Reset Unlock & Tamper Bit for OnePlus One
My Friend @Polarfuchs has confirmed that our unlocker zips are working fine, after new CM11S 30O OTA update.
see post -- http://forum.xda-developers.com/showpost.php?p=54827475&postcount=182
==================== IGONE THIS WARNING ==========================
!!! Warning !!!
In the NEW OTA CM11S XNPH30O, the bootloader (aboot) img size changed....
We request all not to apply the unlocker scripts on the new bootloader , until we confirm/find the new bit position.
It might brick your phone and corrupt bootloader...
INTRO / CONCEPT
Click to expand...
Click to collapse
Most of us know that we can flash custom roms or can root device only after UNLOCKING the bootloader from fastboot mode.
If you relock your bootloader, you will need to do a full backup-and-restore whenever you decide to unlock it again.
This mod will allow you to unlock the bootloader without wiping the userdata as oppose to fastboot oem unlock command.
============================================================================
Note:
Many users having trouble to UNLOCK their device for the FIRST TIME by using this script.
Let me clarify few things for this mod.
The main purpose of this script is not UNLOCK Bootloader without wiping data.
It's main purpose is to reset tamper bit, which can not be done by any other way.
UNLOCK Bootloader without wiping data -- is another outcome of this MOD.
If you have not unlocked your device before (atleast for 1 time) by using command "fastboot oem unlock", then the script might not work for you.
In case your device is locked and you want to install this script from custom recovery like TWRP/CWM,
it will be possible only if, you can boot temporarily using command -- fastboot boot <custom_recovery.img>.
If this command failed, you will not be able to run the unlocker script and hence device will not be unlocked without wiping data
In which condition the device can be booted to custom recovery by using command -- fastboot boot <custom_recovery.img>, is still not very clear.
before running the command , check your device status "fastboot oem device-info"
and report your error with the following points
1) Did you unlock your device before by any means ? (or by fastboot oem unlock) ?
2) What is the recovery already installed in your device ?
3) What is the status of your device ? "fastboot oem device-info"
4) What error msg you got when tried to run command fastboot boot <custom_recovery.img>.
5) Steps you tried.
There are 4 possibilities of the the value set of the 2 bits ( unlock bit & tamper bit)
1) Unlock Bit - FALSE , Tamper Bit - FALSE
2) Unlock Bit - FALSE , Tamper Bit - TRUE
3) Unlock Bit - TRUE, Tamper Bit - FALSE
4) Unlock Bit - TRUE, Tamper Bit - TRUE
After getting proper error report from you , we can give confirmation about, in which of the above state,
fastboot boot <custom_recovery.img> will work and hence installing the unlocker script/mod/zip can help you to
UNLOCK your Bootloader without wiping DATA.
Kindly report your issues as I mentioned above...
Thanks
=================================================================================
There are generally 2 bits present on some partition of the phone for keeping track of unlocking.
1) lock / unlock bit
2) tamper bit
Both bits are initially FASLE. We can unlock bootloader by using command
Code:
fastboot oem unlock
and can see the device information by
Code:
fastboot oem device-info
like:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Once you unlock, both bits will come TRUE. This mod will write the 2 bits in aboot partition and can reset
both bits (TOGGLE Bcsically) without factory reset as opposed to fastboot command fastboot oem unlock
So for One Plus One...
Code:
Partition - aboot (bootloader)
Unlock Bit Position - 0x000FFE10 Hex - (1048080) Decimal
Tamper Bit Position - 0x000FFE14 Hex - (1048084) Decimal
By @Polarfuchs
CREDIT
Click to expand...
Click to collapse
Credit to our Senior Member @Polarfuchs for finding out the partition & hex position that store the bits
Actually we both tested this concept and modified the script by @osm0sis and applied on our devices and got success.
We just added support for OnePlusOne (A0001)
You can check the following threads ...
1) http://forum.xda-developers.com/showthread.php?t=2796286
2) http://forum.xda-developers.com/showpost.php?p=54060253&postcount=11
3) http://forum.xda-developers.com/showpost.php?p=54060141&postcount=395
But it is in Beta State, may be more testing required, we will make an app for it like Nexus 5 Unlocker later...
Main Credit goes to our Recognized Contributor @osm0sis for his Nexus BootUnlocker script, flashable from recovery
http://forum.xda-developers.com/showthread.php?t=2239421
Thank you Sir - @osm0sis
WARNNING
Click to expand...
Click to collapse
Since this mod writes on aboot (bootloader) partition to reset the 2 flags, it may brick your phone.
Requesting developers to test it first, then give feedback here. After that any normal user can use it.
We will not be responsible for any damage or bricking of your phone. Install this zip at your own risk.
Edit:
Many users tried this and we can say that it is working , not beta anymore ...
DOWNLOAD
Click to expand...
Click to collapse
This script can be installed from CWM / TWRP recovery
Another trick for installation is
Code:
[B]fastboot boot <path/name of the recovery twrp img>[/B]
It will boot your phone into recovery once from the recovery image
stored in your PC temporarily
then you can flash the zip either by sideload or from sdcard...
Download Here : View attachment OnePlusOne-BootUnlocker.zip
Download Bootloader lock-unlock Toggle Only Script View attachment OnePlusOne-OnlyBootloaderToggle.zip (not tested yet)
Download Tamper Bit Toggle Only Script View attachment OnePlusOne-OnlyTamperBitToggle.zip (not tested yet)
THANK YOU ALL
Click to expand...
Click to collapse
If you like this MOD please hit thanks button
Thank you all...
Worked for me when I was on locked bootloader and twrp and I could not unlock the bootloader with Fastboot OEM unlock
thank you
tkdsl said:
Worked for me when I was on locked bootloader and twrp and I could not unlock the bootloader with Fastboot OEM unlock
thank you
Click to expand...
Click to collapse
Thank you for your feedback...
Awesome work, it solved this issue:
http://forum.xda-developers.com/oneplus-one/help/locked-bootloader-totally-locked-t2817735/page2
Thanks for implementing this and thanks to @Polarfuchs for finding out the flags location.
It worked for me as well, thanks!
Works great on my device. Problem solved :good:
Time to start flashing again and now i need not worry anymore cos if bootloader gets locked....the solution is right here
Flash by TRWP/CWM
Scann69 said:
Works great on my device. Problem solved :good:
Time to start flashing again and now i need not worry anymore cos if bootloader gets locked....the solution is right here
Click to expand...
Click to collapse
Do you just need to flash thru custom recoveries?
paztine said:
Do you just need to flash thru custom recoveries?
Click to expand...
Click to collapse
Yes. In my case I was stuck with TWRP recovery but it worked.
Scann69 said:
Yes. In my case I was stuck with TWRP recovery but it worked.
Click to expand...
Click to collapse
Thanks for a quick answer..
drakester09 said:
Awesome work, it solved this issue:
http://forum.xda-developers.com/oneplus-one/help/locked-bootloader-totally-locked-t2817735/page2
Thanks for implementing this and thanks to @Polarfuchs for finding out the flags location.
Click to expand...
Click to collapse
sayeef said:
It worked for me as well, thanks!
Click to expand...
Click to collapse
Scann69 said:
Works great on my device. Problem solved :good:
Time to start flashing again and now i need not worry anymore cos if bootloader gets locked....the solution is right here
Click to expand...
Click to collapse
Thank you all friends...
paztine said:
Do you just need to flash thru custom recoveries?
Click to expand...
