Better Mobile App

Reinstall/Install MM/N on WiFi/LTE YOGA BOOK

This is the stock Rom of N & M for Yoga Book LTE & WIFI for the needers
if any dev want to help me developing a dual boot for Yoga Book, just PM me or join Telegram Group for Yoga Book devs and users:
MOD EDIT: LINK REMOVED
Prees the Thanks button if that helps you​
How to install it:
Be careful, these steps will erase all your data on tablet and will downgrade rom (stock marshmallow)
First of all: read and understand all of the instructions.
1. Download the stock ROM
https://cloud.kolyandex.su/index.php/s/4WDt6ghOzHAyP4s (Nougat WiFi version)
https://easy-firmware.com/home/browse/category/id/19521/ (Marshmallo LTE version)
https://androidfilehost.com/?fid=817550096634799507 (Marshmallo WiFi version)
2. Extract it to some folder
3. Download Intel Platform Tool Lite from here: https://01.org/android-ia/downloads/intel-platform-flash-tool-lite
4. Install Intel Platform Tool Lite
4. Boot into fastboot mode
5. Run Intel Platform Tool Lite
6. Make sure your tablet is recognized by the tool (otherwise you need to enable USB-debug in Developer settings)
7. Select "flash_update_from_eng.json" from folder in (2)
8. Push "start to flash"
9. Wait... (You should check tablet's screen in order to lock/unlock bootloader (it should be locked after flash in order to install OTA updates))
10. Reboot tablet
11. Your keyboard might not work: that is normal (just use on-screen keyboard for now)
12. After initial setup: open Contacts app, create new one (if there are no contacts yet), tap search and enter ####6020#
13. Choose your region
14. Reboot
15. Setup again (now halo should work)
16. Go into settings -> about -> updates and update till the last version (may take several hours)
17. Say thanks for alexjustes for his Amazing Steps

Thank you so much for posting this!
Have you tried flashing this through @danjac's TWRP build? I know trying to restore any nandroid backup made after the OTA upgrade to Nougat results in a boot loop.

beltani said:
Thank you so much for posting this!
Have you tried flashing this through @danjac's TWRP build? I know trying to restore any nandroid backup made after the OTA upgrade to Nougat results in a boot loop.
Click to expand...
Click to collapse
Unfort. no, because i dont have a YB Android Version, i have win ver.

THE MAXIMUM POWER said:
Unfort. no, because i dont have a YB Android Version, i have win ver.
Click to expand...
Click to collapse
I'm 99% sure this isn't flashable in custom recovery, at least without some modification and repackaging. It's a package designed for Intel Phone Flash Tools.
Still a huge asset, though, so thanks again!

beltani said:
I'm 99% sure this isn't flashable in custom recovery, at least without some modification and repackaging. It's a package designed for Intel Phone Flash Tools.
Still a huge asset, though, so thanks again!
Click to expand...
Click to collapse
Same, it can only flashed through fastboot mode

I got myself into quite the pickle today. I've been considering selling my Yogabook to switch to a Chromebook 2-in-1. I wanted to get the device back to as full vanilla as possible. I "thought" the first step was to lock the bootloader again and then do a full factory reset, apparently not... After booting back up from locking the bootloader I kept getting an Intel "bootloader error code 01" and Android would not start. It would take me to fastboot mode on it's own but I was unable to use the power button to make a selection and the device would just power off after 5 minutes. Thankfully from there or fore powering off I could hold Volume up on startup and get to fastboot manually or recovery. It being in a locked state now though I couldn't do much of anything else, no flashing anything other than loader, no format, no erase, and TWRP was not able to be booted.
Anyway I finally read a post about DNX mode and how to get to it, but nothing on how to really use it or any decent information imho. After finally finding some users on another part of the forum discussing a DNX flashing tool made for their devices HTC I went searching for a tool for the Lenovo. Lenovo has nothing for this (shame on you Lenovo!) but Intel does have it and it can be used with the recovery image posted above in this thread (and I assume all the others running around). And here is the URL for the tool
https://01.org/android-ia/downloads/intel-platform-flash-tool-lite
You just have to load a valid JSON file containing the proper config information for the ROM you are flashing iwithin the Intel tool. For this particular version of the ROM I did have to modify the "flash_recover_dnx.json" file to remove this section
Code:
{
"duration" : 5000,
"restrict" : null,
"tool" : "sleep"
},
Otherwise the flash tool would not load it due to the a bad tool from this JSON config named "tool". No other changes to the settings of the Intel flashing tool were needed.
Just click "Start to Flash" and once it was done all was well. Took a little over five minutes, it unlocked, flashed, and locked the device again itself.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
No more Intel error stating the device isn't secure every reboot. I did lose all my data that was on it doing this but I wasn't worried about that going into it.
After initial setup in Android I did have to do the trick noted here to get the Halo keyboard working again which then required initial setup once more.
Hope this helps others.

