Related
I'm trying to find an universal way to read userdata partition(dump partition) without rooting the device.
Assumption :
the device can be boot in fastboot mode
Possible ways :
1. Using fastboot
I've looked into fastboot.c, it taking usb as a usb_handle pointer. I'm trying to move from that point. Fastboot is mostly to write or erase, but I assumed if writing and erasing are possible, reading should be possible as well.
2. Using nvflash, tftp...
It won't be the solution, since it's chip dependent but using chip vendor's download tool to dump partitions.
Go for it!
How does using adb dumping from /dev/mmcblk0p1 sounds?
can I unmount mmcblk0p1, and mount back to readable position?
what device? more info please.
dd if=dev/mmcblk0p? of=data.img bs= 8096 is usually the easiest. (<--just an example)
also this may be helpful:
http://forum.xda-developers.com/showthread.php?t=1247908
chrisrotolo said:
what device? more info please.
dd if=dev/mmcblk0p? of=data.img bs= 8096 is usually the easiest. (<--just an example)
also this may be helpful:
http://forum.xda-developers.com/showthread.php?t=1247908
Click to expand...
Click to collapse
Thanks for the link. using dd command is the exact way I used to dump mmc block as root. Or can it be run under not-rooted phones?
Rooting depends on the kernel version of devices, so when I have to dump various phones, it's very cumbersome to root different kinds of devices and dump.
So I'm finding a way to walk around the problem by using fastboot or if possible adb.
I think fastboot is my best bet so far.
How about adb?
adb shell
df -h
kkiqq1208 said:
How about adb?
adb shell
df -h
Click to expand...
Click to collapse
df -h will only show usage of storage medias. Is there anyway I can read off the actual data?
As already mentioned, dd, but via ADB. I believe that it functions at a low enough level that you should be able to dump mmcblk0 without having to be rooted. If dd can't be directly accessed via adb, you could extract a busybox install from a rooted phone and set it up in your adb directory and then run it from there with busybox (in theory).
Волк said:
As already mentioned, dd, but via ADB. I believe that it functions at a low enough level that you should be able to dump mmcblk0 without having to be rooted. If dd can't be directly accessed via adb, you could extract a busybox install from a rooted phone and set it up in your adb directory and then run it from there with busybox (in theory).
Click to expand...
Click to collapse
Question.
Feels like i'm on the different page from you. If i run dd for /dev/mmcblk0 it does give me an error message saying "Access Denied" of couse mmcblk0 is owned by root. And busybox too(I haven;t tried this), it's just a set of linux commnads, I'm not sure how it can access a file(in this case, a device) which does not have its ownership.
Please correct me if I'm wrong.
Hi All,
There is a way to dump any partition to SD card partition on unrooted device vi ADB.
Paste this couple of lines into the terminal :
adb kill-server
adb wait-for-device
adb shell "echo ro.kernel.qemu=1 > /data/local.prop"
adb reboot
adb wait-for-device
adb shell "mount -wo remount rootfs /"
adb shell "rm /data/local.prop"
adb shell dd if=/dev/block/mmcblk0p1 of=/sdcard/mmcp1.dump
The phone may reboot many time after that, so make sure the file /data/local.prop is deleted after this operation. or execute this :
adb reboot
adb wait-for-device
adb shell "rm /data/local.prop"
adb reboot
hope that helps
__________________
HTC One X (SFR)
Wissam said:
Hi All,
There is a way to dump any partition to SD card partition on unrooted device vi ADB.
Paste this couple of lines into the terminal :
adb kill-server
adb wait-for-device
adb shell "echo ro.kernel.qemu=1 > /data/local.prop"
adb reboot
adb wait-for-device
adb shell "mount -wo remount rootfs /"
adb shell "rm /data/local.prop"
adb shell dd if=/dev/block/mmcblk0p1 of=/sdcard/mmcp1.dump
The phone may reboot many time after that, so make sure the file /data/local.prop is deleted after this operation. or execute this :
adb reboot
adb wait-for-device
adb shell "rm /data/local.prop"
adb reboot
hope that helps
__________________
HTC One X (SFR)
Click to expand...
