Related
Magisk has officially landed on the lovely Treble enabled Huawei devices! Props to Huawei reaching out and sent me a device for development
Instead of holding it off and wait till the next proper release, I decide to release it here so those willing to root their device can give it a try.
These Huawei Treble devices use an interesting setup: it no longer has a boot and recovery partition, but instead has a kernel partition, a ramdisk partition, and a recovery_ramdisk partition. Both boot and recovery share the same kernel, but with separate ramdisks on separate partitions. Since Magisk modifies the ramdisk in boot images, the patches will have to be applied to the ramdisk partition. This nature will very likely to also slightly change how custom recovery will be installed, my bet is similar to Pixel devices which ships with a full ramdisk image, and should be flashed to the recovery_ramdisk partition.
This build is only tested with Honor View 10, but it should work with Mate 10 and Mate 10 Pro in theory since these devices are very similar.
Enough of the rambling, let's get right into it!
Instructions
If your device have TWRP support, just directly flash it via TWRP. For devices without TWRP yet (currently all Huawei Treble devices), you can follow the instructions below:
Install latest Magisk Manager from the Official Thread
Go to Settings > Update Settings > Update Channel > Custom, and insert the following URL: https://goo.gl/jefZKH
Follow the instructions of "Install Via Magisk Manager" in the main thread, but instead of providing the boot image (which these devices do NOT have), provide the stock ramdisk.img.
If you are using EU View 10 with model BKL-L09, you can download the stock ramdisk.img I extracted from official OTAs in the attachments
If you have stock ramdisk images for other devices, please share them and I'll add them to the OP.
Make sure you are installing Magisk-v15.4(1541), which is only available through the custom channel you've set in step 2.
Pull the patched image with adb pull /sdcard/MagiskManager/patched_boot.img, and flash the patched ramdisk via fastboot:
fastboot flash ramdisk patched_boot.img
Reboot and you shall have a properly rooted device passing SafetyNet, start playing with some Magisk modules!
Donation
https://www.paypal.me/topjohnwu
topjohnwu said:
Magisk has officially landed on the lovely Treble enabled Huawei devices! Props to Huawei reaching out and sent me a device for development
Instead of holding it off and wait till the next proper release, I decide to release it here so those willing to root their device can give it a try.
These Huawei Treble devices use an interesting setup: it no longer has a boot and recovery partition, but instead has a kernel partition, a ramdisk partition, and a recovery_ramdisk partition. Both boot and recovery share the same kernel, but with separate ramdisks on separate partitions. Since Magisk modifies the ramdisk in boot images, the patches will have to be applied to the ramdisk partition. This nature will very likely to also slightly change how custom recovery will be installed, my bet is similar to Pixel devices which ships with a full ramdisk image, and should be flashed to the recovery_ramdisk partition.
This build is only tested with Honor View 10, but it should work with Mate 10 and Mate 10 Pro in theory since these devices are very similar.
Enough of the rambling, let's get right into it!
Instructions
If your device have TWRP support, just directly flash it via TWRP. For devices without TWRP yet (currently all Huawei Treble devices), you can follow the instructions below:
Install latest Magisk Manager from the Official Thread
Go to Settings > Update Settings > Update Channel > Custom, and insert the following URL: https://goo.gl/jefZKH
Follow the instructions of "Install Via Magisk Manager" in the main thread, but instead of providing the boot image (which these devices do NOT have), provide the stock ramdisk.img.
If you are using EU View 10 with model BKL-L09, you can download the stock ramdisk.img I extracted from official OTAs in the attachments
If you have stock ramdisk images for other devices, please share them and I'll add them to the OP.
Make sure you are installing Magisk-v15.4(1541), which is only available through the custom channel you've set in step 2.
Pull the patched image with adb pull /sdcard/MagiskManager/patched_boot.img, and flash the patched ramdisk via fastboot:
fastboot flash ramdisk patched_boot.img
Reboot and you shall have a properly rooted device passing SafetyNet, start playing with some Magisk modules!
