Hi all,
This is dangerous
Be sure to really understand what every step mean before doing anything
This thread is about poorly supported devices, without known factory images, and how to make one, thanks to Magisk and Treble, and helping each other!
How does this work?
- unlock bootloader on both devices
- On the first device, flash a root-ed GSI.
- From this GSI, dump all emmc partitions (except system and userdata, obviously). This can be done easily via adb, or a root file manager.
- Use magisk patcher to root the boot.img you've just dumped
- You can now flash this root-ed boot.img on the second device (which has original system.img)
- Now that you have rooted firmware with stock system.img, you can dump stock system.img
You now have a full dump of stock ROM!
This process requires two devices, so mostly likely two people.
I'm opening this thread, so people can meet other people with the same device to be able to complete this handshake, and make a full dump of stock ROM.
Once you've found your device-mate, don't forget to edit your original post to mention the handshake has been made.
I'll start.
I have the following devices, on which I already have GSIs, and dump-ed boot.img, I'd like someone to get the stock system.img:
- Koolnee Rainbow (looks like there is a firmware on https://www.needrom.com/download/koolnee-rainbow/ )
- Cubot X18 Plus (http://forum.cubot.net/viewtopic.php?f=21&t=2215)
- Blackview A20
- Allview V3 Viper
This is just a theory, as I do not have any Treble-capable devices.
Could this not be done on one device, with a lot more hassle, by reflashing the unrooted GSI on the first device?
Note that many (some?) Qualcomm devices can get access to EDL mode via fastboot (unlocked bootloader required):
Code:
fastboot oem edl
And with Qualcomm QDLoader driver, you can dump any partition to PC via emmcdl binary.
You can google for more precise instructions and files.
moriel5 said:
This is just a theory, as I do not have any Treble-capable devices.
Could this not be done on one device, with a lot more hassle, by reflashing the unrooted GSI on the first device?
Click to expand...
Click to collapse
He wants to have a copy of the stock ROM. He cannot reflash it without having a copy first. And he cannot get a copy of the original ROM if he already flashed a GSI over it.
Thank you for your hard work and for the guide. I hope that someone will release the dump for Viper V3, it's the only Mediatek device with Treble and it can be a good staring point for devs (and for my Xperia XA)
@phhusson Cubot X18 Plus firmware can be found here: http://forum.cubot.net/viewtopic.php?f=21&t=2215
rrvuhpg said:
Viper V3, it's the only Mediatek device with Treble
Click to expand...
Click to collapse
False. There are plenty of MTK devices with Treble: https://www.kimovil.com/en/compare-smartphones/f_pm+id.5,f_doba+slug.android,f_min_dobr+value.15
Palm Trees said:
@phhusson Cubot X18 Plus firmware can be found here: http://forum.cubot.net/viewtopic.php?f=21&t=2215
Click to expand...
Click to collapse
Cool thanks
False. There are plenty of MTK devices with Treble: https://www.kimovil.com/en/compare-smartphones/f_pm+id.5,f_doba+slug.android,f_min_dobr+value.15
Click to expand...
Click to collapse
Well it lists Xperia XA1 as compatible Treble, and I don't think that's the case
phhusson said:
Cool thanks
Well it lists Xperia XA1 as compatible Treble, and I don't think that's the case
Click to expand...
Click to collapse
No problem - reached out to Blackview for the A20 rom Notice I wrote 'plenty' and thereby not all, but you are right - the Kimovil list contains devices MTK with Android 8.x native (treble) or upgraded to (non-treble).
[/COLOR]
CosmicDan said:
Note that many (some?) Qualcomm devices can get access to EDL mode via fastboot (unlocked bootloader required):
Code:
fastboot oem edl
And with Qualcomm QDLoader driver, you can dump any partition to PC via emmcdl binary.
You can google for more precise instructions and files.
Click to expand...
Click to collapse
adb reboot edl
(for most that don't have the fastboot strings)
and if you want a thorough rundown on the method you're referring to--which I assure you sounds easier than it is on most devices I've encountered that shipped with lollipop or newer--alephsecurity[dotcom] has a pretty thorough primer on the subject
Related
So far throughout xda, I have just got links to stock ROM for other variants like LX1(mostly), which dont support the VoLTE feature. However I fail to find any link for complete stock ROM, both fastboot and recovery, for the ANE-AL00 C675 variant. I am well versed with unbricking Xiaomi, Sony and old samsung devices both from recovery and fastboot, but have no experience with Huawei Devices, and the method for huawei devices seem a bit different.