Click to collapse
Has anyone verified if this works for reading partitions on a non-rooted phone?
This doesn't work on an unrooted, locked device.
Code:
C:\Windows\System32>adb shell "echo ro.kernel.qemu=1 > /data/local.prop"
/system/bin/sh: can't create /data/local.prop: Permission denied
This did not work for my phone.
I got "permission denied" right after
adb shell "echo ro.kernel.qemu=1 > /data/local.prop"
Most of the above will only work on a rooted device with superuser.
The loop holes for shadow copies are mostly fixed since 6.0.
Partitions that can be accessed without root can be dumped with DD through ADB if ADB itself is supported and not internally limited to prevent just this.
Try
Code:
adb reboot recovery
adb root
adb shell
In my device, I can able to read those /data /dev without bootloader unlocking or root.
HemanthJabalpuri said:
Try
Code:
adb reboot recovery
adb root
adb shell
In my device, I can able to read those /data /dev without bootloader unlocking or root.
Click to expand...
Click to collapse
So, ... You are lucky. If I try these commands, I am getting "error: closed". And believe it or not, I have my bootloader UNlocked. It's a doomed chinese tablet, Allwinner 100 SOC.
observingman said:
So, ... You are lucky. If I try these commands, I am getting "error: closed". And believe it or not, I have my bootloader UNlocked. It's a doomed chinese tablet, Allwinner 100 SOC.
Click to expand...
Click to collapse
I found that it is common for many Realme devices to able to use `adb root` in recovery mode.
I have a Realme C12 which has Mediatek Helio G35 MT6765G SoC. So we can also able to `readback` partitions by using SP Flash Tool with the help of MTK-bypass.
So I just got a new Evo! Sweet!
It came with software version 1.13.651.1.
I want to be able to flash ROMs and run Titanium Backup Pro.
What's the best/latest root method? Should I upgrade software first, or leave it?
(There are so many threads/sites, I'm confused as to what method is best/easiest.)
Thanks!
Do you mean 2.13? It depends on hboot, if you have 1.12 you can use lazy panda to soff. Anything 1.15 and higher and you need to dev unlock, there is no soff. You can try regawmod to unlock but people are having issues. It's easier to just sign up to HTC dev and unlock that way.
Under "about phone" it says 1.13.651.1 ... no, not 2.13.
Not sure how to check the hboot version....
1.13 is the first version that the phone shipped with. You might be lucky enough to have hboot 1.12. If so then you can run regaw's method and use lazypanda.
Just checking, you may be able to soff the phone. More then likely you have 1.12 hold power and wait for phone to turn off, let go then press and hold power + volume down, it will force bootloader
Make sure to check all your info and use this thread
http://forum.xda-developers.com/showthread.php?t=1690919
Then this
http://forum.xda-developers.com/showthread.php?t=1737123
I would assume that you have hboot 1.13. If that's the case do not accept any ota's or you will lose the ability to get s-off. Check the development thread and you'll find an auto-rooter thread. Then read up on lazy panda s-off. You should probably spend a couple days reading and re-reading in case you have any issues you'll know how to resolve them.
Sent from my EVO using xda premium
Is it 1.13? Been awhile lol
Yeah, I had to check. Lol
Yeah, my bad with all the odd numbers it just felt right.
Sent from my EVO using xda premium
I checked, and I do have hboot 1.12.
I guess that's a good thing!
So just do the lazy panda method?
You need to root then s-off. Use the threads in posted in order, all instructions are there.
metalfan78 said:
Make sure to check all your info and use this thread
http://forum.xda-developers.com/showthread.php?t=1690919
Then this
http://forum.xda-developers.com/showthread.php?t=1737123
Click to expand...
Click to collapse
I'm on a Mac; no Windows. So I can't do the RegawMOD...
Should I do this:
http://androidforums.com/evo-4g-lte-all-things-root/572162-how-get-full-root-mac.html
?
