Better Mobile App

[GUIDE] [11/06/14] HTCDev Unlock and Root/Return to Stock

Here are instructions on how to unlock and root your htc desire 610. These work for both models, but the files are for the AT&T version.
BEFORE WE BEGIN, SOME TERMINOLOGY:
Unlocked Bootloader: HTCDev website will help us do this. It's free. It allows you to flash a recovery and signed boot image, which we have. It does not allow you to flash unsigned images.
S-On: Security on. This is how our phones come stock. Htc will not allow us to flash unsigned images because of this.
S-off: once someone achieves this for us, it will allow us to modify anything and everything, signed or not. We can flash new boot image and radios without worry of version number or signature.
Root: Allows you "administrative access" to your device, to move files and do certain things. However, our phone also has...
System Write Protection: HTC included this in the kernel, and it basically means that unless you have a kernel or boot image that gets around it, any changes you make to the system partition (aside from flashing in recovery) won't stick through a reboot. Essentially they will be temporary in an effort to preserve the phone. We don't like this.
Now then, with that out of the way...
1) HTCDev Bootloader Unlock: Under "Select Your Device", scroll ALL THE WAY TO THE BOTTOM, and choose "All Other Supported Models". I know it works, because I just did it. IT WILL WIPE YOUR DEVICE DATA. If you want the data backed up beforehand, turn on USB Debugging and use this command through adb to make a backup:
Code:
adb backup -apk -shared -all -f C:\desirebackup.ab
2)Download ClearD's Root Tool V3(USE VERSION 2.1 BELOW, VERSION 3 DOESN'T WORK FOR MOST PEOPLE): After you have drivers installed for your desire (install htc sync, plug in your phone, then let them load, then uninstall htc sync), fastboot turned off in the battery options in settings, and USB debugging turned on through the hidden developers menu, read the disclaimer in red below, and download and run this exe on your Windows machine with your phone plugged in. It'll install twrp recovery 2.8.0.1, install the engineering boot image, install SuperSU and root, and then install jmz's system-unlocked kernel to make root work like it should. I'm still working out kinks, so if it doesn't work right the first time, run it a second time! Thanks go to jmz, deez_troy, AdriVelazquez, and chainfire for the pieces to make this work.
DISCLAIMER: ONCE YOU USE THIS TOOL, YOUR DEVICE WILL HAVE THE ROOTED ENGINEERING BOOT IMAGE, WHICH CANNOT BE REVERSED. THERE ARE NO SIDE EFFECTS TO THIS IMAGE EXCEPT THAT IT SHOWS A DISCLAIMER ON YOUR SPLASH SCREEN WHEN YOU BOOT THE PHONE. THIS CANNOT BE CHANGED UNTIL WE GAIN S-OFF, WHICH HAS BEEN ACCOMPLISHED, BUT IS NOT YET PUBLICLY AVAILABLE. IF YOU ARE OK WITH THIS, PROCEED.
IF V3 DOESN'T WORK, HERE IS VERSION 2.1: Download ClearD's Root Tool V2.1. THIS VERSION INSTALLS ENGINEERING BOOT IMAGE AND JMZ KERNEL.
Return to Stock (AT&T ONLY) :http://dl3.htc.com/application/RUU_...16_10.20.4187.00L_release_392486_signed_2.exe
This ruu will bring you back to complete stock, version 1.50.502.7. It has to be run through Windows, and you have to have a locked bootloader to run it. If you're unlocked, you can relock it in fastboot with the command:
Code:
fastboot oem lock
. Feel free to unlock it again after updating through the RUU. You can use your original unlock token or get it again through htcdev.
Older root tool version 1:
Download ClearD's Desire 610 Root Tool V1. This version does not contain the engineering boot image, and needs it to work fully, thus is buggy and probably won't root you with one click. It will fail to adb remount, which will fail to auto install the zip files in recovery. If you've already flashed the engineering boot image, then it will work properly without issue. Otherwise, it'll place the root zip files on your phone, but you'll have to flash them manually in recovery.
Click to expand...
Click to collapse
Old manual method:
2) Recovery: After you're unlocked, download TWRP recovery from this thread, rename the image file to "recovery.img", and flash through fastboot with the command:
Code:
fastboot flash recovery recovery.img
This will give you the official Team Win Recovery Project recovery for our device, which will allow you to root.
3) Insecure Boot Image and Root: Once you have recovery installed, the rest is easy. In recovery, if you try to reboot back into the rom, it will ask you if you wish to root. Select yes. It will do the rest I believe, and install SuperSU when you boot back into the rom. You'll also want to download and flash JMZ's insecure kernel, which unlocks the system file lock that htc places on their newer devices. Once flashed, you can then change system files and the changes will stick through reboots.
Click to expand...
Click to collapse
HTC Engineering Boot Image:
Once unlocked, download the root zip provided in this thread, then open it. We can't just flash the zip file because most of us have an updated rom version than the one it was intended for, and I'm not sure how to fix that. But no bother. Pull out the boot image file, and place it somewhere you can find it. I put it right in my MiniADB/Fastboot folder for easy access. Then, you need to flash it. Here's how:
Code:
fastboot flash boot boot_root.img
You'll then have an insecure boot image, and it will say so on your splash screen. Trust me, the words are pretty ominous.
To restore your backup you made before unlocking, use this in adb:
Code:
adb restore C:\desirebackup.ab
Click to expand...
Click to collapse
A few superstars are currently working on s-off, and this will be updated once that occurs.
Special thanks to:
-JMZ (Recovery and Kernel)
-Deez_Troy (officiating recovery)
-AdriVelazquez (Insecure boot image)
-Chainfire (SuperSu)

Also, to save this spot and before I forget it going to sleep tonight, I'm actually not sure if firewater or sunshine will work or not yet because I haven't gotten app root yet for them to function. I'll have to get that, then we'll try one or the other of those. /end thought
Edit: I do believe we will need the wp_mod to disable system write protection and allow su to stick before we continue. That'll allow us full root. Or, we could continue with a twrp build or a Clockworkmod build if someone can assist.

ClearD said:
Edit: I do believe we will need the wp_mod to disable system write protection and allow su to stick before we continue. That'll allow us full root. Or, we could continue with a twrp build or a Clockworkmod build if someone can assist.
Click to expand...
Click to collapse
I could help with that, but you will have to build, I currently don't have a cyanogenmod source around. I need outputs of:
cat /proc/emmc
mount
cat /system/build.prop #<-- root maybe required
and I need your stock recovery.img, try getting it from an ota, or using dd.
The kernel source for this phone is released, you don't need to use the wp_mod.

It is? Where did you find it released? And how would we go about getting system writable without wp_mod? I'm still trying to work out all the kinks and have never built from source.
The outputs you need should be in my dev info thread except for the build prop, but I can remount and pull that.

