Related
EDIT: I have slightly modified this guide for it to be more useful for all X10 Mini users, not only for E10a users but for E10i users too. Enjoy!
This is a guide for flashing an E10a X10 Mini with a pre-rooted, xRecovery-enabled update.zip file by using the xRecovery tool for X10 Mini.
WARNING: THE UPDATE.ZIP FILE LINKED TO IN THIS GUIDE IS ONLY FOR AN E10A X10 MINI, FOR EXAMPLE DEVICES WHICH CURRENTLY RUN ON FIRMWARE VERSION 2.0.1.A.0.47 - IF YOU USE THIS GUIDE WITH AN E10I YOU WILL NEED TO USE YOUR OWN UPDATE.ZIP, WHICH YOU CAN EITHER CREATE USING aZuZu's SMALL KITCHEN OR WHICH YOU CAN DOWNLOAD FROM ANOTHER THREAD.
DISCLAIMER: Use at your own risk! This guide is provided WITH NO GUARANTEE that it will work. I am not responsible if you brick/destroy your phone. Follow these steps CLOSELY and DO NOT PM me if you are having problems. If it doesn't work, it's because you didn't follow the guide correctly. MAKE SURE THAT YOU KNOW WHAT YOU'RE DOING, OR PLEASE WAIT FOR AN EASIER WAY OF ROOTING YOUR PHONE.
BEFORE you begin following these steps, MAKE SURE that you've read ALL OF THEM twice over, that you UNDERSTAND their implications, and that you have DOWNLOADED EVERYTHING that you need (THIS INCLUDES the files and tools that you must download in the guides that this guide links you to)!
1. Acquire your phone's decrypted .sin files:
[1.a] Run SEUS (a.k.a. Sony Ericsson Update Service) to flash your phone, then copy the "FILE_xxxxxxxxx" files (there are 3 - approximately 64KB, 14MB and 112MB) from "C:\Program Files\Sony Ericsson\Update Service\db\[8 numbers]\blob_fs\" to a folder where you will work with them.
[1.b] Download Bin4ry's ConvertTool.zip and extract the files into the same folder as your files.
[1.c] Open up a command prompt (run cmd) and navigate to your work folder using the "cd" command.
[1.d] Run SEUSDECRYPT.BAT as explained in the guide linked to in step [1.a] to obtain your decrypted .sin files. CLARIFICATION: For the two largest files, rename the .tgz files to .zip files, then use WinRAR to extract the files within those .zip files. The .sin files are inside of the .tgz files WITHIN the zip files. Then, for the smaller 64kb file, Run it through SEUSDECRYPT.BAT like the two other files, but simply rename it to loader.sin and put it with your other .sin files in the next step.
[1.e] The files have a long file name and must be renamed to shorter names (i.e. rename them to only the beginning of their original file names). Use the Nordic file names downloaded in step [2.a] as a template to know for sure what you need to rename them to. Once renamed, copy ONLY the files that you need (there should be 9: amss_fs.sin, amss.sin, cache.sin, fota0.sin, fota1.sin, kernel.sin, loader.sin, simlock.ta, userdata.sin) into one folder. MAKE SURE that you EXCLUDE system.sin, as copying it along with your other .sin files will OVERWRITE YOUR WORK later in this guide! Instead of system.sin, we will be using update.zip SEPARATELY (which is the sole purpose of this guide!)
[1.f] If you choose to create your own update.zip file using aZuZu's Small Kitchen in step [3.a], then keep your system.sin file elsewhere for future use.
2. Flash your phone with the Nordic firmware (ONLY IF you currently CAN NOT root your phone) [2.a], root it with z4root [2.b], and install xRecovery [2.c]:
[2.a] If z4root does not work on the firmware currently installed on your phone, you will need to "downgrade" to a firmware that you can root. Here is a shortcut to doing so, since you won't be using the firmware that you will be "downgrading" to once you are finished. follow Bin4ry's guide to flash your phone to the e10i Nordic firmware, which can be rooted with z4root. Do not worry about your data connection for this step, as you will not be using this firmware once you have finished following this guide. If/when a dialog to enable your data connection pops up, DECLINE.
[2.b] Root your newly flashed Nordic firmware (or your currently installed firmware if you did not need to perform step [2.a]) using z4root (RECOMMENDED: select permanent root). Alternatively, you can simply use Bin4ry's Flashtool (from step [2.a]) which includes z4root.
[2.c] Once your phone is rooted and has rebooted (automatically done by z4root as a final step), follow this guide to install xRecovery on your phone. If the installer application doesn't work, I recommend that you get adb (which is in Bin4ry's FlashTool's "FlashToolRelease" folder) to manually install it, either by following the steps in the aforementioned guide or by doing the following:
1. Copy these 3 files (which you can download from the aforementioned xRecovery guide) to the root of your SD card: busybox, chargemon, xrecovery.tar ... Once these are copied, disable USB file sharing on your phone, but DO NOT disconnect your phone.
