Better Mobile App

[Q] Best way to backup and restore on a number of devices

Hi
I've done a bit of searching but can't find anything too specific to what I'm trying to do. Basically we have 10 Android tablets, and I want to make them all standardised e.g. have the same Apps on, configured in the same way (e.g. enterprise wireless network added).
Now the thing is if anyone messes around with them I want a really easy way to restore them to the original config which I've done.
One way I thought was to configure one fully, install Titanium Backup on it, do a full backup of apps/system data etc, and put the backup onto an SD card. Then I already have the base ROM on an SD card so if theres any problems, I can just flash the ROM over it again, install TB, and restore all the data. Would this be suitable to do to duplicate the data onto 10 tablets, and also restore the data if required?
The other thing I looked into was customising a ROM myself, don't want to do anything too tricky it'll just be a case of removing all the preinstalled crap I don't want, preloading the Apps we do want, and if possible preloading the wireless key and getting rid of the first boot initial set up wizard.
PS I've looked at installing CWM and doing whole image backups, but supposedly the tablet isnt supported (its an Ainol Novo 7 Elf 2)
Any advice would be great, hopefully theres some fairly straight forward way of managing this
Thanks

One of the reasons I integrated a full blown GNU/Linux on my devices, was the need to run full and automated backups. If you are looking into the possibility making a custom ROM, this might be a solution for you as well. I'm using BackuPC to run backups nightly, backing them up as any other GNU/Linux machine (using tar over ssh).
See the link in my signature for more information about this.

kuisma said:
One of the reasons I integrated a full blown GNU/Linux on my devices, was the need to run full and automated backups. If you are looking into the possibility making a custom ROM, this might be a solution for you as well. I'm using BackuPC to run backups nightly, backing them up as any other GNU/Linux machine (using tar over ssh).
See the link in my signature for more information about this.
Click to expand...
Click to collapse
Hi
Thanks for the reply, not too sure this would be the right option for us. I don't really need to take nightly backups, I just need to make a backup of a preconfigured image, and then put that image onto 10 other devices. Then I want to keep the original backup and have an easy way to restore it onto any devices which have been messed up. Sort of like image cloning for PCs, I want to prepare a base image, and then flash it over all the devices.

fro5tie said:
Hi
Thanks for the reply, not too sure this would be the right option for us. I don't really need to take nightly backups, I just need to make a backup of a preconfigured image, and then put that image onto 10 other devices. Then I want to keep the original backup and have an easy way to restore it onto any devices which have been messed up. Sort of like image cloning for PCs, I want to prepare a base image, and then flash it over all the devices.
Click to expand...
Click to collapse
Ok, I see. Compile the image to you likings (boot image and system partition), and then flash it using fastboot onto you devices.

Hi
Does anyone have any more thoughts on this?
I have experimented with Titanium Backup and this seems to work quite well. I have installed a ROM, and customised it e.g. installed the apps I need and configured the apps, wireless settings and home screens etc. Then I do a full apps + system backup in TB to my SD card.
Then the plan is, I can reflash the ROM onto the other device, install TB and then restore this backup. This saves my user state and wireless settings etc.
Only problems is when I flash the ROM, I have to go through all the initial set up again and also remove some preinstalled apps which I dont want. Any ways around this?

There must be something I'm missing. Why don't you install the device, walk through the setup, remove the bloatware you don't want and then dumps the disk partitions into images you flash the other devices with using fastboot? This way you'll get'em cloned, isn't it this you want..?
Of course there's still some tinkering needed once restored/cloned, such as giving them individual Google accounts etc, but you can easily fix this without re-running the setup wizard.

kuisma said:
There must be something I'm missing. Why don't you install the device, walk through the setup, remove the bloatware you don't want and then dumps the disk partitions into images you flash the other devices with using fastboot? This way you'll get'em cloned, isn't it this you want..?
Of course there's still some tinkering needed once restored/cloned, such as giving them individual Google accounts etc, but you can easily fix this without re-running the setup wizard.
Click to expand...
Click to collapse
Hi
Yes that's what I want to do! How would I go about dumping the disk into an image and then flashing?

fro5tie said:
Hi
Yes that's what I want to do! How would I go about dumping the disk into an image and then flashing?
Click to expand...
Click to collapse
There are several methods. Some boot loaders (such as nvflash for tegra based devices) can actually read back the disk partitions to a computer via the USB port. You can also on the tablet read the raw mtd device with busybox/dd. I assume you've unlocked the bootloader and gain root access to the device, since this is a requirement for flashing them as well. A third alternative is using busybox/tar, and then recreate the filesystem image using mkyaffs (or if ext3/ext4 even easier, just loopback mount an image on you linux maching to unpack the tar archive to). Once you got the images (system and userdata partitions), you flash the devices with "fastboot flash system system.img" and "fastboot flash userdata data.img". I don't believe you'll need to tamper with the other partitions.

kuisma said:
There are several methods. Some boot loaders (such as nvflash for tegra based devices) can actually read back the disk partitions to a computer via the USB port. You can also on the tablet read the raw mtd device with busybox/dd. I assume you've unlocked the bootloader and gain root access to the device, since this is a requirement for flashing them as well. A third alternative is using busybox/tar, and then recreate the filesystem image using mkyaffs (or if ext3/ext4 even easier, just loopback mount an image on you linux maching to unpack the tar archive to). Once you got the images (system and userdata partitions), you flash the devices with "fastboot flash system system.img" and "fastboot flash userdata data.img". I don't believe you'll need to tamper with the other partitions.
Click to expand...
Click to collapse
Hi
Thanks for the quick reply, much appreciated.
Unfortunately you've lost me a bit here!
Yes the device is rooted, I dont have a linux machine though.
Any chance you'd be able to provide some more specific instructions? The device is a chinese tablet from manufacturer Ainol, the model is a Novo 7 Elf 2. Unfortunately there isn't much discussion on these online so specific help is hard to find!

fro5tie said:
Any chance you'd be able to provide some more specific instructions? The device is a chinese tablet from manufacturer Ainol, the model is a Novo 7 Elf 2. Unfortunately there isn't much discussion on these online so specific help is hard to find!
Click to expand...
Click to collapse
I can provide you specific answers to specific questions, but I have no experience of the tablet in question, so you'll have to do some digging yourself first. Make sure it supports fastboot, investigate what the proprietary bootloader is capable of, see how/if you can obtain an original image etc.
One maybe easier solution, especially if you plan to restore the tablets on a regular basis, is to only make a new boot image to reflash the devices with. The only modification done is that you change the /init.rc script to mount /data and /system from the SDcard instead of from the internal nand disk device.
Once this is done, you'll power up and run the installation wizard and everything on your master tablet. Then power it down, and clone the SDcard. This SDcard now contains everything, so you'll simply restore a device by replacing its SDcard with a copy of this master card. I guess it's easier to clone a SDcard than reflashing several internal partitions. Easier to make the master as well - you don't need to dd or tar them, they are already in "image" format. If you can get hold of the original firmware, this should be quite easy without the need to preserving data from the device itself.