Click to collapse
Yes, But if you don't have custom recovery installed...
you can try
Code:
fastboot boot <path/name of the recovery twrp img stored in your pc>
I love this fix! Love it!
It absolutely cured my issue for not being able to unlock my bootloader as described here:
http://forum.xda-developers.com/oneplus-one/help/locked-bootloader-twr-rooted-t2820341
can it work on stock cwm
Sent from my One using XDA Premium 4 mobile app
No since you can't flash unsigned zip I think. But you don't need to install a custom recovery. Instead you can boot into a custom recovery once with this command:"fastboot boot <name of custom recovery>"
Pls correct me if i am wrong:
This method is only usefull when you already have a recovery or root...
Because before the first unlocking you cant boot a custom recovery..
Or is possibly to boot a custom recovcery from fastboot when your device is locked??
Thank you
Enviado desde mi GT-S6500D usando Tapatalk 2
manudroid19 said:
Pls correct me if i am wrong:
This method is only usefull when you already have a recovery or root...
Because before the first unlocking you cant boot a custom recovery..
Or is possibly to boot a custom recovcery from fastboot when your device is locked??
Thank you
Enviado desde mi GT-S6500D usando Tapatalk 2
Click to expand...
Click to collapse
I've never tried to do this on a locked bootloader, but maybe you can "fastboot boot" the recovery image
I want to reset my phone to factory state, because i want to sell it.
I flashed the latest original ROM (including recovery and everthing else) and afterwards i locked the bootloader with "fastboot oem lock".
Unfortunately the tampered is still true:
Code:
C:\cm-11.0-XNPH25R-bacon-signed-fastboot>fastboot oem device-info
...
(bootloader) Device tampered: true
(bootloader) Device unlocked: false
(bootloader) Charger screen enabled: false
OKAY [ 0.008s]
finished. total time: 0.011s
Can i set the tampered bit to false with this mod or is this not possible (yet)?
Just use the mod twice. The first time it will unlock and untamper, the second time it will lock.
Is the size of the zip 2,13k only?
Yes that is correct
Polarfuchs said:
Just use the mod twice. The first time it will unlock and untamper, the second time it will lock.
Click to expand...
Click to collapse
Worked! Great! Thanks!
Related
Most of the concept & content of this thread is inspired by this thread, so a huge thanks to @Mnt-XDA.
INTRO / CONCEPT
Most of us know that we can flash custom roms or can root device only after UNLOCKING the bootloader from fastboot mode.
If you relock your bootloader, you will need to do a full backup-and-restore whenever you decide to unlock it again.
This mod will allow you to unlock the bootloader without wiping the userdata as oppose to "fastboot -i 0x1ebf oem unlock" command.
Titokhan said:
Note:
Many users should have trouble to UNLOCK their device for the FIRST TIME by using this method. Let me clarify few things for this mod.
The main purpose of this method is not UNLOCK Bootloader without wiping data. It's main purpose is to reset tamper bit, which can not be done by any other way.
UNLOCK Bootloader without wiping data -- is another outcome of this MOD.
If you have not unlocked your device before (at least for 1 time) by using command "fastboot -i 0x1ebf oem unlock", then this method might not work for you.
In case your device is locked and you want to install this mod from custom recovery like TWRP,
it will be possible only if, you can boot temporarily using command: fastboot -i 0x1ebf boot <custom_recovery.img>
If this command failed, you will not be able to run the mod and hence device will not be unlocked without wiping data. A stock YU Yureka doesn't support this, AFAIK.
In which condition the device can be booted to custom recovery by using command: fastboot -i 0x1ebf boot <custom_recovery.img>, is still not very clear. From my experiments, it requires only unlock bit to be true.
Before running the command , check your device status "fastboot -i 0x1ebf oem device-info"
and report your error with the following points:
1) Did you unlock your device before by any means (or by fastboot -i 0x1ebf oem unlock) ?
2) What is the recovery already installed in your device?
3) What is the status of your device: "fastboot -i 0x1ebf oem device-info"?
4) What error message you got when tried to run command: fastboot -i 0x1ebf boot <custom_recovery.img>?
5) Steps you tried.
There are 4 possibilities of the the value set of the 2 bits (unlock bit & tamper bit)
1) Unlock Bit - FALSE , Tamper Bit - FALSE
2) Unlock Bit - FALSE , Tamper Bit - TRUE
3) Unlock Bit - TRUE, Tamper Bit - FALSE
4) Unlock Bit - TRUE, Tamper Bit - TRUE
Kindly report your issues as I mentioned above.
Thanks
Click to expand...
Click to collapse
There are generally 2 bits present on some partition of the phone for keeping track of unlocking.
1) Unlock bit
2) Tamper bit
Both bits are initially FALSE. We can unlock bootloader by using command:
Code:
fastboot -i 0x1ebf oem unlock
and can see the device information by
Code:
fastboot -i 0x1ebf oem device-info
like:
Once you unlock, both bits will come TRUE. This mod will write the 2 bits in aboot partition and can reset
both bits (TOGGLE basically) without factory reset as opposed to "fastboot -i 0x1ebf oem unlock".
So for YU Yureka:
Code:
Partition - aboot (mmcblk0p4)
Unlock Bit Position - 0x000FFE10 Hex - (1048080) Decimal
Tamper Bit Position - 0x000FFE14 Hex - (1048084) Decimal
FYI, there is anoher partition named "abootbak" (mmcblk0p5) which is holding the backup of the original contents of "aboot", but there is no visible effects of it.
Unlock bit:
Tamper bit:
CREDIT
Credit goes to:
@osm0sis for the original script for Nexus devices.
@Mnt-XDA & @Polarfuchs for poting it to OnePlus One.
@segv11 for making BootUnlocker; I have already requested him to add support for Yureka.
WARNING
Since this mod writes on aboot (bootloader) partition to reset the 2 flags, it may brick your phone. I have tested the procedure thoroughly but still I'm requesting developers to test it first, then give feedback here. After that any normal user can use it. I'm not be responsible for any damage or bricking of your phone. Proceed at your own risk.
DOWNLOAD
Code:
File: YU_Yureka_aboot_(mmcblk0p4).7z
CRC-32: 9a8d4525
MD4: cf91807938ca679a3038161893f97c89
MD5: c60aa4a7477e2e0c18269ecede431339
SHA-1: acd5de06cb53ead6df5efebd4dfed3f9f7e4ac2a
https://mega.co.nz/#!Z1QkSYgC!mMBDFoMacVic7ubN6JNPaYD4xpxHQ9UsvgZ6RLlf1cE
https://drive.google.com/file/d/0B9zZIJPXbMsuWUV2TVpOcm81RmM/view?usp=sharing
Inside the 7z archive, there are 4 raw img files. Naming convention is UXTY.img:
U => Unlock bit
X => Status of Unlock bit, T(rue) or F(alse)
T => Tamper bit
Y => Status of Tamper bit, T(rue) or F(alse)
Use your desired method to restore e.g using dd from ADB shell or Terminal or using this by famous developer @wanam. This procedure needs root permission.
You need to restore them to aboot (mmcblk0p4) partition; otherwise your device can be bricked!
Recovery flashable ZIP is coming soon, which can be installed from any 3rd party recovery like CWM / TWRP.
THANKS
Please post feedback; thanks again!
This belongs in Development?
Reserved for future use.
sufoalmighty said:
This belongs in Development?
Click to expand...
Click to collapse
Looks appropriate for me; Mods will decide.
Titokhan said:
Looks appropriate for me; Mods will decide.