2. Run the following command in adb shell, without the quotes: "su" (A dialog from the SuperUser app might/will pop up, select "Allow")
3. Run the following command, without the quotes: "mount -o rw,remount /dev/block/mtdblock0 /system"
3. Run the following command, without the quotes: "busybox cp /sdcard/busybox /sdcard/chargemon /sdcard/xrecovery.tar /system/bin/"
4. Run the following command, without the quotes: "mount -o ro,remount /dev/block/mtdblock0 /system"
5. That's it! You've now manually installed xRecovery and can close your adb shell if you want.
3. Install update.zip onto your phone using xRecovery:
[3.a] Download my update.zip file (Alternate link: click here) (this file is only for E10a!! E10i users must either find another update.zip for their phones or create their own using aZuZu's Small Kitchen) and copy it to the root of your SD card. If you know how to check an MD5/SHA256/SHA512 sum, my update.zip has the following hashes:
MD5 sum: 5bd588518921b592b087d3175cff972b
SHA256 sum: 2cabcf01fe3c56f9d287e9a7eb2e4a3c2531cd9e08dd8193604d3f2f8143f6f2
SHA512 sum: 7663b37b47a7170bd8ef99838b3344eeca38e013eae98a1d2c1ba8e61f0c9192a318a39cd7a0589b75041bb3a82ca82ee6339c4894263657b3ec3eeb5c59cf7cAs an alternative to using my update.zip, you can now easily create your own update.zip files with your own system.sin file!
Just use aZuZu's Small Kitchen: http://forum.xda-developers.com/showthread.php?t=897662
E10i users can either download the following update.zip file, or can find another one on their own:
Generic 2.0.2.A.0.24 firmware [rooted + xrecovery preinstalled]
[3.b] Make sure that your phone is FULLY CHARGED, then turn your phone off.
[3.c] Turn your phone back on and right after the white Sony Ericsson logo appears, press the BACK (right) button every half-second until the xRecovery menu appears. If the xRecovery menu does NOT appear, then you did NOT install xRecovery correctly.
[3.d] In the xRecovery menu, select the "Install update.zip from SD Card" option, then wait until it says that the operation completed for the xRecovery menu to reappear.
[3.e] DO NOT REBOOT YOUR PHONE YET, as you will need to proceed with the following steps relatively quickly BEFORE rebooting.
4. Place your phone's decrypted .sin files in Bin4ry's FlashTool's "FlashToolRelease" folder [4.a], prepare yourself for flashing these files [4.b], then reboot your phone into flash mode [4.c] and flash your e10a .sin files to your phone [4.d/e]:
[4.*] YOU WILL NEED TO PERFORM STEPS [4.c], [4.d] AND [4.e] QUICKLY, SO DO NOT PROCEED BEFORE HAVING DOWNLOADED THE NECESSARY FILES AND PREPARED YOURSELF FOR THESE STEPS!
NOTE: Users who did not need to flash the Nordic firmware [2.a] do not need to follow any of the following steps and can simply choose the reboot option in the xRecovery menu now. ALL OTHER USERS MUST CONTINUE.
[4.a] Remember step 1? This is where you'll be using those .sin files! Place the folder containing your phone's .sin files into Bin4ry's FlashTool's "FlashToolRelease" folder.
[4.b] Run x10flash.bat, click Flash and select the folder that you just placed, just like in the guide linked to in step [2.a], but DO NOT PRESS OK YET.
[4.c] Select the "Reboot" option on your phone, in the xRecovery menu.
[4.d] Preferably BEFORE the ANIMATED Sony Ericsson logo appears (i.e. while the white Sony Ericsson logo is still there), plug your phone into your computer via USB cable, then press the BACK (right), HOME (middle) and POWER (top) buttons at the SAME TIME and hold them until the phone's GREEN LED is on.
[4.e] In Bin4ry's FlashTool, MAKE SURE that you selected the folder with your phone's .sin files! Click OK in FlashTool and wait for the files to be flashed to your phone. REMEMBER that you should NOT have a system.sin file in your folder or you will have done all of this for nothing!
[4.f] When FlashTool indicates that flashing has completed, unplug your USB cable.
[4.g] Wait 15 seconds. Turn your phone on and wait for it to boot. It may take a while to boot since it will be the first time that you boot since you flashed your phone.
5. Congratulations! You have flashed your X10 Mini with a pre-rooted firmware with xRecovery pre-installed! ENJOY your (and our) hard work! ;-)
Cheers,
uriah
Thank you very much, I will try it next week end.
I don't understand This :
hen copy the "FILE_xxxxxxxxx" files (there are 3, you will need the two biggest ones - approximately 14MB and 112MB) from "C:\Program Files\Sony Ericsson\Update Service\db\[8 numbers]\blob_fs\" to a folder where you will work with them.