fro5tie said:
Any chance you'd be able to provide some more specific instructions?
Click to expand...
Click to collapse
Issue the commands "cat /proc/mtd" and "mount" on your device at command prompt (e.g. via "adb shell" or the "ConnectBot" terminal app). This shows you if the device allows you to copy the boot image from it. Paste in the output into this thread. If you believe the "clone the tablet via the SDcard" is a good solution for you, the process is in short terms something as below;
Copy the boot image to the sdcard:
# dd if=/dev/mtd/mtd2ro of=/mnt/sdcard/boot.img bs=2048 (device dependent of contents of /proc/mtd)
Remove the sdcard, insert into a computer, split the boot image info kernel + initramfs. Read http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images for instructions about how to work with the boot.img file. I really recommend a GNU/Linux environment for this.
Then edit /init.rc replacing the "mount yaffs2 [email protected] /system" with "mount ext3 /dev/block/mmcblk0p2 /system" for system and data (use p3 for data partition, the device name may be different on your tablet, see mount output).
Create an SDcard with three partitions: #1 vfat (standard), #2 and #3 ext3. Insert into you device and boot it up again.
# mount -t ext3 /dev/block/mmcblk0p2 /root
# cd /system
# tar cf - . | (cd /root ; tar xf - )
# umount /root
# mount -t ext3 /dev/block/mmcblk0p3 /root
# cd /data
# tar cf - . | (cd /root ; tar xf - )
# umount /root
This copies your partitions to the SDcard. Shutdown the tablet again.
Make a new boot.img using the instructions in the link above, using the edited init.rc script.
Now you can non-destrutive give this a try.
Place you tablet in fastboot mode (often vol-up (or vol-down) during power on).
$ fastboot devices
This vill verify the tablet is in fastboot mode. It should be listed. Then:
$ fastboot boot boot.img
Note here, only BOOT the tablet, do NOT use the "flash" keyword. This in case of the image isn't working, you'll just have to restart you tablet, and no harm's done.
Look around. Do a "mount" command. Everything works? Mount shows /data and /system from sdcard? Perfect. Now you can reflash it. Shutdown and flash:
$ fastboot flash boot boot.img
Now the device will use /data and /system from the SDcard every time. Customize your device, and then clone your SDcard and try it in tablet #2 you'll booting with your new boot.img and the cloned SDcard. Verify that #tablet #2 is a perfect clone of tablet #1. It is? Now you can flash the boot,img into all your tablets.
--------------------
But don't forget, there may be other solutions as well, maybe more suitable. This you'll have to investigate yourself.
And the usual disclaimer - you can probably not follow above by the letter. There sure is some obstacle you'll have to overcome, something non-standard, etc.
Also keep the original boot.img file for safekeeping in the case you want to restore the device's boot image some day.

Wow! Thanks for the info! This is really helpful, I need to set aside a bit of time to work through this and have a look. Thanks again its really appreciated, I'll be back with info once I've had chance to give it a go!

I certainly can't offer more detailed info than the fellow from Sweden who seems to really know his stuff...but what about making a nandroid backup of your fully configured reference tablet (I'm assuming all tablets are rooted). Ensure all your tabs have CWM recovery and copy your nandroid file to each one.
If any of your fleet get 'corrupted' you can simply restore the original, fully configured ROM.
In fact that sounds too obvious..likely I missed something about your scenario which precludes this option from consideration!
Good luck mate.

tweeny80 said:
I certainly can't offer more detailed info than the fellow from Sweden who seems to really know his stuff...but what about making a nandroid backup of your fully configured reference tablet (I'm assuming all tablets are rooted). Ensure all your tabs have CWM recovery and copy your nandroid file to each one.
If any of your fleet get 'corrupted' you can simply restore the original, fully configured ROM.
In fact that sounds too obvious..likely I missed something about your scenario which precludes this option from consideration!
Good luck mate.
Click to expand...
Click to collapse
Hi
Yes that was my first thought as well, tablets are rooted yes but there is no CWM for the tablet. Its an obscure Chinese branded tablet.
Unless there is another way to do nandroid backups?

hmm tricky situation. Catch 22 ! From what I know, your best bet is to backup all possible things through Titanium Backup given that you don't have the use of Nandroid backups. You can include wifi settings, messages etc but it's modular & not systemic.
I did a quick google search with no luck - time to upgrade your fleet dude :-0
Best of luck.

[RECOVERY][UNOFFICIAL][TWRP 3.2.1][MOTO x4 PAYTON][7.1.1/8.0]

OFFICAL TWRP RELEASED, this thread is no longer active. 3-30-2018
https://twrp.me/motorola/motorolamotox4.html
---
UNOFFICIAL BUILDS -- USE AT YOUR OWN RISK AND KNOW HOW TO GET YOURSELF OUT OF TROUBLE IF IT ARISES. I ASSUME NO RESPONSIBILITY FOR YOUR BROKEN THINGS.
UPDATED 01-11-2018
There are now 7.1 based and 8.0 based builds. Obviously, be careful to select the proper download. While I don't think flashing/booting the wrong one would permanently brick the device, let's not find out
For now I will not be attempting to make data decryption work. It is REQUIRED that you unencrypt your device by formatting userdata, so back up your stuff first.
IMPORTANT NOTES: TWRP for OREO is a bit of a pain as it currently requires manually editing your fstab. I have tried to automate this process, but it breaks stuff. So just be aware before you begin that it is a rather time consuming process.
If you make any change to your boot partition after flashing SuperSU, you will need to reflash it or you will get a bootloop.
8.0 OREO TWRP INSTALLATION:
OREO SEEMS VERY FINICKY AND DOES NOT LIKE CHANGES TO ITS FILESYSTEM -- BE PREPARED TO REFLASH STOCK.
0. FLASH OREO FACTORY IMAGE (may work otherwise, but we should be starting from fresh stock here)
1. Download FASTBOOT BOOTABLE TWRP for 8.0/OREO below
2. Download SuperSU 2.82 SR5 below
3. Move SuperSU to external SD or USB OTG
4. From bootloader, fasboot BOOT TWRP
5. Flash SuperSU (note: do not format /data now... not necessary and will cause errors on boot)
6. Reboot system
7. With any root file editor/text editor (Amaze, Total Commander, etc) open /system/vendor/etc/fstab.qcom as a text file for editing.
8. At the end of the /data partition entry, delete "fileencryption=ice" and replace it with "encryptable=footer".
9. Save fstab.qcom (and make sure it is actually saved properly!)
10. Reboot to bootloader and fasboot BOOT TWRP
11. Go to Wipe, hit the FORMAT DATA button, and type "yes" to format /data. This will erase your data, obviously:silly:
12. Reboot system (should now be unencrypted, verify in Settings>Security or by booting TWRP and checking /data with File Manager.
If you later choose to flash TWRP (not the bootable we used here!), you may need to flash SuperSU again to avoid bootloops.
7.1.1 NOUGAT TWRP INSTALLATION:
1. Download current TWRP for 7.1.1 build below
2. Download SuperSU 2.85 SR5 (https://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
3. Move SuperSU to your external Micro SD card.
4. Fastboot flash the TWRP image.
5. Reboot to TWRP.
6. FORMAT data (not wipe...use the "FORMAT DATA" button and type "yes". OBVIOUSLY THIS WILL ERASE YOUR DATA)
7. Install SuperSU 2.85 SR5
8. Reboot to system (it WILL bootloop a couple times...don't panic!) and confirm that device is unencrypted by checking that SETTINGS>SECURITY>ENCRYPTION now prompts "encrypt" (don't do it).
DOWNLOADS:
TWRP FOR 7.1.1 (Nougat) DOWNLOAD: https://drive.google.com/open?id=1Et-AQgCNx7WDAwzihlI51euUa2ixKHEP
TWRP FOR 8.0 (Oreo) DOWNLOAD: https://drive.google.com/open?id=1WcVS_3rloF7jxPulj_jKxfsp3zy5pB5N
FASTBOOT BOOTABLE TWRP IMAGE (OREO BASED): https://drive.google.com/open?id=12ClviqtEjtflB63UQ1CZQNKEqkprBO0u **For temporary TWRP boot using "fastboot boot". Do not flash or you will be stuck in recovery!**
DEVICE TREE: https://github.com/mightysween/android_device_motorola_payton (NEEDS TO BE UPDATED WITH OREO BRANCH)
changelog:
BETA4
-reverted to 3.2.0 for current build (release candidate rebased to 3.2.1).
-fixed "format data" button
-finalized fstab for OTG/SD/INTERNAL mounting
-target is now UNENCRYPTED devices only (/data decrypt will not be fixed)
BETA3
-Rebased to TWRP 3.2.1
-USB OTG working
-all partitions mounting correctly
-considered working except for decrypt and MTP/ADB
BETA2
-fixed internal storage mount
BETA1
- updated source to TWRP 3.2.0
ALPHA3
- Fixed USB mounting (adb/mtp still nonfunctional) BROKEN IN BETA1
ALPHA2
- SD Card fixed
ALPHA1
- /system is now properly mounted.
- now plays nice with our working root method.
- ramdisk is patched to prevent first boot encryption once /data is decrypted (now requires flashable ZIP)
NOT WORKING:
adb/mtp/sideload
/data decryption (abandoned -- /data access requires unencryption)
CREDITS: @kraatus90 for kernel fix, @Chainfire for SuperSU, @jcadduono for no-verity-opt-encrypt scripts.
---

Thanks so much for all your work!

hi,
you said this is really unstable and could brick the device easily. however, you seem to be testing and experimenting with your device a lot, so i'd like to ask if you have any particual unbrick method that you use when something goes wrong.. like, a via fastboot flashable image or something simmilar...?
thanks for your work!