Donation
https://www.paypal.me/topjohnwu
Click to expand...
Click to collapse
Finally!! [emoji16] was waiting for this.... Thank You.
Sent from my BKL-L09 using Tapatalk
Awesome mate. This also working with Huawei P10 plus running Treble V9. Thank you thank you :good:
Nice! Great job
We can do this follow instructions from completely stock bkl l09 C636? My 1st honor phone.. Not sure it have those locked boot loader like xiaomi or not..
Help..
Hey man, Thanks a lot.. It's really nice to have magisk for v10.. I am kind of a noob.. Can u provide step by step instructions and Patched Img for Indian version BKL-09..
Thanks
does this require an unlocked bootloader?
Root Final Stage issue!
I have done all the steps but on the last stage when I try to flash ramdisk it's giving me an error failed (remote: command not allowed) please help...thanks
Rj_Param said:
I have done all the steps but on the last stage when I try to flash ramdisk it's giving me an error failed (remote: command not allowed) please help...thanks
Click to expand...
Click to collapse
This could be due to locked bootloader...
bhargavpa said:
This could be due to locked bootloader...
Click to expand...
Click to collapse
Thanks... Let me try again after unlocking bootloader.
Sent from my BKL-L09 using Tapatalk
Wow, that's freaky fast man.. you are wonderful.
since we don't have official firmware released yet and out of concern I'm asking, is there any chance of bootloop or brick?
I understand it shouldn't be if we follow steps in OP, but sometimes people miss a step or do something else, so what's the worst can we expect?
Narasimha12 said:
Wow, that's freaky fast man.. you are wonderful.
since we don't have official firmware released yet and out of concern I'm asking, is there any chance of bootloop or brick?
I understand it shouldn't be if we follow steps in OP, but sometimes people miss a step or do something else, so what's the worst can we expect?
Click to expand...
Click to collapse
So long as you have a backup of your device's ramdisk image, you should be fine. The ramdisk for the Honor View 10 is attached to the OP.
Does the ramdisk.img work for indian variants?
shihabsoft said:
Does the ramdisk.img work for indian variants?
Click to expand...
Click to collapse
Yes it's working... Just finished installing magisk...so far everything is fine but somehow SafetyNet is not working.
Sent from my BKL-L09 using Tapatalk
Rj_Param said:
Yes it's working... Just finished installing magisk...so far everything is fine but somehow SafetyNet is not working.
Sent from my BKL-L09 using Tapatalk
Click to expand...
Click to collapse
so you unlocked bootloader right? and also any honor features broke??? like camera modes etc etc...and share bootloader unlock process too...
@topjohnwu
Its doesn't work with my twrp 3.2.1-0 for P10plus. A older twrp version works.
It's a twrp version thing or do I need to add something?
Rj_Param said:
Yes it's working... Just finished installing magisk...so far everything is fine but somehow SafetyNet is not working.
Sent from my BKL-L09 using Tapatalk
Click to expand...
Click to collapse
Thanks for letting me know. So what are those software changes happened right after bootloader unlocking?
To install Magisk and gain root in your honor view 10 you have to unlock your bootloader first.
##Please backup your data before proceeding with the process. You will loose all your data if you unlock the bootloader. ##
Please follow below steps to unlock bootloader
1) Create a Huawei ID on this page https://goo.gl/GkkdxE if you don’t have one already.
2) After creating a Huawei id, fill out the details.
3) You will need your phone’s IMEI number, to know that dial * # * # 1357946 # * # * on the dialer app. Fill the required fields and click the Submit button.
4) Save the unlock code you received.
5) Now connect your Honor View 10 to the PC with a USB cable.
6) In the ADB command window, type the following command to boot your Honor View 10 into fastboot mode.
adb reboot bootloader
7) To unlock the bootloader, type the following command and hit Enter. Replace key with the unlock key you’ve previously saved. For example, fastboot oem unlock 44801904392841
fastboot oem unlock [unlock key]
Sent from my BKL-L09 using Tapatalk
FWIW the Honor View 10's ramdisk works on the Huawei Mate 10 Pro. I would definitely not try that with any non-Kirin 970 device, though.