That should work, just make sure that you use the latest twrp and if you plan on flashing a different Rom skip flashing superuser, its an unnecessary extra step
om4 said:
That should work, just make sure that you use the latest twrp and if you plan on flashing a different Rom skip flashing superuser, its an unnecessary extra step
Click to expand...
Click to collapse
I got as far as running the runmemac.sh script; but now it's stuck on "waiting for device ... daemon started successfully..."
There IS a USB icon on the Evo, and it's in "charge only" mode ... and the boot screen showed "UNLOCKED" ...
Hmmm ...
So you flashed the unlock code? Sorry, I wasn't thinking about soff, you will need to flash supersu or superuser for root to be able to run lazy panda. Usually most users have hboot 1.15 or higher and can't use lazy panda so it slipped my mind
om4 said:
So you flashed the unlock code? Sorry, I wasn't thinking about soff, you will need to flash supersu or superuser for root to be able to run lazy panda. Usually most users have hboot 1.15 or higher and can't use lazy panda so it slipped my mind
Click to expand...
Click to collapse
Yes, the unlocking part worked fine; now I'm trying to get root, but adb won't see the phone (anymore).
(following this guide: http://androidforums.com/evo-4g-lte-all-things-root/572162-how-get-full-root-mac.html)
To get root flash the superuser zip in recovery, did you flash twrp
USB debugging needs to be re-enabled after unlock but for rooting stock, you need to flash recovery in fastboot. The recovery that comes with the zip you downloaded is a bit out of date you can download the latest from team win website and put it in the adb folder, after flashing twrp, you can flash the superuser zip that came with the zip you downloaded
om4 said:
USB debugging needs to be re-enabled after unlock but for rooting stock, you need to flash recovery in fastboot. The recovery that comes with the zip you downloaded is a bit out of date you can download the latest from team win website and put it in the adb folder, after flashing twrp, you can flash the superuser zip that came with the zip you downloaded
Click to expand...
Click to collapse
AHA! Re-enable debug! That was it! Thanks!
So are you saying to NOT run that shell script? I think it installs busybox and su...
Code:
#!/bin/bash
varadb=adb-mac
echo "---------------------------------------------------------------"
echo " One-Click Root ToolKit For Evo 4G LTE! "
echo " Script by Max Lee from HTCEvoHacks.com "
echo " Credits go to XDA users sparkym3 and Dan Rosenburg for exploit. "
echo "---------------------------------------------------------------"
echo " [*] This script will: "
echo " (1) root your Evo 4G LTE on ICS "
echo " (2) install Busybox "
echo " (3) install SU files "
echo " [*] Before u begin: "
echo " (4) Make sure to read full instructions at OneXRoot.com! "
echo "---------------------------------------------------------------"
echo "--- STARTING ----"
echo "--- WAITING FOR DEVICE"
./$varadb wait-for-device
echo "Start Rooting..."
./$varadb shell mv /data/local/tmp /data/local/tmp.bak
./$varadb shell ln -s /data /data/local/tmp
./$varadb reboot
echo "reboot #1 - DO NOT DISCONNECT YOUR DEVICE!"
./$varadb wait-for-device
./$varadb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
./$varadb reboot
echo "reboot #2 - DO NOT DISCONNECT YOUR DEVICE!"
./$varadb wait-for-device
./$varadb remount
./$varadb push su /system/bin/su
./$varadb shell "chown root.shell /system/bin/su"
./$varadb shell "chmod 06755 /system/bin/su"
./$varadb shell "rm /system/xbin/su"
./$varadb shell "ln -s /system/bin/su /system/xbin/su"
./$varadb push Superuser.apk /system/app/.
./$varadb shell rm /data/local.prop
./$varadb shell rm /data/local/tmp
./$varadb shell mv /data/local/tmp.bak /data/local/tmp
./$varadb push busybox /data/local/tmp/.