For e.g. if i want to just boot to recovery(temporarily) and not permanently, I used the command "fastboot boot (recovery_file_name).img" , but I am unable to do so with huawei devices. Seems, commands are slightly different. I am just curious to know a full guide of flashing stock ROM for ANE-AL00 C675 variant both from fastboot and recovery method.
Links for the C675 ROMS would be very much appreciated. Kindly help!!
fbh59 said:
So far throughout xda, I have just got links to stock ROM for other variants like LX1(mostly), which dont support the VoLTE feature. However I fail to find any link for complete stock ROM, both fastboot and recovery, for the ANE-AL00 C675 variant. I am well versed with unbricking Xiaomi, Sony and old samsung devices both from recovery and fastboot, but have no experience with Huawei Devices, and the method for huawei devices seem a bit different.
For e.g. if i want to just boot to recovery(temporarily) and not permanently, I used the command "fastboot boot (recovery_file_name).img" , but I am unable to do so with huawei devices. Seems, commands are slightly different. I am just curious to know a full guide of flashing stock ROM for ANE-AL00 C675 variant both from fastboot and recovery method.
Links for the C675 ROMS would be very much appreciated. Kindly help!!
Click to expand...
Click to collapse
You can use Firmware Finder app from google play and browsing online with this link to find all firmware available from Huawei
http://pro-teammt.ru/firmware-database/?firmware_model=&firmware_page=0
Boot temporary in the recovery I think it is not possible or I don't know the right commands.
Flash a complete firmware via fastboot mode should be possible but as far as I know only a pay service can handle that, like DC Phoenix.
Flash the most important partition via fastboot mode is possible, like recovery_ramdisk, ramdisk, cust, system, etc.
Flash Full ROM:
- System update (stock recovery)
- Firmware Finder (stock recovery)
- HuRUpdater (TWRP)
- HwOTA8 for Huawei P20 Lite (Recovery_NoCheck)
kilroystyx said:
You can use Firmware Finder app from google play and browsing online with this link to find all firmware available from Huawei
http://pro-teammt.ru/firmware-database/?firmware_model=&firmware_page=0
Boot temporary in the recovery I think it is not possible or I don't know the right commands.
Flash a complete firmware via fastboot mode should be possible but as far as I know only a pay service can handle that, like DC Phoenix.
Flash the most important partition via fastboot mode is possible, like recovery_ramdisk, ramdisk, cust, system, etc.
Flash Full ROM:
- System update (stock recovery)
- Firmware Finder (stock recovery)
- HuRUpdater (TWRP)
- HwOTA8 for Huawei P20 Lite (Recovery_NoCheck)
Click to expand...
Click to collapse
Thank you for the help, however I went through the above link (the russian link) earlier too, but could not find any link for C675 variant of P20 Lite handset. Nor it was available in the android app.
Secondly, will a nandroid backup via twrp help me in unbricking my device, in case I flash a wrong firmware or if i try some custom ROMs like Ressurection Remix and later want to switch back to my official ROM with which my device was shipped with? If yes, what partitions should I select for backing up as I have never done with a Huawei device?
(Prior to my experience with Huawei, I took a nandroid backup once in my life with an old Xperia C602, but the restoration bricked my device, but got my device back to life by flashing a full fastboot ROM) So I just wanted to be sure that a nandroid restoration not to cause any soft-bricking of my device.
fbh59 said:
Thank you for the help, however I went through the above link (the russian link) earlier too, but could not find any link for C675 variant of P20 Lite handset. Nor it was available in the android app.
Secondly, will a nandroid backup via twrp help me in unbricking my device, in case I flash a wrong firmware or if i try some custom ROMs like Ressurection Remix and later want to switch back to my official ROM with which my device was shipped with? If yes, what partitions should I select for backing up as I have never done with a Huawei device?
(Prior to my experience with Huawei, I took a nandroid backup once in my life with an old Xperia C602, but the restoration bricked my device, but got my device back to life by flashing a full fastboot ROM) So I just wanted to be sure that a nandroid restoration not to cause any soft-bricking of my device.
Click to expand...
Click to collapse
I didn't saw any firmware for your region so far, the idea is that you can look anytime...