Witch File You need putted To Sony Ericsson Update???
I did all the steps, know a lot of things are missing in the tut and I did a litle thing different, but in one step after I unrar the files I did not find loader.sin
I will try do the step of the files again, if I dont post a reply about it is bcs I coud not find the loader.sin
the things that I did different
if I rename tgz to zip I cant open or extract but if I rename to rar I can
and in the tut do not explain that need to use comands in prompt like:
C:\ConvertTool>SeusDecrypt FILE_277756147
but I will be very great if all will work
ed- still problem to find loader.sin, the rest are ok
mini e10a
@ dionei:
- for the seusdecrypt.bat explanation, please refer to step [1.d]/[1.a]:
[1.d] Run SEUSDECRYPT.BAT as explained in the guide linked to in step [1.a] to obtain your decrypted .sin files.
- for the loader.sin file, you're right, I did indeed forget to mention what to do for loader.sin, so I will update the tutorial. please see step [1.d] again.
@ redbike:
you need to find the "FILE_xxxxxxxxx" files inside "C:\Program Files\Sony Ericsson\Update Service\db\[8 numbers]\blob_fs\" and copy them to another directory in which you will decrypt these files.
cheers,
uriah
[TUT] Appendix A:
Due i had to make new account and new kitchen thread here is new link to kitchen:
http://forum.xda-developers.com/showthread.php?t=925028
it is now "universal" for XPERIA Android phones (still lacks support for x10mini pro due i'm not in that subforum too much. You must admit it is different world, much more devs than in x10 mini subforum).
I've read this a couple of times and i still dont understand the 1st step.
I've got the FILE(s)_xxxxxxxx on the same folder as the convert tool:
C:\ConvertTool\FILE_xxxxx
On cmd i tried and run:
C:\ConvertTool>SEUSDECRYPT.BAT FILE_XXXXXXXX
SEUSDECRYPT FILE_XXXXXXXX
Im probably doing something wrong so if you could help me i would be grateful.
Found the solution ignore.
Hy,
My friend, can you plz decrypt this file?
CRYPTED 2.1.1.A.0.6(latest) for someone to decrypt correctly.
http://www.megaupload.com/?d=601618QL
Its lates firmware for e10i.
pedrocel85 said:
Hy,
My friend, can you plz decrypt this file?
CRYPTED 2.1.1.A.0.6(latest) for someone to decrypt correctly.
Its lates firmware for e10i.
Click to expand...
Click to collapse
Hi my friend..!!
here is that applying for:
the decryptred files of latest firmware
for e10i..(2.1.1.A.0.6)..!!
Enjoy it..!!!
.megaupload.com/?d=9FACST9X
P.S...Sorry but i can't post any link yet..
Hi....
To decrypt SE files, I´ve tried with flashtool in avanced-->decrypt and it seems ok
With flashtool you don´t need convertfiles nor rename files to .zip....
Flashtool converts "C:\Program Files\Sony Ericsson\Update Service\db\[8 numbers]\blob_fs\xxxxx..." into xxxxx.sin files directly.
flashtool link:
http://forum.xda-developers.com/showthread.php?t=920746
sorry for my english
cazador1377 said:
Hi....
To decrypt SE files, I´ve tried with flashtool in avanced-->decrypt and it seems ok
With flashtool you don´t need convertfiles nor rename files to .zip....
Flashtool converts "C:\Program Files\Sony Ericsson\Update Service\db\[8 numbers]\blob_fs\xxxxx..." into xxxxx.sin files directly.
flashtool link:
http://forum.xda-developers.com/showthread.php?t=920746
sorry for my english
Click to expand...
Click to collapse
thanks, finaly I can now decrypt
thanks man it worked
xrecovery not workin
Spent a whole evening trying to get xRecovery to work on a X10 Mini, used the 0.3 installer, the 1.0 installer, removed everything, copied the 3 files (and also tried moving) with root explorer, changed permissions, removed everything, tried X10 flashtool: cannot boot into xRecovery mode!
Believe me: I'm not new to flashing android phones, I read every forumpost on the subject, I cannot get this to work.
I did upgrade to the latest SE firmware 2.1-update 1 (build nr 2.1.1.A.0.6), maybe that's blocking xRecovery somehow?
Any ideas?
Elio
@uriahheep @ Everybody else wh can help
Well ppl this might be off topic or considered as a spam .... but kindly apologize me for that, as I can't find much help with the issue that I'm facing !!