Rj_Param said:
To install Magisk and gain root in your honor view 10 you have to unlock your bootloader first.
##Please backup your data before proceeding with the process. You will loose all your data if you unlock the bootloader. ##
Please follow below steps to unlock bootloader
1) Create a Huawei ID on this page https://goo.gl/GkkdxE if you don’t have one already.
2) After creating a Huawei id, fill out the details.
3) You will need your phone’s IMEI number, to know that dial * # * # 1357946 # * # * on the dialer app. Fill the required fields and click the Submit button.
4) Save the unlock code you received.
5) Now connect your Honor View 10 to the PC with a USB cable.
6) In the ADB command window, type the following command to boot your Honor View 10 into fastboot mode.
adb reboot bootloader
7) To unlock the bootloader, type the following command and hit Enter. Replace key with the unlock key you’ve previously saved. For example, fastboot oem unlock 44801904392841
fastboot oem unlock [unlock key]
Sent from my BKL-L09 using Tapatalk
Click to expand...
Click to collapse
I know the procedure, but once you unlock the bootloader does any security features get disabled? And does it just wipe /data or including the internal storage?
I have this device rooted with magisk BUT cant find way to properly port a qualcomm twrp from similar devices i just need help to get started with custom recovery if i can get one to boot i might be able to fiqure out the rest if any "Bugs" are found thru out the custom recovery. any help would be appericated.
below is a stock image of recovery and boot if needed
both images were from a " .Tar " file. I then extracted the file and got the recovery and boot in " .img.lz4 " format and then i converted them to " .img " only for easy access to edit ETC.
Android Version : 10
Current Firmware Version : A115MUBU1ATC2
Chipset : msm8953
Encryption State : encrypted
#System as Root
Uses an A/B operating System
https://drive.google.com/drive/folders/1mYYqvNgAXAxmiBH8ZDmbnoKMma4CUR12?usp=sharing
Why not compile a matching TWRP by yourself?
Look inside here.
@ jwoegerbauer i can give a try but have no experiences when it comes to makin a custom recovery.
ᐯerified Developer said:
I have this device rooted with magisk BUT cant find way to properly port a qualcomm twrp from similar devices i just need help to get started with custom recovery if i can get one to boot i might be able to fiqure out the rest if any "Bugs" are found thru out the custom recovery. any help would be appericated.
below is a stock image of recovery and boot if needed
both images were from a " .Tar " file. I then extracted the file and got the recovery and boot in " .img.lz4 " format and then i converted them to " .img " only for easy access to edit ETC.
Android Version : 10
Current Firmware Version : A115MUBU1ATC2
Chipset : msm8953
Encryption State : encrypted
#System as Root
Uses an A/B operating System
https://drive.google.com/drive/folders/1mYYqvNgAXAxmiBH8ZDmbnoKMma4CUR12?usp=sharing
Click to expand...
Click to collapse
Yea, im also looking for a way to get some sort of custom recovery on the exact same device. My advice is (if you cant build your own version of twrp) to just wait for some devs to release something for it. The galaxy a11 is a very new device so we'll just have to wait it out.
Edit: So I followed a tutorial here (https://www.youtube.com/watch?time_continue=40&v=MyxGZbCuxDQ&feature=emb_logo) and i created this (https://filebin.net/u3yww2cyajktm043). IT MAY OR MAY NOT WORK!!! USE IT AT YOUR OWN RISK!!!!
what model number is yours? i have the one from boost its the sm-a115u and it seems the toggle for oem unlock is not in my dev settings on my phone
ninjakira said:
what model number is yours? i have the one from boost its the sm-a115u and it seems the toggle for oem unlock is not in my dev settings on my phone
Click to expand...
Click to collapse
You can put the device into download mode and unlock the bootloader from there...
I'm currently stuck on this device trying to get it to unlock the boot loader. I've ticked OEM unlock but when I get into download mode (adb reboot download) I'm not getting any option to unlock the boot loader there. I'm also not able to get into download mode with any key commands. Any ideas here?