- Yes, nandroid can help you but depends the way how you brick the device. In case that you can reach TWRP should be enough.
- To have more success to unbrick your device you should have always the booloader unlocked and FRP unlock.
- Restore to stock should be also possible in case you are in the customizes ROMs.
- Lock bootloader I think is not possible yet, only relock. Don't try do it with unofficial firmware installed.
- Cust, kernel, odm, product, ramdisk, system, vendor and version are the most important partitions to recovery from the customized rom. You don't need to know this by heart, just check the flashable zip from customized rom which partition was installed previously or better just install the official Huawei firmware.
- Is very easy soft-brick Huawei devices, so, do only things already tested by other users.
If you can wait to have firmware released for your device is more safety because you have more options for unbrick it.
kilroystyx said:
I didn't saw any firmware for your region so far, the idea is that you can look anytime...
- Yes, nandroid can help you but depends the way how you brick the device. In case that you can reach TWRP should be enough.
- To have more success to unbrick your device you should have always the booloader unlocked and FRP unlock.
- Restore to stock should be also possible in case you are in the customizes ROMs.
- Lock bootloader I think is not possible yet, only relock. Don't try do it with unofficial firmware installed.
- Cust, kernel, odm, product, ramdisk, system, vendor and version are the most important partitions to recovery from the customized rom. You don't need to know this by heart, just check the flashable zip from customized rom which partition was installed previously or better just install the official Huawei firmware.
- Is very easy soft-brick Huawei devices, so, do only things already tested by other users.
If you can wait to have firmware released for your device is more safety because you have more options for unbrick it.
Click to expand...
Click to collapse
Thanks for sharing the knowledge
Has anyone found this variant? Needed to relock my bootloader.
I want to know rooting method for ANE-AL00 C675 variant
Arseon said:
Has anyone found this variant? Needed to relock my bootloader.
Click to expand...
Click to collapse
I tried every method that i know to do it.
But failed in each and every method .
Help me out!!
I just bought a Nuu R1 Rugged Phone. It has Oreo 8.1.0 on it.
It is an "unlocked" phone. But I don't know if unlocked refers to the phone carrier or to the boot loader. (I'm thinking phone carrier.)
The last I rooted my tablets was Android 5, which required using a custom script that a dev here wrote that temporarily ran CW via fast boot.
I would like to root my R1. I hear now that Magisk is the way to go. (Instead of SU.)
Most every Guide says that I have to have TWRP installed before installing Magisk. But there's no TWRP for the R1. And I am incapable of compiling my own.
I learned, from Nuu Tech Support, that I can get into the phone's Recovery mode with some hidden button pushes. Here's a screen shot:
My first question is, could I simply install Magisk by selecting "Update from SD card"?
If it's not that easy, then, second: I can also get to a fastboot screen. (Not shown here.) Could I install Magisk from ADB on my computer?
I suppose a third question: Is there a version of TWRP that's compatible with this phone? And if so, how do I find it? It would be nice to have a Nandroid backup.
I am willing to show various screens that come up from various button pushes if that would help a dev here.
More data for TWRP'ing
So, I see that one needs an image of the OEM ROM to compile TWRP. I found two sites on the web that claim to have the ROM. (Before the R1 was officially released.) Sounds sketchy. Will try to get an image from Tech Support.
In the meantime, I found that the bootloader can be unlocked (or allowed to be unlocked) via a setting under Developer Options.
I contacted Nuu Mobile Support and they were kind to send me the MediaTek USB drivers for the R1.
It was a two step process to get the driver installed for ADB. But now I have access to the R1 via ADB.
I read here on the forums that I can boot TWRP via fastboot, and not risk ruining/corrupting the R1's Recovery Partition.
Anyone know of a TWRP model version that's close enough to work on the R1? (I presume a TWRP for another MediaTek device might work?)
I would hate to try KingRoot to get root.
I found a website called unofficialtwrp.com. It has a TWRP for the MediaTek 6739, running Oreo 8.1, with 16/2 GB. That's exactly what the Nuu Mobile R1 has.
So, hopeful that this would allow me to root my R1, I tried it. (Short version: Didn't work.)
I already had ADB installed and could talk to my R1 via ADB.
But once the R1 had booted into fastboot mode via ADB, I got a message from fastbood devices that it was "waiting."
I learned that that message means that I didn't have drivers for fastboot.