./$varadb shell "chmod 755 /data/local/tmp/busybox"
./$varadb shell "/data/local/tmp/busybox mount -o remount,rw /system"
./$varadb shell "dd if=/data/local/tmp/busybox of=/system/xbin/busybox"
./$varadb shell "chown root.shell /system/xbin/busybox"
./$varadb shell "chmod 04755 /system/xbin/busybox"
./$varadb shell "/system/xbin/busybox --install -s /system/xbin"
./$varadb shell "rm -r /data/local/tmp/busybox"
echo "rebooting"
./$varadb reboot
echo "All Done rooting Evo 4G LTE, check out HTCEvoHacks.com for more cool stuff like ROMs, hacks, tips, and more!"
@pause
Oh, I didn't read through the entire tutorial you linked lol, that should do it actually
hello, hope i post it in the right place, if not, please move it.
i bought the phone coolpad 7236, based on snapdragon 200 msm8212 chip.
i found out that i got the chinese version of the firmware, so the seller gave me a link for the multi language firmware: http://www.mediafire.com/folder/7g49chcyb7gdy/ROM_for_Coolpad_7236
there are some files there, offical flashtool, quallcom flash files (to be used with the flashtool), drivers, and an archive containg a script that should replace the entire system folder via adb.
i translated the .cmd file and here it is:
@echo off
%~d0
CD "%~d0%~p0"
set id=7236
taskkill /F /IM tadb.exe >nul 2>nul
taskkill /F /IM bdadb.exe >nul 2>nul
taskkill /F /IM sjk_daemon.exe >nul 2>nul
taskkill /F /IM romaster_daemon.exe >nul 2>nul
taskkill /F /IM AndroidInterface.exe >nul 2>nul
taskkill /F /IM adb.exe >nul 2>nul
adb.exe kill-server >nul 2>nul
echo .
echo The ROM for models£º%id%
echo .
echo Flash this ROM, please brush into the bottom of the package custom 7236
echo.
echo Brushing the bottom package, the phone is switched, the screen splash screen again after connecting USB
echo.
echo Note: During the brush machine, the phone screen is blank, do not operate the phone buttons until the phone automatically restart
echo.
title %id% ¹ú¼Ê°æ By Kyle
pause
:flash
color 1B
cls
adb -d push boot.img /tmp/.
echo Begin transmission system file, about 300M, wait. . . .
adb -d push system7236.tar.gz /tmp/.
adb -d shell mount /data
adb -d shell mount /system
adb -d shell rm -r /system/*
adb -d shell rm -r /data/*
adb -d shell tar -zxvf /tmp/system7236.tar.gz -C /
adb -d shell dd if=/tmp/boot.img of=/dev/block/platform/msm_sdcc.1/by-name/boot
adb -d shell reboot
echo Finished, the phone will automatically enter recovery, the recovery interface, you can directly select reboot system now
pause
exit
Click to expand...
Click to collapse
as you can see, it deletes the system folder and should put the contents of the archive as new system folder.
unfortunally this only made the first step, as soon as the script deleted the system folder, the phone stopped working.
i tried using adb shell to do it manually, but it didn't complied to simple commands as "dir" "ls" "cp" "pull" "push", the phone became a brick.
then i tried using the flashtool, the company says that in order to use it you should dial
#*20110606#
Click to expand...
Click to collapse
and then choose test mode or something in order to allow the flashtool put it in download mode, obiously i can't do that now. i figured that when i hold the power button the screen turns white, making the phone discoverable as quallcom hs-usb diagnostics or something like this, it doesn't work with the flashtool (it searches for qdloader device).
then i tried dumping system.img from other coolpad 7236 device, i used this tutorial: http://forum.xda-developers.com/showthread.php?t=2450045 and i got 800MB file, the fastboot refused to get it, then i used this fastboot: http://forum.xda-developers.com/moto-x/moto-x-qa/solved-img-vzw-xt1060-to-flash-fastboot-t2493814
waited for 30 minutes, but it was stuck on sending.
also, i couldn't get the fastboot to work, i tried to flash the boot.img that the seller gave me in the link, but the fastboot got stuck in "writing", the fastboot also ignored simple commands such as reboot.
the stocvk recovery is not helping either because i don't have signed update.zip for it.
is there anything else to do beside sending it back to china?
and, is there any GOOD WAY to replace the contents of the system folder (in case i get another chinese like this) without bricking the phone?