I've heard you power off, then hold volume up and down when you plug in a data cable. Haven't tried it yet, I'm on the a115u t-mobile variant. I can get to what it calls download mode, which looks to be fastboot and NOT the standard samsung blue screen download mode. Just boot to recovery and select reboot to bootloader. I do not have oem unlock in my dev settings, but I'll see if I can fastboot oem unlock when I get back to my laptop.
flash sm-a115u1 version firmware first. gives you oem unlock option. obviously toggle on and adb debugging. power off the phone. hold both volume buttons and insert usb cable. it will look like the normal blue download warning screen but read it carefully. it says long press volume up to unlock bootloader. it works. it will go black. release volume up and next it will ask you to confirm. choose yes. it will reboot and erase. after skipping thru set up enable dev options again and you will see oem toggle greyed out with a caption "bootloader already unlocked". thats as far as ive gotten. because now im like "what now?" i need a custom recovery file to flash to the device. any help with that out there? so now that the bootloader is unlocked can i install magisk to root and if so after that how can i network unlock? any help would be greatly appreciated. also looking for any custom roms that are available for this a11(2020). seems like a decent phone.thanks.
Situation:
You can build your TWRP it's very easy. Or get compiled version from A10 and patch your system.
As result you'll get a bootloop.
Why?
Samsung had f****d you up and give you a SECURE BOOT that's not possible to remove by bootloader unlock. If you're install wrong signed recovery loader will said to you:
1st something is going wrong and signatures are mismatched, lete wipe your phone!
Ok. You jad solved that and not wiped your phone.
2nd hmm, signatures still mismatched I'll not boot and go in ***!
Result:
Untill someone will not break this Qualcomm Secure Boot you'll not able to install custom OS or TWRP or any other good stuff.
Is there any updates that can be flashed with stock recovery
griha41 said:
Situation:
You can build your TWRP it's very easy. Or get compiled version from A10 and patch your system.
As result you'll get a bootloop.
Why?
Samsung had f****d you up and give you a SECURE BOOT that's not possible to remove by bootloader unlock. If you're install wrong signed recovery loader will said to you:
1st something is going wrong and signatures are mismatched, lete wipe your phone!
Ok. You jad solved that and not wiped your phone.
2nd hmm, signatures still mismatched I'll not boot and go in ***!
Result:
Untill someone will not break this Qualcomm Secure Boot you'll not able to install custom OS or TWRP or any other good stuff.
Click to expand...
Click to collapse
my a115u is stuck on load screen ,,after flash root trying to get bit un stuck ?????
ugg frustrating
sdell said:
my a115u is stuck on load screen ,,after flash root trying to get bit un stuck ?????
ugg frustrating
Click to expand...
Click to collapse
What's a point? Unpack firmware's AP_ file, extract boot.img, patch it through magisk, and flash through odin. But where in that thread header did you found the install root?
I want to remind you that recovery is bot a root part. That's why root thread and TWRP threads are separated.
griha41 said:
What's a point? Unpack firmware's AP_ file, extract boot.img, patch it through magisk, and flash through odin. But where in that thread header did you found the install root?
I want to remind you that recovery is bot a root part. That's why root thread and TWRP threads are separated.
Click to expand...
Click to collapse
cause i was new ..lol didnt know ..and still trying to understand it all but thqnk you for reply
sdell said:
cause i was new ..lol didnt know ..and still trying to understand it all but thqnk you for reply
Click to expand...
Click to collapse
Ahh I see. Sorry then.
You shall do that way. Find current fiware for your device, download it through fine software.
A result you will get 5 files with .zip extension.
You need to unpack file with AP_ prefix, i suggest you to use 7zip for that stuff. From file you need took off the boot.img.
Then boot.img you shall pack into archive.tar,
When you've done, down load the Magisk apk from github and install on your phone. Move your jew archive to phone memory/diwnload folder and start the Magisk, make patching of kenel, as result you'll receive the magisk_patched.tar, copy that file to your pc and start the Odin, place that archive in AP slot and flash it.