I ended up installing a fresh version of Win8.1 and using the Windows' updater to find the needed drivers. I had to have the R1 plugged in to the USB in fastboot mode for this to work. After that, I could talk to the device via the fastboot command.
So I unlocked the boot loader (which wiped my data - not every Guide warns you about that) and I did "fastboot boot recovery.img."
I got the message that the recovery file had transferred. After abotu 15 seconds, the phone rebooted. But no TWRP.
Rats.
I didn't want to try the fastboot flash command in case this unoffiical twrp from an unofficial site bricked my phone. If I understand things correctly, booting in fastboot to the recovery.img should give me a temporary instance of TWRP.
Presumably, after copying Magisk into memory, I would be able to get root that way.
PMikeP said:
I found a website called unofficialtwrp.com. It has a TWRP
Click to expand...
Click to collapse
Whoa you have been busy you must've heard XDA helps those who help themselves.. :highfive:
I just dropped by to say, 1st rule of modding is taking a pristine stock backup..
For MTK devices, there is a tool called SP Flash Tools, a quick search will help you take a full backup using this tool.
Afterward, you can even try using SP Flash Tools to flash a Magisk patched boot image to your device for ROOT!
Hope this helps!
Thanks. I did see SP Flash Tools mentioned and I did take a look at it. While I've rooted before, I'm trying to get my head around a Scatter File.
Everything I've read so far - well, almost everything - says that I need TWRP to get Magisk installed. But if you think it can be done via SP Flash Tools, I'll start playing with it.
Root nuu r1
Did u ever manage to figure out how to do this & get TWRP to install? :fingers-crossed:
No, I haven't had time to play with rooting lately. I still would like to root it tho.
Anyone know how to root the nuu phones?
someone has the boot.img i need the image
I will port TWRP for you in case you have stock recovery.img
jjgvv said:
I will port TWRP for you in case you have stock recovery.img
Click to expand...
Click to collapse
plis
do you have stock rom?
Received the tablet in the mail, and now looking to root via Magisk (and ideally a custom recovery like TWRP).
I found this video describing a way to download the stock ROM from Teclast:
Has anyone achieved root on this device? Can anyone confirm Treble ROM compatability for GSI A/B?
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
NightLord said:
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
Click to expand...
Click to collapse
Good find, but the link no longer works. It gives me a 404: https://4pda.to/forum/dl/post/24458874/T40_Plus_root.7z
My guess is it would work if we were logged in, its just that i cant create an account since i cannot get past rhe russian captcha
Yeah, I also can't register without knowing the Russian keyboard layout and how to identify the characters. Perhaps someone with this knowledge can register and attach the required images to root here?
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
NightLord said:
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
Click to expand...
Click to collapse
These ROMs? https://github.com/phhusson/treble_experimentations/releases
ForgottenSolstace said:
These ROMs? https://github.com/phhusson/treble_experimentations/releases
Click to expand...
Click to collapse
Yes.
You can either install them via DSU as dual-boot OS beside your stock rom, or just flash system partition (inside super) via fastbootd (you are going to have to delete product partition to have enough space inside super for the system image) and use them as primary OS.
Gotcha:
Just ordered a T40 Plus, did you manage to get root?
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Marynboy78 said:
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Click to expand...
Click to collapse
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Theoretically you should be able to flash both partitions (boot and vbmeta) via fastboot too, but when I tried, i got an error message saying boot.img was too large or something. Flashing via RDT went without problem. The only caveat is that flashing via RDT will always hard reset your device.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
How to install android 12 gsi on this device?
marinzrncic said:
How to install android 12 gsi on this device?
Click to expand...
Click to collapse
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
NightLord said:
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
Click to expand...
Click to collapse
thank you very much
NightLord said:
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Click to expand...
Click to collapse
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
ardianz said:
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
Click to expand...
Click to collapse
I have no idea because I havent tried yet. But I would guess it might be possible that you can flash the patched boot.img along with vbmeta.img with RDT, and it might work, if they do pass Android Verified Boot check.
NightLord said:
Gotcha:
Click to expand...
Click to collapse
will these files work on android 10 or android 11? I have a unisoc T618 and unisoc T310. I was hoping to flash both tablets to get root access.
and also do you have a twrp for T40_plus or any unisoc generic twrp?
Hi, I was just wondering if it was possible to root OxygenOS 12, if you have upgraded with a locked bootloader.