Figured it out, nevermind
kkffiirr said:
Figured it out, nevermind
Click to expand...
Click to collapse
Hi,
I'm new to all this. And I am having a Coolpad 7236 currently. It is also in Chinese and I do not know how to read that....Sigh...
Good phone with some flaws.
I'm interested in rooting it and flushing out the software to install a new one but I do not know how.
Can help?
Thanks
iandroid.co.il/forum/viewtopic.php?f=190&t=179082&hilit=7236
Use Google translate
Hi. I have the same problem. I am not able to follow the guide from the link you provided. Can you please put in simple terms how I can flash the multi language firmware in my coolpad. If yes, that would be a great help for me
Thanks.
wow, very old post...
here are the steps:
1. install adb drivers, get adb software, set the phone to enable usb debugging and root it with root genius.
2. download the system dump from: https://mega.co.nz/#!9JRTmYyD!MgZR1CITlfUMFM5FUtBlkVCg7u97djHYg8rkmudRbtc
3. download the kernel dump from: https://mega.co.nz/#!EBIH1TRZ!hfesnz3FkZXnaEHw6T5sA1DH98spXAGY594j-0HU-Hw
4. copy the files from 2 and 3 to the phone storage root.
5. start adb shell session by:
Code:
adb -d shell
6. enter the following commands:
Code:
su
dd if=/mnt/sdcard/boot.img of=/dev/block/platform/msm_sdcc.1/by-name/boot
dd if=/mnt/sdcard/system.img of=/dev/block/platform/msm_sdcc.1/by-name/system
note: the first dd shouldn't take much time, while the second might be long, be patient and wait for it to finish, and then reboot
Thanks, kkffirr... The link for Kernel dump is not working.... It says the file has been removed! ?
The Imperium said:
Thanks, kkffirr... The link for Kernel dump is not working.... It says the file has been removed!
Click to expand...
Click to collapse
try this
https://mega.nz/#!IZpwgIJA!hfesnz3FkZXnaEHw6T5sA1DH98spXAGY594j-0HU-Hw
I have been trying for more than a week now, but not able to root the phone... This is so annoying...
The Imperium said:
I have been trying for more than a week now, but not able to root the phone... This is so annoying...
Click to expand...
Click to collapse
it worked for me with root genius back then
The tablet is a Billow X103, nearly 2 years old with Android 7.0 1Gb Ram 16G memory and 32G SD. There are no TWRP/CWM recovery boot .imgs and none of the regular one click root apps work. Processor is a Mediatek 8320 I believe.
The bootloader is unlocked. There is no update for it so no OTA or stock firmware files. Where can I obtain a payload.bin for this tablet. Is it possible to extract it from the device with Python/Payload dumper etc so that I can use it to obtain the Boot.img in order to root it with Magisk. I have contacted the manufacturer, they did not reply. Any ideas anyone?
Android 7 OTAs don't contain payload.bin
Thanks, OK I did not know that, So How do I go about getting root on this device, with only the device available, ie there is no stock firmware apart from that on the device itself?
I should have asked how can I extract the boot.img from the device ?
boissano said:
I should have asked how can I extract the boot.img from the device ?
Click to expand...
Click to collapse
You for example run a DOS script like this
Code:
@echo off & setlocal ENABLEDELAYEDEXPANSION
set "adb=C:\ADB-FASTBOOT-R30\adb.exe"
set "dev=" & set "name=" & set /a success=0
!adb! devices
!adb! shell "mkdir -p -m755 /data/local/boot"
for /f "tokens=1,4 delims= " %%a in ('!adb shell "cat proc/mtd"') do (
set "dev=%%a" & set "name=%%b"
echo !name! | findstr /C:"boot" >nul
if !errorlevel! EQU 0 (
set "dev=!dev::=!""