Click to expand...
Click to collapse
You is right btw are you gonna post it in YU forums?
@sufoalmighty
https://forums.yuplaygod.com/threads/mod-yu-yureka-unlocker-reset-unlock-tamper-bit.2361/
:highfive:
This is interesting; I have tested two stock YU Yureka - one from 22nd & one from 29th sales. Both show:
Code:
Device tampered: [COLOR="Red"]true[/COLOR]
Device unlocked: false
Any possible explanation?
Titokhan said:
This is interesting; I have tested two stock YU Yureka - one from 22nd & one from 29th sales. Both show:
Code:
Device tampered: [COLOR="Red"]true[/COLOR]
Device unlocked: false
Any possible explanation?
Click to expand...
Click to collapse
There's a possibility that my Yureka is in this group. I actually didn't check my oem info before trying unlocking the bootloader. But when I tried to unlock my device for the first time, it failed. Then I checked my oem device-info and it showed as
Device tampered: true
Device unlocked: false
Can anyone shed some light on this issue?
@chandujram
Well, actually every Yureka & Yureka Plus carry the same flag. The official CPBs for restoration to stock also contain the same which indicates there's a quality checking flaw while publishing the firmware image; though its harmless.
@Titokhan Oh okay
problem
Titokhan said:
Most of the concept & content of this thread is inspired by this thread, so a huge thanks to @Mnt-XDA.
INTRO / CONCEPT
Most of us know that we can flash custom roms or can root device only after UNLOCKING the bootloader from fastboot mode.
If you relock your bootloader, you will need to do a full backup-and-restore whenever you decide to unlock it again.
This mod will allow you to unlock the bootloader without wiping the userdata as oppose to "fastboot -i 0x1ebf oem unlock" command.
There are generally 2 bits present on some partition of the phone for keeping track of unlocking.
1) Unlock bit
2) Tamper bit
Both bits are initially FALSE. We can unlock bootloader by using command:
Code:
fastboot -i 0x1ebf oem unlock
and can see the device information by
Code:
fastboot -i 0x1ebf oem device-info
like:
Once you unlock, both bits will come TRUE. This mod will write the 2 bits in aboot partition and can reset
both bits (TOGGLE basically) without factory reset as opposed to "fastboot -i 0x1ebf oem unlock".
So for YU Yureka:
Code:
Partition - aboot (mmcblk0p4)
Unlock Bit Position - 0x000FFE10 Hex - (1048080) Decimal
Tamper Bit Position - 0x000FFE14 Hex - (1048084) Decimal
FYI, there is anoher partition named "abootbak" (mmcblk0p5) which is holding the backup of the original contents of "aboot", but there is no visible effects of it.
Unlock bit:
Tamper bit:
CREDIT
Credit goes to:
@osm0sis for the original script for Nexus devices.
@Mnt-XDA & @Polarfuchs for poting it to OnePlus One.
@segv11 for making BootUnlocker; I have already requested him to add support for Yureka.
WARNING
Since this mod writes on aboot (bootloader) partition to reset the 2 flags, it may brick your phone. I have tested the procedure thoroughly but still I'm requesting developers to test it first, then give feedback here. After that any normal user can use it. I'm not be responsible for any damage or bricking of your phone. Proceed at your own risk.
DOWNLOAD
Code:
File: YU_Yureka_aboot_(mmcblk0p4).7z
CRC-32: 9a8d4525
MD4: cf91807938ca679a3038161893f97c89
MD5: c60aa4a7477e2e0c18269ecede431339
SHA-1: acd5de06cb53ead6df5efebd4dfed3f9f7e4ac2a
https://mega.co.nz/#!Z1QkSYgC!mMBDFoMacVic7ubN6JNPaYD4xpxHQ9UsvgZ6RLlf1cE
https://drive.google.com/file/d/0B9zZIJPXbMsuWUV2TVpOcm81RmM/view?usp=sharing
Inside the 7z archive, there are 4 raw img files. Naming convention is UXTY.img:
U => Unlock bit
X => Status of Unlock bit, T(rue) or F(alse)
T => Tamper bit
Y => Status of Tamper bit, T(rue) or F(alse)
Use your desired method to restore e.g using dd from ADB shell or Terminal or using this by famous developer @wanam. This procedure needs root permission.
You need to restore them to aboot (mmcblk0p4) partition; otherwise your device can be bricked!
Recovery flashable ZIP is coming soon, which can be installed from any 3rd party recovery like CWM / TWRP.
THANKS
Please post feedback; thanks again!
Click to expand...
Click to collapse
how to do this if i am unrooted also ,and unable to unlock bootloader due to response oem unlock cancel , what to do can i reinstall my bootloader hwat to do please help
@sudeep22
1. Please don't quote the whole post.
2. You can't do it while being unrooted.
3. What's the actual error while trying to unlock the bootloader?
Titokhan said:
@sudeep22
1. Please don't quote the whole post.
2. You can't do it while being unrooted.
3. What's the actual error while trying to unlock the bootloader?
Click to expand...
Click to collapse
thanks i am not too much aware about quoting
actualy when i was on stock 5.0.2 i unlocked my bootloader and get rooted for experiment, then i remove my root and relock bootloader.
now i am on 5.1.1 due to bad perfomance of this stock rom i am again trying to again unlock bootloader for flashing custom rom
but when in fastboot mode i give command to unlock bootloader it asks to press volume button , but after pressing button nothing happens presses again and again
after as time out massage command oem unlock cancelled
@sudeep22
1. Which device are you using, Yureka or Yureka Plus?
2. Are the volume rockers working?
i am using yureka
yes volume key normal condtion working normally after reading this thread i thought may problem of those two bits
which are for my devices
device tempred- true
device unlocked-flase
Sir I type OEM unlock it doesn't show plus volume up or down. It show ersa datauser and wait 20 sec. Then it go and can't ersa. When type OEM lock it show OK. How to solve it ?
sudeep22 said:
i am using yureka
yes volume key normal condtion working normally after reading this thread i thought may problem of those two bits
which are for my devices
device tempred- true
device unlocked-flase
Click to expand...
Click to collapse
Pls tell how to unlock OEM in this case
Device tampered : true
Device unlocked: false
@sudeep22 @garrylok
Please do a complete re-flash of Lollipop firmware using YGDP, then manually update to latest COS 12.1 build.
Titokhan said:
@sudeep22 @garrylok
Please do a complete re-flash of Lollipop firmware using YGDP, then manually update to latest COS 12.1 build.
Click to expand...
Click to collapse
Ydgp can't flash I try few CPB file. After start flash it fail. I also miflash and receive hello fail
@garrylok
Please send me the logs generated by YGDP. And describe more elaborately, what did you do with the device?
I got Z Ultra C6833
I can't run that command.
Every time i did, i got that failed remote thing
bootloader is unlocked and i am on latest firmware 270
I tried it on 290, it didn't work either
I tried with normal cmd or with run-as-admin mode, no news.
I tried with debug on/off, same result.
I can install dual recovery on 290 though, if i flash cm12 zip/gep zip from twrp, i got a dead z ultra.
No response at all. When i press power button, it will just vibrate once. That's all.
Then i need to re-flash the firmware.
So can someone tells me what i did wrong?
It was working fine most of the procedure to install GPE previously.
Thanks anyway.