ClearD said:
It is? Where did you find it released? And how would we go about getting system writable without wp_mod? I'm still trying to work out all the kinks and have never built from source.
The outputs you need should be in my dev info thread except for the build prop, but I can remount and pull that.
Click to expand...
Click to collapse
? never built from source? You are RD!
http://www.htcdev.com/devcenter/downloads Filter device desire 610.
About the system write protection: https://github.com/dummie999/android_kernel_htc_z4u/commit/19626f6c38b56b715dcc0b005ec8b82ce8ca264a
Should work
Well, build.prop then,
Edit: I need your stock recovery. You can get this with:
Code:
dd if=/dev/block/mmcblk0p41 of=/path/to/file/recovery.img
But you'll need busybox installed.
Edit2: You play subwaysurf! :highfive:

dummie999 said:
? never built from source? You are RD!
http://www.htcdev.com/devcenter/downloads Filter device desire 610.
About the system write protection: https://github.com/dummie999/android_kernel_htc_z4u/commit/19626f6c38b56b715dcc0b005ec8b82ce8ca264a
Should work
Well, build.prop then,
Edit: I need your stock recovery. You can get this with:
Code:
dd if=/dev/block/mmcblk0p41 of=/path/to/file/recovery.img
But you'll need busybox installed.
Edit2: You play subwaysurf! :highfive:
Click to expand...
Click to collapse
I'll add this hear also since I was adding it to the rooted forum. But dummie999 is right.
AdriVelazquez said:
That logic is sound; however slight differences in the model maybe.
Currently in the M8 this file is located in block/blk-core.c, which has the following.
Code:
#ifdef CONFIG_MMC_MUST_PREVENT_WP_VIOLATION
sprintf(wp_ptn, "mmcblk0p%d", get_partition_num_by_name("system"));
if (!strcmp(bdevname(bio->bi_bdev, b), wp_ptn) && !board_mfg_mode() &&
(get_tamper_sf() == 1) && (bio->bi_rw & WRITE)) {
pr_info("blk-core: Attempt to write protected partition %s block %Lu \n",
bdevname(bio->bi_bdev, b), (unsigned long long)bio->bi_sector);
err = 0;
goto wp_end_io;
} else if (atomic_read(&emmc_reboot) && (bio->bi_rw & WRITE)) {
pr_info("%s: Attempt to write eMMC, %s block %Lu \n", current->comm,
bdevname(bio->bi_bdev, b), (unsigned long long)bio->bi_sector);
err = -EROFS;
goto wp_end_io;
}
#endif
That line of code will need to be intercepted at boot to allow permanent root.
I haven't checked recently, but is the source for desire 610 posted?
Click to expand...
Click to collapse
Also, you'll need to build from source for this.
Also, you can just create modules to intercept the data on boot, which would be easier.

AdriVelazquez said:
Also, you can just create modules to intercept the data on boot, which would be easier.
Click to expand...
Click to collapse
Lol, no I couldn't get that working , compiling from source was a lot easier, at least for my d500
Edit:
My company has actually done a lot of work with the desire 610 and HTC, unfortunately some proprietary. But other's aren't.
Click to expand...
Click to collapse
Just curious, where do you work?

I usually build from pre built stock, then change what I want through decompiling and recompiling, also do gui things and script things and theme things. This is new territory, but nothing I'm not uncomfortable doing by any means. I'll work on it tonight.
Also, those outputs were not from my device, but from an unlocked and s-off device of a friend lol. I noticed that also, but was too lazy to remove it.

ClearD said:
I usually build from pre built stock, then change what I want through decompiling and recompiling, also do gui things and script things and theme things. This is new territory, but nothing I'm not uncomfortable doing by any means. I'll work on it tonight.
Click to expand...
Click to collapse
Well, then I hope you have a linux pc/laptop somewhere around
Good luck!

dummie999 said:
Well, then I hope you have a linux pc/laptop somewhere around
Good luck!
Click to expand...
Click to collapse
One of each. we'll see what happens lol.

dummie999 said:
Lol, no I couldn't get that working , compiling from source was a lot easier, at least for my d500
Edit:
Just curious, where do you work?
Click to expand...
Click to collapse
Yonder Music. It's a new music streaming app.

ClearD said:
One of each. we'll see what happens lol.
Click to expand...
Click to collapse
http://xda-university.com/as-a-developer/getting-started-building-a-kernel-from-source before I forget. There is also a readme included with your download.
AdriVelazquez said:
Yonder Music. It's a new music streaming app.
Click to expand...
Click to collapse
Why do you make your devices S-off? (the thread in general)

dummie999 said:
http://xda-university.com/as-a-developer/getting-started-building-a-kernel-from-source before I forget. There is also a readme included with your download.
Why do you make your devices S-off? (the thread in general)
Click to expand...
Click to collapse
Instead of you paying a subscription fee every month, Yonder Music sells the app bundled with the phone which you have free streaming music for the lifetime of the device.
S-off let's us do all of that.

The only source code currently offered by HTC is:
Device Carrier Region Type Kernel Android Size Description
Desire 610
Vodafone
UK
CRC
3.4.0
v4.4.2 152 MB
1.29.161.2
Desire 610
Vodafone
CH GER
CRC
3.4.0
v4.4.2 155 MB
1.29.166.2
Any idea if either of those would work? :/

ClearD said:
The only source code currently offered by HTC is:
Device Carrier Region Type Kernel Android Size Description
Desire 610
Vodafone
UK
CRC
3.4.0
v4.4.2 152 MB
1.29.161.2
Desire 610
Vodafone
CH GER
CRC
3.4.0
v4.4.2 155 MB
1.29.166.2
Any idea if either of those would work? :/
Click to expand...
Click to collapse
They usually work, you just have to be sure that your software version (1.29.sth) matches. For example, if you are on 1.29.401.3, it should work. I'm not sure, but I think this usually is only a problem on high end smartphones (one m7&m8), because the carriers there modify the kernels of those devices.

Mine (and I assume others) are on 1.30.x.x

ClearD said:
Mine (and I assume others) are on 1.30.x.x
Click to expand...
Click to collapse
Try it anyway, it might work. For example:
On my phone, the kernel for 1.20 runs fine on 1.13 1.10 1.16, but it doesn't run on 1.26 1.32 1.34. You can't know if it works before you try it.

Root achieved thanks to jmz (confirmed on my unit after his) , s-off is being worked on (by pros, not by me). Jmz built us a twrp recovery that allows for an easy root. Hopefully it'll be released to the masses soon!

first post
Does this image works with At&t devices because I am running firmware 1.19.502.4 not sure if it would stop me from booting...I have attained root by using TWRP however nothing sticks whenever i restart my phone so I was hoping this would be a solution

Shattariff said:
Does this image works with At&t devices because I am running firmware 1.19.502.4 not sure if it would stop me from booting...I have attained root by using TWRP however nothing sticks whenever i restart my phone so I was hoping this would be a solution
Click to expand...
Click to collapse
Nope that wont fix it. I am working on a kernel that will solve that problem