@MarkAllen, thank you for your valuable information. This will help people unbrick their devices.

MarkAllen said:
I got myself into quite the pickle today. I've been considering selling my Yogabook to switch to a Chromebook 2-in-1. I wanted to get the device back to as full vanilla as possible. I "thought" the first step was to lock the bootloader again and then do a full factory reset, apparently not... After booting back up from locking the bootloader I kept getting an Intel "bootloader error code 01" and Android would not start. It would take me to fastboot mode on it's own but I was unable to use the power button to make a selection and the device would just power off after 5 minutes. Thankfully from there or fore powering off I could hold Volume up on startup and get to fastboot manually or recovery. It being in a locked state now though I couldn't do much of anything else, no flashing anything other than loader, no format, no erase, and TWRP was not able to be booted.
Anyway I finally read a post about DNX mode and how to get to it, but nothing on how to really use it or any decent information imho. After finally finding some users on another part of the forum discussing a DNX flashing tool made for their devices HTC I went searching for a tool for the Lenovo. Lenovo has nothing for this (shame on you Lenovo!) but Intel does have it and it can be used with the recovery image posted above in this thread (and I assume all the others running around). And here is the URL for the tool
https://01.org/android-ia/downloads/intel-platform-flash-tool-lite
You just have to load a valid JSON file containing the proper config information for the ROM you are flashing iwithin the Intel tool. For this particular version of the ROM I did have to modify the "flash_recover_dnx.json" file to remove this section
Code:
{
"duration" : 5000,
"restrict" : null,
"tool" : "sleep"
},
Otherwise the flash tool would not load it due to the a bad tool from this JSON config named "tool". No other changes to the settings of the Intel flashing tool were needed.
Just click "Start to Flash" and once it was done all was well. Took a little over five minutes, it unlocked, flashed, and locked the device again itself.
No more Intel error stating the device isn't secure every reboot. I did lose all my data that was on it doing this but I wasn't worried about that going into it.
After initial setup in Android I did have to do the trick noted here to get the Halo keyboard working again which then required initial setup once more.
Hope this helps others.
Click to expand...
Click to collapse
Thank You for the INFOS

The tool does not recognized my device
Please help to flash my yoga book.

Got these with the stock .json file as described above:
06/18/18 12:00:01.188 ERROR : No description value in command sleep
06/18/18 12:00:01.188 ERROR : Cannot create command with tool "sleep"
06/18/18 12:00:01.188 ERROR : Tool sleep not found or invalid tool configuration
Opened that file in notepad and deleted the sleep section - started flashing.
The usb drivers are definitely required, I lost the connection because they weren't loaded. I installed them and refreshed device manager and she started receiving the flash.
Used Win7 to flash also, the intel page says its not supported.
Flash success and locked bootloader after entering the country code - thanks very much all!

jeitana said:
Please help to flash my yoga book.
Click to expand...
Click to collapse
Try installing Android SDK drivers in you PC

Guys, if anyone faced a Probleme during his way to flash the ROM, PLZ tell me the problems with More Details

_Deeb0_ said:
Got these with the stock .json file as described above:
06/18/18 12:00:01.188 ERROR : No description value in command sleep
06/18/18 12:00:01.188 ERROR : Cannot create command with tool "sleep"
06/18/18 12:00:01.188 ERROR : Tool sleep not found or invalid tool configuration
Opened that file in notepad and deleted the sleep section - started flashing.
The usb drivers are definitely required, I lost the connection because they weren't loaded. I installed them and refreshed device manager and she started receiving the flash.
Used Win7 to flash also, the intel page says its not supported.
Flash success and locked bootloader after entering the country code - thanks very much all!
Click to expand...
Click to collapse

Is this compatible with the Yoga Book A12?

I have been away for a while. Why should I want to install this rom?

Ok I wanted to reset this tablet because the SystemUI ap was using %25 of the cpu constantly, I do not know when and hopw this piece of **** got to that level of crappy update, must be some google crap
- Can I unlock the OEM bootloader?
- Can I still use the twrp->Magisk method to root this?
thanks

Shawnki91 said:
Is this compatible with the Yoga Book A12?
Click to expand...
Click to collapse
Sorry but no

hajkan said:
I have been away for a while. Why should I want to install this rom?
Click to expand...
Click to collapse
No Need to reinstall this Rom if you have already your System, both are 100 % same

hajkan said:
Ok I wanted to reset this tablet because the SystemUI ap was using %25 of the cpu constantly, I do not know when and hopw this piece of **** got to that level of crappy update, must be some google crap
- Can I unlock the OEM bootloader?
- Can I still use the twrp->Magisk method to root this?
thanks
Click to expand...
Click to collapse
Reinstall the Rom will fix this, but doing factory reset will fix this too