Thanks for you work. If you have any unbrick methods pls tell.appreciated your work ?

I am not going to provide step by step "unbrick" methods, because until the partitioning is properly set up, TWRP has potential access to things that can not be fixed.
Again, this is still highly experimental.
All that said, my entire process to protect any device remains the same: Have a backup for every partition you will be testing, make as few changes as possible at a time, test boot images before flashing (fastboot boot), and test restore methods frequently (flashing back to stock or backups), and don't do anything unless you are highly certain of the outcome.
By those standards, there is nothing to gain by installing TWRP right now, as its basic function (install/backup/restore) is not set up yet.

Found the BoardConfig flag to enable FBE (TW_INCLUDE_CRYPTO_FBE := true) but do not have the lib it is dependent on (libe4crypt) and I don't see it anywhere yet...
For reference (not sure this is most current, but it demonstrates the process)
https://github.com/nijel8/TWRP/commit/bd7492de28963b7e74e8e5d3f17ec9a5a287d9c3
I have confirmed that FBE support is present in the source, dependent on this missing module... so need to figure out where/how to enable it.
It is possible that this entire process is specific to only certain devices (i.e. Pixel, Nexus). If this is the case, we may be stuck at this point for awhile.
Obvious workaround is to not be encrypted to begin with -- but that isn't a "solution".

mightysween said:
It is possible that this entire process is specific to only certain devices (i.e. Pixel, Nexus). If this is the case, we may be stuck at this point for awhile.
Click to expand...
Click to collapse
This appears to be the case, unfortunately. Seems that the TWRP FBE support was built specifically for the Google implementation of FBE which was merged into kernel sources for Nexus and Pixel. Not even using the qseecomd I assumed it was... will remove on next build.
Info on FBE:
https://source.android.com/security/encryption/file-based

Will be testing options to disable forced encryption, and if necessary dm-verity...
Anyone who wants to dig through kernel for related flags and props, it would be greatly appreciated!

Hey, where did the big "format data" button go in TWRP? Is that optional on compile... can't find a flag for it...

Making good progress this morning.
Seem to have a build with properly decrypted /system, and working SD Card. I also have patched the boot.img to disable forced encryption on the first boot. But now, I can not find a safe way to fully format (not "wipe") the /data partition. As mentioned in the previous post, the "FORMAT DATA" button is missing. The fastboot command "fastboot format userdata" returns an error that it does not support RAW format.
Need to figure out why this is happening... and once I do, I believe I can reformat /data without encryption and then will have an almost fully working TWRP build. Obviously, the ideal solution would be to have TWRP work out of the gate with an encrypted /data, but until then this is going to be our best option.
Will post an updated test build in the OP soon.... needs further testing before I would recommend non-expert users to try it.
Getting very close now!
UPDATE: ADDED NEW BUILD TO OP
---
Also, just occurred to me that the ramdisk will need to be patched every time, so now that I have SD card support will be testing some of the existing flashable ZIPs out there that are designed specificially to prevent first-boot encryption and/or disable dm-verity.
---

mightysween said:
Hey, where did the big "format data" button go in TWRP? Is that optional on compile... can't find a flag for it...
Click to expand...
Click to collapse
This is really the only hold up... I changed the partition from 'Advanced Wipe", but as expected, it was still encrypted on boot as it doesn't actually format the footer where encryption is stored. I can't figure out where that darn "FORMAT DATA" button ran off to, and that is exactly what we need here.

mightysween said:
This is really the only hold up... I changed the partition from 'Advanced Wipe", but as expected, it was still encrypted on boot as it doesn't actually format the footer where encryption is stored. I can't figure out where that darn "FORMAT DATA" button ran off to, and that is exactly what we need here.
Click to expand...
Click to collapse
I don't know how to help except to say that using TWRP 3.1.0-MOD_1 with my XT1254 (DROID Turbo), when you go to wipe it has two buttons --- one on the left for Advanced Wipe and Format Data on the right.

johnjingle said:
I don't know how to help except to say that using TWRP 3.1.0-MOD_1 with my XT1254 (DROID Turbo), when you go to wipe it has two buttons --- one on the left for Advanced Wipe and Format Data on the right.
Click to expand...
Click to collapse
I have 3.1.1-0 (same version I am building here) on several other devices, and the button is there. It has to be triggered by something during compile, but I can't figure it out. Driving me nuts
Looking through TWRP source, and can find actions for every other button (wipe, backup, restore, install, etc) but not for format. Hmm.
I posted over on an old but semi-active TWRP flags thread, maybe someone will have some insight.

Wondering if I make a stock boot image without the encryption tag in fstab, and then wipe data and reboot... then flash my image. That may make it so the data partition is never encrypted in the first place and allow TWRP to work.
But that is an ugly, non-user friendly fix. Why can't we just format /data?
---
Final update for today... this seems to be a compile issue, which is a good thing. I tried to manually decrypt /data from the TWRP command line, and got this:
No crypto support was compiled into this build.
Click to expand...
Click to collapse
So, I must be missing something in boardconfig still... and maybe need to set up a small proprietary vendor folder with the necessary libs

mightysween said:
Final update for today... this seems to be a compile issue, which is a good thing. I tried to manually decrypt /data from the TWRP command line, and got this:
So, I must be missing something in boardconfig still... and maybe need to set up a small proprietary vendor folder with the necessary libs
Click to expand...
Click to collapse
Thanks for doing all of this! I wish I had the time and knowledge to help.

Had a few PM's checking on TWRP status, so an update.
The good news is that the X4 is using Qualcomm based decryption for /data... the bad news is that most if it seems to be closed source. This will take some time for me to figure out, but I have already made some progress by sifting through logs.
Right now, I am trying to find a device with similar decrypt scheme to have some more guidance on the process.

mightysween said:
Had a few PM's checking on TWRP status, so an update.
The good news is that the X4 is using Qualcomm based decryption for /data... the bad news is that most if it seems to be closed source. This will take some time for me to figure out, but I have already made some progress by sifting through logs.
Right now, I am trying to find a device with similar decrypt scheme to have some more guidance on the process.
Click to expand...
Click to collapse
dont know all about these things but maybe xiaomi mi a1 twrp can help as it is also using same a/b partition. and twrp is already there for it

vivek638 said:
dont know all about these things but maybe xiaomi mi a1 twrp can help as it is also using same a/b partition. and twrp is already there for it
Click to expand...
Click to collapse
Thanks, the Mi A1 is one of the devices I have been comparing to, and has been quite helpful.

mightysween said:
Thanks, the Mi A1 is one of the devices I have been comparing to, and has been quite helpful.
Click to expand...
Click to collapse
Keep searching. wish i could have helped but dont know anything about compiling n all..

I'm not much of a programmer, but I can look through the files. Is there anything in particular we're searching for?

Flashing DTB Partition using TWRP ?

