To get a privileged shell you need to modify the following lines to the given values in the default.prop file
ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1
Click to expand...
Click to collapse
I have the extracted the recovery image of my phone model : So is it possible to modify the following values in the default.prop file, repack the image and flash it using fastboot(bootloader is unlocked) to get a privileged shell, and then copy the su binary after remounting system as read/write?
Do I need to change any other values in any of the files? And will it work, theoretically at least?
What are the chances of it messing up anything?
[I posted this on android.stackexchange but not much activity there]
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
That's great
And is there any way to confirm that the recovery (downloaded) that I have is indeed from my device? Is the data within the prop files such as build and model no. etc enough?
Sent from my A9 using xda app-developers app
It didn't work. Either it wasn't the stock recovery in the first place, or the process isn't that easy. This can be closed now.
Modify boot.img
I think it is only the boot.img which is to be flashed. You don't need to flash recovery as whole.
If you have root access, you could manually edit default.prop. But, the modifications exist only till reboot. Once you reboot, boot.img will reload all the necessary system files to original. So, edit boot.img.
Adriel David said:
Hello I want to modify default.prop to modify it I need root access now I rooted my phone and cwm installed I want to make a flashable zip backup of default.prop can you provide me the script to be flashed by cwm because I am afraid bricking my phone
Click to expand...
Click to collapse
default.prop is on ramdisk or initrd which is part of the boot.img.
I use abootimg to edit boot, some use mkbootimg. Google editing initrd will give you info you need
varun.chitre15 said:
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
Click to expand...
Click to collapse
Sorry to call on such an old post, but wouldnt this mean that on each boot (if modified on boot.img. On each fireup of recovery if on recovery.img) the superuser apk and binaries are reinstalled? Because this /is/ init.rc we're referring to. Please correct me if I am wrong, and also tell me if this is the best way to go about it I'm trying to come up with a way to root my device without using dirtycow haha
my device intex cloud m6 1gb ram 8gb rom is not rooting.Please tell how to root
How to root Intex Cloud M6 8gb and 16gb smartphones.
Hello there,
This query was posted a long time ago by you and i am not sure if you have found the solution or not. But as far as i am aware, it is pretty hard to root this device. It runs on a Spreadtrum chipset sc7731. However, recently i figured out how to root this device.
It seems like that the device's default.prop file comes with a configuration :
Code:
ro.secure=1
which makes it impossible to root this device with absolutely any rooting software out there including the one-click apps.
To be able to root this device, the only efficient way is to replace the stock recovery with a custom one, deleting the default su binary file inside the /system/xbin folder as well as in the /system/bin folder, installing the SuperSU.zip file and finally by installing the Kingroot apk which will ultimately root the device.
I personally prefer the TWRP but there is no official release out there for this device. So, i ported a custom recovery for it in my spare time ( It may appear somewhat ridiculous but i had nothing more interesting to do so i changed the layout :silly
I have attached the recovery file below.
After you have downloaded the recovery as well as the SuperSU.zip, here are the steps to root it:-
Download the minimal adb fastboot for windows. You may google it, its available easily. (It turns out it may be the only tool that may work effectively in case your device is not getting recognized by any other adb.)
Rename the recovery as twrp and place it inside the Minimal adb and fastboot folder.
Connect the device via a USB cable and make sure adb debugging is on inside the developer options.
Now open the Minimal adb and fastboot tool and type the following commands inside the prompt:-
Code:
adb devices
adb reboot bootloader
fastboot devices
fastboot flash recovery twrp.img
fastboot reboot
Type the commands in the exact sequence. Your device will boot normally. Now, time to checkout the recovery. Type the following command inside the prompt.
Code:
adb reboot recovery
In a few seconds, you will have the custom twrp booted in front of you. Now, open the Mount tab inside the recovery and check the system option within it.
Head back to the recovery homescreen and open the Advanced tab which is followed by opening the File Manager tab.
Inside the file manager, follow the path to the pre-existing su binary file, i.e /system/xbin and delete it. Do the same with the su file present on /system/bin.
Now, head back to the recovery home ,open Install tab and select the SuperSU.zip wherever you placed it and swipe to confirm the installation.
Reboot system. (It will probably boot without the logo so don't worry if it does.)
Now Google the Kingroot.apk, download it and install it. Give it a run, it will probably fail.
So get rid of the other superuser app i.e, SuperSU app via the option present inside it, i.e "Cleanup to install other superuser app" or something like that.
After a few seconds, it will disappear from the device and probably the same might happen with the Kingroot app.