Kindly goto this link and plz plzz plzzz help me sort out the Issue !! I have an E10i Xperia Mini and rest of the issue details are in the link below:
http://forum.xda-developers.com/showthread.php?t=1243081
I desperately need help from someone who has been dealing with these X10 Mini phones ! I've Rooted/Rom'd HTC desire and Huawei Ideos but never ever ran into such Firmware related issues !! PLZZ PLzz PLzzz help me, its already been over a week and I haven't been able to find a single thing working for me !! =(
what exactly does SIMLOCK.TAR FILE?
This guide is to help anyone who wants to use Android Pay but his XC phone is unlocked and rooted. It begins with an unlocked phone with a valid backup of the TA partition as well as an unrooted /system partition.
Prerequisites:
1. A backup of TA partition (https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236)
2. Unlocked bootloader
3. Working fastboot driver and command
4. Clean /system partition without any trace of su. Systemless root is fine because it will be overwritten by the new kernel. If needed, flash the stock system partition again.
5. TWRP image for XC (https://drive.google.com/open?id=0B0j3VJ1Xp5N8M1ZGbzBBMTdyRnM)
6. Stock kernel image (Extract kernel.sin from official FTF)
7. Trim Area Proof Of Concept (https://forum.xda-developers.com/crossdevice-dev/sony/poc-real-trim-instead-drm-fix-t3552893)
8. Tobias kernel repack tool (https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605)
9. Magisk v12.0 flashable zip, not Manager app (https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445)
Procedures:
1. Run TA PoC (DOUBLECLICKME.bat). You'll be asked to select your kernel image (kernel.sin) and TA backup (your TA backup file). Choose also to disable DM-Verity, Sony RIC but keep Force-encrypt (my data partition is encrypted, your choice). At the end a new file new_boot.img will be created.
2. Copy the new_boot.img in step 1 to Tobias tool folder. In the same folder, execute the following command. Again, disable Sony RIC, don't install TWRP, don't install DRM fix and don't install Busybox. At the end, another file boot.img will be created.
Code:
rootkernel.cmd new_boot.img boot.img
3. Power off your phone. Power on again while holding volume up rocker to enter fast boot mode. Execute the following command to flash the new boot image. Replace boot.img with your new image in step 2 with full path.
Code:
fastboot.exe flash boot [I]boot.img[/I]
4. Reboot your phone. No root or SuperSU app should be found.
5. Copy Magisk zip file into phone internal storage.
6. Dial *#*#7378423#*#*, followed by Service Test > Security to check if DRM is detected properly. At this point of time, your phone should be su free and DRM working properly.
7. Power off your phone. Power on again while holding volume up rocker to enter fast boot mode. Execute the following command to boot TWRP. Replace twrp.img with your TWRP image with full path.
Code:
fastboot.exe boot [I]TWRP.img[/I]
8. In TWRP, flash Magisk zip
9. Reboot your phone. Install Magisk Manager app (no long available in Play Store) (http://tiny.cc/latestmanager)
10. Run Magisk Manager and turn on Magisk Hide. You should see Magisk installed successfully and properly rooted with MagiskSU. Tap SafetyNet button to check if it can be passed.
11. (optional) Install Xposed using Magisk app, not official method. Xposed will break Safety Net again. But you can always disable it in Magisk Manager easily.
Remarks:
1. Trim Area Proof Of Concept is required to restore full DRM functionality so that Safety Net thinks the phone is still locked.
2. /system partition must be clean and free of any trace of previous su installation.
3. Magisk Manager app cannot be used to install Magisk because it requires root in the first place. Even with systemless root, after Magisk is installed this way, trace of su can be found in /vendor partition.
4. Tobias tool has to be used to repack the boot image because I found that if PoC image is used directly, phone will reboot unexpectedly after Magisk is installed.
This is the clearest guide I found so far for rooting x compact :good: (Your old guide also help me understand some of the concept)
I get most of the steps but want to confirm whether I understand it correctly
itandy said:
1. Run TA PoC (DOUBLECLICKME.bat). You'll be asked to select your kernel image (kernel.sin) and TA backup (your TA backup file). Choose also to disable DM-Verity, Sony RIC but keep Force-encrypt (my data partition is encrypted, your choice). At the end a new file new_boot.img will be created.
Click to expand...
Click to collapse
TA PoC modify the boot image and the modified boot image will mount the TA backup image during boot and "trick" the system/kernel into thinking that is the original TA Partition, and it is untouched.
itandy said:
2. Copy the new_boot.img in step 1 to Tobias tool folder. In the same folder, execute the following command. Again, disable Sony RIC, don't install TWRP, don't install DRM fix and don't install Busybox. At the end, another file boot.img will be created.
Click to expand...
Click to collapse
- Drm fix is not needed because of the trick in step 1. This step is only needed because of incompatibility of boot image generated from step 1 with magisk (mentioned in the remarks section.).