PROFIT!
But I want to warn you in android 10 and up there root and kernel system are different, now system is booting from super.img, and partition /,/system and etc are RO, so through the root you'll not able to change anything in system it would be wiped on next system restart.
Received the tablet in the mail, and now looking to root via Magisk (and ideally a custom recovery like TWRP).
I found this video describing a way to download the stock ROM from Teclast:
Has anyone achieved root on this device? Can anyone confirm Treble ROM compatability for GSI A/B?
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
NightLord said:
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
Click to expand...
Click to collapse
Good find, but the link no longer works. It gives me a 404: https://4pda.to/forum/dl/post/24458874/T40_Plus_root.7z
My guess is it would work if we were logged in, its just that i cant create an account since i cannot get past rhe russian captcha
Yeah, I also can't register without knowing the Russian keyboard layout and how to identify the characters. Perhaps someone with this knowledge can register and attach the required images to root here?
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
NightLord said:
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
Click to expand...
Click to collapse
These ROMs? https://github.com/phhusson/treble_experimentations/releases
ForgottenSolstace said:
These ROMs? https://github.com/phhusson/treble_experimentations/releases
Click to expand...
Click to collapse
Yes.
You can either install them via DSU as dual-boot OS beside your stock rom, or just flash system partition (inside super) via fastbootd (you are going to have to delete product partition to have enough space inside super for the system image) and use them as primary OS.
Gotcha:
Just ordered a T40 Plus, did you manage to get root?
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Marynboy78 said:
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Click to expand...
Click to collapse
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Theoretically you should be able to flash both partitions (boot and vbmeta) via fastboot too, but when I tried, i got an error message saying boot.img was too large or something. Flashing via RDT went without problem. The only caveat is that flashing via RDT will always hard reset your device.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
How to install android 12 gsi on this device?
marinzrncic said:
How to install android 12 gsi on this device?
Click to expand...
Click to collapse
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
NightLord said:
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
Click to expand...
Click to collapse
thank you very much
NightLord said:
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Click to expand...
Click to collapse
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
ardianz said:
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
Click to expand...
Click to collapse
I have no idea because I havent tried yet. But I would guess it might be possible that you can flash the patched boot.img along with vbmeta.img with RDT, and it might work, if they do pass Android Verified Boot check.
NightLord said:
Gotcha:
Click to expand...
Click to collapse
will these files work on android 10 or android 11? I have a unisoc T618 and unisoc T310. I was hoping to flash both tablets to get root access.
and also do you have a twrp for T40_plus or any unisoc generic twrp?
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image.
Any update method can be used. If you've already disabled verity/verification, simply don't worry about it at next update; no need to re-enable.
I am closing this thread.
Spoiler: Deprecated
On Android 12, boot verification must be disabled in order to run a patched boot image. Unfortunately, if you have never disabled it before, it will require you to wipe data. To be clear:
***************************************************
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
***************************************************
However, if you don't want to lose your data, you can "live boot" the patched image as long as /vbmeta and /boot are stock. This will allow you to use temporary root. DO NOT attempt to Direct Install Magisk to the boot image.
For subsequent updates, it is imperative that you do not allow the device to boot into system before you have disabled Verified Boot.
What this means: If you sideload the OTA, IMMEDIATELY reboot to bootloader and reflash /vbmeta with --disable-verity and --disable-verification. If you dirty flash the factory image, make sure you add these two switches to the command.
If you fail to do this, and allow the device to boot into system, you WILL have to wipe data to disable it again.
IF YOU ARE ROOTED, DO NOT USE AUTOMATIC UPDATES AS THIS WILL REFLASH /VBMETA WITHOUT DISABLING BOOT VERIFICATION!
Factory Images
OTA Images
Latest Magisk Canary
Spoiler: To root:
On your device, enable Developer Options (tap build number 8 times), and enable the OEM Unlocking toggle. Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader:
Code:
fastboot flashing unlock
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img and vbmeta.img from this zip.
