Hi everyone, this is a short guide on how to flash a GSI on the A7 Lite (without TWRP).
Its a nice little tablet for the price but it doesn't have a very powerful SOC and for me the One UI is barely usable on this device. The launcher and the whole system UI feel extremely laggy, but apps generally run fine.
I tried phhusson's custom Android 12 GSI and the device was almost resurrected. Much much less UI lag and the battery life is the same as stock ROM. The only thing i found not working is MTP but i don't need it.
Since i saw a couple users here asking about GSIs i decided to make a very simple guide.
As always do this at your own risk. You may brick your device. You will void your warranty.
Follow the guide only if you know what your are doing. Read each step carefully and avoid copy pasting stuff randomly.
I won't go deep into details as i believe you should have some basic knowledge if you decide to do this.
The procedure sould work for both T220 and T225 (i tested it on a T220).
I did this on Windows using WSL for some of the steps.
Sources
Thanks to @kkoo and @Brepro1 for the useful info
- https://forum.xda-developers.com/t/...sing-odin-without-twrp-phh-lineageos.4114435/
- https://forum.xda-developers.com/t/...r-img-and-flashing-our-modifications.4196625/
Requirements
- Unlocked bootloader
If you haven't done this already follow the steps in parts 1-2 from:
[TUTORIAL] How To Unlock & Root Tab A7 Lite T220/T225, & Install LSPosed, Magisk, Mods
While some of these instructions are copied from other sources, I combined all the different things I learned, because no one guide was sufficient, and all needed additional info, so I expanded it all to one place. Part I is partly from...
forum.xda-developers.com
- Latest official ROM
I used T220XXU1AVE1 for EUX region
Samsung Galaxy Tab A7 Lite Firmware Download SM-T220 Free Download
Samsung Galaxy Tab A7 Lite Firmware Download SM-T220 Free Download ⭐ Official and fast update ⭐ Max speed and free download ⭐ Best Samsung Galaxy website
samfw.com
- Download your preferred GSI
I used AOSP 12.1 v414 with gapps from phhusson
Releases · phhusson/treble_experimentations
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
- Clean vbmeta.img from Google
https://dl.google.com/developers/android/qt/images/gsi/vbmeta.img
Tools
- lz4
Releases · lz4/lz4
Extremely Fast Compression algorithm. Contribute to lz4/lz4 development by creating an account on GitHub.
github.com
- simg2img
[DEV][Tools] simg2img for Windows
Hello, although I'm working in Linux (VM too) I rewrote the SIMG2IMG so far for Windows (PE32, x86) Usage: simg2img.exe -i -o Optional: -d for debugging messages, listing all chunks of the image...
forum.xda-developers.com
- lpunpack and lpmake
[GUIDE] OTA Tools LPUnpack
Please see this URL https://android.googlesource.com/platform/build.git/+/eec4a7cba4face3370acb6293ab357879920b467 and this for more information. Hi everyone. I'm surprised I havent seen a thread about ota tools yet and lpunpack. This zip file...