- TWRP is not needed because in this guide TWRP will be booted by fastboot through PC without actually installing it on the phone (Step 7)
- Busybox is now included in magisk I think?
itandy said:
6. Dial *#*#7378423#*#*, followed by Service Test > Security to check if DRM is detected properly. At this point of time, your phone should be su free and DRM working properly.
Click to expand...
Click to collapse
- This is to prove the TA PoC mount trick above is working. No kernel fix is done.
The advantage of this method instead of kernel drm fix is that you can have completely stock kernel/system and only have modified boot image (and some extra data in data partition). Can you theoretically update the system and exclude the boot and data partition and still have the root intact? Or is that not recommended as new update might have some change in the boot partition as well?
I still need to do more reading about magisk and why the manager need to be installed manually (and what does it do)
trewelu said:
This is the clearest guide I found so far for rooting x compact :good: (Your old guide also help me understand some of the concept)
I get most of the steps but want to confirm whether I understand it correctly
TA PoC modify the boot image and the modified boot image will mount the TA backup image during boot and "trick" the system/kernel into thinking that is the original TA Partition, and it is untouched.
- Drm fix is not needed because of the trick in step 1. This step is only needed because of incompatibility of boot image generated from step 1 with magisk (mentioned in the remarks section.).
- TWRP is not needed because in this guide TWRP will be booted by fastboot through PC without actually installing it on the phone (Step 7)
- Busybox is now included in magisk I think?
- This is to prove the TA PoC mount trick above is working. No kernel fix is done.
The advantage of this method instead of kernel drm fix is that you can have completely stock kernel/system and only have modified boot image (and some extra data in data partition). Can you theoretically update the system and exclude the boot and data partition and still have the root intact? Or is that not recommended as new update might have some change in the boot partition as well?
I still need to do more reading about magisk and why the manager need to be installed manually (and what does it do)
Click to expand...
Click to collapse
Your understanding is correct. As for busybox, I didn't install it because I don't use it. You can try and see if it affects Safety Net detection.
Yes, system partition can be updated without losing root.
trewelu said:
This is the clearest guide I found so far for rooting x compact :good: (Your old guide also help me understand some of the concept)
I get most of the steps but want to confirm whether I understand it correctly
TA PoC modify the boot image and the modified boot image will mount the TA backup image during boot and "trick" the system/kernel into thinking that is the original TA Partition, and it is untouched.
- Drm fix is not needed because of the trick in step 1. This step is only needed because of incompatibility of boot image generated from step 1 with magisk (mentioned in the remarks section.).
- TWRP is not needed because in this guide TWRP will be booted by fastboot through PC without actually installing it on the phone (Step 7)
- Busybox is now included in magisk I think?
- This is to prove the TA PoC mount trick above is working. No kernel fix is done.
The advantage of this method instead of kernel drm fix is that you can have completely stock kernel/system and only have modified boot image (and some extra data in data partition). Can you theoretically update the system and exclude the boot and data partition and still have the root intact? Or is that not recommended as new update might have some change in the boot partition as well?
I still need to do more reading about magisk and why the manager need to be installed manually (and what does it do)
Click to expand...
Click to collapse
Just found that you can actually enable busybox in Magisk Manager so you don't have to pack it into the boot image.
Sent from my F5321 using Tapatalk
Done the step above and gained root and pass safety check in magisk.
Is there a way to disable the bootloader unlocked message during boot? I don't mind the message but it delay booting process I
trewelu said:
Done the step above and gained root and pass safety check in magisk.
Is there a way to disable the bootloader unlocked message during boot? I don't mind the message but it delay booting process I
Click to expand...
Click to collapse
I'm not aware anyone is able to do that so far.
itandy said:
I'm not aware anyone is able to do that so far.
Click to expand...
Click to collapse
You would need to alter bootloader....
Remark for Android 7.0 Users
If you will use this guide on Nougat, you will need to DISABLE force-encrypt, because data partition is encrypted by default on Nougat. On top of that, you will need to first boot to TWRP, wipe DATA partition without decrypting / mounting it and then reboot system to re-create unencrypted data partition. Only then you can flash Magisk..
ondrejvaroscak said:
If you will use this guide on Nougat, you will need to DISABLE force-encrypt, because data partition is encrypted by default on Nougat. On top of that, you will need to first boot to TWRP, wipe DATA partition without decrypting / mounting it and then reboot system to re-create unencrypted data partition. Only then you can flash Magisk..
Click to expand...
Click to collapse
Just curious, I'm on MM and my data partition is encrypted. But I didn't have to decrypt it first before installing Magisk. Is there anything on Nougat that makes it different?
itandy said:
Just curious, I'm on MM and my data partition is encrypted. But I didn't have to decrypt it first before installing Magisk. Is there anything on Nougat that makes it different?
Click to expand...