Sure. Use magisk patched boot.img
Flash with mtk client, since no fastboot in oxygen os 12, as I read.
You can extract your current boot.img and patch it or look for one shared here:
Post in thread '[STOCK][DN2103][EU] Incremental update packages & Boot images' https://forum.xda-developers.com/t/...te-packages-boot-images.4385291/post-87103777
Thank you for your reply! Can you please write some instructions about how to flash the boot.img with mtkclient, have no experience with it.
Hi, tried the method you've given above, if I flash the patched boot img or bin, it says, that the boot/recovery has been destroyed, so I had to reflash the stock one. Any fixes?
AdamBarath said:
Hi, tried the method you've given above, if I flash the patched boot img or bin, it says, that the boot/recovery has been destroyed, so I had to reflash the stock one. Any fixes?
Click to expand...
Click to collapse
Please check this guide:
Nord 2 Community notes
Nord 2 Community notes. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
Checked it, thanks! My bootloader is NOT unlocked, so booting into fastboot and flashing anything won't be possible. Any other ideas? I extracted the boot.img from the full OTA.zip, patched it and that also did not work sadly.
But if your bootloader is locked you can't root your smartphone. It's the first step to do but you will lose your data. Make a backup before...
Thanks for the reply, how do I unlock my bootloader with OOS 12? I heard I can not, that's why I am trying to get root access with mtkclient with a modified (patched) boot image.
Sorry. I answered too quickly and my answer concerns OS 11. For Android 12 I don't know but normally if the bootloader is locked root is not possible. But maybe Mtkclient allows it. Very interested me too by the answer and especially a very precise methodology.
Quercy said:
Sorry. I answered too quickly and my answer concerns OS 11. For Android 12 I don't know but normally if the bootloader is locked root is not possible. But maybe Mtkclient allows it. Very interested me too by the answer and especially a very precise methodology.
Click to expand...
Click to collapse
python mtk da seccfg unlock
This answer OP, too. Need to unlock the bootloader before rooting. Full instructions of using mtk client here:
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
There are reports that on OOS 12 OnePlus disabled BROM mode, so even mtk client cannot help.
Looks that works for @AdamBarath as per post #4. Hopefully the command listed here will unlock the bootloader:
# python mtk da seccfg unlock
Then patch magisk patched boot.img. Not sure if need vbmeta, too.
Thank you, I will try it, how do I get a patched vbmeta? Is it also similarly patchable like the boot.img?
AdamBarath said:
Thank you, I will try it, how do I get a patched vbmeta? Is it also similarly patchable like the boot.img?
Click to expand...
Click to collapse
When you patch the original boot.img with magisk there is a checkbox 'patch also vbmeta' or similar. I guess all magisk patched images shared here are made this way. There's a patched vbmeta shared few times on this forum. Don't have the link right now. Almost sure that not needed in this case.
The command given above was running, but as it comes to the section with 'DA_handler', I receive an error :
"DA_handler" - [LIB]: Device has is either already unlocked or algo is unknown. Aborting."
AdamBarath said:
The command given above was running, but as it comes to the section with 'DA_handler', I receive an error :
"DA_handler" - [LIB]: Device has is either already unlocked or algo is unknown. Aborting."
Click to expand...
Click to collapse
Do you follow all the steps for rooting from the link?
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
roldev said:
Not sure if need vbmeta, too.
Click to expand...
Click to collapse
Vbmeta not required.
As for the BROM mode, it is already available in Android 12.
Kollin said:
Vbmeta not required.
As for the BROM mode, it is already available in Android 12.
Click to expand...
Click to collapse
Thank you about confirming vbmeta.
The code removed BROM mode was discussed here: https://forum.xda-developers.com/t/...eu-dn2103-unbrick-guide.4366985/post-87167867
Personally will keep 11.3 for a few months more.
Hi, I've just bought a Cubot P50, it's a Chinese brand and seems more than decent for the price, I've rooted it with Magisk and I want to install TWRP on it but can't find anything for that brand. Has anyone came across a TWRP that might work on it?
Marko Lyno said:
Hi, I've just bought a Cubot P50, it's a Chinese brand and seems more than decent for the price, I've rooted it with Magisk and I want to install TWRP on it but can't find anything for that brand. Has anyone came across a TWRP that might work on it?
Click to expand...