In case anyone wants the wifi only M firmware here it is https://androidfilehost.com/?fid=817550096634799507

[GUIDE] How to unlock the bootloader of Nokia 4.2

WARNING!
THIS GUIDE REQUIRES DISASSEMBLY, SO YOU WILL DEFINITELY LOSE THE WARRANTY!
DO IT AT YOUR OWN RISK!
If you want to repost this guide to other websites, please let me know before you repost.
For Chinese users: 中文版教程将会在dospy发布。
Click to expand...
Click to collapse
UPDATE: I've updated the new tool for unlocking the phone without understanding how to utilize such long commands.
You can watch the demonstration here: https://youtu.be/whrFsn8h7A4
Click to expand...
Click to collapse
So after I got a Nokia 4.2 prototype by opportunity, I just found the theory of bootloader unlocking.
Tricking development options for allowing "OEM unlocking" no longer works on latest security update.
What you need to have:
- a Nokia 4.2 unit that you finished back cover and upper plastic shell removal
- tweezers, and probably a standard philips screwdriver
- QPST (use at least 2.7.474) or any other app that could access the EDL, and Qualcomm USB port drivers are installed
- Latest Google Platform Tools
- Full backup of your userdata
Step 1: Trigger the phone to EDL mode, then change the driver to "Qualcomm HS-USB QDLoader 9008"
Please take a look at the attachment below, about the location you need to use tweezers.
For Windows users:
If the driver is already indicated as "Qualcomm HS-USB QDLoader 9008", get to Step 2.
If the driver is indicated as either "QHSUSB__BULK" (For users who have installed Windows Device Recovery Tool before) or "Qualcomm HS-USB Diagnostics 9008", you must change the driver to "Qualcomm HS-USB QDLoader 9008".
After driver changed, you need to disconnect the phone, disconnect and reconnect the battery ribbon cable, then trigger the phone to EDL again.
I assume the COM port number is 8 (COM8).
Click to expand...
Click to collapse
Step 2: Write config partition
As we already know, config partition is also the frp partition.
You need to create a config partition image that has "OEM Unlocking" function enabled, which need to alter the last byte, then change the overall checksum to make the config file valid.
For your convenience, I've created one.
Now download and extract the attachment below.
Use QFIL included in QPST to load the firehose file. Choose "Flat Build" and choose the "prog_emmc_firehose_8937_ddr.mbn" you extracted from the attachment.
Choose "Tools" - "Partition Manager", then wait for the partition list appear.
As "Load Image" seems not reliable, we have to use command to write it manually.
For 64-bit Windows users, the command is:
Code:
"C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe" --port=\\.\COM8 --search_path=D:\path\to\where\you\extracted\N32_N42_unlock --sendimage=config.img --start_sector=16583680 --lun=0 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=emmc
If you use 32-bit Windows, you need to remove the " (x86)" (within space, without quotes) in the command above.
Step 3: Trigger the phone back to fastboot mode
Now hold the Volume down key, keep the phone connected, close the partition manager, then your phone will exit EDL mode and enter Fastboot mode directly.
Now check the unlock ability:
Code:
fastboot flashing get_unlock_ability
Expected output:
Code:
get_unlock_ability: 1
Step 4: Unlock the bootloader!
And you can unlock the bootloader with familiar commands.
Code:
fastboot flashing unlock_critical
Confirm unlock on the phone, then keep the volume down key pressed while the phone is erasing userdata.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Your phone will boot to fastboot mode again, and then:
Code:
fastboot flashing unlock
Confirm unlock on the phone again.
All done, that's how the bootloader is unlocked. You can reassemble the phone.
But strange enough, you can't see any unlock warning.
I will release boot image dumping guide and root guide very soon.
Special thanks:
Wingtech for leaking prototype units

why must Nokia insist on locking their devices down so hard ??
great discovery, will definitely be useful once TWRP is released. just curious, but SafetyNet is tripped with this, right?

Great!
Damn Nokia

I don't even own this phone but I kinda want to weigh in, are we seriously at this point? No honestly, Android as a whole was basically were dev focused iOS is locked down to hell and back here's freedom. Google has the Nexus line made for developers companies embraced it I remember there being multiple Google play editions of phones that ran stock Android. I'm happy we as a community can keep this alive but damn are companies trying to make it difficult to do something I want to do to a device I paid for and own. Samsung you can't root (save for sampwn and samfail) LG locked down bootloaders and gimped fastboot on some models (fastboot seriously?) Nokia now requiring you to take apart the freaking phone to achieve this, I'm half asleep and can't think of any other major brands at the moment. It's a joke. (Above root methods were mainly for US variants and TMobile variants of LG) something has to change I know it won't and I understand the reasoning behind it security and such but still. Sorry for the rant congrats OP on what you did I consider it magic but it's more you accomplished something I could only wish I could do.