Click to collapse
Yes, quite substantially .... the TWRP does NOT support /data decryption on Nougat. On MM it works, on Nougat there is no way, until someone compiles TWRP with support for Nougat encrypted /data. The workaround is to DISABLE force-encrypt, wipe /data to force re-create unencrypted /data, install anything you need and then encrypt in Settings/Security. Once you do it, there is no way to get into /data in recovery...
ondrejvaroscak said:
Yes, quite substantially .... the TWRP does NOT support /data decryption on Nougat. On MM it works, on Nougat there is no way, until someone compiles TWRP with support for Nougat encrypted /data. The workaround is to DISABLE force-encrypt, wipe /data to force re-create unencrypted /data, install anything you need and then encrypt in Settings/Security. Once you do it, there is no way to get into /data in recovery...
Click to expand...
Click to collapse
And why is data partition decryption support needed in TWRP in this case? Flashing Magisk requires modification on data partition?
itandy said:
And why is data partition decryption support needed in TWRP in this case? Flashing Magisk requires modification on data partition?
Click to expand...
Click to collapse
I don't think so. I just re-did the step (accidentally locked back my bootloader when trying to remove the unlocked message). On twrp, it ask for password which I don't even know as after BL unlock wipe, I haven't set my screen lock yet. I skip that part, mount the sd card and flash magisk. Magisk modify the boot image and I can have root and safety net working.
Ps: You might need to update the step, the magisk manager stub will force you to download the app from play store, but it is already pulled. I need to download the app directly from magisk thread and side load it.
Edit: I was wrong. Magisk do use /data for magisk.img, but it have workaround instalation in case it is inaccessible during flashing install script. See #15
trewelu said:
Ps: You might need to update the step, the magisk manager stub will force you to download the app from play store, but it is already pulled. I need to download the app directly from magisk thread and side load it.
Click to expand...
Click to collapse
Updated. Thanks!
itandy said:
And why is data partition decryption support needed in TWRP in this case? Flashing Magisk requires modification on data partition?
Click to expand...
Click to collapse
Magisk installs file magisk.img into /data. This file is than mounted as /magisk. I am not sure, how Magisk handles installation if /data is not accesible/mountable during flashing, did not try it.
ondrejvaroscak said:
Magisk installs file magisk.img into /data. This file is than mounted as /magisk. I am not sure, how Magisk handles installation if /data is not accesible/mountable during flashing, did not try it.
Click to expand...
Click to collapse
I'm not good with script, but here is my understanding,
In case of inaccessible data during flash, magisk will flash magisk.img temporarily in cache partition. During booting (after data is unencrypted), magisk check if the workaround image in cache exist and move it to data
scripts/flash_script.sh
Code:
if (is_mounted /data); then
IMG=/data/magisk.img
else
IMG=/cache/magisk.img
ui_print "- Data unavailable, use cache workaround"
fi
jni/daemon/bootstages.c
Code:
// Merge images
if (merge_img("/cache/magisk.img", MAINIMG))
goto unblock;
if (merge_img("/data/magisk_merge.img", MAINIMG))
goto unblock;
jni/magisk.h
Code:
#define MAINIMG "/data/magisk.img"
trewelu said:
I'm not good with script, but here is my understanding,
In case of inaccessible data during flash, magisk will flash magisk.img temporarily in cache partition. During booting (after data is unencrypted), magisk check if the workaround image in cache exist and move it to data
Click to expand...
Click to collapse
Cool, very clever. I did not make the effort to study in in depth, but expected some sort of solution to exist when users succesfully installed Magisk even when they can not mount /data in TWRP. This temporary /cache mount is just nice example of clever programming
Hey, I think I pseudo-bricked my device while following these steps. I used fastboot to boot into TWRP, without disabling encryption, on Nougat 7.1. I didn't notice the requirement to disable encryption in Post #8 until afterwards.
Now the device appears to be on (my computer detects an unknown device when I plug it in), but it doesn't show any LEDs or react to any buttons. Is my only recourse to wait till the battery dies in a few days and try again, or is there another way?
HAHA, I found if I hold EVERY button (power, vol up, vol dn, and camera), the phone restarts and I have access again. w00t!
Just wondering if somebody tried this with Nougat 7.1? I can't get TA_POC to work, security test displays error and sim card is not detected.
baz1 said:
Just wondering if somebody tried this with Nougat 7.1? I can't get TA_POC to work, security test displays error and sim card is not detected.
Click to expand...
Click to collapse
Yes this works with 7.1 the same as with 7.0. How did you perform the update to 7.1?
I followed the guide to perfection, and everything works perfectly...but...If I want to turn a user app into system apps, link2sd gives me this error: mount: '/dev/block/bootdevice/by-name/system'->'/system': Device or resource busy" and system app mover gives me this error : "could not remount /system".
is system read only? why? I've already tried to enable "rw" "ro" through the command line without success...
Can anyone help me?
p.s. I have granted root permissions to the applications mentioned above at their opening
Bypass bootloader guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz.