VS98523A OTA Release

NOTE: This patch is only for upgrading from 12B to 23A. If you're currently on 10B or 11C, you'll need to upgrade to 12B before applying this patch. If wanted, I can upload those two patches as well.
Though there's already a thread about update 23A on the VS985, I figured an actual release of the OTA would warrant its own thread.
This is a release of the Verizon LG G3 5.0 OTA (VS98523A). The OTA package is unmodified (and probably couldn't be modified, at least easily, due to signing in the OTA package format). It was downloaded directly from Verizon's OTA servers. The OTA patch is only for version 12B; if you want to apply this upgrade and are running a version prior to 12B, you'll have to get to version 12B before applying the 23A patch.
You can download the package at http://downloads.codefi.re/autoprime/LG/LG_G3/VS985/LG_VS985_12B-23A.dlpkgfile.
UPDATE: I've uploaded all three OTA update packages (10B to 11C, 11C to 12B, and 12B to 23A) to http://downloads.codefi.re/illegalargument/LG_VS985/.
The package is in an odd format and it is rather difficult to extract files from it, as many of the updates are provided in diff patches. However, there is a relatively simple way to apply this OTA using VerizonHiddenMenu. Root access is required to run the VerizonHiddenMenu activity.
Download the OTA package from the link above.
Copy the package to your device as either /storage/sdcard0/SoftwareUpdate/23A.up or /storage/external_SD/SoftwareUpdate/23A.up (technically, the filename can vary as long as it ends in the .up extension and is one of those two locations).
Run the following command:
Code:
adb shell su -c "am start -n com.lge.VerizonHiddenMenu/.fota.DmcTestFotaMenu"
This will start the diagnostic FOTA menu from the Verizon Hidden Menu.
From here, click on the "Select Package" option, and then choose "23A.up" from the list.
Once you've selected the update package, choose the "Do update" option from the menu. This should apply the update and if all goes well, you'll wake up with 23A when it's all done.
That's all there is to it. Have fun!

Annnnnd here we go! Lol

Nice work!
We need a Guinea pig that is willing to stay on stock/unrooted/locked 5.0 in order to test downgrade ability via kdz/tot.... Not it!
So if anyone is up for initiating this ota via terminal, can you please do some additional work by testing out downgrading? I have a 12b kdz file link in my thread that you can flash back to in order to push the lp update again (if downgrading works).
*edit*, command requires root, so full roll back to 10b will be required. Stock unrooted 12b is SOL unless you roll back for this method.

Thanks .....

Thank you!
I was going to mention I might become a guinea pig, but I'm not quite that brave yet. Maybe I will be in the morning when I've had proper sleep, and depending on what I've got got on at work.
I just planned on testing keeping root with SuperSU's keep root option, but otherwise completely stock besides the hidden menu requirement.
Sent from my VK810 4G

Thank you! Finally!
Do you have to be on stock KitKat for this to work?

I, too, am very anxious to see what the "guinea pig's" result of a potential downgrade is....that ominous "security software version" seen in that screenshot that has been circulating has me a tad worried though tbh. Thankfully I've gotten all the g3's I need for right now and have rooted/unlocked then all....but there's one more I'd like to get in about ~10 months (don't ask, long story) and would like to be able to root/unlock it, so really hoping for the best here!
---------- Post added at 05:04 AM ---------- Previous post was at 05:03 AM ----------
luke24 said:
Thank you! Finally!
Do you have to be on stock KitKat for this to work?
Click to expand...
Click to collapse
You would need to be on stock KitKat w/ stock recovery, yes.

luke24 said:
Thank you! Finally!
Do you have to be on stock KitKat for this to work?
Click to expand...
Click to collapse
Yes completely stock. No modifications. A reminder that this will break any exploits we have so far for rooting, you've been warned. Please tread cautiously. [emoji106]
Sent from my VS985 4G using Tapatalk

skiman10 said:
Yes completely stock. No modifications. A reminder that this will break any exploits we have so far for rooting, you've been warned. Please tread cautiously. [emoji106]
Sent from my VS985 4G using Tapatalk
Click to expand...
Click to collapse
Yea I kinda thought so..
This is exciting, but I think I'm gonna wait too...

Someone correct me if I'm wrong - but as far as anyone knows, literally anything could happen if one upgraded to his 23A update and then attempted to kdz back to 12B (or 10B_01, for that matter) - up to an including anything ranging from the downgrade simply erroring in flash tool and not working and you being OK but totally "stuck" on stock LP for the foreseeable future.....to a potential hard brick of your device, right?? It's the latter possibility that definitely would scare the ****ahky mushrooms out of me LOL

IllegalArgument said:
Though there's already a thread about update 23A on the VS985, I figured an actual release of the OTA would warrant its own thread.
This is a release of the Verizon LG G3 5.0 OTA (VS98523A). The OTA package is unmodified (and probably couldn't be modified, at least easily, due to signing in the OTA package format). It was downloaded directly from Verizon's OTA servers.
You can download the package at http://downloads.codefi.re/autoprime/LG/LG_G3/VS985/LG_VS985_12B-23A.dlpkgfile.
The package is in an odd format and it is rather difficult to extract files from it, as many of the updates are provided in diff patches. However, there is a relatively simple way to apply this OTA using VerizonHiddenMenu. Root access is required to run the VerizonHiddenMenu activity.
Download the OTA package from the link above.
Copy the package to your device as either /storage/sdcard0/SoftwareUpdate/23A.up or /storage/external_SD/SoftwareUpdate/23A.up (technically, the filename can vary as long as it ends in the .up extension and is one of those two locations).
Run the following command:
Code:
adb shell su -c "am start -n com.lge.VerizonHiddenMenu/.fota.DmcTestFotaMenu"
This will start the diagnostic FOTA menu from the Verizon Hidden Menu.
From here, click on the "Select Package" option, and then choose "23A.up" from the list.
Once you've selected the update package, choose the "Do update" option from the menu. This should apply the update and if all goes well, you'll wake up with 23A when it's all done.
That's all there is to it. Have fun!
Click to expand...
Click to collapse
@IllegalArgument, thank you for the dlpkgfile patch. I'll use it to build a rooted 23A ROM.

hsbadr said:
@IllegalArgument, thank you for the dlpkgfile patch. I'll use it to build a rooted 23A ROM.
Click to expand...
Click to collapse
That would be awesome!!! Thanks!

ohlin5 said:
I, too, am very anxious to see what the "guinea pig's" result of a potential downgrade is....that ominous "security software version" seen in that screenshot that has been circulating has me a tad worried though tbh.
You would need to be on stock KitKat w/ stock recovery, yes.
Click to expand...
Click to collapse
Some info on that security software message
commoncriteriaportal.org/files/epfiles/st_vid10593-vr.pdf
niap-ccevs.org/st/Compliant.cfm?pid=10593
gsmarena.com/at_ts_lg_g3_is_receiving_the_android_50_lollipop_update_too-news-11143.php
TLDR: Basically, just its just a certification that all US varients have passed. Shows up in ATT version too, and ATT has confirmed rollback

mattd7591 said:
Some info on that security software message
commoncriteriaportal.org/files/epfiles/st_vid10593-vr.pdf
niap-ccevs.org/st/Compliant.cfm?pid=10593
gsmarena.com/at_ts_lg_g3_is_receiving_the_android_50_lollipop_update_too-news-11143.php
TLDR: Basically, just its just a certification that all US varients have passed. Shows up in ATT version too, and ATT has confirmed rollback
Click to expand...
Click to collapse
Interesting....well I still won't hold my breath given the things I've seen VZW do in the past, but thanks for the info, good find!

hot wings and beer explanation of wht this means...?????????????

great work

annoyingduck said:
Nice work!
We need a Guinea pig that is willing to stay on stock/unrooted/locked 5.0 in order to test downgrade ability via kdz/tot.... Not it!
So if anyone is up for initiating this ota via terminal, can you please do some additional work by testing out downgrading? I have a 12b kdz file link in my thread that you can flash back to in order to push the lp update again (if downgrading works).
Click to expand...
Click to collapse
I'd be willing to try it out and test the ability to downgrade but I won't be near a pc until 10 hours from now.