Hello,
is there a way to flash the dtb partition using TWRP ?
I can flash bootloader, boot, system easily using twrp. But since there is no /block device for the dtb partition its not as easy like the other partitions.
Just dd'ing to /dev/dtb does not work, too.
I need to flash 13 devices mounted in a Server Rack, so it would be nice to do this by twrp and not by usb.
Greetings,
chris

Hi!
Did you ever find an answer to your question?
I figured out that /dev/dtb seems to be picking up data from either /dev/block/[email protected] or /dev/block/reserved/@0x440000, there are two identical copies of gzipped dtb.img there.
P.S. Reading the driver code I see that you can just write dtb/multi-dtb into /dev/dtb and it will be stored into both copies on /reserved partition
I wasn't brave enough to try and flash them on a running TV and risk bricking it though

Axon 10 Pro (Non-5G) Expanded EDL Tools / New Fixes / General Tips

WARNING - THESE TOOLS WRITE TO THE DEVICE PARTITIONS DIRECTLY
If you don't know what that means...
THIS CAN REALLY SCREW UP YOUR ---
I HAVE ONLY TESTED THESE ON THE A2020U (NON-5G) - I CANNOT SAY THEY ARE SAFE ON ANY OTHER VERSION OF THE PHONE (YET)​(If you want to test it on a specific model you own, send a PM or post and I can tell you to run a few (safe) things from these tools to make them compatible your phone.)
See my next post down for some more "beginner friendly" general tips and tricks for this phone, including some fixes for common problems and a quick guide for installing Magisk!​
If you can't afford to brick your phone, these tools aren't made for you.
There aren't really any protections from doing damage. I made them for myself because doing them on a command line constantly is a pain. I'm just sharing them for two reasons:
1) So myself or other people have tools available to make it easier when advising someone on how to fix their phone.
2) For tinkerers who are okay taking the risk that they'll mess something up.
Thanks to @djkuz / @Unjustified Dev for the EDL tool. These scripts really just expand the use of fh_loader commands in that tool. If you are able to read C++ and want to understand fh_loader I suggest searching on google, the source code is available and from that you can better understand what the tool does / what the command line options do. Feel free to ask here too, I'll do my best to share what I know.
Anyway - below I'll go into plenty of detail of what each "tool" does and some helpful information about using them.
I write in a kind of permanent verbose mode, so if you're impatient and need a TL;DR for these... tough. =)
CURRENT VERSION: Version 1.1d​
Changelog:
Version 1.1d:
- Fixed reset scripts
Version 1.1c:
- Fixed a typo in backup_GPT ¯\_(ツ)_/¯
Version 1.1b:
- Fixed errors in GPT_Tools - apparently these existed since v1.0 DO NOT USE PREVIOUS VERSIONS
- Removed the v1.1a download (use 1.1b)
Version 1.1a:
- Added script to find the COM port automatically
- Updated all scripts to use the COM port in the file COMPort (created by the above script)
- Added the missing AB Partition manipulation files (accidentally left out of v1.0)
- Added script to run the phone reset EDL command
- Fixed all the filename inconsistency in the XML files - HOPEFULLY. Please post any errors you find. Unfortunately this will make this version incompatible with v1.0 backups without some work - either rename your backup files to match the new format or use the old XML files included.
-- Especially fixed the XML typo of "uefi_sec.mbn" being backed up from both A and B to the same file (overwriting the A copy with B during an ALL backup).
- Added support for installing firmware packages created for this tool. Put them in the Firmware_Package_Restore directory and use the scripts included with them.
Basic Instructions:
1) Download zip (See attachment at the bottom, or here - Download from AndroidFileHost)
2) Unpack zip
3) Move folder to the root directory, or inside any chain of directories that do NOT have spaces in any of the names
4) Right-click on scripts and select "Run with Powershell" to run
5) If running scripts fails due to permissions, see these instructions: https://superuser.com/questions/106360/how-to-enable-execution-of-powershell-scripts
Make a "Complete Backup" (minus userdata):
1) Run Load Programmer
2) Run "backup_all"
3) Check the backup directory and verify the files were backed up and sizes make sense - a full backup should be 10,387,202,048 bytes / 39 files for the critical files and 1,626,697,728 bytes / 64 files for the non-critical (Don't include the port_trace log file when checking size)
Note: You will see a lot of "warnings" before the files begin to download, the program checking if the files already exist.
How to Use These Tools:
Important:
When the scripts run there will be a lot of information dumped to the console. It's not necessary to read all of that BUT - IF YOU DO NOT SEE THE ASCII ART "DONE" AT THE END of running any of these scripts it is likely the script encountered a serious issue. "WARNING" art is normal for some scripts, but "ERROR" means something went wrong.
None of these find the COM port automatically. It is possible (the EDL tool does) but it's just extra work I'm not paid to do =P
You will need to edit each program and change the variable at the top (usually $COMPort = "6") to whatever port number your phone shows up on.
Sorry that's inconvenient, but it should just be once per script - my port number never changes so it wasn't worth implementing automatic port finding.
This is no longer needed after v1.1a.
1. Load Programmer
This is a simple but extremely important tool! You need to run this before running anything else. This script will open a window that runs a command to open a connection to the phone (when it is in EDL / "9008" mode). The window will stay open until you close it. When working on backups I often need to re-connect the programmer, so this makes that easy - just alt-tab to it and hit enter. If you look at the script, it's fairly straightforward - just read the instructions on the screen after running it. The "secret sauce" for this is really the firehose protocol for our chipset that Unjustified Dev provided in the EDL tool.​
2. Backup / Restore:
backup_all: This will backup everything on the phone EXCEPT for the huge userdata partition. It will create a backup in two directories, which I'll explain..​​"critical" / "non-critical": You can see that I have scripts to run these two "types" of backups. Non-critical DOES NOT MEAN NOT IMPORTANT. It means that it is not critical TO ME to back up those files EVERY time I do a backup, because they rarely change. They're EXTREMELY important to have at least one backup of for your phone. The "critical" backup files are files that change often, although some of them are extreme non-critical (cache for example). Use a different name than "critical" if you like, but the point is that only with BOTH backups run (which is what backup_all does) will you have a complete backup.​​restore_all: This will restore a full (both critical and non-critical) backup set. The backup files have to be in the "restore_critical" and "restore_non-critical" directories respectively. If you didn't make the backup you're trying to restore with this tool CHECK THE FILENAMES, e.g. if you used Unjustified's EDL tool you have to rename the "abl.elf" file his backup generates to "abl_a.elf" for mine. I put _a and _b on every partition that has an a/b version because I got tired of getting them confused. Of course you can always install a backup to either slot.​Files moved to the "restore_" directories won't be changed at all by the restore process so you can cut/paste the files from your backup into the directory instead of copying them.​
3. A/B Partition Manipulation
These are no more complicated than the backup/restore tools. But they are written to make manipulations of the A/B partitions easier.​My main use for these is when I know I have a good, working ROM setup on slot A, I run A2B copy. Then no matter which slot I end up booting I'm sure it will work. (That is, if you have a working, booting slot, copying all the files from that slot to the other slot using this tool will make both slots the same.)​​Backup/Copy:​​run_AB-partition-backup: As it says, it will backup both the A/B partition files - WARNING this is NOT a full backup of the phone.​​run_AB-partition-swap: This will backup all the A/B partition files, then it will write the B files to A and A to B, effectively swapping the partitions and leaving you with a backup in case it screwed up. This backup is ONLY OF THE A/B FILES.. NOT the whole device!​​run_A2B-partition-copy (and run_B2A-partition-copy): These will do a backup of both A/B partition files, then write the A partition onto the B partition (A2B) or vice versa (B2A), effectively mirroring that partition.​
​Write/Restore:​​All the restore scripts try to find their files in the "restore_Partitions" directory - place the files from one of the backups to be restored there.​​restore_AB-partition-backup: Restore a backup of both the A and B partition files.​​restore_A-partition-backup (and B): Restore just the backup of one partition to the same partition it was taken from (A to A and B to B).​​restore_A2B-partition-backup (and B2A): These write from one partition backup to the other partition as the name suggests.​
4. GPT Tools
These are some basic tools to directly interact with the partition tables - these are not going to be of any use to 99% of people, so just ignore them if you don't know what they do.​​run_fixGPT: This issues the --fixgpt command to each of the LUNs. USE AT YOUR OWN RISK. As I understand it, this will use the onboard device configuration information from each LUN (e.g. logical size) and try to rebuild the GPTs. It's similar to running patch XMLs, it can clean up flashing messes. It isn't magic and won't fix everything.​Rarely will anyone need it unless they've been messing around with the flash tools recklessly... I certainly don't know anyone who would do something that dumb ​​backup_GPT: Backup all of the header and footer (main/backup) GPTs for all the partitions (lun 0-5). I am not aware of whether any other models of the phone have more LUNs, so be careful if you're using this on a non A2020U phone.​​restore_GPT: Simply write an entire GPT backup set (both main and backup 0-5) onto the phone. The backups must be in the restore_GPT folder. This DOES NOT BACKUP before it runs so make sure you did your backup.​​