Will it be possible to do without disassembly? Just in theory, not now

kir23rus said:
Will it be possible to do without disassembly? Just in theory, not now
Click to expand...
Click to collapse
Unwise to say no with absolute certainly, but doubtful

kir23rus said:
Will it be possible to do without disassembly? Just in theory, not now
Click to expand...
Click to collapse
I think it will be possible.
There's a hidden command in aboot "fastboot reboot-emergency" but unusable, unless some sort of authentication is done or bootloader unlocked.
I still don't know how the authentication is done yet, but it's definitely not something that average developers can access to.
That's why disassembly is required for now.

Very interesting breakthrough. Great work
I'm facing the same bootloader unlock in my infinix hot s 3. I believe I can use your procedure to unlock my device. And if necessary how to make changes to the config file? I will be expecting your reply soon. Thanks

Is it possible to explain how the config.img file is altered ? It might not be difficult to alter the last byte , but what does it mean to Change the overall checksum ? I have been trying to do something similar for a while , it would be great if you answered here or via PM , thank you

awab228 said:
Is it possible to explain how the config.img file is altered ? It might not be difficult to alter the last byte , but what does it mean to Change the overall checksum ? I have been trying to do something similar for a while , it would be great if you answered here or via PM , thank you
Click to expand...
Click to collapse
Fill first 32 bytes with 0x00, then calculate SHA256 checksum and paste the new checksum as hex value at the first 32 bytes.

hikari_calyx said:
Fill first 32 bytes with 0x00, then calculate SHA256 checksum and paste the new checksum as hex value at the first 32 bytes.
Click to expand...
Click to collapse
Thank you for taking the time to explain, great help and great effort, the last byte should be altered to 1 ? Or 0 ?

awab228 said:
Thank you for taking the time to explain, great help and great effort, the last byte should be altered to 1 ? Or 0 ?
Click to expand...
Click to collapse
1 for allow, 0 for disallow

do you have any fastboot rom or rawxml rom for this device ??
mine always reboot in bootloader mode.

malkabhai said:
do you have any fastboot rom or rawxml rom for this device ??
mine always reboot in bootloader mode.
Click to expand...
Click to collapse
We have full OTA zip of it.
You can use payload dumper + img2simg to convert it to fastboot images. If recovery mode working (including unofficial TWRP), you can also reboot your phone to recovery mode to sideload it.
PAN-141B-0-00WW-B03-update.zip

I was able to use "OEM Unlocking" from developer options and after starting at step 3, to obtain a full unlock. After I was also able to fully root my phone using the normal guide. I am running the latest security update (October 5 2019). No idea why this worked for me...

Hello,
I've got the Nokia 3.2 16gb variant. I can get it into edl mode but it seems to be in Sahara mode. How can I put it into firehose mode? Because I can't load anything using qfil.
Any help?

Missing pads
Any idea where these pads could be now? That does not seem to be there anymore?

Missing testpoint pads
piteer1 said:
Any idea where these pads could be now? That does not seem to be there anymore?
Click to expand...
Click to collapse
I has the same problem. Thanks in advance.

I don't see those test point in my mobile

Hi, does this work for Nokia 6.1 plus TA-1083? or do you have any trick for this too?
I am able to load phone in EDL Mode by making EDL Points short.
Just in case you read my comment, I have a emmc problem post, if you can help -
https://forum.xda-developers.com/nokia-6-1-plus/help/nokia-6-1-plus-edl-mode-emmc-failure-t4114507