A little bit of disclaimer......
Appender is for those who are currently using bypass bootloader hack above, so there is no need of manually appending blocks to boot image/recoevry image after every flash. Appender automatically appends the 4k bytes to boot image and recovery image.
NOTE: DO NOT QUOTE WHOLE POST OR I WILL IGNORE
Appender-v4 Download below
Changelog:
Appender-v4
*Fixed Appender on system-as-root boot images (Appender breaks GSI with system-as-root, don't use GSI)
*Improved overall code
Appender-v3
*Initial test version
Recommended twrp: Pitch black recovery
Link
Appender-v4.zip is for boot image
Appender-v4-rec.zip is for recovery image
Appender Usage
1. Flash rom
2. Flash magisk for root (skip if you don't need root)
3. Flash custom kernel (skip if you don't need custom kernel)
4. After that flash Appender-v4.zip
5. Reboot
Appender Recovery Version Usage
1. Flash recovery image
2. Flash Appender-v4-rec.zip
3. Reboot Recovery
CAUTION: Appender must be flashed EVERY time you modify boot image or recovery image.
And don't forget to press thanks if this tool has helped you
Reporting errors.
After flashing appender, send the file /cache/recovery/last_log if Appender didn't worked, and also metion the issue you are facing.
Credits and thanks
@osm0sis for Anykernel3
@xaacnz for bypass bl guide
steeldriver (stackexchange) for helping me with commands
busybox team
Old method
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf 'x30x83x19x89x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf 'x30x83x19x89x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing, use recommend twrp above
If you get error related to ramdisk compression, use Appender-v4 or above
XDA:DevDB Information
Appender for Redmi 5A (bypass bootloader), Tool/Utility for the Xiaomi Redmi 5A
Contributors
saurabh6377
Version Information
Status: Beta
Current Beta Version: 4
Beta Release Date: 2019-09-29
Created 2019-09-28
Last Updated 2019-09-29
Reserved
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor for android/linux/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note3: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
Let me verify this, I will update the guide once this is verified.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
_saurabh__._ said:
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
Click to expand...
Click to collapse
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Sonu1123 said:
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Click to expand...
Click to collapse
Yes you can install xposed. Simple rule of thumb is that you can flash anything that does not touch boot image and xposed doesn't it only writes to /system partition so no issues.
Xposed is not available for pie yet, but the unofficial EdXposed magisk module was tested by me and it works good on pixel experience.
Kindly ask you to upload some zip file to your OP, containing following files:
- tmp\hack_splash.xml
- tmp\prog_emmc_firehose_8917_ddr.mbn
- tmp\recovery.img
- tmp\splash.img
- tmp\twrp.xml
- fh_loader.exe
- QSaharaServer.exe
- a text file containing steps 9-11 and link to xaacnz thread (for credits)
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor(Note2) for android/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Please upload the patched files.
- hack_splash.xml
- recovery.img
- twrp.img
- splash.img
- twrp.xml
It really helps me to know how to append blocks.
Please upload these files for us.
Thanks and regards.
Anshu lakra said:
aIecxs said:
Dude, youre waiting for 2 months, wish i could help you... Maybe here more better luck?
https://forum.xda-developers.com/showthread.php?t=3911660
Click to expand...
Click to collapse
Have you flashed custom ROM ?
---------- Post added at 03:54 AM ---------- Previous post was at 03:52 AM ----------
Nobody is uploading or posting link.
Click to expand...
Click to collapse
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
aIecxs said:
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
Click to expand...
Click to collapse
Thanks sir i am waiting .
saurabh6377 said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
NOTE: YOU NEED TO FOLLOW THE ABOVE GUIDE IF YOU HAVEN'T, THEN COME BACK HERE
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf '\x30\x83\x19\x89\x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
script .you promised script. are looking forward to !!! You are welcome
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
not necessary there is official unlock tool from xiaomi
aIecxs said:
not necessary there is official unlock tool from xiaomi
Click to expand...
Click to collapse
This is for those who weren't successful unlocking via official method.
osm0sis said:
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
Click to expand...
Click to collapse
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
osm0sis said:
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Click to expand...
Click to collapse
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Click to expand...
Click to collapse
Cool. I just worry what that stuff intended for tuna (Galaxy Nexus) could do. If you don't need to touch the ramdisk you could just use split_boot; so it doesn't unpack the ramdisk unnecessarily.
You can use repack_ramdisk; (if unpacked) and flash_boot; instead of write_boot; to get more granular control and be able to act on the final image before flash. :good:
Good luck with your exams! :fingers-crossed:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Click to expand...
Click to collapse
Well that's not necessarily an AnyKernel "thing" because it's a vendor partition modification, but yeah you could do that somewhere in anykernel.sh as part of a flash if you want, just remember to mount vendor rw first and back to ro after. The AK3 patch_fstab function might work for you.