6. Set Bootable Partition:
Alright this one is important for everyone. There are two scripts here - one for slot A and one for slot B. These just run a simple command, but they will fix a common problem I (and probably others) have - when the ROM active-slot information does NOT match the partition (hard drive) bootable flag, the phone will bootloop EVEN THOUGH EVERYTHING IS GOOD.​​So when you flash an EDL backup (depending on which files you flash, I believe this happens because of either the bootloader or the GPT files) there is a chance the backup you're flashing was originally from a different slot than the one you're restoring it to. The config thinks it should be on slot A while the hardware thinks slot B should be booting.​This will result in a fast ~3 second bootloop as the two disagree and reset.​​This tool changes which partition is expecting to boot - "1" for slot A and "2" for slot B.​​This does NOT change the active slot - the phone will continue to boot the same slot it's trying to boot. You just need to make the partition that it is trying to boot has a bootable flag.​AFAIK there is no way to change the active slot (the one XBL (I think) is trying to boot), except through fastboot or when the phone fails to load the OS 8 times in a row (note - if it fail to load the OS - if the phone bootloops before "boot" is called it won't ever switch slots on its own).​​This was a common cause of fast bootloops for me before I figured this fix out. ​
It does no harm to try this as you can always switch again. If neither one works for you, then it's something wrong with the files you're flashing. If you know which slot the phone is trying to boot (the one it was on last), run the script that matches that slot.​
7. Write "Unlocked" Bootloader and FRP:
Just like the original EDL tool, these very simply overwrite your existing (probably stock) bootloader (abl) files with the fastboot enabled version, and/or your FRP with the "unlocked" flag on (see description below). This will allow you to enter the bootloader menu (Vol+/- on booting) and use fastboot to unlock the bootloader.​​backup_FRP-and-bootloaders: As it says, this will make backups of both the FRP file and current bootloader files (ABLs).​​run_all: Literally just runs both of the below scripts *shrug*​​write_UD-bootloader: This automatically backs up both your existing A/B bootloaders before overwriting them (BOTH) with the unlocked/fastboot bootloader.​WARNING - an unfortunate fact is that if you're using the stock ROM and you have this bootloader installed, it borks the USB mode so it's stuck in charge only. There's a way to fix it temporarily, I'll post it in my "tips" thread, but you have to do it every time you boot, very annoying. I can't fix it permanently because I don't know how the bootloader file was built!​WARNING 2 - Android 10 will NOT BOOT with this bootloader installed. You can still install it, trying to boot will bootloop, but you can get into the bootloader menu and use fastboot - but there are no recoveries I know of that work with Android 10 right now, so there's very limited use to having fastboot right now. Hopefully we can get a port of TWRP 3.4 going for this phone..​​write_unlock-frp: This is also in the EDL tool, but maybe poorly explained - the FRP file holds the flag you change in the OS Developer Options to designate "allow bootloader unlock". If you FORGOT to switch that flag on and unlock, as I understand it, you get bootlooped. This can fix that for you without having to go through all the work of undoing that mess.​WARNING - I have only tested this with a brand new factory reset OS WITHOUT any fingerprint/code set. It may not work if you set one. I warn against using this if you are not ready to lose your data. It's convenient if you just forgot, but if you set a pattern/fingerprint security and encrypted the filesystem overwriting the FRP might remove your ability to decrypt which would force you to factory reset. Again, I haven't tested it for that so it may work, but be careful.​If you already screwed up and ran this to set the flag - the script runs a quick backup of your old FRP just in case. So you can try to restore that FRP and pray lol)​
8. Specific Files:
This is just a generic program to backup/write(restore) "specific files".​​I include a "Reference.XML" which has a full <program> line for every partition you might want to write/read on the phone. To use this, you need to copy the lines from the reference XML into "rawprogram-specific-files.xml" for the files you want to read/write.​​As an example I already set up "rawprogram-specific-files.xml" with the two lines for "abl_a" and "abl_b" in it. So the script will backup or restore those files (provided you put the abl's you want to restore in the restore_files directory).​​I personally use this template a lot - I have one for ABLs, one for AOPs, one for BOOTs, and so on. If you are trying to fix a specific file(s) it's convenient.​
9. Userdata Backup:
I put this last because, to be honest, I'm not sure how good of an idea including this even is.​​VERY IMPORTANT - DO NOT USE THIS USERDATA TOOL IF YOUR PHONE IS NOT THE 256GB VERSION!!!!!​​I will need someone with the 128GB version to send me their GPT files if they want me to make an XML that works for them. Because the userdata size for SURE depends on your phone version.​​Also, I wrote a script that breaks up the file into download slices (and can be written back to the phone in slices, of course) - one, to see if I could do it and if it would work (it does)... and two, so that in the horrible case that something goes wrong during the... nearly 2hrs of transfer time, for my 256gb image ... that I can at least not have to start all over. If something happens, you should be able to remove the entries in the XML for what you already have and start again.​​Finally - is it even worth doing? Is backing up the userdata even useful?​​I don't know yet.​​For an unecrypted pre-A10 phone I do know it works to fully flash ALL the files on the phone + the userdata all at the same time to return the phone to the exact "state" it was backed up in - all the apps and settings and everything, exactly as they were.​​But A10 is encryption enabled always, and it uses file encryption which sounds even worse for this idea.. and I don't know if the crypto keys change and when. So flashing an entire encrypted partition might just leave you unable to decrypt all, some, or none and you lose everything.​OR it might just work - you throw the whole image on there and the decrypt key is the same, boom, easy backup.​​If anyone tries it, let me know how it goes (or doesn't). I'll update with any results I find.​​Update 1: I have confirmed that for the 256gb A2020U backing up the full phone and userdata allows you to restore the phone to that exact state. Doesn't matter if it's encrypted, password set or not, etc. If you backup the entire userdata image and reflash it that is where the phone will be. In most cases you also need all the other partitions too, but if they have not changed they don't have to be reflashed. (I confirmed going from encrypted with password -> encrypted with no password -> back up encrypted with password.. This is on Android 10 with its more complicated encryption).​Another nice thing to note - of course the image of the phone will be the size of the partition (ie. 256gb for mine, 128gb for others). But if your phone storage is largely empty, you compress the backup using something like 7z once the image has been backed up. It won't take up so much space then. How much less? My 256gb image compressed is 4.5gb. lol.... it makes sense, the phone is new and there's basically no information on the userdata. Many of the pieces of my userdata backup have the same exacty hashes - meaning they are literally just all 0's... 260gb of zeros. Unfortunately you can't get away with just backing up part of the image as data could be anywhere. And over time as the sectors get written to, it will get more difficult to compress.​​Anyway, if anyone has a 128GB version they want to donate to science (kidding - I just need backups of the GPT) I can make the XML file to use for backing those up too.​
Extra Note: All the programs automatically build a log of the console window, so if something goes by too fast just check the log. The fh_loader also creates a log and dumps it somewhat randomly about... lol.. the filename is port_trace.txt. This tends to get deleted and overwritten easily so if you want to keep it, move it when the script finishes,. it does often contain more information than the console shows - it can be useful understanding what's going on.
Extra Note 2: You'll notice a script "Create Hash List" in practically every directory. That's to strongly hint that using that script is super useful. All the files backed up through these tools, by definition, have the exact same size. If you hash your files though, you can tell if they have changed at all. This is extremely useful in troubleshooting problems.
How to install an EDL firmware package:
Note: This tool is specifically made for the firmware packages I posted. It won't work with any other package (although it can, with a little work).
1. Install the EDL tools
2. Run a backup of your phone! Even if it isn't booting.
3. Download a firmware package from this thread: [ROM][STOCK] Stock Firmware Packages (For Expanded EDL Tools)
4. Unpack the firmware archive into the tool directory "Firmware_Package_Restore"
5. Put phone in EDL mode and run Load Programmer
6. Run whichever "Write Firmware vX to Y.ps1" you want (X = firmware version, Y = A or B partition) (If you don't know which partition is currently booting, just install both.)
7. Wait for the install to finish ("done"), then reset the phone with either the power button or the reset tool
8. You might see a few bootloops and then the phone ask you to do a factory reset / system wipe.
9. Done.
PLEASE POST IN THE FIRMWARE THREAD _NOT HERE_ IF YOU RUN INTO ANY ISSUES!
Enjoy!