--------------------------
It turned out my bootloader is locked
Once it is unlocked by following this
http://forum.xda-developers.com/showpost.php?p=58070067&postcount=34
All good to go. Thanks!
anyone?
u cant boot a cm kernel on a stock xperia rom or the other way around...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you want to install a stock xperia based rom from zip file, xperia stock or scrubbers gpe port.
Start ur device in fastboot and flash a stock rom kernel with fastboot flash boot
Now push a recovery to the device with fastboot flash recovery
Reboot to recovery
Click to expand...
Click to collapse
If you are currently on stock rom and want to flash a cm based rom. You can do this by some metods.
Alternative A
This is if you want to do it from scratch. ie from stock rom and stock kernel and have no recovery.
Start ur device in fastboot and push a recovery to the device with fastboot flash recovery
Reboot to recovery
Flash cm based rom
Now extract boot.img from the cm based rom .zip file.
Start ur device in fastboot and push the boot.img to the device with fastboot flash boot
Reboot.
Click to expand...
Click to collapse
Alternative B
Or if you already have a working kernel and a working recovery.
Then you are already able to flash a cm rom. But when you reboot you will discover that the phone is "softbricked" as we call it.
The phone vibrate once and then turns off.
Start ur device in fastboot
Now extract boot.img from the cm based rom .zip file.
Push boot.img to your device with fastboot flash boot
Reboot.
Click to expand...
Click to collapse
You can get twrp from here https://dl.twrp.me/togari/
or from any boot.img file that has one recovery or many recoveries included in the .img file. For example stock based roms or kernels. But most easy is to use twrp.
I hope I didn't miss any detail. Just as if you have more questions. The heat today is making me ...tired..hard to concentrate
SÜPERUSER said:
u cant boot a cm kernel on a stock xperia rom or the other way around...
If you want to install a stock xperia based rom from zip file, xperia stock or scrubbers gpe port.
If you are currently on stock rom and want to flash a cm based rom. You can do this by some metods.
You can get twrp from here https://dl.twrp.me/togari/
or from any boot.img file that has one recovery or many recoveries included in the .img file. For example stock based roms or kernels. But most easy is to use twrp.
I hope I didn't miss any detail. Just as if you have more questions. The heat today is making me ...tired..hard to concentrate
Click to expand...
Click to collapse
Hey, Thanks for your lengthy reply.
I think i did your Alternative A,
stock rom, flash dual recovery from dual recovery installer,
then go to recovery and flash cm zip and die.
Then go to fastboot mode and flash the boot.img and i got that failed remote blah blah blah error.
I tried with unlocked bootloader/locked bootloader, still the same command.
I tried from cmd with or without admin privilege, I tried via flash tool, all failed.
So my question is why fastboot command failed on me? My understanding is if bootloader is locked, i can't fastboot.
This is the first time it is happening on my Z Ultra. This is my 3rd Z Ultra.
I had flashed GPe rom before and it has no such a problem.
I just need to have custom recovery and then flash the GPe zip file, that's it.
Thanks anyway.
pls copy paste the output from the terminal here
sending 'boot' (13408 KB)...
OKAY [ 0.427s]
writing 'boot'...
FAILED (remote: Command not allowed)
finished. total time: 0.432s
Enter *#*#7378423#*#* in the dialler, then look in Service info -> Configuration. It will say "Bootloader unlocked: Yes" if it's unlocked.
Click to expand...
Click to collapse
I doubt that the bootloader is unlocked
SÜPERUSER said:
I doubt that the bootloader is unlocked
Click to expand...
Click to collapse
Thanks. I will try when my phone is alive again. Now looks like it is dead after formatting system and rebooted.
Trying to reflash the firmware.
Thanks
Bootloader unlock allowed: Yes
leme ask u what operating system you are using?
Perhaps try to use the admin account.
Run cmd as admin
Activate admin account with net user administrator /active:yes
logout and login as administrator
Delete all drivers related to android and your phone.
Download system wide ADB from here http://forum.xda-developers.com/showthread.php?t=2588979
Direct link: https://drive.google.com/file/d/0B0MKgCbUM0itVVFWRC02Q0VBQnc/view?usp=sharing
answer y on all the questions.
Now you can start a cmd from any folder by holding down left shift + right click and start command window here and then type the fastboot command
unlock bootloader failed
...
FAILED (remote: Command did not succeed)
finished. total time: 0.022s
win 7 running cmd with admin privilege.
unlock bootloader failed
...
FAILED (remote: Command did not succeed)
finished. total time: 0.022s
Click to expand...
Click to collapse
What? u said ur bootloader is unlocked?
Okay. Lets start from the beginning.
Pls upload a screenshot of the dialer with that page saying bootloader unlock allowed: XX etc etc
Enter *#*#7378423#*#* in the dialler, then look in Service info -> Configuration. It will say "Bootloader unlocked: Yes" if it's unlocked.
Click to expand...
Click to collapse
SÜPERUSER said:
What? u said ur bootloader is unlocked?
Okay. Lets start from the beginning.
Pls upload a screenshot of the dialer with that page saying bootloader unlock allowed: XX etc etc
Click to expand...
Click to collapse
there you go
good. Now edit your post and remove the image. No need for it anymore.
There is personal details in the pic like imei number so dont keep it here on the forum visible.
It says that bootloader is allowed to be unlocked. It does not say that it is unlocked.
So what I am saying is that your bootloader is still locked.
You need to UNLOCK your bootloader. Follow the steps here to do so
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
There are also video guides showing how its done https://www.youtube.com/watch?v=iIdJg7KNH3A
IMPORTANT. skip the Android SDK part described in the guides. You do not need this. You already have fastboot working.
In short words what you need to do is to write down your imei number and paste it onto sony website when you are about the send the email.
Now go to your email inbox and check your mail. There should be a code from sony dev.
Start phone in fastboot mode and do
fastboot -i 0x0fce oem unlock 0xKEY <- replace the word KEY with the code you received in the mail.
If the output succeeded your bootloader are now unlocked.
SÜPERUSER said:
good. Now edit your post and remove the image. No need for it anymore.
There is personal details in the pic like imei number so dont keep it here on the forum visible.
It says that bootloader is allowed to be unlocked. It does not say that it is unlocked.
So what I am saying is that your bootloader is still locked.
You need to UNLOCK your bootloader. Follow the steps here to do so
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
There are also video guides showing how its done https://www.youtube.com/watch?v=iIdJg7KNH3A
IMPORTANT. skip the Android SDK part described in the guides. You do not need this. You already have fastboot working.
Click to expand...
Click to collapse
Thanks. I am aware that, already cropped the image and uploaded the cropped one.
I don't think it is unlocked.
There are two messages when i tried to unlock from cmd
First one is
...
FAILED (remote: Command did not succeed)
finished. total time: 0.022s
Second one is
...
FAILED (remote: Device is already rooted)
finished. total time: 0.008s
this is the command i run from cmd with/without admin
fastboot -i 0x0fce oem unlock 0xUNLOCK_KEY
tell me exactly what you write in the terminal. Exluding the code from sony, don't paste it here.
I don't understand why you get two different answers?
pm-ed you.
I am on a custom rom but I get the same result as you.
C:\Users\Administrator\Downloads>fastboot getvar version
version: 0.5
finished. total time: 0.005s
C:\Users\Administrator\Downloads>fastboot oem unlock
...
FAILED (remote: Device is already rooted)
finished. total time: 0.014s
Click to expand...
Click to collapse
What .ftf file did you flash when going back to stock after having a "dead device"?
Can you provide link? Name? Is it from here on the forum?