[GUIDE] How to dump boot image and root Nokia 3.2 / 4.2

If you want to repost this guide to other websites, please let me know before you repost.
For Chinese users: 中文版教程将会在dospy发布。
Click to expand...
Click to collapse
So after you unlock the bootloader successfully, you definitely want to install custom ROM, or at least root the phone, right?
Here's the guide about rooting Nokia 3.2 / 4.2.
This guide could probably work on Nokia 6.2 / 7.2 in the future.
Step 1: Unlock the bootloader
https://forum.xda-developers.com/nokia-4-2/how-to/guide-how-to-unlock-bootloader-nokia-4-2-t3962402
For Nokia 3.2, you'll need to read this as well: https://forum.xda-developers.com/nokia-3-2/how-to/guide-how-to-trigger-nokia-3-2-to-edl-t3962841
Step 2: Acknowledge current slot
You have two methods.
Method 1: After USB debugging enabled, execute this command:
Code:
adb shell getprop ro.boot.slot_suffix
Method 2: Under fastboot mode, execute this command:
Code:
fastboot getvar current-slot
We assume the current slot is b.
Step 3: Trigger the phone to EDL mode again
There's a hidden command in aboot known as "fastboot reboot-emergency".
However, normal fastboot binary doesn't have that command at all, so we need to compile a binary or hack the binary.
For Windows users, I've provided the fastboot binary that can use this command, and I renamed it to edl-fastboot.exe. You can download it on the attachment below.
For macOS/Linux distro users, I'm afraid you have to fork the source code, edit related content and compile yourself.
So with this special version of fastboot binary, we can boot the phone to EDL mode directly:
Code:
edl-fastboot.exe reboot-emergency
But wait, why didn't you mention this command when you released bootloader unlock guide?
That's because, if you attempt to use this command under locked bootloader, bootloader will response "Permission denied, auth needed. " and refuse to proceed the command.
I don't know how the authentication is done yet, but it's definitely not something that average developers can access to.
Click to expand...
Click to collapse
Step 4: Use partition manager to dump the partition
If you've came so far when unlocking the bootloader, you have already know the great partition manager.
Still, we assume the COM port number is 8 (COM8).
When the partition list appears, find "boot_b" (or boot_a if the current slot is a), right click on it, choose "Manage Partition Data" and click "Read Data". Then fh_loader binary will dump the boot image to your PC.
For Windows users, it's located at
Code:
%AppData%\Qualcomm\QFIL\COMPORT_8
Where %AppData% is actually C:\Users\your_user_name\AppData\Roaming .
The filename looks like this: ReadData_emmc_Lun0_0x3a000_Len65536_DT_07_09_2019_13_55_54.bin
Now close the partition manager, your phone will exit EDL mode and boot normally.
If you're interested in dumping full eMMC storage, you may want to read this: https://forum.xda-developers.com/android/general/guide-how-to-dump-write-storage-t3949588
Step 5: Install Magisk Manager and patch the boot image you dumped
I think everyone who reading this guide knows where to download Magisk Manager.
Copy the boot image you dumped with QFIL to Download directory in your phone's internal storage, and rename it to boot.img for your convenience.
In case you don't know how to patch, read this guide: https://topjohnwu.github.io/Magisk/install.html#boot-image-patching
Step 6: Flash patched boot image and reinstall Magisk for ensurance
After you pulled patched boot image from your phone, reboot your phone to fastboot mode, then execute these commands:
Code:
fastboot flash boot magisk_patched.img
fastboot reboot
Note, temporarily boot method introduced back for old A/B devices like Nokia 7 Plus no longer works on Nokia 3.2 / 4.2 - it will boot your phone to Qualcomm 900E mode.
Once your phone booted to normal OS, open Magisk Manager, and reinstall Magisk and required runtime to make the root much more effective.
You may want to read this guide if you want to inherit root along with OTA update: https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation
Extra info about custom rom:
I've tested PHH-Treble GSI on Nokia 4.2 and it made me disappointed.
The vendor compatibility is worse than FIH made Android Phones.
You may want to read this for more details: https://github.com/phhusson/treble_experimentations/wiki/Nokia-4.2
Next preview: Stock firmware reinstallation guide. Note, Nokia 3.2 / 4.2 are not made by FIH, so OST LA no longer works on both devices.
Special thanks:
@topjohnwu for Magisk
Wingtech for leaking prototype units

Reserved

not detected
my pc doesn't detect the phone when its in edl mode. before people start asking I unlocked the bootloader by enabling oem unlock in the phone settings.

I have a TA-1156 (a 3.2 variant) that has a different mainboard layout. For quite a while, I tried in vain to bring it into EDL mode - until I just tried the fastboot command "flash unlock" which worked.
I guess I should have tried that right away as I did have the OEM unlocking option in the developer setup.
Anyway, now I'm unlocked but can't access the partitions with the QFIL partition manager. I suspect the phone expects a different programmer than prog_emmc_firehose_8937_ddr.
I can enter EDL mode easily now with the patched fastboot exe. The correct driver is active and QFIL detects the phone. However, as soon as I follow the instructions by setting the programmer, and then try to start the partition manager, the phone stops responding.
After a while, I get a "sahara" error about no reply from the phone.
I wonder if someone has a stock boot.img of the Nokia 3.2 (build 00EEA) lying around ...
Here is someone else's photo of the mainboard (I just realized that it's actually from hikari_calyx!) but on mine, the right one of the test points you marked in your 3.2 variant does not exist, so I edited it out in the photo:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

JFDee said:
Anyway, now I'm unlocked but can't access the partitions with the QFIL partition manager. I suspect the phone expects a different programmer than prog_emmc_firehose_8937_ddr.
Click to expand...
Click to collapse
My guess was right. Now I'm able to reply to myself with a solution.
I tried a different prog_emmc_firehose_8937_ddr than the one provided by @hikari_calyx in the unlock thread
There is a programmer with the same name in this firmware:
sprout-015B-0-00WW-B01 .rar
It's provided by @bouyhy01 in his rooting thread.
The size of the programmer file is slightly different:
Code:
hikari_calyx: 428,936 bytes
Firmware: 428,944 bytes
Long story short: the different programmer worked in QFIL, so the partition manager worked as well, I got my own boot image, patched, flashed and had root - finally ... Thanks for all the research work, hikari_calyx and bouyhy01 !
Attached is the working programmer file, in case anyone else stumbles upon the same problem. By the way, my phone has the October security patch installed which is currently the latest available.
View attachment prog_emmc_firehose_8937_ddr_from_fw.zip
.