Click to collapse
I have the same phone how did you root it ? If there a guide that is safe to use ? Thank you
Unlock the bootloader first, this step will factory reset your phone https://romprovider.com/unlock-bootloader-android/
On your PC:
1. Install Fastboot driver
2. Install MediaTek_Preloader_USB_VCOM_Drivers_Setup_Signed
3. Extract platform-tools
4. On your phone, Enable Developer Options, USB debugging and OEM Unlocking
5. Unlock bootloader (this step will factory reset your phone): Phone in fastboot mode, open command prompt on PC > fastboot devices > fastboot flashing unlock. Note this will cause the phone to show the "Orange State" warning on boot up. You can ignore this or remove it later.
(If device is unauthorised in ADB or Fastboot, go to Developer Options on phone, revoke USB debugging authorisation, disable then enable USB debugging. You should now get an authorisation confirmation dialogue when you try to connect with ADB/Fastboot. If not, type "adb kill-server", then "adb devices" or "adb start-server" in the command prompt).
6. Place boot.img on phone with USB file transfer (either from stock ROM, or read from phone using SP_Flash_Tool_v5.1924_Win) and patch it with Magisk v5.2. NO need to patch vbmeta.img
7. Transfer patched boot.img back to PC
8. Flash the patched boot.img to phone either with SP Flash Tool or Fastboot command in ADB (fastboot flash boot boot.img). Take care here, make sure it's the right image going to the right location and that ALL other files are de-selected, especially the preloader file, always de-select this when flashing any firmware unless you know what you're doing!
Phone is now rooted.
How to remove orange state warning on this device:
How to remove Orange, Yellow & Red state warnings on MTK
This guide will explain how to hide or remove Yellow, Red and Orange state warnings on a Mediatek Android device. Its ideal for those who feel irritated by constantly seeing these warnings on reboot.
www.hovatek.com
Edit: If you need a stock ROM for the phone it's here https://www.cubot.net/Support/id/78/cid/19.html#hh
Good evening, I would like to know if in the future it is possible to install a twrp with a custom rom?
Thank you have a nice day.
Good evening, I would like to know if in the future it is possible to install a twrp with a custom rom on the Cubot p50?
Thank you have a nice day.
Mark8:9 said:
Good evening, I would like to know if in the future it is possible to install a twrp with a custom rom on the Cubot p50?
Thank you have a nice day.
Click to expand...
Click to collapse
It is possible that in the future, developers may create custom ROMs and TWRP recoveries for the device, especially if it becomes popular among the Android community.
If a custom ROM and TWRP recovery becomes available for your device in the future, you will be able to flash it by following the instructions provided by the developer. Keep in mind that installing custom ROMs and recoveries comes with some risks, and it is important to backup your data and follow the instructions carefully to avoid damaging your device.
Good evening, can you tell me the correct procedure for how to Root the Cubot p50 smartphone? Thank you.
Mark8:9 said:
Good evening, can you tell me the correct procedure for how to Root the Cubot p50 smartphone? Thank you.
Click to expand...
Click to collapse
Well if you really want to know that, surely you would have read the entire thread? It's not that long. I gave complete instructions 5 posts up
Marko Lyno said:
Well if you really want to know that, surely you would have read the entire thread? It's not that long. I gave complete instructions 5 posts up
Click to expand...
Click to collapse
Good evening, be patient ... but where do I find Magisk 5.2 to download and how do I install it? Thanks good evening.
Download Magisk Manager Latest Version 26.1 For Android 2023
Magisk Manager is an app which helps users to root their phone. With the help of Magisk you can run banking apps and also pass SafetyNet tests.
magiskmanager.com
Just get the latest version and follow the instructions I posted.
Thanks for your work on the Cubot phone .Im a fan of them also. I found that twrp recovery 3.40 works on the Note 20/20Pro you just have to flash vbmeta BEFORE and AFTER you flash twrp to the device. Im also seeing separate websites claiming twrp 3.40 is also used with the Cubot P40 model. I dont see why it wouldnt work with the P50. Its worth a shot. Also theres alot more "familiars" with Mediatek phones like these in Hovatek forum. Since you already have information on how to root maybe consider starting your own P50 thread over there.