forum.xda-developers.com
- tar-md5-script-tool
Use the attached tar-md5-script-tool.zip
Steps
1. Extract official ROM files (BL, AP, CP, CSC)
2. Extract AP .tar.md5
3. Decompress the extracted super.img.lz4
Code:
lz4 -d super.img.lz4 super.img
4. Convert the sparse super.img
Code:
simg2img super.img super.ext4.img
5. Unpack super.ext4.img
Code:
lpunpack super.ext4.img
I got 4 partitions in my image (should be the same for all T220/T225 ROMs):
- odm.img
- product.img
- system.img
- vendor.img
6. Replace system.img with your GSI (rename it to system.img)
7. Get the size of all partitions and the size of the original super.ext4.img (not the sparse super.img)
Code:
stat -c '%n %s' IMG_FILE.img
8. Repack super.img
Code:
lpmake --metadata-size 65536 \
--super-name super \
--metadata-slots 2 \
--device super:ORIGINAL_SUPER_IMG_SIZE \
--group main:SUM_OF_ALL_PARTITIONS_SIZES \
--partition odm:readonly:ODM_PARTITION_SIZE:main \
--image odm=./odm.img \
--partition product:readonly:PRODUCT_PARTITION_SIZE:main \
--image product=./product.img \
--partition system:readonly:SYSTEM_PARTITION_SIZE:main \
--image system=./system.img \
--partition vendor:readonly:VENDOR_PARTITION_SIZE:main \
--image vendor=./vendor.img \
--sparse \
--output ./super_new.img
Replace ORIGINAL_SUPER_IMG_SIZE, SUM_OF_ALL_PARTITIONS_SIZES, ODM_PARTITION_SIZE, PRODUCT_PARTITION_SIZE, SYSTEM_PARTITION_SIZE, VENDOR_PARTITION_SIZE with the values you obtained in step 7.
Read lpmake docs for a more detailed expalation of the args used above:
partition_tools - platform/system/extras - Git at Google
9. Compress the repacked super_new.img
Code:
lz4 -B6 --content-size super_new.img super_new.img.lz4
10. Compress the clean vmbeta.img
Code:
lz4 -B6 --content-size vbmeta.img vbmeta.img.lz4
11. Extract tar-md5-script-tool.zip
12. Put all the *.img.lz4 files extracted from AP .tar.gz in tar-md5-script-tool dir
13. Replace super.img.lz4 and vbmeta.img.lz4 in tar-md5-script-tool dir with your repacked and compressed super_new.img.lz4 (rename it to super.img.lz4) and the clean compressed vbmeta.img.lz4
14. Run batch.bat in tar-md5-script-tool dir
You will find the new AP .tar.md5 in the temp-folder subdir
15. Flash your custom AP .tar.md5 with Odin along with BL, CP, CSC from original ROM
16. Reboot into recovery and do a factory reset
17. Done
Can you share screenshot as I think treble projects are only stable on SD chipset.
Abish4i said:
Can you share screenshot as I think treble projects are only stable on SD chipset.
Click to expand...
Click to collapse
System lang is italian but should be easy to understand.
I found only a couple bugs so far in phhusson's GSI:
- in the launcher dragging apps from drawer to homescreen doesn't always work (just use another launcher)
- crashed once while searching in settings app
I use the tablet only for media consumption and some retrogaming, so there are probably other bugs i haven't noticed.
This is a generic guide, it won't include a "known issues" section since it largely depends on what GSI you choose.
I haven't tested this on the LTE version so i can't say for sure if mobile network works or not.
Unfortunately i don't have the time to make a custom ROM, test it and keep it updated here on the forum but maybe if there is enough interest someone will do it.
I hope other users will try to flash a GSI and share their experience here so we can gather some info on working/broken stuff, especially on the LTE model since i can't test that.
Hello,
I'm sorry but what am I missing here?
I'm a little fustrated cause after hours and hours of headaches I got to the second to last step which involves tar-md5-script-tool
I simply put all the .img.lz4 files from AP and replace super & vbmeta files which the ones that I converted and try to run the batch.bat as instructed.
However nothing happens and this is what the program spits out.
On the tar tool xda forum it says that it convers .img files, not .img.lz4 . Are we supposed to extract all the .img files from inside the .lz4 files?
I appreciate the guide but there are a lot of missing details I had to fill in and figure out myself, like the fact that from step 4 to step 8 you need to use WSL or a Linux distro (using simg2img for Windows messes things up so please use the one from otatools inside a linux bash)
Also for people that are not familiar with linux you need to type "./" in front of directed commands ( in this case ./simg2img ./lpunpack ./lpmake)
I'm not a developer or a programmer, maybe you wrote this guide for people more inclined to that, but for me this was pretty hard.
Noob here, but I'm running the "simg2img super.img super.ext4.img" and nothing happens for 5 min and when I'm aborting I'm getting a "Error reading sparse file header".