JFDee said:
Here is someone else's photo of the mainboard (I just realized that it's actually from hikari_calyx!) but on mine, the right one of the test points you marked in your 3.2 variant does not exist, so I edited it out in the photo:
View attachment 4867461
Click to expand...
Click to collapse
I guess the only point can be connected to the ground, for example, the RF shield is grounded.
JFDee said:
Attached is the working programmer file, in case anyone else stumbles upon the same problem. By the way, my phone has the October security patch installed which is currently the latest available.
View attachment 4869373
.
Click to expand...
Click to collapse
Thanks for info. Mine Nokia 3.2 is a prototype unit, so I don't know the situation of other versions of Nokia 3.2.

Hello, I have tried this manual for rooting Nokia 4.2 with last security update of 5th of November. After 5 step (flashing patched boot image) my phone try to reboot and then asked for factory reset (Can't load android system - Your data may be corrupt). After making factory reset there were no root at all.
What can i do next ?
PS. It's strange enough when i download boot_b image it was 63.4 Mb snd when i have patched it by Magisk manager - the size od magisk_patched.img became 10.2 Mb

Moto E6S XT-2053-1 Unlock Bootloader, Disable Verity, ROOT Magisk, TWRP

I am perfom this Sorry for my english, I am from Ukraine
Download archive!
We unpack. Install the adb and mtk preloader drivers, if they are not installed, restart the computer.
In the smart, turn on the developers menu, in it - "Allow OEM unlock" and "USB debugging" and connect the smart to the computer.
We drop valuable photo data from the smart to the computer for any, and, without disconnecting the smart from the PC, run the script (with the phone connected to the PC and loaded into the android phone. Reboot_to_fastboot_getvar current-slot.bat (not from the admin, just click twice).
Smart will look like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
we allow - put a daw, ok. We are waiting for the smart to reboot into fastboot, when the barcode appears on the smart screen, before that we do not press anything in the script
I did the scripts step by step, after each operation in the script window, press enter to continue, and so on until each script is closed
We look at our current slot in the window and remember the letter - a or b:
In the script, press enter so that the smart reboots and the script closes.
Run flash_tool.exe, go to this tab and check the boxes, as in the screenshot:
So we consider the necessary versions of orig. files, so as not to download and sew a specific firmware version for this instruction.
(And best of all, all the checkboxes, except for system, vendor, userdata - they are not critical, if they are not removed, it will take up a lot of space on the computer up to +74 gb, but I did not put these checkboxes, there must be some risk and passion )
We press "Read Back" and only then we connect the switched off smart to the PC, we wait, at the end we disconnect the bodies, do not touch it: sveta:
Go to this tab, remove all checkboxes! And we only put on lk_ with the letter of a non-your slot that we looked at, for example, you had slot "a" - so we put a check on lk_b and vice versa :
Click "Download" and connect the switched off smart to the PC (it was already turned off: sveta
As it flashes, we close the USB flash drive window, disconnect and turn on the smart, after loading, we connect it to the PC again, we already run the script
Unlock_Moto_E6S.bat, wait until the body reboots into a fastboot (to the barcode on the screen) and only then press the input step by step to continue in the script until it is completely closed.
Everything, the bodies are unlocked. Now you can get an excellent and fast root from Magisk, try other firmware, unsubscribe which one is buggy, which one flies. I haven't tried yet. Now I will write how to flash orig. kernel with magisk root (attached magisk boot for xt2053-1 4/64 fw RETEU 288-60-6-29 https://mirrors.lolinet.com/firmware/moto/fiji/official/RETEU/
Additionally, there is a script in the folder to delete the message when loading that the bootloader is unlocked, it does not interfere much, but I deleted it. Since this is not important, I separated it from the main script, since I did not test it on different versions of the firmware, in theory it should work on all versions, you can try after unlock. Or throw off ROM_45 from your firmware, I'll remove it from it. I now have the latest firmware flashed, it is on the server, but for some reason it did not fly through the air. If you flash it, then you can safely delete the message from the bootloader with my script, there is a file from it)