Also, while I'm here... some other helpful notes for this phone:
-------------------------------
General Information:
As of right now there are a lot of working options for Android 9 and quickly expanding thanks to work @Unjustified Dev did and work @rafyvitto is continuing to do! Check out some of his sGSI ROMs, lots of options!
Thanks to Unjustified LOS 16 is available for Android 9 also, and is the base install for most ROMs. See his threads for that. I may write up an install guide here that's a little more in depth than his.. not today though.
Upgrading to Android 10 with the bootloader unlocked is possible but requires a workaround:
You must unlock on Android 9 then use recovery to side-load the Android 10 update available from ZTE USA (HERE).
This will remove the fastboot enabled bootloader and requires a complete system wipe.
You will retain bootloader unlock.
Once you have updated to A10 you can run OTA updates to get up to the latest version.
Downsides to A10 include - NO RECOVERY (yet), NO CUSTOM ROMs (yet), and if you flash the fastboot enabled bootloader you CAN use fastboot, but you cannot boot- the phone will be in a bootloop until you restore the stock A10 bootloader.
-------------------------------
Resetting the phone manually:
In EDL Loop - Hold power for 20 seconds
In EDL Not-Looped - Hold power for 5 seconds
In System (booted after ZTE logo) - Hold power for 10 seconds
----------------------------------
Entering Modes:
All of these start by using reset above, THEN the button(s) below - in all except one case (EDL), when the phone resets it will vibrate and then show the blue ZTE logo.
When you feel the vibration you want to immediately release the power button and press the mode buttons.
This can be confusing and tricky - most people say "hold power + button" - that is incorrect. Most cases if you hold any button other than power the phone will not finish resetting until you release that button.
What you want to do is right before or as the phone vibrates, then you hold the button. Once the ZTE screen is up it is probably too late if you missed it. So hold power for your reset and be ready to push the button you want when you feel the vibration.
The one exception - EDL mode. For EDL mode you can (and must) hold the key combo just before/during the restart.
Recovery Mode: Vol+ Button
Factory Test Mode: Vol- Button
Bootloader/Fastboot Mode: Vol+/- Button (both) when phone is NOT plugged into USB (if you are too early pressing the combo, even with the USB unplugged, you will get EDL mode)
Emergency Download Mode: Vol+/- Button (both) when phone IS plugged into USB
--------------------------------
EDL Flash Errors (esp. when EDL looped):
There is NO indication the phone is even ON when you are EDL stuck/looped. Other than when you plug into the computer with the right drivers it shows up as a 9008 device (9008 mode is EDL for Qualcomm).
Even when you can see the phone on your computer, it can often "freeze" in EDL if it is left idle for too long (not connected to and being used by a Sahara programmer).
If you try the EDL tool or another flash tool and they give you errors related to the Sahara programmer not loading or no "hello", do this:
Reset the phone - use a clock to count if you need, has to be accurate since there's no indication of when it resets. Press down Vol+/- and the power button, count to 20sec, then release JUST the power button. Keep holding both of the volumes for another 5 sec, then release them. That will get you back into a fresh EDL. You can watch your Device Manager to see the phone disconnect as an indicator when to let go of the power button. If you mess up the timing, wait a bit before trying again so the phone isn't in the middle of rebooting.
Easiest way to tell if you're in EDL is to watch the Device Manager while you do it. Otherwise there is just a lot of guess work, since there's no logo or vibration when you get it right, phone just appears off.
--------------------------------
USB Mode Stuck After Unlocking:
Something about the fastboot/"unlocked" bootloader causes the USB mode when you boot in the OS to be stuck on "Charge Only" mode.
Luckily I found @meow sir 's comment tucked away in this thread, and he knew a way to fix it (thanks!):
1. Open the phone dialer
2. Dial in "*#*#DEBUG#*#*" (debug = 33284)
(Sometimes takes a little bit to open, but a debugger menu will open)
3. Select the 2nd option for USB
4. Pick the only option - this will unset some strange "testing" mode and you can use MPT again.
Unfortunately this fix doesn't stick, you have to do it every time unless you switch back to the stock ABL. =(
--------------------------------
Installing Magisk, Quick Guide:
- You must have your bootloader unlocked already! This works on both A9 and A10.
1. Use this tool to create a full backup! (backup_all)
2. Go into the "critical" directory created by the backup and find the files for boot_a.img and boot_b.img - rename them to boot_a_bak.img and boot_b_bak.img and keep that window open, need them in a second
2. Boot into the OS. Download the Magisk Manager APK from HERE
3. Copy the APK and both of those boot files to your phone, open a file manager and install the APK
4. Open Magisk Manager and click on "Install" for Magisk (upper right)
5. Select "Patch Boot ROM" (or whatever it says.. something like that..)
6. Navigate to boot_a_bak.img and patch it.
7. Go to your Downloads directory (where Magisk dumps the patched file) and rename it to boot_a_magisk
8. Go back to Magisk and repeat those steps for boot_b
9. Copy the two patched Magisk boot files to your computer, into the folder with your "critical" files backup.
10. Rename the Magisk files to "boot_a.img" and "boot_b.img"
11. Move all the files from the "Backup\backup_all-critical-(...)" directory to the "Restore\restore_critical" directory in my tools
12. Finally, reboot into EDL.. almost there!
13. Run "restore_all-critical" (don't forget to run Load Programmer first..)
14. It will restore all you files, kinda a waste of time - if you know how to use the "Specific Files" tool this is a perfect time to use it to flash JUST the boot files. But anyway - this will get it done.
15. When done flashing, reboot the phone and open Magisk Manager to confirm it is installed!
The Magisk team recommend you DO NOT FLASH your stock boot files back to uninstall it, instead they say you should run their uninstaller.zip. However, I am not sure how to uninstall it if you're on A10 since we don't have a recovery that can flash zips? (Unless the stock recovery works for that, I don't think it would..)
I suspect (but have not tried) that on our phone flashing the boot files back over Magisk will not really be a problem since the recovery and ramdisk are all wrapped up into the boot image. But I don't recommend trying it if you value your data! Fair warning.
---------------------------
Alright that's everything. Good luck!​

This will be useful for a lot of folks on here, thanks for taking the time to look for a work around.

rafyvitto said:
This will be useful for a lot of folks on here, thanks for taking the time to look for a work around.
Click to expand...
Click to collapse
Glad to be helpful! Usually I lurk the forums getting information I need to unlock/root/etc lol.. but I saw I actually could contribute something to this forum so hopefully it encourages people to get interested in this phone. It's looking pretty sweet now that I'm not spending days fighting with bootloops!

Indeed,on the note of attracting more users. im going to be releasing something for the pixel lovers very soon ?