Any suggestions?
DanneSwe said:
Noob here, but I'm running the "simg2img super.img super.ext4.img" and nothing happens for 5 min and when I'm aborting I'm getting a "Error reading sparse file header".
Any suggestions?
Click to expand...
Click to collapse
Are you using the Windows version of simg2img? If yes, use the one from otatools inside Windows Subsystem for Linux
ReubenMCSM said:
Are you using the Windows version of simg2img? If yes, use the one from otatools inside Windows Subsystem for Linux
Click to expand...
Click to collapse
I can confirm simg2img doesn't seem to work on Windows, i used WSL.
@ReubenMCSM i will update the guide with more details in the future but i don't have much time right now.
For you specific issue, try to use the attached tar-md5-script-tool.
Great thanks!
What's the process with tar-md5-script-tool? Just moving the super.img to the folder and running the batch.bat didn't work the output file in the temp folder is 11 kb. Tried to change super.img to super.tar but no change.
Thanks for the tool, but unfortunately the output is the same, like the problem @DanneSwe has
It looks like the batch.bat script from the tar md5 tool linked in the guide is a bit different from the one i used. I will update the guide.
Try again with the version i attached in the post above.
- Extract the AP tar md5 from official rom
- Copy all .img.lz4 files in the tar-md5-script-tool folder
- Replace super.img.lz4 and vbmeta.img.lz4 (step 13)
- Launch batch.bat, output should look like this
- You will find AP_TAR_MD5_CUSTOM_FILE_ODIN.tar.md5 in temp-folder
It finally worked! I redid everything and also moved my folder to drive C instead of drive D, maybe this made the difference
ReubenMCSM said:
It finally worked! I redid everything and also moved my folder to drive C instead of drive D, maybe this made the difference
Click to expand...
Click to collapse
What GSI did you pick and could you upload the files you flashed?
I got simg2img to work by using
.\simg2img -i super.img -o super.ext4.img
packed img filename: super.img
output img filename: super.ext4.img
Wrote "super.ext4.img"
The lpunpack and lpmake step isnt working for me ive been at this for days, no luck.
Can someone please help me out by uploading custom AP .tar.md5(file with GSI, the modded one) along with BL, CP, CSC from original ROM to google drive?
thanks!
ramz.pa said:
The lpunpack and lpmake step isnt working for me ive been at this for days, no luck.
Can someone please help me out by uploading custom AP .tar.md5(file with GSI, the modded one) along with BL, CP, CSC from original ROM to google drive?
thanks!
Click to expand...
Click to collapse
I had the same issue. :/
Can someone help me with the T225 LTE model by compiling the AP please? Because for some reason the tar-md5-script tool isnt working for me
Thanks.
Successfully flashed GSI with magisk on my T220 following the OP's procedure. MTP is not working as the OP said. However, I can use my flash drive so I don't really miss MTP.
I chose "system-squeak-arm64-ab-vndklite-gapps-secure.img.xz" for GSI. "Treble Info" app can tell you what image would be compatible with your device.
If you want to use a different launcher like Nova instead of the default one, change the "Smallest width" setting from 600 to 598 in Developer options to hide the annoying taskbar.
AOSP-Mods and "Project Themer - Android 12+" work fine for me.
Here is my build for my device SM-T220 (SM-T220_EUX_T220XXU1AVE1):
GSI: system-squeak-arm64-ab-vndklite-gapps-secure.img.xz
Custom AP: https://www.filehosting.org/file/details/7045394/AP_TAR_MD5_CUSTOM_FILE_ODIN.tar.md5
Custom AP with Magisk patch: https://www.filehosting.org/file/details/7045714/magisk_patched-25101_cauJQ.tar
You can extract BL and Home_CSC from SM-T220_EUX_T220XXU1AVE1.
Notes: My device is actually SM-T220 XAR, but I have been updating it with SM-T220 EUX firmware versions without any issue.