Hey ges any video for this step?
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
Hey,
is there a simple way to flash a new kernel / boot.img using TWRP by script / openrecoveryscript? I can select "Install Image" in the UI and flash the boot.img just fine, but I want to script that so I can flash devices easily or even remotely just by uploading the openrecoveryscript and the image to flash.
The documentation at https://twrp.me/faq/openrecoveryscript.html is pretty useless, it doesn't even mention that '/cache/recovery/openrecoveryscript' will be executed by TWRP.
The install command expects a zip file, the restore command a TWRP backup.
Any ideas? Thx
TWRP's OpenRecoveryScript ( read: command line ) support is great.
It's source code here:
Team-Win-Recovery-Project/openrecoveryscript.cpp at android-5.0 · TeamWin/Team-Win-Recovery-Project
Core recovery files for the Team Win Recovery Project (T.W.R.P) - this is not up to date, please see https://github.com/TeamWin/android_bootable_recovery/ - Team-Win-Recovery-Project/openrecoverysc...
github.com
IMO the mentioned TWRP recovery command line guide isn't useless as you claim.
Using a simple text file, saved in the /cache/recovery/ directory with the name openrecoveryscript, the TWRP recovery can be instructed to execute the described set of commands during the startup, e.g. the installation of a ZIP archive such as a ROM, or the deletion of a partition.
@jwoegerbauer I think you want to refer to https://github.com/TeamWin/android_bootable_recovery/blob/android-10.0/openrecoveryscript.cpp instead, as https://github.com/TeamWin/Team-Win-Recovery-Project ist not maintained if I understand it correctly.
However, I don't want to read the source to find out how to (not) flash a boot.img using TWRP without the UI.
If I understand the docs correctly, TWRP does not support flashing images. It supports restoring backups and installing zips.
I've also tried to find out if there is an easy way to convert the boot.img to an installable zip or TWRP recovery, but so far I've not succeeded.
Do you know an answer to this?
Use Fastboot to flash boot.img
I can't use fastboot as the device (Samsung) does not support it and it would also require physical access.
So far my workflow is to flash the image to a device I have by hand (manually), create a backup of the boot partition with TWRP (manually), download it and then deploy the backup to remote devices via adb and restore them on reboot via the openrecoveryscript.
My workflow would be simplified if could remove the need for the manual process that creates an image/backup that can be flashed remotely.
Well, I found a simpler way to flash the kernel / boot.img directly within the os. I can simply overwrite the partition:
adb push boot.img /sdcard/boot.img
adb shell su -c "dd if=/sdcard/boot.img of=/dev/block/mmcblk0p14"
Don't even have to reboot the device...
For those wondering from where to get the block-device... See ls -l /dev/block/platform/msm_sdcc.1/by-name/ ("msm_sdcc.1" part may be different)
this is a guide for some user running stock Realme UI 2 on rooted device. while stock recovery wont work after unlocking bootloader and magisk installed (UPDATE: apparently stock recovery are working but you have to wait around 30minutes in order to boot into it). the only option for us is using custom recovery. but custom recovery wont recognize the updates because it's unusual format and its unusual location. Be careful!! I'm not responsible for any damage you may encounter doing this guide. I will try to help as far as I could do
(this guide are documentation from rui2.0 c.09 to c.15 update. where rui1.0 to rui2.0 upgrade im using stock recovery )
first of all, we need to download updates from ota server. simply enter Settings app, scroll down and select Software update. wait untill finished, you'll be prompted to install when it's done. but don't have to do that, it only reboot to recovery doing nothing.
now preparing the updates.
the downloaded files are located inside
Code:
/data/ota_package/OTA/.otaPackage
there are 6 files (may vary) and all of them are flashable zips except system_vendor that needs slight modification. copy or move those files to internal or external storage (i personally put those files on /sdcard/updates/). then add .zip extension by renaming (put ".zip" in the end of file name).
modifying system_vendor.zip
extract system_vendor into separate folder. after that, navigate to META-INF/com/google/android/ now edit updater-script replace RMX2151L1 (or similar) with RMX2151 to avoid installation errors. on TWRP, this phone is only recognized as RMX2151 regardless it's actual phone model ( it needs confirmation from other realme 7 users ).
now back to system_vendor folder and replace vbmeta.img file with vbmeta from attachment. after doing all steps simply repack all files and folder into zip with normal compression parameter. (you don't have to replace vbmeta file, but you have to flash modified vbmeta after that to avoid bootloop)
all files are ready to flash using TWRP (or your own preferred custom recovery). flashing this zip might replace bootloader with stock so flashing Magisk are preferred or you'll lose root access.
the intention of making this thread are opening discussion about realme updates. maybe someone out there could make all those steps simpler and easy enough