Flash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <drag and drop vbmeta.img>
Allow the device to boot into Android. Once you have Magisk installed, copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
Spoiler: For subsequent updates:
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img from this zip.
Reboot to bootloader.
Update bootloader and radio if they are out of date. BE CAREFUL, A MISTAKE CAN BRICK YOUR DEVICE! If you update the bootloader, remember to reboot back to bootloader so that the update reads the correct bootloader version.
Update system:
Code:
fastboot update --disable-verity --disable-verification <drag and drop image-device-buildnumber.zip here>
Note: If you get an error for bootloader/radio version, this means you need to update bootloader and/or radio; go back to step 3.
Allow the device to boot into Android. Copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
I personally do not recommend updating via OTA Sideload, as you would have to download and extract the factory zip anyway. AUTOMATIC OTA WILL LOSE ROOT AND REQUIRE A WIPE TO ROOT AGAIN.
Spoiler: If you choose to update via OTA Sideload:
Sideload the OTA. When complete, IMMEDIATELY reboot to bootloader.
Reflash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <vbmeta.img>
Boot to system and allow the update to complete.
Patch and flash the boot image.
Note: If you run into a bootloader message
failed to load/verify boot images
this means you forgot to disable verity and verification. Reflash vbmeta with the --disable options.
If you run into this recovery message
View attachment 5455805
This means that verity and verification were not disabled before, and a wipe is required to proceed.
Let the fun begin!
Awesome news! Now that the devices are in peoples hands and this is released, development can begin!
So it looks like if you grabbed the Pixel 6 OTA yesterday, you are on 036, and that binary is not yet posted. Please correct if I am wrong. Cant wait to root this thing, non V4A audio is horrible
Just literally got my pixel 6 20 mins ago, I’m at work but when I get home the first thing I’m doing is rooting it!
For some reason I can not unlock the bootloader on the P6.
I unlocked the bootloader in the developer options.
Tried "fastboot flashing unlock" and the CMD says waiting for device.
I can transfer files from the pc to the P6 with no problems.
Maybe I need to check on an ADB driver!
EDIT: Google ADB driver was needed.
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
vandyman said:
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
Click to expand...
Click to collapse
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
XNine said:
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
Click to expand...
Click to collapse
Gotha!
When I had my Pixel 5 rooted I did not need to use hide. I use PNC Bank with no issues. I do not us Gpay, to me it is a waste of time.
I use root for AdAway, Appdash, EX Kernel, and SD Maid.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
V0latyle said:
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
Click to expand...
Click to collapse
You're a beautiful human being. Thank you!
XNine said:
You're a beautiful human being. Thank you!
Click to expand...
Click to collapse
My wife thinks so too, although "beautiful" isn't the word she uses
Been waiting for kernel source. Skimming through it, there's a ton of exynos named files.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
I’ve got an old apk of magisk so I’d assume this would work fine, no?
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
DefeatedSouls said:
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
Click to expand...
Click to collapse
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
V0latyle said:
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
Click to expand...
Click to collapse
Uh.. normally I’m good at this but okay, I’ll try!
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
For instance, I need root to use Adguard in local Proxy mode and third-party VPN service. Also, I use CapitalOne, Amex, Discover, Tdbank and Chase with NO MagiskHide. There were problems with Chase, but later they probably realized it's a crap - to block rooted phones to access the app to pay your card. Some of these apps don't let you to login by a fingerprint, but it's not a big deal to enter the password (you won't forget one at least, haha)
Getting Installation failed when trying to patch the boot.img from the factory zip with Magisk.
Hello, I'm new to the Android hacking/modding scene with this being the first phone I am able to unlock the bootloader for. I recently picked this phone up (Model DE2118 to be specific), and got it's bootloader unlocked and installed Lineage. Now that it is all done and out of the way, would it be possible to lock the bootloader to prevent further modifications and potential security risks? Thank you in advance.