Pleasance said:
Can someone help me with the T225 LTE model by compiling the AP please? Because for some reason the tar-md5-script tool isnt working for me
Thanks.
Click to expand...
Click to collapse
Here is the custom AP based on the following. Since I don't have SM-T225 device, can't verify it. However, I compiled the AP the same way I did for my SM-T220.
- SM-T225_EUX_T225XXU1AUJ1
- GSI: system-squeak-arm64-ab-vndklite-gapps-secure.img.xz
https://www.filehosting.org/file/details/7046296/AP_TAR_MD5_CUSTOM_FILE_ODIN.tar.md5
xpdragon said:
Here is the custom AP based on the following. Since I don't have SM-T225 device, can't verify it. However, I compiled the AP the same way I did for my SM-T220.
- SM-T225_EUX_T225XXU1AUJ1
- GSI: system-squeak-arm64-ab-vndklite-gapps-secure.img.xz
https://www.filehosting.org/file/details/7046296/AP_TAR_MD5_CUSTOM_FILE_ODIN.tar.md5
Click to expand...
Click to collapse
Thank you so much for compiling the AP for me bro but when i try to flash it with odin i get this error
<ID:0/004> Firmware update start..
<ID:0/004> SingleDownload.
<ID:0/004> preloader.img.lz4
<ID:0/004> FAIL!
For your information the current OS build on my tablet is INS with the baseband version of T225XXU1AVB2 and security patch of 1 Feb 2022 hope this helps you.
DanneSwe said:
What GSI did you pick and could you upload the files you flashed?
I got simg2img to work by using
.\simg2img -i super.img -o super.ext4.img
packed img filename: super.img
output img filename: super.ext4.img
Wrote "super.ext4.img"
Click to expand...
Click to collapse
GSI-12_SM-T220_EUX_T220XXU1AVE1_fac.zip
drive.google.com
Use this ONLY on SM-T220 (without SIM card) and on EUX version.
Pleasance said:
Thank you so much for compiling the AP for me bro but when i try to flash it with odin i get this error
<ID:0/004> Firmware update start..
<ID:0/004> SingleDownload.
<ID:0/004> preloader.img.lz4
<ID:0/004> FAIL!
For your information the current OS build on my tablet is INS with the baseband version of T225XXU1AVB2 and security patch of 1 Feb 2022 hope this helps you.
Click to expand...
Click to collapse
Here is GSI build for SM-T225_INS_T225XXU1AVB2
https://www.filehosting.org/file/details/7129248/GSI-12_SM-T225_INS_T225XXU1AVB2.zip
Related
With the advent of Blackrose custom HBOOT which gives us S-OFF, we can now resize the MTD partitions of our N1. This method is the one used by lbcoder in the Desire thread where you patch the recovery and boot in order to pass modified MTD partition information which supersedes the one provided by the SPL. Using this, I've managed to increase my userdata partition by ~50 MB by taking ~50 MB from the cache partition.
These instructions are for advanced users only. This will involve hex calculations and command line instructions that are not for the faint of heart. I don't believe it's dangerous though so anyone could still try since I will try to make these instructions as detailed as I possibly can.