For example the ftf thread?
http://forum.xda-developers.com/xpe...tf-depository-sony-firmware-releases-t2829387
or here?
http://forum.xda-developers.com/xperia-z-ultra/general/ftf-14-5-0-270-customized-hk-t3114261
One method you can try but that is a bit outdated. Waaay outdated. From when this device was released on the market.
But you could try the method of unlocking it with flashtool
Quote from other post.
This will wipe your phone, so backup your stuff
You only need to unlock the bootloader if you want to run either a custom kernel or a custom ROM. Most ROMs based on the Sony releases will run on a locked bootloader.
Instructions:
Go to Sony's Developer site
Request the unlock key and check your mail straight away. Email is quick these days.
Open the latest Flashtool on your computer
Click the "BLU" icon
Follow the steps and enter your unlock key
Click to expand...
Click to collapse
If you do not have flashtool installed. Pls install.
Link: https://docs.google.com/uc?id=0ByK8JL7P6wDTdmtKYUpPcW93Zjg&export=download
Using older version cause newest version has weird issues with "pls move files from administrator folder to XXX X...."
This is the main window of flashtool
Click the BLU button
Follow the instruction... On z u this is holding vol down when plugging in the cable
It will now ask for the code.
Fill in the code and proceed.
Notice that my window says "relock". This is because my bootloader is already unlocked. In your case the window should say "unlock".
Hey, thanks for the help, I followed this and it works. I mean i can unlock it. Time to have fun now. Thanks for your time and help.
http://forum.xda-developers.com/showpost.php?p=58070067&postcount=34
Just flashed the the new images from MHC19I but left my recovery and userdata partition untouched. Before booting into system i booting into TWRP and was greeted with the enter password to decrypt the data partition.
The new Twrp is out now 3.0.0-1 HERE
Let me know if this helps guys and gals.
jerflash said:
Just flashed the the new images from MHC19I but left my recovery and userdata partition untouched. Before booting into system i booting into TWRP and was greeted with the enter password to decrypt the data partition. This never happened to me before so it must be something in the new bootloader image or boot image that is causing this.
Does anyone else see this? I was going to test downgrading the bootloader later on today to see if the block is gone but it looks like the "default password" for encryption may have changed.
Let me know guys.
Click to expand...
Click to collapse
New TWRP test builds already out there that take care of the issue.
rebretz000 said:
New TWRP test builds already out there that take care of the issue.
Click to expand...
Click to collapse
yes i see that and i am going to flash it now. i had to read through that whole thread though. i will post it above for others.
Thanks. The TWRP fix did the trick for me. To summarize for others, these are the steps I took after d/ling the new factory image:
adb reboot bootloader
fastboot flash bootloader C:\angler\images\bootloader-angler-angler-03.51.img
fastboot reboot-bootloader
fastboot flash radio C:\angler\images\radio-angler-angler-03.61.img
fastboot reboot-bootloader
fastboot flash boot C:\angler\images\boot.img
fastboot erase cache
fastboot flash cache C:\angler\images\cache.img
fastboot flash recovery C:\angler\images\recovery.img
fastboot flash system C:\angler\images\system.img
fastboot flash vendor C:\angler\images\vendor.img
fastboot reboot-bootloader
fastboot flash recovery twrp-test1-3.0.0-0-angler.img
fastboot reboot-bootloader
boot into TWRP -> Flash SuperSU
Reboot System -> Wait for cache to build
(optional) Open ElementalX app and install
Profit
johnny2678 said:
Thanks. The TWRP fix did the trick for me. To summarize for others, these are the steps I took after d/ling the new factory image:
adb reboot bootloader
fastboot flash bootloader C:\angler\images\bootloader-angler-angler-03.51.img
fastboot reboot-bootloader
fastboot flash radio C:\angler\images\radio-angler-angler-03.61.img
fastboot reboot-bootloader
fastboot flash boot C:\angler\images\boot.img
fastboot erase cache
fastboot flash cache C:\angler\images\cache.img
fastboot flash recovery C:\angler\images\recovery.img
fastboot flash system C:\angler\images\system.img
fastboot flash vendor C:\angler\images\vendor.img
fastboot reboot-bootloader
fastboot flash recovery twrp-test1-3.0.0-0-angler.img
fastboot reboot-bootloader
boot into TWRP -> Flash SuperSU
Reboot System -> Wait for cache to build
(optional) Open ElementalX app and install
Profit
Click to expand...
Click to collapse
I noticed that after flashing MHC19I (and N preview) I lost TWRP every time I booted into the system. Have you seen this? Over on another MHC19I thread, someone suggested renaming 'recovery-from-boot.p' from TWRP to avoid this.
This did happen to me with a broken system though, so maybe there were some checks triggered that made the system flash stock recovery again.
Awesome test build! It works like a charm
havanahjoe said:
I noticed that after flashing MHC19I (and N preview) I lost TWRP every time I booted into the system. Have you seen this? Over on another MHC19I thread, someone suggested renaming 'recovery-from-boot.p' from TWRP to avoid this.
This did happen to me with a broken system though, so maybe there were some checks triggered that made the system flash stock recovery again.
Click to expand...
Click to collapse
this happens because you booted into Android before flashing SuperSu or disabling the recovery-from-boot
when you flash the last item, in my case it was vendor.img, i clicked volume down on my phone, and went into recovery. i then selected SuperSu2.68 and flashed that. Then rebooted.
chaco81 said:
this happens because you booted into Android before flashing SuperSu
Click to expand...
Click to collapse
That would explain it. I didn't know SuperSu took care of this. Thank you
Is SuperSU 2.68 systemless as well? I'm on 2.67 still because I haven't seen any confirmation otherwise. Thanks!
Yes. I use the same version.
allen099 said:
Is SuperSU 2.68 systemless as well? I'm on 2.67 still because I haven't seen any confirmation otherwise. Thanks!
Click to expand...
Click to collapse
Just a quick question. Why does everyone suggest fastboot flashing with IMG files one by one? Why not just use the batch file included in the main Nexus image download? Assuming that most would want to keep apps and data intact, you simply need to remove the "-w" from the batch file as I understand it. In doing so, you keep all data/apps/SD card info, correct?
floepie said:
Just a quick question. Why does everyone suggest fastboot flashing with IMG files one by one? Why not just use the batch file included in the main Nexus image download? Assuming that most would want to keep apps and data intact, you simply need to remove the "-w" from the batch file as I understand it. In doing so, you keep all data/apps/SD card info, correct?
Click to expand...
Click to collapse
I was also wondering the same
Sent from my Nexus 6P using Tapatalk
floepie said:
Just a quick question. Why does everyone suggest fastboot flashing with IMG files one by one? Why not just use the batch file included in the main Nexus image download? Assuming that most would want to keep apps and data intact, you simply need to remove the "-w" from the batch file as I understand it. In doing so, you keep all data/apps/SD card info, correct?
Click to expand...
Click to collapse
mickyw1980 said:
I was also wondering the same
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
If you do that it will flash all of the images.... That includes the userdata.img which also wipes your device. This is something most people updating do not want. Plus it just gives you more control.
