and there is some posts that the latest
updates makes it to drain the battery. But it might be because some mix these firmwares,
m250n into m250ds or whatever... IDK...
Click to expand...
Click to collapse
can you tell me specifically what is the model of your rom? if it is the original rom that came in it. type "M250DS10a" or "M250DS10d" and etc?
The mine is m250N
XRed_CubeX said:
The mine is m250N
Click to expand...
Click to collapse
Same here...
But now forgive me if I go off-topic, a few months ago, around February, I bought the Xiaomi Mi A2, a whole other universe compared to the K10, the stock of the Mi A2 is not one of those poorly bugged but the custom roms have saved my phone from various problems, this means that if you manage to unlock the k10 FORSE bootloader the k10 MAY save the k10. Unfortunately I can't experiment, otherwise I'd be here to experiment.