My references: https://www.hovatek.com/forum/thread-44810-post-233457.html#pid233457
elimoviebuff said:
Thanks for your work on the Cubot phone .Im a fan of them also. I found that twrp recovery 3.40 works on the Note 20/20Pro you just have to flash vbmeta BEFORE and AFTER you flash twrp to the device. Im also seeing separate websites claiming twrp 3.40 is also used with the Cubot P40 model. I dont see why it wouldnt work with the P50. Its worth a shot. Also theres alot more "familiars" with Mediatek phones like these in Hovatek forum. Since you already have information on how to root maybe consider starting your own P50 thread over there.
My references: https://www.hovatek.com/forum/thread-44810-post-233457.html#pid233457
Click to expand...
Click to collapse
Thanks for that. Is there a specific vbmeta to patch it with?
Good evening, can you give me the link to download a compatible cust recovery for the cubot p50? Thank you
The link is on the page just posted above. Here's the direct link to the file:
Hovatek
Download files
www.hovatek.com
Let us know if it works please, and what steps you took.
Good evening, how will I flash the lk file? Thanks.
Hi, you will have, or should have, downloaded a zip file containing a recovery.img. The recovery.img is the file you need to flash. Then follow the instructions here:
How to Install TWRP Recovery on Any Android 2022 [100% Working]
In this article, I will be showing you how you can install TWRP recovery on any Android smartphone. By following this guide you will be able to install
magiskapp.com
The TWRP Recovery file it refers to is the one you (hopefully) downloaded from this link:
Hovatek
Download files
www.hovatek.com
BUT, you also need to flash a vbmeta file BEFORE and AFTER the recovery.img, and I'm still unsure which vbmeta file it is, as elimoviebuff hasn't replied to my question regarding that.
Marko Lyno said:
Hi, you will have, or should have, downloaded a zip file containing a recovery.img. The recovery.img is the file you need to flash. Then follow the instructions here:
How to Install TWRP Recovery on Any Android 2022 [100% Working]
In this article, I will be showing you how you can install TWRP recovery on any Android smartphone. By following this guide you will be able to install
magiskapp.com
The TWRP Recovery file it refers to is the one you (hopefully) downloaded from this link:
Hovatek
Download files
www.hovatek.com
BUT, you also need to flash a vbmeta file BEFORE and AFTER the recovery.img, and I'm still unsure which vbmeta file it is, as elimoviebuff hasn't replied to my question regarding that.
Click to expand...
Click to collapse
I get it, but I have to flash the .bin to remove the yellow/red state on boot. I don't know how to install the lk.bin file. If you can help me. Thank you.
Ah I see, you're rooting the phone first. Ok I've just checked my own notes on this, so, if you have edited the lk.img file as described in that Hovatek thread, then do as follows:
When flashing with SP Flash Tool, make sure the correct lk.img file is chosen as SP Flash Tool chooses lk-verified.img by default (click along to the right of the file list under "Location" and choose your edited lk.img file here).
OR, flash with ADB (fastboot flash lk lk.img).
Then install Magisk on your phone if you haven't already.
boot.img is for rooting the phone, lk.img is only to remove the orange state message and the 5 second delay when the phone boots, it does not actually remove it's orange state and is not needed for the phone to be rooted.
To un-root, you should just flash the original boot.img and lk-verified.img from the stock firmware ROM file.
Marko Lyno said:
Ah I see, you're rooting the phone first. Ok I've just checked my own notes on this, so, if you have edited the lk.img file as described in that Hovatek thread, then do as follows:
When flashing with SP Flash Tool, make sure the correct lk.img file is chosen as SP Flash Tool chooses lk-verified.img by default (click along to the right of the file list under "Location" and choose your edited lk.img file here).
OR, flash with ADB (fastboot flash lk lk.img).
Then install Magisk on your phone if you haven't already.
boot.img is for rooting the phone, lk.img is only to remove the orange state message and the 5 second delay when the phone boots, it does not actually remove it's orange state and is not needed for the phone to be rooted.
To un-root, you should just flash the original boot.img and lk-verified.img from the stock firmware ROM file.
Click to expand...
Click to collapse
Good morning. Thank you for the information given.
I wanted to ask: is it necessary or useful to install an antivirus on your smartphone now that it's been rooted? Thank you.
I haven't but that's just down to personal choice really. It's certainly useful if you like to try stuff from unknown sources, although personally I've rarely encountered viruses on Android. I'm not saying they don't exist though.
Have you successfully rooted your phone then? What about TWRP, have you tried that yet?