Sent from my Nexus 6P using Tapatalk
johnny2678 said:
Thanks. The TWRP fix did the trick for me. To summarize for others, these are the steps I took after d/ling the new factory image:
adb reboot bootloader
fastboot flash bootloader C:\angler\images\bootloader-angler-angler-03.51.img
fastboot reboot-bootloader
fastboot flash radio C:\angler\images\radio-angler-angler-03.61.img
fastboot reboot-bootloader
fastboot flash boot C:\angler\images\boot.img
fastboot erase cache
fastboot flash cache C:\angler\images\cache.img
fastboot flash recovery C:\angler\images\recovery.img
fastboot flash system C:\angler\images\system.img
fastboot flash vendor C:\angler\images\vendor.img
fastboot reboot-bootloader
fastboot flash recovery twrp-test1-3.0.0-0-angler.img
fastboot reboot-bootloader
boot into TWRP -> Flash SuperSU
Reboot System -> Wait for cache to build
(optional) Open ElementalX app and install
Profit
Click to expand...
Click to collapse
This allows you to keep encryption?
jerflash said:
If you do that it will flash all of the images.... That includes the userdata.img which also wipes your device. This is something most people updating do not want. Plus it just gives you more control.
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
No, it doesn't. If you remove the -w from the batch file, it won't overwrite your userdata. That's common knowledge here.
floepie said:
No, it doesn't. If you remove the -w from the batch file, it won't overwrite your userdata. That's common knowledge here.
Click to expand...
Click to collapse
That may be true but if you don't know to do that it will wipe everything. Just always been safer to do it individually.
Sent from my Nexus 6P using Tapatalk
gts24 said:
This allows you to keep encryption?
Click to expand...
Click to collapse
Looks like it does. Is there another way to tell?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my Nexus 6P using Tapatalk
I always flash system, boot, vendor through fastboot. Sometimes I also update the bootloader and the radio if there is a newer version available. All other IMG files are not necessary. It´s true that flashing the stuff one by one gives you more control ( and a dirty flash is also great for lazy guys like me who want to keep all their Apps, settings etc. ).
johnny2678 said:
Looks like it does. Is there another way to tell?
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
I just followed your flow chart , worked here as far as I can tell as well. (proper thanks button clicked )
When I flashed this morning and entered TWRP recovery it must of tripped something as the yellow "cannot check for corruption" warning changed to a red "Your device is corrupt" message. It still only shows for a few seconds before booting like normal. I can't really try anything until I get home, but will flashing the patched TWRP and booting into it be enough to change that back to the old yellow warning? Or do I need to reflash the system/boot packages again?
Hello, the question is very simple: does anyone who has installed the rom 26S in x722 have been able to then unlock the bootloader or install another rom?
We know that in the rom 20S with the one that comes from the factory you can unlock the bootloader and install twrp, we know you can upgrade to the 26S, we know that there are people who have upgraded to 26S, but no one who has upgraded to 26S has Commented that it was able to install another rom then, only comment that the bootloader is blocked with the 26S.
All those who have updated to 26S you have to stay with her because you can not change?
Well if someone has succeeded, it would be nice to say how he did it.
Greetings.
*** TODAY, THE ONLY WAY TO LEAVE OFFICIAL 26S IS TO INSTALL THE ROM 01D, THAT UNLOCK THE BOOTLOADER AND ALLOWS US TO INSTALL ANY OTHER ROM. ***
My phone came with 20s shoprom and the bootloader is unlocked. I checked. So I will wait for a twrp before I update to 26s. Is the x720 twrp compatible with our phone to flash?
I have not tried it, but according to the comments of this and other forums, with the 20S factory version it is easy to unlock by ADB, and it allows you to install twrp from x720 which by comment works fine.
The problem is that if you upgrade to version 26S, the bootloader can no longer be unlocked and as the recovery is changed to the stock, you can not reinstall Twrp or any other ROM (I suppose you can install another official ROM, but The only one that exists is the 26S, there is not even the 20S with which it comes from the factory)
In short, if you upgrade to version 26S, the bootloader is blocked, and you can not reinstall twrp or anything that is not official, and for the moment there is nothing more.
Greetings.
It's not like there are so many ROMs
The bootloader changes in 26s and it makes device bootloader locked.
I would suggest to stay on 20s until a workaround is available for unlocking bootloader also on 26s.
I guess anyone who already has the 26S version will have to wait. But for the one who has a hard-brick with the blocked bootloader should try to get a copy of bootloader of 20S and with some flash tool try to change it.
Also it could be that with a flash tool install the rom 26S and before restarting change the bootloader by the 20S version. In some terminals, this has worked.
Greetings.
I have a nandroid copy of 20S Shop ROM boot. I made nandroid copies of all major partitions (the same ones that have stock ROM) before installing 26S Stock. I used the TWRP of the X722 version to install the ROM. Everything worked. Then I installed the GApps and gave it some error and rebooted. Now I have the bootloader locked, it does not go into recovery mode and it does not start the system. Totally brick.
And the worst: QFIL does not work here. I have tested on different versions, different computers, different drivers and nothing. He always gives this error:
Code:
15:47:28: ERROR: function: rx_data:247 Error occurred while reading from COM port
15:47:28: ERROR: function: sahara_main:924 Sahara protocol error
15:47:28: ERROR: function: main:303 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Fail:Process fail
And Windows emits the disconnected device sound.
Here is a detailed log using the command to send the FireHose through the CMD:
Log.txt
Does anyone have any idea what this error is? And how to solve it?
Hello DK Boneco, I can not tell you how to solve it, but I can give you an idea.
The fault is because the bootloader is locked.
Look for another tool that does not use qfil and that allows you to flash with locked bootloader. Surely there must be some.
And by the way, if you have a copy of the complete 20S version, I would try to flash this one.
Greetings.
DK Boneco said:
I used the TWRP of the X722 version to install the ROM.
Click to expand...
Click to collapse
Can you please post a link
ziaba said:
Can you please post a link
Click to expand...
Click to collapse
Hi, this thread talks about "unlock bootloader with rom 26S" not from twrp.
Anyway there is no twrp for x722 but it works for x720.
Query in twrp threads or create one in section x722 for more information.
Greetings.
F.J.V said:
The fault is because the bootloader is locked.
Click to expand...
Click to collapse
A friend who has the same smartphone with unlocked bootloader did the same process and the exact same error happened.
F.J.V said:
Look for another tool that does not use qfil and that allows you to flash with locked bootloader.
Click to expand...
Click to collapse
Do you know another method? All that I looked for, ending up using the background QFIL to get the job done.
---------- Post added at 12:34 AM ---------- Previous post was at 12:33 AM ----------
ziaba said:
Can you please post a link
Click to expand...
Click to collapse
Here's the link: https://twrp.me/devices/leecolepro3.html
DK Boneco said:
A friend who has the same smartphone with unlocked bootloader did the same process and the exact same error happened.
Click to expand...
Click to collapse
The hard brick came from gapps on top of 26s. Never flash Gapps on top of stock ROMs. Never.
The 26s firmware locked bootloader blocking the CRITICAL partition, so you must unlock it first, then unlock the bootloader.
Try this sequence, in fastboot mode:
fastboot devices
fastboot device info
- when in fastboot device info, check CRITICAL partition unlock status. if FALSE, then try
fastboot flashing unlock_critical
fastboot device info
- now CRITICAL partition unlock status should be TRUE, try unlocking
fastboot oem unlock-go
- if you succeded unlocking, check status with
fastboot device info
fastboot reboot or fastboot flash recovery twrp.img
- if you still cannot unlock, you could try flashing a different emmc_appsboot.mbn file. You can extract emmc_appsboot.mbn from x722 20s firmware or from x720 firmware.