Error
IllegalArgument said:
Though there's already a thread about update 23A on the VS985, I figured an actual release of the OTA would warrant its own thread.
This is a release of the Verizon LG G3 5.0 OTA (VS98523A). The OTA package is unmodified (and probably couldn't be modified, at least easily, due to signing in the OTA package format). It was downloaded directly from Verizon's OTA servers.
You can download the package at http://downloads.codefi.re/autoprime/LG/LG_G3/VS985/LG_VS985_12B-23A.dlpkgfile.
The package is in an odd format and it is rather difficult to extract files from it, as many of the updates are provided in diff patches. However, there is a relatively simple way to apply this OTA using VerizonHiddenMenu. Root access is required to run the VerizonHiddenMenu activity.
Download the OTA package from the link above.
Copy the package to your device as either /storage/sdcard0/SoftwareUpdate/23A.up or /storage/external_SD/SoftwareUpdate/23A.up (technically, the filename can vary as long as it ends in the .up extension and is one of those two locations).
Run the following command:
Code:
adb shell su -c "am start -n com.lge.VerizonHiddenMenu/.fota.DmcTestFotaMenu"
This will start the diagnostic FOTA menu from the Verizon Hidden Menu.
From here, click on the "Select Package" option, and then choose "23A.up" from the list.
Once you've selected the update package, choose the "Do update" option from the menu. This should apply the update and if all goes well, you'll wake up with 23A when it's all done.
That's all there is to it. Have fun!
Click to expand...
Click to collapse
Quick question on this...
I did all of the above, am on software 10B rooted with StumpRoot, put the file in /storage/sdcard0/SoftwareUpdate/23A.up, but after selecting the file at "Select Package" it hangs for a few seconds, gives me a toast notification that reads "Download = 23A.up", but when I press Do Update it reads, "RESULT_NOT_EXECUTED". Screenshots of the progress included. Any reason I'm getting this message? I tried renaming the file to 23A.up on the device first, then on the PC, and both times moved the file to the directory in sdcard0 (which didn't exist, I created the "SoftwareUpdate" folder). I'd be very grateful if someone could help me out.
First pic is selecting the file, second is it hanging and then returning to the FOTA Test Menu, and the last is obviously the error. I really would appreciate some help on this. Thanks in advance.

KlausWillSeeYouNow said:
Quick question on this...
I did all of the above, am on software 10B rooted with StumpRoot, put the file in /storage/sdcard0/SoftwareUpdate/23A.up, but after selecting the file at "Select Package" it hangs for a few seconds, gives me a toast notification that reads "Download = 23A.up", but when I press Do Update it reads, "RESULT_NOT_EXECUTED". Screenshots of the progress included. Any reason I'm getting this message? I tried renaming the file to 23A.up on the device first, then on the PC, and both times moved the file to the directory in sdcard0 (which didn't exist, I created the "SoftwareUpdate" folder). I'd be very grateful if someone could help me out.
First pic is selecting the file, second is it hanging and then returning to the FOTA Test Menu, and the last is obviously the error. I really would appreciate some help on this. Thanks in advance.
Click to expand...
Click to collapse
Additional info: each time the device restarts after trying all of that (manual restart of me turning it off and on), it goes to the blue Software Update screen and gives "err: 0x1111004". Once again, help is greatly appreciated. Thanks in advance.

KlausWillSeeYouNow said:
Additional info: each time the device restarts after trying all of that (manual restart of me turning it off and on), it goes to the blue Software Update screen and gives "err: 0x1111004". Once again, help is greatly appreciated. Thanks in advance.
Click to expand...
Click to collapse
If I remember right, "err: 0x1111004" means that something in the system filesystem has been modified, so when the FOTA program goes to verify the status of all of the files it wants to update, it finds a mismatch between what it expects and what is actually there. Since many of the files are updated with diffs, it can't patch the file if it has been changed from what it was expecting to find. I had trouble with this when I modified my HotspotProvision.apk to enable tethering.
And now reading what you said again, I'm pretty sure the problem is simpler than that. The patch provided is only from 12B to 23A. If you're currently on 10B, you'll have to upgrade up to 12B first before applying the 23A patch. I'll edit the main post to clarify that, sorry for not doing so earlier. I did just check and didn't see any direct patches from 10B available, unfortunately. If you need the OTA patches for 10B to 11C and then 11C to 12B, I can get those for you as files that you can then just apply manually.

[SOLVED][REQUEST] Ideas for solving locked bootloader soft-brick

Hey guys, Kyuubi10 here again.
Recently I had an issue with my nexus 9, which is becoming increasingly common.
Where one can permanently soft-brick their nexus, for lack of ticking the "Enable OEM unlock" button, then bootlooping their device while locking their bootloader, thus making it impossible to reflash a system image through fastboot.
If you're lucky enough to still be able to access your custom recovery your device is still salvageable, but if as me you were performing a factory reimage when you locked your bootloader chances are that you have gone back to stock recovery, and only after realised that your OS was bootlooping.
From reading about it, I found out that it was virtually unrecoverable, unless you managed to keep your custom recovery, by either flashing a new system or if your recovery refuses to flash new system you can use this: http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539.
But in all of these cases you still need a custom recovery.
At the end most people gave up and either bought another device or used their warranty to replace their device (Which I am trying to attempt, if my warranty isn't completely voided.)
So, finally reaching the important point of this thread, I have had a couple ideas which could work to solve this issue but since I don't have enough knowledge I am unable to actually test the idea.
For the device to recognize the lock status of the device even without an OS present means that there must be a flag the bootloader reads. By reading further I found this. http://newandroidbook.com/Articles/Nexus9.html
This basecally explains that Nexus 9 has a partition called PST (Persist) whose only job is to provide the value of this flag. I was wondering whether it is possible by using Linux could get a more direct access to the partition and change its binary value to enable the "enable OEM unlock" variable (Described by fastboot as "Ability is 0").
I had this idea because one day when I bootlooped another device and ADB on windows failed to recognize the device I booted linux and used ADB from there. And the phone was reconized.
This works because Linux can view partitions with different filesystems, where as windowns can only see partitions which have been formatted into "Windows" partitions (e.g. FAT32, NTFS).
So in theory using a Linux OS to access the different partitions in Android should show up much more information, and give you better access. But apart from this I don't know much more. I will be testing this theory out in more detail. But I am challenging the more experienced contributors out there to help out in overcoming this issue!
Please, this is a real issue which is limiting newer nexus devices. If anyone has any new ideas please share by commenting, and lets help each other out to find a solution to this problem.