Reboot the device.
Re-install the Kingroot app and run it again.
Congrats! You just rooted your device. Go ahead and check the root via an app like Rootchecker.
Here is the custom recovery file: -
HTML:
https://adarshkushwah.github.io/Custom-recovery-for-Intex-Cloud-M6-8gb-and-16gb/
If you have any query regarding this, do let me know. :good:
(I would be glad if you or anyone who finds this post useful would thank me) Cheers!
Hello there,
First-off, i would like to thank the Chainfire for the SuperSU files and the Kingroot for making the rooting process easier.
As far as i am aware, it is pretty hard to root this device. It runs on a Spreadtrum chipset sc7731. However, recently i figured out how to root this device.
->> REQUIREMENTS:
1. Minimal adb and fastboot tool.
2. Kingroot app.
3. As usual, a working brain.
->> METHOD:
It seems like that the device's default.prop file comes with a configuration :
Code:
ro.secure=1
which makes it impossible to root this device with absolutely any rooting software out there including the one-click apps.
To be able to root this device, the only efficient way is to replace the stock recovery with a custom one, deleting the default su binary file inside the /system/xbin folder as well as in the /system/bin folder, installing the SuperSU.zip file and finally by installing the Kingroot apk which will ultimately root the device.
I personally prefer the TWRP but there is no official release out there for this device. So, i ported a custom recovery for it in my spare time ( It may appear somewhat ridiculous but i had nothing more interesting to do so i changed the layout :silly
I have attached the recovery file below as well as the SuperSU.zip files below.
After you have downloaded the recovery as well as the SuperSU.zip, here are the steps to root it:-
Download the minimal adb fastboot for windows. You may google it, its available easily. (It turns out it may be the only tool that may work effectively in case your device is not getting recognized by any other adb.)
Rename the recovery as twrp and place it inside the Minimal adb and fastboot folder.
Connect the device via a USB cable and make sure adb debugging is on inside the developer options.
Now open the Minimal adb and fastboot tool and type the following commands inside the prompt:-
Code:
adb devices
adb reboot bootloader
fastboot devices
fastboot flash recovery twrp.img
fastboot reboot
Type the commands in the exact sequence. Your device will boot normally. Now, time to checkout the recovery. Type the following command inside the prompt
.
Code:
adb reboot recovery
In a few seconds, you will have the custom twrp booted in front of you. Now, open the Mount tab inside the recovery and check the system option within it.
Head back to the recovery homescreen and open the Advanced tab which is followed by opening the File Manager tab.
Inside the file manager, follow the path to the pre-existing su binary file, i.e /system/xbin and delete it. Do the same with the su file present on /system/bin.
Now, head back to the recovery home ,open Install tab and select the SuperSU.zip wherever you placed it and swipe to confirm the installation.
Reboot system. (It will probably boot without the logo so don't worry if it does.)
Now Google the Kingroot.apk, download it and install it. Give it a run, it will probably fail.
So get rid of the other superuser app i.e, SuperSU app via the option present inside it, i.e "Cleanup to install other superuser app" or something like that.
After a few seconds, it will disappear from the device and probably the same might happen with the Kingroot app.
Reboot the device.
Re-install the Kingroot app and run it again.
Congrats! You just rooted your device. Go ahead and check the root via an app like Rootchecker.
The custom recovery file has been attached and happens to be in the .zip format so kindly extract the recovery from it.
If you have any query regarding this, do let me know. :v
(I would be glad if you or anyone who finds this post useful would thank me) Cheers!
Warning!!! I’m not responsible for anything (death, destruction, or nuclear war) which happens to you & your stuffs after following this guide.
Downloads :-
RR-Magisk-Root-vivo-Y51L.zip
TipsyOS Prerooted ROM
How to Install ?