!adb! shell "dd if=/dev/mtd/!dev! of=/data/local/boot/boot.img bs=4096"
set /a success=1
goto :done_backup_boot
)
)
:done_backup_boot
if !success! EQU 1 (
!adb! pull /data/local/boot/boot.img C:\boot.img
)
endlocal & exit
FYI: Haven't tested it. It's on you to fix bugs if given.
boissano said:
I should have asked how can I extract the boot.img from the device ?
Click to expand...
Click to collapse
By using SP Flash tool...
boissano said:
So How do I go about getting root on this device ...?
Click to expand...
Click to collapse
Android is rooted when the SU-binary is present in Android OS. Because in your case you can't access Android's /system partition ( means: mount /system partition as RW), you have to put SU-binary into non-system-critical /data partition - for example into /data/superuser , and afterwards give this binary the necessary rights via chmod and chown commands.
CXZa said:
By using SP Flash tool...
Click to expand...
Click to collapse
Without root which is the final aim, SP Flash tool does not access the firmware, it is only OK to flash a cooked boot.img
jwoegerbauer said:
You for example run a DOS script like this
Code:
@echo off & setlocal ENABLEDELAYEDEXPANSION
set "adb=C:\ADB-FASTBOOT-R30\adb.exe"
set "dev=" & set "name=" & set /a success=0
!adb! devices
!adb! shell "mkdir -p -m755 /data/local/boot"
for /f "tokens=1,4 delims= " %%a in ('!adb shell "cat proc/mtd"') do (
set "dev=%%a" & set "name=%%b"
echo !name! | findstr /C:"boot" >nul
if !errorlevel! EQU 0 (
set "dev=!dev::=!""
!adb! shell "dd if=/dev/mtd/!dev! of=/data/local/boot/boot.img bs=4096"
set /a success=1
goto :done_backup_boot
)
)
:done_backup_boot
if !success! EQU 1 (
!adb! pull /data/local/boot/boot.img C:\boot.img
)
endlocal & exit
FYI: Haven't tested it. It's on you to fix bugs if given.
Click to expand...
Click to collapse
Something along these lines looks to be the best way, it looks daunting but not much worse than rooting an HTC 10 years ago. Next time I will get wifey an easily rootable tablet with 4GB of ram to start. She plays games designed by **** developers where ram requirements increase with every update currently at 95% of total.
jwoegerbauer said:
Android is rooted when the SU-binary is present in Android OS. Because in your case you can't access Android's /system partition ( means: mount /system partition as RW), you have to put SU-binary into non-system-critical /data partition - for example into /data/superuser , and afterwards give this binary the necessary rights via chmod and chown commands.
Click to expand...
Click to collapse
Thanks ,will check this out too!
boissano said:
Without root which is the final aim, SP Flash tool does not access the firmware, it is only OK to flash a cooked boot.img
Click to expand...
Click to collapse
Okay, have fun!
Hello,
I received a BV9900E a few days ago. it's a nice Rugged phone.
But... I would like to put a custom launcher with custom widgets and custom animated wallpaper. But if I shut down the phone, I lost all my settings, the widgets and wallpaper. All must be reinstalled, and/or reconfigured.
I try to use whiteliste, did several tries and try various solutions found on the net but nothing helped ... I lose everything on each restart. Only stock widgets work.
I think I have found the beginning of an explanation here: https://bbs.blackview.hk/viewtopic.php?t=532725
But for edit Build.prop, i have to root the phone.
I am not an expert for rooting phone and try like on the Blackview topic, but i don't find BV9900E/Android 10 specific stock ROM for now.
I only can find the BV9900E_S1_200929 rom and not the BV9900E_EEA_S900AA.
I try to root with the BV9900E_S1_200929 rom, Adb, magisk, but nothing happend.
Any solution is welcome !
Thank you in advance for your answers.
Modèle : BV9900E
System : Android 10
Num serie : BV9900EQEE002138
Build : BV9900E_EEA_S900AA_V1.0_20201103V04
Rooting a phone's Android doesn't require to re-flash phone's Stock ROM. A phone's Android is rooted when su binary got installed on it.