..

cam30era said:
@Kyuubi10
Have you seen this thread > http://forum.xda-developers.com/nexus-6/help/info-nexus-6-nexus-9-enable-oem-unlock-t3113539
Click to expand...
Click to collapse
Yes, in fact I have the same exact link in the OP.
But unfortunately as I have described my case is quite unique in which I don't have a custom recovery. This in turn means I have no access to ADB because no partitions are mounted.... I'm stuck with using fastboot for now.

Kyuubi10 said:
Yes, in fact I have the same exact link in the OP.
But unfortunately as I have described my case is quite unique in which I don't have a custom recovery. This in turn means I have no access to ADB because no partitions are mounted.... I'm stuck with using fastboot for now.
Click to expand...
Click to collapse
The March 25, 2016 Android N Beta should be able to save you: https://developer.android.com/preview/download-ota.html
It can be pushed via adb to a stock Nexus 9 even with a locked bootloader.

Halleyscomet said:
The March 25, 2016 Android N Beta should be able to save you: https://developer.android.com/preview/download-ota.html
It can be pushed via adb to a stock Nexus 9 even with a locked bootloader.
Click to expand...
Click to collapse
@Halleyscomet is very right, the N preview saved me from this problem, allowing me to enable OEM unlock and then go back to stock marshmallow.

Halleyscomet said:
The March 25, 2016 Android N Beta should be able to save you: https://developer.android.com/preview/download-ota.html
It can be pushed via adb to a stock Nexus 9 even with a locked bootloader.
Click to expand...
Click to collapse
defmetal96 said:
@Halleyscomet is very right, the N preview saved me from this problem, allowing me to enable OEM unlock and then go back to stock marshmallow.
Click to expand...
Click to collapse
Thank you guys for your reply!!
Unfortunately as described in my signature my N9 was stolen.
But I'll change the title of this thread to [SOLVED] so that others know where to find an answer.

Halleyscomet said:
The March 25, 2016 Android N Beta should be able to save you: https://developer.android.com/preview/download-ota.html
It can be pushed via adb to a stock Nexus 9 even with a locked bootloader.
Click to expand...
Click to collapse
Seriously, you are a lifesaver.
The simple fact that you can sideoad the preview and that it flashes system unconditionally saved my Nexus 9.
This infomation should be stickied because it is the only solution if you are stuck in between versions. I was on LMY48T and adb sideload of the correspondig OTA showed "unexpected content" (Error 7).
This allowed me to boot, and unlock OEM & bootloader.
Huge thanks!

angerized said:
Seriously, you are a lifesaver.
The simple fact that you can sideoad the preview and that it flashes system unconditionally saved my Nexus 9.
This infomation should be stickied because it is the only solution if you are stuck in between versions. I was on LMY48T and adb sideload of the correspondig OTA showed "unexpected content" (Error 7).
This allowed me to boot, and unlock OEM & bootloader.
Huge thanks!
Click to expand...
Click to collapse
For that a Moderator needs to be made aware ) Let's try do that!

angerized said:
Seriously, you are a lifesaver.
The simple fact that you can sideoad the preview and that it flashes system unconditionally saved my Nexus 9.
This infomation should be stickied because it is the only solution if you are stuck in between versions. I was on LMY48T and adb sideload of the correspondig OTA showed "unexpected content" (Error 7).
This allowed me to boot, and unlock OEM & bootloader.
Huge thanks!
Click to expand...
Click to collapse
Any chance you still have this file? Doesn't seem to exist on the internet anymore.Having same issue.

joeish said:
Any chance you still have this file? Doesn't seem to exist on the internet anymore.Having same issue.
Click to expand...
Click to collapse
Hello,
I don't have this specific file anymore, but I think you can sideload the latest OTA from here:
Images OTA complètes pour les appareils Nexus et Pixel | Google Play services | Google for Developers
developers.google.com

[GUIDE] Bootloader Unlock

Can this brick your phone/void your warranty? Of course it could! I wouldn't be posting it on XDA if it couldn't!
TeutonJon78 said:
Just be aware that once you unlock, you won't get anymore OTA updates at the current moment, and there's not full factory images to fall back on. They will still try to push OTAs if anyone does this bootloader unlock method, but they will always fail due to version checking.
Click to expand...
Click to collapse
So as it stands right now, if you do this, you're not going to get further updates from ZTE, unless they change their stance.
Here's a method that should work for any brave souls. It's the method I used so far.
My understanding is this update only makes the required patches to allow the command fastboot oem unlock to actually unlock the bootloader. That being said, I do not know for sure that this is not specific to my phone's IMEI. If someone would supply me with the file/link they get from using adb shell logcat > ota.txt while checking for updates, then grep ota.txt | ZDMLog (if you use linux) or do a find for https:// in ota.txt it would be useful for this verification.
For microSD card method:
Take this (Thanks DrakenFX) or this file and put it in /sdcard/, making sure extension is .zip
Enable OEM unlock from the settings->development menu.
Reboot phone (or boot phone) while pressing volume up. This will get you into stock recovery. From here, apply update from SD card, P996A01B20Fastboot_ssl.zip
No microSD card method:
This may also be possible without an SD card using the adb sideload option in stock recovery and "adb sideload P996A01B20Fastboot_ssl.zip" on your desktop. If you are successful using this method, send me a PM so I can update this post.
Now if you reboot into bootloader (which you can do right from recovery), you will hopefully find that "fastboot oem unlock" actually brings up the bootloader unlock prompt on your phone.
You should be able to verify to this point as per below.
Without using the fastboot oem unlock command I have not lost any user data (but it's still a good idea to back it up!) If you do unlock, you will lose your data!

This method requires 20B to already be installed, correct? If so, is there a way to sideload the 20B update (so one can go from launch firmware -> sideloaded 20B -> sideloaded 20B_boot)? Juuuust in case ZTE puts out a 20C or something that blocks sideloading and renders "unofficial" bootloader unlock attempts like this invalid.

xtermmin said:
This method requires 20B to already be installed, correct? If so, is there a way to sideload the 20B update (so one can go from launch firmware -> sideloaded 20B -> sideloaded 20B_boot)? Juuuust in case ZTE puts out a 20C or something that blocks sideloading and renders "unofficial" bootloader unlock attempts like this invalid.
Click to expand...
Click to collapse
It does require 20B to be installed. It appears 20B can sideloaded as well. The only error message I received was 20B expects 20160624 or 20160707 (and I'm now at 20160805). Maybe someone can try to sideload 20B on 20B?