Thanks Bob!
I'm on A10 with unlocked bootloader. I made all EDL tool backups when on A9 but these were done before correcting the typos as suggested. So I am not confident of successfully flashing back to A9 (preference).
Therefore I will likely flash the magisk-patched boot files to attempt root and report my experience...
Sent from my ZTE A2020U Pro using Tapatalk

big thx, glad to see some life to this almost dev-dead device

Hey thanks for the post. I'm thinking about buying the phone but have a quick question. Can I update to the latest version of Android 9 before unlocking or will the OTA be Android 10. How would I go about updating to the latest version version of Android 9 and not go to Android 10. Can I download the Android 9 OTA from somewhere and flash that one? Thanks in advance for the help!

Crackass said:
Hey thanks for the post. I'm thinking about buying the phone but have a quick question. Can I update to the latest version of Android 9 before unlocking or will the OTA be Android 10. How would I go about updating to the latest version version of Android 9 and not go to Android 10. Can I download the Android 9 OTA from somewhere and flash that one? Thanks in advance for the help!
Click to expand...
Click to collapse
:good: I think your question borderlines on needing its own thread in the Q&A section but I'll answer you anyway...
Currently as long as you are on A9 when you get the phone you can just do OTA updates from firmware version 1.10 to 1.11 to 1.13 (not sure what android security update that is), after 1.13 it goes to A10.
There is an A10 firmware available from ZTE to SD card sideload. Once installed it has to be updated to the latest A10 via a couple OTA updates.
Going directly from A9 to A10 via OTA goes directly to the latest version.
You cannot flash the A9 OTA... because flashing an OTA is an oxymoron... but I guess you mean can you download the A9 firmware and flash them. The answer is... maybe. ZTE does not offer official downloads any A9 firmware for A2002U (USA version), only A10.
They do offer A9 firmware for A2020G (european) and I think other foreign versions (RU, CN). These cannot be interchanged, if you have the US or EU or CN phone you need to use that firmware... from what I have read. I could be wrong, I don't have those phones.
But there is an unofficial stock A9 firmware for the A2020U here on the forums, uploaded by @rafyvitto . That will get you to.. I forget.. 1.11? That can be flashed using the original EDL tool or, with a little modification, the EDL tools in this thread.
Additionally.. if I ever get around to it... I plan to upload all three A9 firmware packages for the US version which can be flashed with the EDL tools in this thread. Not sure if it's really necessary, but I have them.. it's just a matter of figuring out hosting them and spending the time to upload them.

bobthenormal said:
:good: I think your question borderlines on needing its own thread in the Q&A section but I'll answer you anyway...
Currently as long as you are on A9 when you get the phone you can just do OTA updates from firmware version 1.10 to 1.11 to 1.13 (not sure what android security update that is), after 1.13 it goes to A10.
There is an A10 firmware available from ZTE to SD card sideload. Once installed it has to be updated to the latest A10 via a couple OTA updates.
Going directly from A9 to A10 via OTA goes directly to the latest version.
You cannot flash the A9 OTA... because flashing an OTA is an oxymoron... but I guess you mean can you download the A9 firmware and flash them. The answer is... maybe. ZTE does not offer official downloads any A9 firmware for A2002U (USA version), only A10.
They do offer A9 firmware for A2020G (european) and I think other foreign versions (RU, CN). These cannot be interchanged, if you have the US or EU or CN phone you need to use that firmware... from what I have read. I could be wrong, I don't have those phones.
But there is an unofficial stock A9 firmware for the A2020U here on the forums, uploaded by @rafyvitto . That will get you to.. I forget.. 1.11? That can be flashed using the original EDL tool or, with a little modification, the EDL tools in this thread.
Additionally.. if I ever get around to it... I plan to upload all three A9 firmware packages for the US version which can be flashed with the EDL tools in this thread. Not sure if it's really necessary, but I have them.. it's just a matter of figuring out hosting them and spending the time to upload them.
Click to expand...
Click to collapse
Just wanted to chime in, interchanging firmware between each model is possible, you would only need to reflash your model/nonhos/tz partitions to the ones of your variant to have working ril/fod fp/sensors.

Ok Bob I gave it a go and successfully rooted my A2020U running stock A10 v2.09. This is my experience...
Firstly, my A2020U could not connect so I used the @Unjustified Dev Tool ("original tool") to easily determine my com port (i.e. 3). I edited the your scripts accordingly (using Notepad++) and got connected.
I'd rather not fiddle with the hardware buttons to change modes so I used the CLI to "adb reboot edl" to get into EDL mode.
I executed the backup_all.ps1 script.
It echoed several "warnings" indicating that it could not find files. However, the created backup folders did in fact include those files.
I noted that none of the "A" slot files include the "_a" postfix; the "B" slot files did include "_b".
Now I needed to transfer those boot files to my device by first rebooting my device and connecting via MTP.
I noted that the original tool offered a reboot menu option (but sadly only after executing a successful operation). So, not wanting to fiddle, I used the original tool to backup my boot files, then used the menu option to reboot; On my device I then manually selected it to connect via MTP.
After transferring the "boot.img" and "boot_b.img" files to my device, and installing Magisk Manager. I patched them and transferred them back to my PC.
To "flash" (restore) the patched files I decided to cut 'n' paste the two lines regarding them from your Reference.xml file into your rawprogram-specific-files.xml file, replacing your example lines.
I executed your run_write-files.ps1 script and it completed successfully.
Not wanting to fiddle again with the hardware buttons (just so that I can get the reboot option), I backed up the patched files using the original tool and rebooted. Now my device is successfully rooted.
Thank you!
Additional notes and suggestions:
1. Can you please investigate the "false" warnings? See my (redacted) log file attached;
2. It would be great if you could create/duplicate a script within your expanded tool set (or main program) to determine and set the appropriate COMPort (and teach us non-coders the actual commands);
3. Would you also consider investigating and including a reboot device script? (It looks like the original tool calls reset.xml);
4. Note that, at the time of reporting this, the latest versions for the Manager and Magsk are 8.02 (307) and 21.0 (21000) respectively, and that I had to switch the update channel to "beta" for the patched files to pass SafetyNet;
5. Because rooting is a likely use of your tool I am attaching my modified rawprogram-specific-files.xml file which targets the boot files for convenience.

bobthenormal said:
...
Additionally.. if I ever get around to it... I plan to upload all three A9 firmware packages for the US version which can be flashed with the EDL tools in this thread....
Click to expand...
Click to collapse
If this can help me get my A10 device to a state where I can install a custom recovery and cutom ROMs, I would appreciate it!