To prepare rooting you have to
Unlock phone's bootloader
Disable Android's DM-Verity & AVB locks
Flash a Custom Recovery like TWRP what is at 100% suitable to phone
To root Android you have to
Flash by means of this Custom Recovery SuperSU.zip or similar
Ok, thank's jwoegerbauer...
Unlock bootloader is ok. but impossible To disable DM-Verity and there is no TWRP for the BV9900E yet...
And i don't know, it's very strange because i can't mount system when i am on recovery mode for example.
Blackview has only one answer: It's not possible to do that.
I am not an expert with the handling of phones but I am not quite bad with technology either. I already had 2 phones that I ended up rooting but there, I do not succeed. I may have to wait a bit because this phone is brand new, the solutions may come from someone more expert than me.
Disabling Android's SElinux, DM-Verity & AVB is achieved by running specific ADB / Fastboot commands.
Mouning /system RW requires Android is rooted
Compile TWRP at your own if none matching available.
Ok, that sounds simple to you.
But when I search the internet there are thousands of answers that go in all directions ... It is not so easy for the uninitiated like me.
Do you have some links for illustrate what you say?
To disable the mentioned 3 locks you may consider to run a Windows CMD script like this draft
Code:
@echo off & setlocal ENABLEDELAYEDEXPANSION
pushd "%~dp0"
set "adb=C:\ADB-FASTBOOT-R30\adb.exe"
set "fastboot=C:\ADB-FASTBOOT-R30\fastboot.exe"
set "su=C:\SU-Binary\su"
set "tmpdir=%TEMP%\%RANDOM%%RANDOM%"
set "su_binary_location=/data/local/superuser"
set "su_tmp=!su_binary_location!/su"
set /a cnt=0"
mkdir "!tmpdir!" 2>nul
if NOT exist "!tmpdir!\" ( goto :end )
set "dev=" & set "name="
!adb! devices
!adb! shell stop
call :install_temporary_root
!adb! shell "mkdir -p -m0666 /data/local/vbmeta"
for /f "tokens=1,4 delims= " %%a in ('!adb shell "!su_tmp! -c 'cat proc/mtd'"') do (
set "dev=%%a" & set "name=%%b"
echo !name! | findstr /C:"vbmeta" >nul
if !errorlevel! EQU 0 (
set "dev=!dev::=!""
!adb! shell "!su_tmp! -c 'dd if=/dev/mtd/!dev! of=/data/local/vbmeta/!name! bs=4096'"
!adb! pull /data/local/vbmeta/!name! "!tmpdir!"
set /a cnt+=1
)
)
!adb! shell "rm -Rf /data/local/vbmeta"
if !cnt! EQU 0 ( goto :end )
!adb! shell "!su_tmp! -c 'setenforce 0'"
!adb! reboot fastboot
!fastboot! devices
for /f "tokens=*" %%a in ('dir /B "!tmpdir!"') do (
set "vbmeta_img=%%a"
if NOT [!vbmeta_img!]==[] (
set "vbmeta_partition=!vbmeta_img:.img=!"
!fastboot! --disable-verity --disable-verification flash !vbmeta_partition! "!tmpdir!\!vbmeta_img!"
)
)
!fastboot! reboot
:end
rmdir /S /Q "!tmpdir!" 2>nul
!adb! shell start
popd
endlocal & exit
rem
:install_temporary_root
!adb! shell "mkdir -p -m0755 !su_binary_location!" 2>nul >nul
!adb! push !su! !su_binary_location! > nul
!adb! shell "chmod 0777 !su_tmp!"
!adb! shell "chown 0.2000 !su_tmp!"
goto :EOF
where you of course have to adjust the pathname of ADB & Fastboot executables and the SU-binary
FYI: Have not tested such a script, it's on you to fix bugs if any given.
With regards to compile a TWRP at your own:
look inside here.
I also bought a bv9900e and have managed to unlock the bootloader, as guided here : LINK
Can i get some help with compiling TWRP ?