So looking through the update script, it seems to check for SHA1 matches for certain parts of the boot, system and recovery partitions. I'm not sure if the patch itself has content specific to an IMEI or if this is just a simple check to make sure the phone has the correct build installed.
Looking at this, it seems the purpose of the part of the script before # ---- start making changes here ---- is used to verify a correctly configured system, with no apparent relation to the IMEI. It looks like the script itself is completely generic, and the checks could probably be removed so this will work on any build. Now we just need another update package to compare the other content (fastboot.img, patch\boot.img.p, patch\recovery.img.p) with to see if they're generic as well. This makes me wonder if flashing fastboot.img alone is enough, as that's what is used to interface with the bootloader unlock.
Helpful references:
Built-in functions in update binary
range_sha1

dennis96411 said:
So looking through the update script, it seems to check for SHA1 matches for certain parts of the boot, system and recovery partitions. I'm not sure if the patch itself has content specific to an IMEI or if this is just a simple check to make sure the phone has the correct build installed.
Looking at this, it seems the purpose of the part of the script before # ---- start making changes here ---- is used to verify a correctly configured system, with no apparent relation to the IMEI. It looks like the script itself is completely generic, and the checks could probably be removed so this will work on any build. Now we just need another update package to compare the other content (fastboot.img, patch\boot.img.p, patch\recovery.img.p) with to see if they're generic as well. This makes me wonder if flashing fastboot.img alone is enough, as that's what is used to interface with the bootloader unlock.
Helpful references:
Built-in functions in update binary
range_sha1
Click to expand...
Click to collapse
Man I hope so, then the rest of the world can get a bootloader unlock even if ZTE won't unlock the bootloader for us.....

Has anyone captured 20B and has it for others to try?
My phone won't come until next week (first wave of grays), but I'll try capturing it if it's not already installed. We just have to wait 5 days

rczrider said:
Has anyone captured 20B and has it for others to try?
My phone won't come until next week (first wave of grays), but I'll try capturing it if it's not already installed. We just have to wait 5 days
Click to expand...
Click to collapse
I think this is it: http://forum.xda-developers.com/showpost.php?p=68109239&postcount=5
There are no full system images available for the US model yet, unfortunately.

xtermmin said:
I think this is it: http://forum.xda-developers.com/showpost.php?p=68109239&postcount=5
There are no full system images available for the US model yet, unfortunately.
Click to expand...
Click to collapse
So in theory, the process would be to sideload the 20B update, reboot, then sideload the file in the OP?
Hopefully someone will get around to testing this method (or at least the OP's file) before my phone comes next week, but if not, I'll do it first thing.

rczrider said:
So in theory, the process would be to sideload the 20B update, reboot, then sideload the file in the OP?
Hopefully someone will get around to testing this method (or at least the OP's file) before my phone comes next week, but if not, I'll do it first thing.
Click to expand...
Click to collapse
In theory, yes (You could also update to 20B normally, but good to have it as a backup). Hopefully 20B_Boot is not device-specific.

xtermmin said:
In theory, yes (You could also update to 20B normally, but good to have it as a backup). Hopefully 20B_Boot is not device-specific.
Click to expand...
Click to collapse
I assume the most likely outcome is that it simply wouldn't flash. Even so, I'm willing to be a bit reckless as I can just return the phone for new one (via the retailer, not ZTE)

rczrider said:
I assume the most likely outcome is that it simply wouldn't flash. Even so, I'm willing to be a bit reckless as I can just return the phone for new one (via the retailer, not ZTE)
Click to expand...
Click to collapse
Haha same but never dealt with B&H so we'll see how that goes. Still waiting for the grey one.
---------- Post added at 09:17 AM ---------- Previous post was at 09:16 AM ----------
So everyone should update to B20 as soon as possible and then not update to anything else.

reddrago said:
Haha same but never dealt with B&H so we'll see how that goes. Still waiting for the grey one..
Click to expand...
Click to collapse
They're fantastic. 30-day (from delivery) no-questions-asked return policy on smartphones. If there's an actual problem with the phone, they'll even pay for return shipping. No restocking fee in either case.
If there is a problem with the phone itself, you can exchange it and the 30-day return policy resets from delivery of the replacement unit.

jkuczera said:
Reboot phone (or boot phone) while pressing volume up. This will get you into stock recovery. From here, apply update from SD card, P996A01B20Fastboot_ssl.zip
Click to expand...
Click to collapse
I was trying but Can't use " apply update from SDCard " but the "apply update from ADB " seems to be enable just didn't try cuz i don't have my laptop with me at the moment (till i get home) , check picture.
P.S. just to clear things up when i select "apply Update from SDCard" is when i get that message, so the ADB option is the only way for me to apply this and yes I'm in B20.

DrakenFX said:
I was trying but Can't use " apply update from SDCard " but the "apply update from ADB " seems to be enable just didn't try cuz i don't have my laptop with me at the moment (till i get home) , check picture.
Click to expand...
Click to collapse
Did you have an update file in /sdcard/ ? Since this is the stock recovery, I'm quite certain it's looking for a physical microSD for this usage scenario.

jkuczera said:
Did you have an update file in /sdcard/ ? Since this is the stock recovery, I'm quite certain it's looking for a physical microSD for this usage scenario.
Click to expand...
Click to collapse
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)

DrakenFX said:
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)
Click to expand...
Click to collapse
Try changing the filename to P996A01B20Fastboot_ssl.up. The direct-link from ZTE for the 20B update has that extension.

DrakenFX said:
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)
Click to expand...
Click to collapse
It's got to be another issue altogether because I can pull up the SD card menu even if I don't have files in there.

jkuczera said:
It's got to be another issue altogether because I can pull up the SD card menu even if I don't have files in there.
Click to expand...
Click to collapse
I got this from the recovery log from the Recovery menu.
sd_upgrade_disable = 1
Check image

DrakenFX said:
I got this from the recovery log from the Recovery menu.
sd_upgrade_disable = 1
Check image
Click to expand...
Click to collapse
You're also getting a
Code:
get_oem_unlock_statut oem_unlock_enabled=0
that isn't looking good .
TeutonJon78 said:
See, it's bull**** like this that prevents OEMs from wanting to support third party development in the first place with things like bootloader unlocks. In the ZTE forums aren't you arguing that it's fair to not cover software related problems after unlocking, but here you are wanting them to cover that as well. B&H just charges the defective unit back to ZTE in the end.
Click to expand...
Click to collapse
It's all the same to ZTE in this instance because they will reflash their stock software upon return of the phone since it's not for a warranty repair.

djona12 said:
You're also getting a
Code:
get_oem_unlock_statut oem_unlock_enabled=0
that isn't looking good .
It's all the same to ZTE in this instance because they will reflash their stock software upon return of the phone since it's not for a warranty repair.
Click to expand...
Click to collapse
That's because i haven't been able to flash the file from OP and enable OEM after