I am flash in slot_b Android 12 GSI, work. And i have in slot_a original system

severagent007 said:
I am flash in slot_b Android 12 GSI, work. And i have in slot_a original system
Click to expand...
Click to collapse
dude!! followed all your steps and i now have a bootloader unlocked and rooted device. how did you figure out the lk and signature to unlock that??
proof attached below
Слава Украине!!!

can the mods move this to the moto e6s forum so we can spread the news?

luridphantom said:
can the mods move this to the moto e6s forum so we can spread the news?
Click to expand...
Click to collapse
I took the first firmware I got to try from here: https://4pda.to/forum/index.php?showtopic=892755
but the firmware itself is everywhere, for example here:
Generic System Image (GSI) list
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
DeveloperLuke Roms - Browse /GSIs at SourceForge.net
sourceforge.net
lolinet mirrors - firmware, software, iso etc.
lolinet mirrors - powered by h5ai
mirrors.lolinet.com
You can try to sew any GSI arm64 a/b from anywhere you find and choose the one you like, because smart supports Project Treble.
If you like one and will look cool and work firmware, post links here!

Tested it and it worked! Thanks a lot!
Now looking for delevoping some roms to this device

Im having a little problem, i tried to flash a GSI with "fastboot -u flash system gsi.img", the device didn't boot. Then i tried to flash the stock with the SP Flash Tool, and i throws an error (status_sec_dl_ forbidden), then i flashed it with Lenovo Rescue and Smart Assistant. I tried to flash via fastboot the patched magisk image but it throws an signature error.
Any help? Tha device still says that is unlocked

refrigerador67 said:
Im having a little problem, i tried to flash a GSI with "fastboot -u flash system gsi.img", the device didn't boot. Then i tried to flash the stock with the SP Flash Tool, and i throws an error (status_sec_dl_ forbidden), then i flashed it with Lenovo Rescue and Smart Assistant. I tried to flash via fastboot the patched magisk image but it throws an signature error.
Any help? Tha device still says that is unlocked
Click to expand...
Click to collapse
did you use the auth file that comes with sp flash tool? without that your device wont boot properly

Yes, i used the correct download agent and auth file

interesting, i followed all his steps and had no problem rooting it. try backtracking with his scripts again?

Solved it, also me and a developer are working on a new, more simple and automated script. Still haven't figured out how to flash the lk via script.
When is done i will post a complete guide in the moto e6s forums on how to do it, i think it might work well, but i would have to test in a non-unlocked device

Can someone please make a video with explanation, I didn't understand very well what is done, so I won't touch anything, but I thank those who record a video explaining it to me (I'm Brazilian)

Here you have a more straight forward guide, note that is still in testing
[GUIDE] How to unlock bootloader on E6s
Hello, in this guide i will show you how to unlock the bootloader on Moto E6s ;) (Sadly for now this guide is Windows only) CAUTION You are doing this AT YOUR OWN RISK! I will NOT take responsibility if you brick your device! Also, remember to...
forum.xda-developers.com

Excuse my ignorance, do you think it is compatible for the XT2053-5 model?

cannot use fastboot flash boot magiskboot.img
sign failed
partition flash is not allowed

hey is the moto e6+ twrp work on e6s

Alcatel 1B Stock ROM / SIM unlock / etc....

ALCATEL 1B MEGATHREAD
( veken/seoul/TCL L7)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
STOCK ROM
Download
How to flash
TWRP
-Developement is halted due to technical challenges
SIM UNLOCK / CARRIER UNLOCK
Download STOCK ROM from above
Extract it and install Hex editor
Open file radiokiller.xml in hex editor
Copy line with partition "simlock"
Paste it into the file rawprogram0.xml
Flash rawprogram0 with QFIL and use loader.bin as firehose
Unlock succesful
ALCATEL MOBILE UPGRADE REGION LOCK BYPASS
Alcatel Mobile Upgrade is region locked and wont let you update to the latest version outside of RU
To bypass this, edit traceability.bin from the stock rom above. Change IMEIHERE with random numbers (or your imei) and then change GOD-5002F-2BALCZ12 to any region you like... for example GOD-5002F-2AARU12 and copy traceability line from radiokiller.xml to rawprogram0, then flash with QFIL
UNLOCKING BOOTLOADER / ROOTING
For now, it is not possible... However mentions of secret key is spread all around the phone partitions (mainly abl file)
So if you have any experience editing bootloaders you can unlock....
DISCLAIMER
IM NOT RESPONSIBLE FOR DAMAGED DEVICES BECAUSE U DIDNT FOLLOW THE INSTRUCTIONS

yo if you can give me a stock recovery.img i can build TWRP

notnoelchannel said:
yo if you can give me a stock recovery.img i can build TWRP
Click to expand...
Click to collapse
Stock recovery img is in the stock rom (click the download button). I already had one guy do it for me but he had problems compiling, but you can try. Also we cant unlock the bootloader (yet)