Gateway05184 said:
Hello, I'm new to the Android hacking/modding scene with this being the first phone I am able to unlock the bootloader for. I recently picked this phone up (Model DE2118 to be specific), and got it's bootloader unlocked and installed Lineage. Now that it is all done and out of the way, would it be possible to lock the bootloader to prevent further modifications and potential security risks? Thank you in advance.
Click to expand...
Click to collapse
Under no circumstance should you relock the bootloader. The only OS that I know of that currently lets you do that on any device is Graphene OS on pixel devices. And that is written by extremely gifted developers. So... no... not now or anytime soon. Sorry!
Nope. While you could relock your bootloader now, you'd get an error message the next time you turned on your phone and it would refuse to boot. (And there's no guarantee that you could recover it, though usually the MSM tool works.) In most cases, you should never relock the bootloader unless you're on stock, unmodified firmware. In some cases, it is possible if the custom ROM you're using instructs you to relock your bootloader and provides their own keys for you to flash or if you build and sign your own ROMs yourself, but otherwise, it's just not worth it.
You should read this reddit post for more details as to why you shouldn't relock your bootloader.
Yeah, I kind of figured. I tried locking the bootloader out of curiosity (obviously, you shouldn't do this.) which caused it to brick. I unbricked it using the MSM tools for the specific model. I also tried flashing the public key but it only allows recovery to boot and boot loops if you just leave it sit. lol
Don't' try this ever, you will most probably soft brick the device without being able to recover it.
You can only safely relock the bootloader on stock OS without the risk of bricking the device.
Sprunglicious said:
Under no circumstance should you relock the bootloader. The only OS that I know of that currently lets you do that on any device is Graphene OS on pixel devices. And that is written by extremely gifted developers. So... no... not now or anytime soon. Sorry!
Click to expand...
Click to collapse
Gateway05184 said:
Hello, I'm new to the Android hacking/modding scene with this being the first phone I am able to unlock the bootloader for. I recently picked this phone up (Model DE2118 to be specific), and got it's bootloader unlocked and installed Lineage. Now that it is all done and out of the way, would it be possible to lock the bootloader to prevent further modifications and potential security risks? Thank you in advance.
Click to expand...
Click to collapse
Not entirely true. CalyxOS allows relocking bootloader on Pixels. My own development for Oneplus 6/6T/8/8T/8Pro/9 and 9Pro allows relocking bootloader.
I managed to find a way to relock the bootloader with LineageOS installed by compiling it from source and patching a few files. Then I flashed the avb_custom_key partition via fastboot with the key I used to sign the image I've compiled. This resulted in me getting the yellow error screen (Your device has loaded a different OS.) rather than the usual orange screen you get with the bootloader unlocked. I even used a tool called "avbroot" to patch the image for magisk support.
just use the MSMDownload tool for the firmware you want, it will set it back to factory defaults and factory OS including re-locking the bootloader
NOTE: if you ever want to unlock it again just use the token file/bin file that oneplus sent you originally to unlock. no need to re-apply or ask oneplus again for new token, can just use the original one they sent you.
Gateway05184 said:
Hello, I'm new to the Android hacking/modding scene with this being the first phone I am able to unlock the bootloader for. I recently picked this phone up (Model DE2118 to be specific), and got it's bootloader unlocked and installed Lineage. Now that it is all done and out of the way, would it be possible to lock the bootloader to prevent further modifications and potential security risks? Thank you in advance.
Click to expand...
Click to collapse
I don't like seeing my Nord n200 boot to the unlocked bootloader screen, and found a way to prevent that.
I found the method on the Reddit forum for LineageOS.
From CevicheMixto:
I was able to complete the upgrade (dirty flash from the latest LineageOS 19.1). Here's what I had to do.
First, I upgraded the device firmware, following this guide. Note that the oneplus.com page that is linked from that guide does not appear to actually provide firmware for the Nord N200. The Oxygen Updater app does allow you to download the firmware, once the app's settings have been changed to enable "Advanced mode." It will save the firmware file in the /sdcard directory, and adb can be used to transfer it to your PC. (Alternatively, the firmware can be directly downloaded from https://android.googleapis.com/packages/ota-api/package/6be3f133f8fb9bbcc30d787679bd7b5da5e30995.zip.)