How To Guide How to root any N20

**Edit: Be sure to read comments at the end of this post******
I've already posted this a few times but I figured I would try to save some people time who want/need to root from any security patch. This is a copy and paste from an answer I gave in another thread but it's a basic how to.
Install DSU sideloader app from playstore to boot a prerooted GSI then use Partitions Backup and Restore app from playstore to save copies on your device. Install magisk app and patch the extracted boot.img and then transfer backups along with the patched boot image to your PC for safekeeping and flash the patched boot.img in fastboot. You can rename any .bin files to .img to flash them if they get extracted as a .bin file. Check your settings in the partitions Backup and Restore app before starting the backup process. You can choose to save them in an easy to find directory and for me it was better to choose to save them RAW/uncompressed then just compress them all into a single archive rather than having a hundred separate archives for each individual partition because it makes it easier if you have to reflash things if you need to recover. You may want to disable battery optimization for the app because it takes a while to extract all the images doing a full backup but its well worth the wait time if it saves you from a brick later on.
I wish I had time to elaborate but hopefully someone else can take the time to elaborate and add to this for anyone needing step by step. I'm surprised nobody has done this already.
Credits to AndyYan for giving advice on the root method. I stole this from him and just made a post with a title that makes it easier to find since so many are still asking how to go about rooting their devices.
*****REQUEST TO COMMUNITY********
There are many who are already on August Security patch and i dont have time to update and post the newest images. So if you are on august patch and pull backups I ask that someone please be so kind as to upload a copy of your backup to Google Drive or a filehosting server of choice and post a new thread so that others can unbrick their devices.
*Please ***DO NOT include**** the following partitions*:
DEVINFO
DINFO
FRP
KEYMASTER_A
KEYMASTER_B
KEYSTORE
LOGDUMP
***MDM1M9KEFS1
***MDM1M9KEFS2
***MDM1M9KEFS3
***MDM1M9KEFS4
MODEMDUMP
OPLUS_SEC_A
OPLUS_SEC_B
RAWDUMP
SECDATA
STORSEC
USERDATA
VM-KEYSTORE
*** These partitions may/contain YOUR personal device info, DO NOT make these public***
You can make a new Google account for the sole purpose of uploading these for the community so as not to fill your own GDrive. Be sure to change permissions for the images to share with anyone who has the link. This would be very much appreciated by many.
*****Update 09/18/2022*****
Thanks to ctschrodinger88 & dmtec for posting more detailed instructions!!! you can find ctschrodinger88's instructions below, scroll down to the 5th post.
dmtec also posted instructions in another thread linked here: https://forum.xda-developers.com/t/august-boot-img.4491831/post-87426877
we are still in need of august modems if anyone cares to upload them to their drive and link them or any other filehosting service.

can you suggest me a pre rooted gsi rom please?
thanks

fictisio said:
can you suggest me a pre rooted gsi rom please?
thanks
Click to expand...
Click to collapse
i used crdroid but its buggy, launcher crashes but its useable, atleast to get this done and then be sure to discard it in the DSU sideloader notification when you reboot so the inactive slot is empty, it will make for easier updates/mods later

has anyone had luck flashing the file in this article? https://www.getdroidtips.com/oneplus-nord-2t-5g-firmware-flash-file-2/#google_vignette

I used the info provided and referenced here as a guide and some external pieces and have things working.
I'll caveat the following, I don't remember the current firmware version I started with, but I'll try to remember to update.
I have the Nord N20 5g, but not the T-mo branded one, though in looking at this, the concepts should be the same.
Base assumptions:
- If you haven't done these beforehand, stop and take care of it. Research if you need, but please DO NOT just keep going or copy, paste, and run, without understanding to some extent what you're doing. If you just run commands it can be much harder to fix later.
a. Your phones bootloader is unlocked. (If you haven't already done it, when you do, your data will be gone, so if you care, back it up NOW)
b. You have access to an Android terminal of some sort (adb or on-device terminal) and you know how to use it. Unless you absolutely can't use a computer for some reason, I would use adb, it makes data backup easier (IMO).
c. You have somewhere to store your backed up partitions (THIS IS IMPORTANT)
Step 0: Download a pre-rooted Generic System Image (GSI) to use. Put it in a good working directory. This page links to several. https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list
I used the LineageOS image by @AndyYan
If you are wondering about the various file endings this is the basic version
Code:
<ARCH>_xyZ
<ARCH> can either be arm, a64 (arm32_binder64) or arm64
x can either be a or b
y can either be v, o, g or f
Z can be N or S
b = a/b
a = a-only
g = gapps
o = gapps-go
v = vanilla (no gapps included)
f = floss (free & open source apps instead gapps)
N = no superuser
S = superuser included
From: https://forum.xda-developers.com/t/teclast-t30-t1px-suitable-gsi-roms.4211427/
Step 1: Enable the Dynamic System Update (DSU) feature flag, you can follow the exact steps for this in this section https://developer.android.com/topic/dsu#feature-flag
If you are unsure, just run the `adb shell` command.
Step 2:
If the image you downloaded needs to be in ".gz" format. Some of the tools will handle alternate types, but that's because it rebundles it at ".gz", you can save some effort doing it yourself.
Code:
gzip -c [IMG_NAME]..img> [IMG_NAME].gz
Step 3: Push the image to the device
`adb push [IMG_NAME].gz /storage/emulated/0/`
This is where I switched from ADB to on-the-device.
Step 4: Download the DSU Sideloader: https://github.com/VegaBobo/DSU-Sideloader
You can do this with adb but I wasn't able to get it to run, so I went with the DSU Sideloader app above which made it much simpler.
Step 5: Run DSU Sideloader. You can follow the instruction there in the README. You will need to run a command that the app provides, either via adb or an emulator. Then you will reboot via the notification.
Step 6: [Once you reboot] Enable Developer tools in phone settings.
Step 7: BACKUP, BACKUP, BACKUP (Please do this now. It will help make life much, much better if you ever have an issue and need to reset.)
This was my process:
Bash:
adb shell
su
mkdir /sdcard/partitions
cd /dev/block/by-name/
for x in *; do dd if=/dev/block/by-name/$x of=/sdcard/partitions/$x ; done
# Note the collective size will be greater than the default space on the GSI boot, so you will want to separate things
# Back on local machine
mkdir [working_dir]
cd [working_dir]
adb pull /sdcard/partitions
# Your files from the adb command should populate the folder
mv [working_dir]/partitions/* [working_dir]/
# On device
rm /sdcard/partitions/*
# repeat the commands above as often as needed.
I don't know for sure all the files you will want to backup, but I pulled everything just to be safe. Keep them safe, because it is your safety net if you fall.
Step 8: Get boot_a or boot_b back on the device along with Magisk.apk (Please only download from here: https://github.com/topjohnwu/Magisk/releases)
Step 9: Install Magisk.apk (you can do this via
Code:
adb install ./magisk.apk
)
Step 10: Launch Magisk and install it to the book image stored on your sdcard.
Step 11: Pull the patched image to your local machine.
Code:
adb pull /sdcard/Download/magisk_patched-[stuff].img
Step 12: Boot phone to fastboot
Code:
adb reboot bootloader
Step 13: This is where there is an ideal and a real.
Ideal command
Code:
fastboot boot magisk_patched.img
where fastboot transfers the files and things just work, and if you reboot the system the regular boot.img is used. I haven't been able to get that to with this device.
I instead just ran
Code:
fastboot flash boot magisk_patched.img
which replaced the existing boot image, which is good, if it works, but if it doesn't, this is why you have backups!!!! Reboot the phone.
Step 14: When you boot, finish installing Magisk and you'll be ready to go.
If I remember other steps I'll add, or if you have questions I will try to help answer.

I just got a MetroPCS nord n20 (gn2200) and will try to root in the next couple days.

ScarletWizard said:
n20
Click to expand...
Click to collapse
Have they removed the unlock portal?

Damn, it's been a long time. Glad to be back.