Hello. When i write this room i have a bootloop. I have alcatel 1b 5002h. Anybody have a clear rom for this device? On alcatel webside they dont have the files for this model. Anybody help me?

viper9595 said:
Hello. When i write this room i have a bootloop. I have alcatel 1b 5002h. Anybody have a clear rom for this device? On alcatel webside they dont have the files for this model. Anybody help me?
Click to expand...
Click to collapse
5002h model isnt compatible, due to it having different components than other variants. If you want to fix it, dm me on telegram. t.me/xinux360 or message me here on xda
edit: It actually is compatible

deleted, posted second reply by mistake

Hi I'm Liberia but my phone is not working here

KashiNEC said:
SIM UNLOCK
Click to expand...
Click to collapse
I need my sim card unlock

Leovace Cassell said:
I need my sim card unlock
Click to expand...
Click to collapse
Which model is it and what carrier is it locked to? You can find the model number under the battery. It should be 5002.-..........

Leovace Cassell said:
I need my sim card unlock
Click to expand...
Click to collapse
Also this only works if the phone is carrier locked. For example if it was sold by ATaT and you will try to insert a T-Mobile sim it wont work.... This will not magically remove pin code from the simcard

I am overwhelmed with the many types of models referenced by system within the firmware included with the device. If you access the following paths from an example MiXplorer file explorer, you will understand what I mean.
1- Go to /system/media/video
There you will notice multimedia related to what appears to be part of a promotion for various device models: TCL L7 5102P, Optus X Sight, Smart P11, TELSTRA Essential Plus 3, Alcatel 1B
All of them relatively similar, just a search on the web for each of them and the specifications will vary, they are almost related.
2- Go to /system/aio_custom/resources
there you will notice a sea of directories with information on Alcatel 1B models and maybe other models mentioned above. You can see for yourself there will be around 764 folders for quite a while, some with alphanumeric names I will cite some examples as there are too many:
5002A, 5002B, 5002D, 5002E, 5002F, 5002H...

Something that I have noticed in common within the various models mentioned in the 1st directory is that there is no reference to unlocking the bootloader, much less TWRP or any custom Rom. TCL has taken security on these devices seriously by limiting and hiding many things, mainly disabling OEM unlocking.

Due to technical limitations, and no further interest from other developers, im stopping any developement for this phone...

I have an Alcatel 1B (2022) 5031g and i can't understand why when I boot into fastboot mode with
Code:
adb reboot bootloader
and try
Code:
fastboot devices
nothing shows up. It's a new phone. Can someone help?

KashiNEC said:
ALCATEL 1B MEGATHREAD
( veken/seoul/TCL L7)
View attachment 5653599
STOCK ROM
Download
How to flash
TWRP
-Developement is halted due to technical challenges
SIM UNLOCK / CARRIER UNLOCK
Download STOCK ROM from above
Extract it and install Hex editor
Open file radiokiller.xml in hex editor
Copy line with partition "simlock"
Paste it into the file rawprogram0.xml
Flash rawprogram0 with QFIL and use loader.bin as firehose
Unlock succesful
ALCATEL MOBILE UPGRADE REGION LOCK BYPASS
Alcatel Mobile Upgrade is region locked and wont let you update to the latest version outside of RU
To bypass this, edit traceability.bin from the stock rom above. Change IMEIHERE with random numbers (or your imei) and then change GOD-5002F-2BALCZ12 to any region you like... for example GOD-5002F-2AARU12 and copy traceability line from radiokiller.xml to rawprogram0, then flash with QFIL
UNLOCKING BOOTLOADER / ROOTING
For now, it is not possible... However mentions of secret key is spread all around the phone partitions (mainly abl file)
So if you have any experience editing bootloaders you can unlock....
DISCLAIMER
IM NOT RESPONSIBLE FOR DAMAGED DEVICES BECAUSE U DIDNT FOLLOW THE INSTRUCTIONS
Click to expand...
Click to collapse
When I connect the phone at the last step I can not find a port in QFIL when the phone is connected. When you boot the phone to connect to QFIL what menu are you in? I get nothing when I hold vol up + down + power, but when I hold Vol up + power until logo and then let go of the power and continue to hold Vol up, the only menu I can get to seems to be Android recovery with reboot system now, apply update from sd, factory reset, clear cache partition, and power off.
This is a 2020 1b... what am I missing here? Thanks, for your time.

When I connect the phone at the last step I can not find a port in QFIL when the phone is connected. When you boot the phone to connect to QFIL what menu are you in? I get nothing when I hold vol up + down + power, but when I hold Vol up + power until logo and then let go of the power and continue to hold Vol up, the only menu I can get to seems to be Android recovery with reboot system now, apply update from sd, factory reset, clear cache partition, and power off.
This is a 2020 1b... what am I missing here? Thanks, for your time.