eKeith said:
Ok Bob I gave it a go and successfully rooted my A2020U running stock A10 v2.09. This is my experience...
Firstly, my A2020U could not connect so I used the @Unjustified Dev Tool ("original tool") to easily determine my com port (i.e. 3). I edited the your scripts accordingly (using Notepad++) and got connected.
I'd rather not fiddle with the hardware buttons to change modes so I used the CLI to "adb reboot edl" to get into EDL mode.
I executed the backup_all.ps1 script.
It echoed several "warnings" indicating that it could not find files. However, the created backup folders did in fact include those files.
I noted that none of the "A" slot files include the "_a" postfix; the "B" slot files did include "_b".
Now I needed to transfer those boot files to my device by first rebooting my device and connecting via MTP.
I noted that the original tool offered a reboot menu option (but sadly only after executing a successful operation). So, not wanting to fiddle, I used the original tool to backup my boot files, then used the menu option to reboot; On my device I then manually selected it to connect via MTP.
After transferring the "boot.img" and "boot_b.img" files to my device, and installing Magisk Manager. I patched them and transferred them back to my PC.
To "flash" (restore) the patched files I decided to cut 'n' paste the two lines regarding them from your Reference.xml file into your rawprogram-specific-files.xml file, replacing your example lines.
I executed your run_write-files.ps1 script and it completed successfully.
Not wanting to fiddle again with the hardware buttons (just so that I can get the reboot option), I backed up the patched files using the original tool and rebooted. Now my device is successfully rooted.
Thank you!
Additional notes and suggestions:
1. Can you please investigate the "false" warnings? See my (redacted) log file attached;
2. It would be great if you could create/duplicate a script within your expanded tool set (or main program) to determine and set the appropriate COMPort (and teach us non-coders the actual commands);
3. Would you also consider investigating and including a reboot device script? (It looks like the original tool calls reset.xml);
4. Note that, at the time of reporting this, the latest versions for the Manager and Magsk are 8.02 (307) and 21.0 (21000) respectively, and that I had to switch the update channel to "beta" for the patched files to pass SafetyNet;
5. Because rooting is a likely use of your tool I am attaching my modified rawprogram-specific-files.xml file which targets the boot files for convenience.
Click to expand...
Click to collapse
Nice! :good:
For the questions..
0. Thanks for the heads up on filenames! I completely missed that the _a files don't have the labels... As you probably noticed all the files are backed up correctly still (no missing/overwritten files), but I removed the _a from all the A slot files. That was my original "fix", so I guess I started building this package before I got annoyed by not having the _a/_b consistency. I'll update the correct XML file and upload it as a new version.
1. Don't worry about those! They're part of using the fh_loader interface. Warnings are usually just fine, ERRORS are bad. I'll add a note to the post when I get a chance so people don't get scared by that.
It's only when you do a backup the program is really only designed in the "writing" sense, for backups you literally run an identical XML to writing but you send a flag that reverses the process. So it weirdly checks if the files it is going to copy (which of course don't exist) exist, and it throws the standard warning, but then it just creates them (of course).
I can't turn those off without lowering the verbosity setting for that tool. I decided to leave it set to high because if someone has a problem and they post their log file (like so!) it's very useful to troubleshoot.
2. I'll think about it / try. Not very hard to program but a little time consuming.
I'll throw a copy of lsusb.exe in the next version. Windows port of the linux command. People can simply run that on a command prompt and it will list all the active COM ports/devices. If you're not familiar with it - you can also find out by clicking on the windows start bar or pressing the windows key and typing in "Device Manager". In the hardware list there is a category for COM ports where it lists them.
3. Yeah that's very easy I'll put one in the next version as well.
4. Helpful to know. Interesting that you needed beta to pass... I didn't think to mention I use the canary builds (not really recommended... the current one crashes when I try to hide Magisk Manager lol)
5. Thanks! Maybe I should make a directory specific to boot backup/write... but I do think anyone not comfortable doing the change you did might not want to be flashing their boot files anyway haha.. things to consider I guess.
As for getting you back from A10, definitely. I'll figure out how to upload them to one of those file sharing sites in a week or two.
In the mean time, with a backup from this tool you're safe (as far as bricking goes, you'll have to system wipe) to try rafy's EDL backup to revert to A9. I'll find the actual post... I should have been less lazy and linked it in my post lol... HERE - rafyvitto's EDL.
If flashing his backup doesn't boot right away try the tool I included to fix the bootable partition. If it still doesn't work after that (maybe mention here what happened) then just restore your backup.
Do you have the 128gb phone by chance?

Thanks much, especially for your detailed clarifications and convenient link!
I have the 8/256GB (P855A03_NA) model.
PS
I want to spend more time on ensuring I have a complete device backup before nuking with another EDL; will dedicate some time this week...
Sent from my ZTE A2020U Pro using Tapatalk

eKeith said:
Thanks much, especially for your detailed clarifications and convenient link!
I have the 8/256GB (P855A03_NA) model.
PS
I want to spend more time on ensuring I have a complete device backup before nuking with another EDL; will dedicate some time this week...
Sent from my ZTE A2020U Pro using Tapatalk
Click to expand...
Click to collapse
Oh nice, with the 256gb model you're good to use the userdata backup program too. Sounds ideal for you since, like me, you want a really bulletproof backup. If you run a full backup and then run the userdata backup you literally have a "phone state" so you can return your phone back to exactly where it was, not have to wipe system or anything.
Of course I'd hate to be wrong so as usual, do at your own risk! Lol. But I am using that method and it has worked great. The downside being over an hour of waiting for the userdata to download or upload... and having to store 256gb (for long term storage you can compress it down to literally a few gb).
I've been kinda busy, but working on getting some of those things from my last post done hopefully this week.

bobthenormal said:
Oh nice, with the 256gb model you're good to use the userdata backup program too. Sounds ideal for you since, like me, you want a really bulletproof backup. If you run a full backup and then run the userdata backup you literally have a "phone state" so you can return your phone back to exactly where it was, not have to wipe system or anything.
Of course I'd hate to be wrong so as usual, do at your own risk! Lol. But I am using that method and it has worked great. The downside being over an hour of waiting for the userdata to download or upload... and having to store 256gb (for long term storage you can compress it down to literally a few gb).
I've been kinda busy, but working on getting some of those things from my last post done hopefully this week.
Click to expand...
Click to collapse
That's great to know! Your user data backup option has simplified my life.
I will wait for your next revision to do a full backup plus user data before nuking.
I am looking forward to moving on from ZTE's A10 to one of Ray's ROMs...
Sent from my PH-1 using Tapatalk

Updated to 1.1a - kind of had to rush on some things so keep an eye out for mistakes, especially in the XML files, and let me know if you find any.
Should have an 1.09 (A9) firmware package up "Soon(TM)", just have to make the xml files then upload the file somewhere.
EDIT: Already needed to update to 1.1b - I found that the GPT_Tools had a big error that probably was there since 1.0 and no one noticed! Backups of the GPT should now actually work...

Thank you @bobthenormal !
Looking forward to your A9 EDL backup...
Sent from my PH-1 using Tapatalk

eKeith said:
Thank you @bobthenormal !
Looking forward to your A9 EDL backup...
Sent from my PH-1 using Tapatalk
Click to expand...
Click to collapse
It's up -- see the new thread.
I didn't have time to test it so make sure you backup but I'm 99,99% sure it will work. I tested it several times in the past, but to make the firmware package I took out all the (I hope) unnecessary files.
There's one thing I'm not sure of - whether you'll need to use the Fix Bootable tool after installing it. IF you need to, then I believe you will have to install it to partition B and then run fix bootable B. (The 1.10 backup was taken originally from the B partition).
If you find that it works without having to do that, let me know... it may not be necessary if wherever that bootable flag is stored didn't get included in the firmware package.

bobthenormal said:
It's up -- see the new thread.
I didn't have time to test it so make sure you backup but I'm 99,99% sure it will work. I tested it several times in the past, but to make the firmware package I took out all the (I hope) unnecessary files.
There's one thing I'm not sure of - whether you'll need to use the Fix Bootable tool after installing it. IF you need to, then I believe you will have to install it to partition B and then run fix bootable B. (The 1.10 backup was taken originally from the B partition).
If you find that it works without having to do that, let me know... it may not be necessary if wherever that bootable flag is stored didn't get included in the firmware package.
Click to expand...
Click to collapse
Thank you @bobthenormal !
I should be able to give it a go this weekend and inform...
Sent from my PH-1 using Tapatalk

I can't use the device in decrypted mode.

I'm curious whether every miatoll device has the same situation, not just me. I can use any rom. But I had to format data each time I try to flash a new rom. Basically, I can't use the device in decrypted mode. Or can we ?

Glad you fixed your problem. You can't edit system or vendor partition because of the implementation of dynamic partitions in Android 10. Read more about dynamic partitions and you will understand.

LoadOP2 said:
Glad you fixed your problem. You can't edit system or vendor partition because of the implementation of dynamic partitions in Android 10. Read more about dynamic partitions and you will understand.
Click to expand...
Click to collapse
Ya, that's what I was thinking. But I successfully managed to modify files under system too.
I simply rooted RR with magisk patched boot method. Then used Mixplorer to remove some system files & vendor files, & I successfully did it.
But, currently this thread topic is my problem (right now) . I'm solving slowly problem by problem, until I'll get desired results.