ScarletWizard said:
No. My serial is 7 digits
Click to expand...
Click to collapse
seems to be a common defect.... if ur device is paid off oneplus can generate you a token but it takes weeks of back-and-forth with support to get it escalated...tmobile may or may not allow you to do that on a device that isnt paid off but i wouldnt even ask tmobile about it if your not paid off already, will only make it harder for those who are trying to unlock theirs if it IS the case that tmobile doesnt want you to unlock it until youve paid the device off in full....oneplus will probably uphold tmobiles decision if your device isnt paid off. for now, we are able to unlock tmobile devices through the portal regardless of the financial status of the device. though you will still be SIM locked unless tmobile unlocks that for you. and their definitely NOT gonna do THAT til it gets paid off.
U.S. carriers dont like customers having unlocked devices and is against most user-agreement policies and can get your service terminated leaving you owing for a device you cant use and for the price of the contract you were on for service

your device is a CPH2459 and not a GN2200?

fictisio said:
can you suggest me a pre rooted gsi rom please?
thanks
Click to expand...
Click to collapse
Andy Yan's Lineage18 or 19..

DrScrad said:
Andy Yan's Lineage18 or 19..
Click to expand...
Click to collapse
pixel experience, crdroid... havent gotten kaleidoscope to work yet. Have heard that someone got aosp a13 going.... There are so many and so long as u use a matching security patch ur good. might work with a newer patch but of the ones ive tried i got thw matching patches to work. If you find one thats on a newer patch in the gsi page you should be able to follow the link and find an older release to match the patch ur on. If ur on may patch try to find a may patch just to make it pess likepy that there will be priblems. If on july or august, likewise find july or august sec patch release. newer patched systems MIGHT work with ur older patched bootloader and other partitions(modems etc...) but def would not advise just straight flashing mismatching security patches... Best to sideload first and see if u can get it working first. Its not very simple to dual boot these devices but i think someone did some work and posted a work around for doing that on a/b devices somewhere on xda......

Am willing to share my stock image with anyone willing to help. I am on the September security update on a OnePlus Nord N20 5G unlocked (Non-Carrier). I am running version 11 and android security update 2022-09-05.
I am having real issues getting LineageOS through DSU. It fails immediately on start every time. Bootloader is unlocked, it even shows through fastboot (Secure boot = on though), flag is set per instructions, and I am trying to install lineage-19.1-20221011-UNOFFICIAL-arm64_bvS.gz . I tried two different versions of the DSU app but nada.

oromis995 said:
Am willing to share my stock image with anyone willing to help. I am on the September security update on a OnePlus Nord N20 5G unlocked (Non-Carrier). I am running version 11 and android security update 2022-09-05.
I am having real issues getting LineageOS through DSU. It fails immediately on start every time. Bootloader is unlocked, it even shows through fastboot (Secure boot = on though), flag is set per instructions, and I am trying to install lineage-19.1-20221011-UNOFFICIAL-arm64_bvS.gz . I tried two different versions of the DSU app but nada.
Click to expand...
Click to collapse
make sure u r using a lineage version with the same security patch as your current OS if your on September u need a GSI on september. i personally gave up on lineage after trying a couple but was successful with a few others while dsu sideloader still worked for me, im not sure what i did to break it on my devices but i havent been able to get it to work on either device in a while.

i have yet to try the october firmware but it should be easy to downgrade and root if you think its the new updates. although make sure ur disabling verity. u might wanna disable the checks on vbmeta_boot too... i usually just disable it on all 3 vbmeta's to be safe.... i have a full july dump and someone else has posted the august dump on TG but that doesnt help in your case since you have the CPH2459 and we are on GN2200's nobody has been able to successfully crossflash them yet and im not sure if it will be possible or not but everyone that has tried it has bricked their devices so far. most have gotten them running again but have lost fingerprint

ScarletWizard said:
im on gn2200
Click to expand...
Click to collapse
Ok my last upload didn't upload correctly for some reason. I will re upload tomorrow I think..... I need to figure out exactly which partitions are device-specific.... I know which partitions get updated in the incrementals so if all of them don't get flashed then everything won't match but I have a feeling that the incrementals update a device-specific partition or two and if so then u will lose fingerprint at minimum...... I think I should just pull full backup of all partitions and then go for it. Worst case so long as u do everything right. U just don't boot and have to reflash the stock boot image... Be sure to flash the stock image to both slots just in case and then switch back to ur active slot and flash the patched boot image. I mean if it was me I would b comfortable doing it but that's completely ur call, I don't wanna encourage anything because there ALWAYS a risk something could go wrong. Power outage or something and it's screwed up but any time u r flashing u will always be taking a risk. Though I think the risk is minimal so long as u do everything right and there's not much to the simple root process, patch the boot image and flash, if it doesn't work then reflash the stock one. If it DIES work out for u we would b grateful for the October firmware if u wanna share it, we didn't get October yet.

ScarletWizard said:
If it dies. Lol scary.
I'm in the process of doing the partition thing
Click to expand...
Click to collapse
If it DOES.. Sry

ScarletWizard said:
who is the ADMIN of this n20 thread?
Click to expand...
Click to collapse
Just look.for the moderator edits lol

PsYk0n4uT said:
seems to be a common defect.... if ur device is paid off oneplus can generate you a token but it takes weeks of back-and-forth with support to get it escalated...tmobile may or may not allow you to do that on a device that isnt paid off but i wouldnt even ask tmobile about it if your not paid off already, will only make it harder for those who are trying to unlock theirs if it IS the case that tmobile doesnt want you to unlock it until youve paid the device off in full....oneplus will probably uphold tmobiles decision if your device isnt paid off. for now, we are able to unlock tmobile devices through the portal regardless of the financial status of the device. though you will still be SIM locked unless tmobile unlocks that for you. and their definitely NOT gonna do THAT til it gets paid off.
U.S. carriers dont like customers having unlocked devices and is against most user-agreement policies and can get your service terminated leaving you owing for a device you cant use and for the price of the contract you were on for service
Click to expand...
Click to collapse
One small problem, although Metron PCS uses T-Mobile towers, they are their own entity and T-Mobile does not have their Bootloader codes. Only OnePlus and Metro PCS have the Metro PCS unlock.bin file. That's what I came here was to try and find a dedicated metro bootloader unlock web page. Like the T-Mobile dedicated page. There is not one so it's going too take several calls over several weeks unless some one here knows a different way or a link to a metro PCS bootloader unlock page? Anyone chime in on this and save all of us that are running in circles back down the straight path to an unlocked bootloader..

jayram1408 said:
One small problem, although Metron PCS uses T-Mobile towers, they are their own entity and T-Mobile does not have their Bootloader codes. Only OnePlus and Metro PCS have the Metro PCS unlock.bin file. That's what I came here was to try and find a dedicated metro bootloader unlock web page. Like the T-Mobile dedicated page. There is not one so it's going too take several calls over several weeks unless some one here knows a different way or a link to a metro PCS bootloader unlock page? Anyone chime in on this and save all of us that are running in circles back down the straight path to an unlocked bootloader..
Click to expand...
Click to collapse
I'm about to file a FCC complaint to get mine then.