At this point, my phone would not boot into the LineageOS recovery (19.1 or 20); it kept returning to bootloader mode. I fixed this by flashing the LineageOS 20 boot, dtbo, and vendor_boot images onto the device. These images can be extracted from the LineageOS 20 ZIP file with payload-dumper-go, or they can be downloaded from the dre builds page.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash vendor_boot vendor_boot.img
(Unlike fastbootd, the bootloader does not appear to support the --slot=all option, but I only needed to flash these for the active slot.)
I was now able to boot into the (installed) LineageOS 20 recovery, choose "Apply update" and "Apply from ADB" to put the device into sideload mode. I then followed the upgrade instructions to flash the LineageOS 20 ZIP file, reboot back to recovery, and flash the MindTheGapps ZIP file.
Do yourself a favor and just load Oxygen Updater onto another Android phone and download the files. It will pop up a notice that the phone isn't the correct one, but just click advanced and download the file, then continue on.
My Nord n200 now boots with the OnePlus logo then directly to LineageOS with Android 13
KeysStickler said:
I don't like seeing my Nord n200 boot to the unlocked bootloader screen, and found a way to prevent that.
I found the method on the Reddit forum for LineageOS.
From CevicheMixto:
I was able to complete the upgrade (dirty flash from the latest LineageOS 19.1). Here's what I had to do.
First, I upgraded the device firmware, following this guide. Note that the oneplus.com page that is linked from that guide does not appear to actually provide firmware for the Nord N200. The Oxygen Updater app does allow you to download the firmware, once the app's settings have been changed to enable "Advanced mode." It will save the firmware file in the /sdcard directory, and adb can be used to transfer it to your PC. (Alternatively, the firmware can be directly downloaded from https://android.googleapis.com/packages/ota-api/package/6be3f133f8fb9bbcc30d787679bd7b5da5e30995.zip.)
At this point, my phone would not boot into the LineageOS recovery (19.1 or 20); it kept returning to bootloader mode. I fixed this by flashing the LineageOS 20 boot, dtbo, and vendor_boot images onto the device. These images can be extracted from the LineageOS 20 ZIP file with payload-dumper-go, or they can be downloaded from the dre builds page.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash vendor_boot vendor_boot.img
(Unlike fastbootd, the bootloader does not appear to support the --slot=all option, but I only needed to flash these for the active slot.)
I was now able to boot into the (installed) LineageOS 20 recovery, choose "Apply update" and "Apply from ADB" to put the device into sideload mode. I then followed the upgrade instructions to flash the LineageOS 20 ZIP file, reboot back to recovery, and flash the MindTheGapps ZIP file.
Do yourself a favor and just load Oxygen Updater onto another Android phone and download the files. It will pop up a notice that the phone isn't the correct one, but just click advanced and download the file, then continue on.
My Nord n200 now boots with the OnePlus logo then directly to LineageOS with Android 13
Click to expand...
Click to collapse
That doesn't solve what I was originally attempting to do but I appreciate the suggestion nonetheless. However, the DE2117 OTA update is not meant for the carrier exclusive models (i.e. DE2118 aka the MetroPCs T-Mobile model.) I've already attempted this on my own DE2118 and it resulted in a boot loop. This problem doesn't exist in Lineage 19.1.
Gateway05184 said:
That doesn't solve what I was originally attempting to do but I appreciate the suggestion nonetheless. However, the DE2117 OTA update is not meant for the carrier exclusive models (i.e. DE2118 aka the MetroPCs T-Mobile model.) I've already attempted this on my own DE2118 and it resulted in a boot loop. This problem doesn't exist in Lineage 19.1.
Click to expand...
Click to collapse
I used this to update to LineageOS 20
there is no known way to relock the boot-loader on a custom rom on the nord n200 . However you can re-lock in on the official firmware. You can always go back to the official firmware with the locked bootloader by flashing the official firmware via MSM Download tool