1. Make sure you have RR rom installed(Get it Here) before flashing RR-Magisk-17.2-vivo-Y51L.zip
2. Reboot to TWRP recovery
3. Install RR-Magisk-17.2-vivo-Y51L.zip or TipsyOs-prerooted.zip, whatever your choice is.
4. Reboot to System.
5. If root worked, Come back and the hit the thanks button below!
:Video Tutorial on the same:
https://www.youtube.com/watch?v=omUggCUJGGk
-:NOTES FOR VIVO Y51L DEVS:-1. Played with Magisk once for around 3 hours
2. You wanna know ? Seriously ? Okay
3. Disable Selinux which isn't needed by root ! (Just for fun)
4. Downlad Magisk-latest.zip
5. Extract magiskinit from arm folder
6. Push magiskinit to /data/local/tmp
7. Run :
adb shell
cd data/local/tmp
chmod 755 magiskinit
./magiskinit -x magisk magisk
exit
adb pull /data/local/magiskinit8. Now you will get an file with name magisk in the current dir
9. Place it in the /system/xbin/ folder of your rom
10. Place Magisk Manager apk in /sytem/app/Magisk
11. Now, boot.img part :
Following things to be done in boot.img :
Created /sbin/permissive.sh
Patched default.prop, fstab.qcom, init.environ.rc, init.rc, init.recovery.service.rc, init.root.rc, init.superuser.rc (create one if..), sepolicy, service_contexts
If you wanna know the stuff i added in these files, just search 'Naveen' in all those files (Yeah, i reckon that, i'm Superlazy to find & write those here even though i can write 55wpm)12. What about how to patch sepolicy ? Uh, I used supolicy by @Chainfire (Thanks man....)
13. How to find selinux denies ? Install audit2allow in your linux system & :
adb shell dmesg | audit2allow -p (your sepolicy here, use 'adb pull /sys/fs/selinux/policy') > selinux.error
Now push supolicy to phone (Download SuperSU.zip)
adb push ./ /data/local/tmp/tony/
adb shell
cd /data/local/tmp/tony/
chmod 755 *
./supolicy --live "error here"
./supolicy --save /data/local/tmp/tony/new_sepolicy
exit
adb pull /data/local/tmp/tony/new_sepolicy
Rename new_sepolicy to sepolicy & replace your original one in boot.img
Repack your boot.img13. This won't work with stock rom since we get operation not permitted errors while trying to exec su, i think it's Linux Capabilities (Read more about that here : http://man7.org/linux/man-pages/man7/capabilities.7.html) Don't ask me why it works in cm roms if kernel is the problem
14. Whatever you wanna ask me, reply here please (I'm don't check private messages anymore)
Official Telegram Group for Vivo Y51L/Y21L : https://t.me/vivodevelopment
Fix for bugs
Please fix the bugs asap....i am facing audio and video playback problems
#ask
are you facing mic and call problem?
use y51l kernal
bro.
can you use y51l kernal to patch file?
so that y51l may get rooted with no bugs
Bugs are there
*Front camera not working
*Flash light not working
*Magisk not installing
y51 kernal source restore
can you make tutorial to restore y51 kernal source .also there a wifi bug wont turn on
device stuck at app starting up....pls hlp
installed the miui root boot.img and twrp.img but after rebooting the device was stuck
Can't root
How to download
Magisk cannot run in third-party ROM
It's a pity that my favorite ROM cannot be ROOT. It's not that the installation fails, but it always stops working.
I have a more useful method for rooting vivo y51L
Requirements:-
OTG
Data cable
A second phone
Bootloader unlock
Bugjaeger application
Root checker application
Your custom ROM or stock ROM zip file
Firstly we have to unzip our stock or custom ROM zip file, after unzipping file we have to move out boot.img file and save it in our internal storage . After that we have to flash the boot.img file in magisk and after flashing we will get a magisk patch in our download folder . We have to send that patch to our second phone and save it in it's internal storage .after that we have to boot our phone in fastboot mode and for that we have to power off our device and press volume down and power button .After booting the device in fastboot mode you have to connect otg in your second device and data cable in fastboot device . After that connect data cable and otg , after connecting the Bugjaeger application will open automatically . after that find an icon which looks like lightning in app and click that , after that you will find a blue dot at the bottom of the screen . Click that button and you will get inside command section after that type the first command :- Fastboot devices and click the play button at the right side. After that you will see a serial number which means you are connected. After that write the second command :- Fastboot flash boot , after writing it we will find a paper clip type button at the top right corner , just click that and attach the magisk patch which we sent to our second device and tap the play button at the right side . After the command has succeeded we have have to reboot our fastboot phone after removing data cable and otg . After rebooting just open root checker application and keep internet on , Click on verify root. Your phone is rooted now.
Now do whatever you want to do
Fun fact :- this method works on every phone
Those who want to say me thanks for this method please reply me
Bypass bootloader guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz.
A little bit of disclaimer......
Appender is for those who are currently using bypass bootloader hack above, so there is no need of manually appending blocks to boot image/recoevry image after every flash. Appender automatically appends the 4k bytes to boot image and recovery image.