In fastboot mode
fastboot flash aboot emmc_appsboot.mbn
- if flashing is successful
fastboot reboot
adb devices
adb reboot bootloader
fastboot oem unlock-go
- if unlock is succesful
fastboot device info
fastboot reboot or fastboot flash recovery twrp.img
Flounderist said:
The hard brick came from gapps on top of 26s. Never flash Gapps on top of stock ROMs. Never.
The 26s firmware locked bootloader blocking the CRITICAL partition, so you must unlock it first, then unlock the bootloader.
Click to expand...
Click to collapse
I tried this and several other ways to try to unlock the bootloader. I could not find a way. It does not allow flash any partition.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
DK Boneco said:
I tried this and several other ways to try to unlock the bootloader. I could not find a way. It does not allow flash any partition.
Click to expand...
Click to collapse
Would you try
fastboot format userdata
fastboot format data
fastboot reboot bootloader
fastboot device info
Check if (bootloader) is_allow_unlock: changed from 0 to 1. If it is still on 0 try
fastboot erase userdata
fastboot erase data
fastboot reboot bootloader
fastboot device info
If still on 0....try also formatting or erasing cache.
It seems that kernel does not allow any tampering attempt if value is =0, hence critical partitions are locked.
Hello DK Boneco, the error is reading the COM port.
Is the phone charged?
It appears that the phone is disconnected or exits EDL mode.
It may be a driver problem, or some phones exit EDL mode within a few seconds if the flash has not started.
Try not to take more than 4 or 5 seconds from the time the phone enters EDL until the flash starts.
You can also try the flash with MiFlash Xiaomi, say that can flash any modern phone and is quite effective, look for a manual and test.
Greetings.
DK Boneco said:
And Windows emits the disconnected device sound.
Click to expand...
Click to collapse
You may need to install drivers to your pc to recognize your, thats why it emits the disconnected device sound.
Hello DK Boneco, try these steps:
1. Method published with flashone2.0 and zip qfil.
2. When the fault appears, disconnect the USB phone.
3. Reconnect the phone in EDL mode (vol + and vol- and connect to USB)
4. Without losing time, in flashone2.0 press the "Refresh" button, select the COM port, press the "Flash" button and then "NO" (do not unzip it again).
From connecting the phone to USB until you press the "NO" button as fast as possible, without wasting time.
I hope it serves as something, what I see is that the phone goes out of EDL mode and that's why it fails.
Greetings.
To be sure to stay in EDL mode, you can type
fastboot reboot edl or fastboot reboot-edl
Be sure to install Qualcomm driver properly on PC.
Anyway it seems that QFIL is missing for X722 device. I assume that this device lacked a lot of development due to company failure, or it was developed exclusively for CN market (no google play support and locked bootloader from kernel to avoid any hacking activity).
Qfil is a Qualcomm tool for any Qualcomm smartphone, no matter brand or development.
Qfil should work for any phone with chip qualcomm, another thing is that the phone requires some specific configuration, or that the zip that is intended to flash is not correct.
Greetings.
Hi all,
For those who don't know, I'm known for rooting HMD Nokia Android Phones.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
So after few hours testing, I finally found out how to root it.
Note, I've only dumped stock ROM from Verizon Wireless Variant as it's the only variant I've obtained so far. For non-operator variant and AT&T variant, I need your help for firmware dumping in case you want to restore your phone back to factory original state or OTA update if possible.
Known working build: H1A1000.010ho.01.01.01r.109
Procedure is pretty regular.
Step 1: Unlock the bootloader
Unlike HMD Nokia Android Phones, bootloader unlock is straight forward.
Just enable OEM unlocking in developer options, reboot your phone to Fastboot mode and unlock the bootloader with following command:
Code:
fastboot flashing unlock
Then confirm unlock on the phone.
As I've always recommended for HMD Nokia Phones, you should do critical unlock as well:
Code:
fastboot flashing unlock_critical
Then confirm unlock on the phone.
Strange enough, this phone doesn't have unlock warning after unlocked. Not sure about open market release or AT&T Variant.
Step 2: Install Magisk Manager and allow storage permission
You can download it from Magisk release topic or https://github.com/topjohnwu/magisk/releases
Step 3: Reboot to fastboot mode and flash patched boot image
You can download required patched boot image and representative stock boot image from here: https://www.androidfilehost.com/?w=files&flid=297410
For Verizon Variant that available with build "H1A1000.010ho.01.01.01r.109" so far, download "H1A1000.010ho.01.01.01r.109-boot_magisk_patched_193.img". You can check software version yourself if correct.
The command is straight forward too:
Code:
fastboot flash boot /path/to/H1A1000.010ho.01.01.01r.109-boot_magisk_patched_193.img
If you use Platform tools from Google officially, you needn't to care about your current slot actually.
Now reboot your phone:
Code:
fastboot reboot
Step 4: Restore stock boot image and reinstall Magisk (For OTA update ability although no update for months)
After your phone booted, enable USB debugging and copy the file "H1A1000.010ho.01.01.01r.109-boot.img" you downloaded along with patched boot image. I would assume you copied it to root directory of internal storage.
So execute following ADB commands:
Code:
$ su
(Confirm Root permission on the phone)
# getprop ro.boot.slot_suffix
If it returns a, you'll need to execute this command:
Code:
# dd if=/storage/emulated/0/H1A1000.010ho.01.01.01r.109-boot.img of=/dev/block/bootdevice/by-name/boot_a
If it returns b, you'll need to execute this command:
Code:
# dd if=/storage/emulated/0/H1A1000.010ho.01.01.01r.109-boot.img of=/dev/block/bootdevice/by-name/boot_b
Then open Magisk Manager on your phone, tap no thanks if it asks for extra modules, then tap "Install" at the right of Magisk version, choose "Direct Install", and wait for the procedure complete.
If installed successfully, you can reboot your phone on Magisk Manager now.
That's it!
At least this phone will work with Treble GSI build, so you should have idea about how could I dump the phone.
For Treble GSI report, read this: https://github.com/phhusson/treble_experimentations/wiki/Red-Hydrogen-One
For those who want to know how I dumped the phone:
Well, I found the phone could support Treble GSI and received update before.
So if your current slot is B, you definitely want to give it a try.
1. Unlock the bootloader
2. Download AOSP 8.1 Treble GSI from @phhusson 's repo:
https://github.com/phhusson/treble_experimentations/releases
In my case I chose system-arm64-ab-gapps-su.img.xz one
3. Enter fastboot mode and flash the image
Please check current slot as well
Code:
fastboot getvar current-slot
I would assume your current slot is B in this case.
Code:
fastboot flash system /path/to/system-arm64-ab-gapps-su.img
fastboot erase frp
4. Use volume key to choose "Reboot to recovery" then press power key to confirm
Press power key and volume up key to get the menu if "No command" appears, then choose "Wipe data/factory reset" to erase userdata storage.
Then reboot the phone.
5. After the phone booted, finish Setup Wizard.
6. Dump the boot image
Code:
adb shell
$ su
(Confirm root permission on the phone)
# dd if=/dev/block/bootdevice/by-name/boot_b of=/storage/emulated/0/stock_boot.img
# exit
$ exit
adb pull /storage/emulated/0/stock_boot.img
adb reboot bootloader
7. Switch to previous version, do factory reset
Code:
fastboot --set-active=a
Reboot to recovery and perform factory reset.
8. Reboot to normal OS and accept OTA update.
9. Use Magisk to patch the boot image you dumped, then root it with your patched boot image, or you can upload it if possible.