NOTE: DO NOT QUOTE WHOLE POST OR I WILL IGNORE
Appender-v4 Download below
Changelog:
Appender-v4
*Fixed Appender on system-as-root boot images (Appender breaks GSI with system-as-root, don't use GSI)
*Improved overall code
Appender-v3
*Initial test version
Recommended twrp: Pitch black recovery
Link
Appender-v4.zip is for boot image
Appender-v4-rec.zip is for recovery image
Appender Usage
1. Flash rom
2. Flash magisk for root (skip if you don't need root)
3. Flash custom kernel (skip if you don't need custom kernel)
4. After that flash Appender-v4.zip
5. Reboot
Appender Recovery Version Usage
1. Flash recovery image
2. Flash Appender-v4-rec.zip
3. Reboot Recovery
CAUTION: Appender must be flashed EVERY time you modify boot image or recovery image.
And don't forget to press thanks if this tool has helped you
Reporting errors.
After flashing appender, send the file /cache/recovery/last_log if Appender didn't worked, and also metion the issue you are facing.
Credits and thanks
@osm0sis for Anykernel3
@xaacnz for bypass bl guide
steeldriver (stackexchange) for helping me with commands
busybox team
Old method
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf 'x30x83x19x89x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf 'x30x83x19x89x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing, use recommend twrp above
If you get error related to ramdisk compression, use Appender-v4 or above
XDA:DevDB Information
Appender for Redmi 5A (bypass bootloader), Tool/Utility for the Xiaomi Redmi 5A
Contributors
saurabh6377
Version Information
Status: Beta
Current Beta Version: 4
Beta Release Date: 2019-09-29
Created 2019-09-28
Last Updated 2019-09-29
Reserved
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor for android/linux/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note3: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
Let me verify this, I will update the guide once this is verified.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
_saurabh__._ said:
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
Click to expand...
Click to collapse
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Sonu1123 said:
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Click to expand...
Click to collapse
Yes you can install xposed. Simple rule of thumb is that you can flash anything that does not touch boot image and xposed doesn't it only writes to /system partition so no issues.
Xposed is not available for pie yet, but the unofficial EdXposed magisk module was tested by me and it works good on pixel experience.
Kindly ask you to upload some zip file to your OP, containing following files:
- tmp\hack_splash.xml
- tmp\prog_emmc_firehose_8917_ddr.mbn
- tmp\recovery.img
- tmp\splash.img
- tmp\twrp.xml
- fh_loader.exe
- QSaharaServer.exe
- a text file containing steps 9-11 and link to xaacnz thread (for credits)
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor(Note2) for android/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Please upload the patched files.
- hack_splash.xml
- recovery.img
- twrp.img
- splash.img
- twrp.xml
It really helps me to know how to append blocks.
Please upload these files for us.
Thanks and regards.
Anshu lakra said:
aIecxs said:
Dude, youre waiting for 2 months, wish i could help you... Maybe here more better luck?
https://forum.xda-developers.com/showthread.php?t=3911660
Click to expand...
Click to collapse
Have you flashed custom ROM ?
---------- Post added at 03:54 AM ---------- Previous post was at 03:52 AM ----------
Nobody is uploading or posting link.
Click to expand...
Click to collapse
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
aIecxs said:
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
Click to expand...
Click to collapse
Thanks sir i am waiting .
saurabh6377 said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
NOTE: YOU NEED TO FOLLOW THE ABOVE GUIDE IF YOU HAVEN'T, THEN COME BACK HERE
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf '\x30\x83\x19\x89\x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
script .you promised script. are looking forward to !!! You are welcome
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
not necessary there is official unlock tool from xiaomi
aIecxs said:
not necessary there is official unlock tool from xiaomi
Click to expand...
Click to collapse
This is for those who weren't successful unlocking via official method.
osm0sis said:
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
Click to expand...
Click to collapse
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
osm0sis said:
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Click to expand...
Click to collapse
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Click to expand...
Click to collapse
Cool. I just worry what that stuff intended for tuna (Galaxy Nexus) could do. If you don't need to touch the ramdisk you could just use split_boot; so it doesn't unpack the ramdisk unnecessarily.
You can use repack_ramdisk; (if unpacked) and flash_boot; instead of write_boot; to get more granular control and be able to act on the final image before flash. :good:
Good luck with your exams! :fingers-crossed:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Click to expand...
Click to collapse
Well that's not necessarily an AnyKernel "thing" because it's a vendor partition modification, but yeah you could do that somewhere in anykernel.sh as part of a flash if you want, just remember to mount vendor rw first and back to ro after. The AK3 patch_fstab function might work for you.
Hey ges any video for this step?
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file