10. You can dump other partitions as well if you want.
Reserved 2
How to unlock the titanium alloy version?
great man! but H1T1000 ?How to unlock the titanium alloy version? Which one does boot. img use?
mavitz said:
great man! but H1T1000 ?How to unlock the titanium alloy version? Which one does boot. img use?
Click to expand...
Click to collapse
For Titanium variant H1T1000, I don't have the phone right away.
If you can assist me, I'd like to help you for H1T1000 firmware dumping and rooting.
你好,你也是中国人呀?能加一下QQ吗?我的QQ361212944 ,我进开发者里面OEM锁打勾了,然后进fastboot模式,输入那两个命令,都提示出错。希望你能帮帮忙。谢谢。
Well Sir
Just performed this procedure on my VZW black aluminum model and yup got ROOT! Everything works and is stable so far. 4view is working, camera is shooting 3D just fine. Not a single error, stopped app, like I said everything is chugging along. So sweet! Thanks man. I almost tried this exact procedure on my own but discussions in the h4vuser.net forums swayed me away. Just happy to have root access on my H1!
the H1 open market needs unlock code
Hey guys I ****ed up pretty big. Red wants me to send in my phone to get reimaged.
Can someone please dump their system.img for me.
https://www.addictivetips.com/mobil...es-boot-recovery-and-system-partition-images/
SynxSynx said:
Hey guys I ****ed up pretty big. Red wants me to send in my phone to get reimaged.
Can someone please dump their system.img for me.
https://www.addictivetips.com/mobil...es-boot-recovery-and-system-partition-images/
Click to expand...
Click to collapse
dump is here
https://github.com/AndroidDumps/red_hydrogenone_dump
joeyw007 said:
dump is here
https://github.com/AndroidDumps/red_hydrogenone_dump
Click to expand...
Click to collapse
Thank you so so much dude.
SynxSynx said:
Thank you so so much dude.
Click to expand...
Click to collapse
your welcome, hope it helps.
joeyw007 said:
your welcome, hope it helps.
Click to expand...
Click to collapse
I"m a little bit dense when it comes to this. I'm assuming this is the full oTA image that was captured somehow. Do I just repackage the whole thing into a zip, drop it on an SD card and then update through recovery mode? My flashing experience is kind of limited to just nexus devices which are notoriously easy.
SynxSynx said:
I"m a little bit dense when it comes to this. I'm assuming this is the full oTA image that was captured somehow. Do I just repackage the whole thing into a zip, drop it on an SD card and then update through recovery mode? My flashing experience is kind of limited to just nexus devices which are notoriously easy.
Click to expand...
Click to collapse
An official rom does not exist for this phone. at least not one we can access. That's why it's SUPER IMPORTANT not to make any booboos with rooting this phone. This is just a dump from a bone stock phone. I'm not sure, you're going to have to do some homework to see if it's even possible. I would think flashing the boot.img to the current boot slot Magisk patched should fix the issue depending on what caused it. Maybe someone else could chime in with a little more expertise on the matter. Never used a phone dump to create *.img file to flash via fastboot, if it's even possible. If you get it working and try to re root stop after step three do not perform the tasks in step four and turn off automatic system updates in dev options.
joeyw007 said:
An official rom does not exist for this phone. at least not one we can access. That's why it's SUPER IMPORTANT not to make any booboos with rooting this phone. This is just a dump from a bone stock phone. I'm not sure, you're going to have to do some homework to see if it's even possible. I would think flashing the boot.img to the current boot slot Magisk patched should fix the issue depending on what caused it. Maybe someone else could chime in with a little more expertise on the matter. Never used a phone dump to create *.img file to flash via fastboot, if it's even possible. If you get it working and try to re root stop after step three do not perform the tasks in step four and turn off automatic system updates in dev options.
Click to expand...
Click to collapse
Right for sure, but the thing is I think I messed up at the point where I ended up not being able to get it to boot after removing the stock facebook apps (Lord knows why) but I did get t successfully rooted. Once it hit that point I kind of panicked and ended up
c:\adb>fastboot erase system
******** Did you mean to fastboot format this ext4 partition?
erasing 'system_b'...
OKAY [ 0.354s]
finished. total time: 0.356s
That was my dun goofed point.
At this point it's now flashing to a boot_a slot where it used to be flashing to boot_b slot. I am able to get it to start loading the OS but I'm not sure why it's not actually booting. It makes it to the Verizon boot screen, but then just hangs there.
My request from you earlier to see if you could dump your system.img (Which should still be bone stock and doesn't contain user data) was to see if I flashed the system from fastboot it would work.
I think bootloader wise it's totally fine, it's just I can't get the system to boot.
So I'm not really looking for a rom-per-se I just want to see if I can get the system.img from someones (now rooted) device to see if loading it through fastboot will make it so I don't have to send it in and wait for 5 days to get my phone back
Yeah it's completely hosed. If anyone who's rooted can do the following steps for me, I would really appreciate it because I have no phone at the moment.
adb shell
su
ls -al /dev/block/platform/*/by-name
read the Partition Management Table and find something that looks like
system ---> /dev/block/mmcblk07
dd if=/dev/block/mmcblk07 of=/sdcard/system.img
then upload the ~3gb file
It's basically the only thing that will save me right now.
So I did some digging as I had no choice. I basically found that the hydrogen one doesn't use mmcblk's so I was giving bad info.
I worked with a friend who helped compile TWRP for the H1A1000 which can be found here https://androidfiles.host/2RE~i?cb1f802841522869ba768a30999b613a
You can use this by going into fastboot and doing fastboot flash boot twrp-3.3.1-0-HydrogenONE.img
If someone P L E A S E can load twrp
go into advanced>terminal
ls /dev/block/by-name
find their system_a and system_b mountpoints (Mine were sda6 and sda8 respectively) and then do
dd if=/dev/block/sda6 of=/sdcard/system_a.img
dd if=/dev/block/sda8 of=/sdcard/system_b.img
then upload those files to a mega
I would really really really like 100% totally appreciate it. Like I'll throw you 20$ at this point just for the trouble.
SynxSynx said:
So I did some digging as I had no choice. I basically found that the hydrogen one doesn't use mmcblk's so I was giving bad info.
I worked with a friend who helped compile TWRP for the H1A1000 which can be found here https://androidfiles.host/2RE~i?cb1f802841522869ba768a30999b613a
You can use this by going into fastboot and doing fastboot flash boot twrp-3.3.1-0-HydrogenONE.img
If someone P L E A S E can load twrp
go into advanced>terminal
ls /dev/block/by-name
find their system_a and system_b mountpoints (Mine were sda6 and sda8 respectively) and then do
dd if=/dev/block/sda6 of=/sdcard/system_a.img
dd if=/dev/block/sda8 of=/sdcard/system_b.img
then upload those files to a mega
I would really really really like 100% totally appreciate it. Like I'll throw you 20$ at this point just for the trouble.
Click to expand...
Click to collapse
Like FIH made HMD Nokia phones, I've created fastboot image for H1A1000 (Verizon only).
I will upload that to AFH soon.
hikari_calyx said:
Like FIH made HMD Nokia phones, I've created fastboot image for H1A1000 (Verizon only).
I will upload that to AFH soon.
Click to expand...
Click to collapse
Dude thank you so much.
edit, read your profile, donation link secured
To subscribers of this topic:
raw dump of H1A1000 for Verizon uploaded. Note, system and vendor images are raw ext4 images, use img2simg to process them if you want to use fastboot to flash it.
https://www.androidfilehost.com/?fid=1899786940962611843