What you need:
N1 with Blackrose HBOOT (I'm not sure this is needed though after I read more in-depth about the patch)
hex calculator (or a pencil & paper if you want to do it manually)
adb
fastboot
unpack-bootimg.pl
mkbootimg
recovery.img <- in my case I used ClockWorkMod 5.0.2 from here
boot.img <- taken from CM zip (in my case my KANG)
Partition Layout:
0x000003ee0000-0x000003fc0000 : "misc"
0x000004240000-0x000004640000 : "recovery"
0x000004640000-0x0000049c0000 : "boot"
0x0000049c0000-0x00000dac0000 : "system"
0x00000dac0000-0x0000139c0000 : "cache"
0x0000139c0000-0x00001fe00000 : "userdata"
Partition Sizes in Hex:
0x0000000e0000 : "misc"
0x000000400000 : "recovery"
0x000000380000 : "boot"
0x000009100000 : "system"
0x000005f00000 : "cache"
0x00000c440000 : "userdata"
Step-by-step Instructions:
A>Backup your current system: (OPTIONAL)
*I'm assuming you're using CWM 5.0.2 for the backup step since I tried using 3.X and the restore didn't work
1.) Boot your N1 into recovery using either adb reboot recovery or through the bootloader
2.) Backup your current system (I'm going to assume you know how to use your recovery for this)
B>Calculate new MTD parameter values:
*For this example I'm going to transfer ~50MB of cache space to my userdata partition:
1.) Since I know the cache partition is ~100MB in size, I'll just divide the hex size in 2:
0x5f00000 / 2 = 0x2f80000 <= this will be our new cache size
**Note that there is a minimum of 0x20000 (128k) for a partition and the size must be divisible by it which is why I'm playing safe and just dividing the original number in order to get an easier value for this example.
2.) Add the new cache partition size to the original cache partition starting address to get the new starting address of the userdata partition:
0xdac0000 + 0x2f80000 = 0x10a40000 <= this will be the new starting address for userdata
3.) Get the new userdata size by subtracting the new starting address of userdata with the ending address:
0x1fe00000 - 0x10a40000 = 0xf3c0000 <= this will be the new userdata size
C>Create a new recovery.img file which uses the new values:
1.) Breakdown the recovery.img file into it's kernel and ramdisk components using unpack-bootimg.pl:
.\unpack-bootimg.pl recovery.img
*This will yield 2 files and 1 directory. You can delete the directory since we only need the files.
2.) Rename the kernel from the recovery.img-kernel.gz made from unpack-bootimg.pl to recovery.img-kernel.
3.) Create the recovery-new.img file using mkbootimg with the new MTD command embedded:
mkbootimg --cmdline 'no_console_suspend=1 console=null mtdparts=msm_nand:[email protected](misc),[email protected](recovery),[email protected](boot),[email protected](system),[email protected](cache),[email protected](userdata)' --kernel recovery.img-kernel --ramdisk recovery.img-ramdisk.cpio.gz -o recovery-new.img --base 0x20000000
*Note that the values for cache starting address, userdata starting address and userdata size have been changed to the newly calculated values in the previous step.
**This will yield recovery-new.img which will be used in the next steps.
D>Create a new boot.img file which uses the new values:
1.) Breakdown the boot.img file into it's kernel and ramdisk components using unpack-bootimg.pl:
.\unpack-bootimg.pl boot.img
*This will yield 2 files and 1 directory. You can delete the directory since we only need the files.
2.) Rename the kernel from the boot.img-kernel.gz made from unpack-bootimg.pl to boot.img-kernel.
3.) Create the boot-new.img file using mkbootimg with the new MTD command embedded:
mkbootimg --cmdline 'no_console_suspend=1 wire.search_count=5 mtdparts=msm_nand:[email protected](misc),[email protected](recovery),[email protected](boot),[email protected](system),[email protected](cache),[email protected](userdata)' --kernel boot.img-kernel --ramdisk boot.img-ramdisk.cpio.gz -o boot-new.img --base 0x20000000
*Note that the values for cache starting address, userdata starting address and userdata size have been changed to the newly calculated values in the previous step.
**This will yield boot-new.img which will be used in the next steps.
E>Flash the recovery-new.img:
1.) Boot into bootloader and use fastboot command to flash the new recovery:
fastboot flash recovery recovery-new.img
F>Make system operational:
1.) Boot into recovery mode.
2.) Erase everything (factory reset)
3.) Either:
- Flash the ROM you took the original boot.img from OR
- Restore the backup you made previously (this only works (or has been tested) on CWM 5.0.2)
4.) DO NOT REBOOT YET!!!
G>Flash modified boot.img:
1.) Use adb to reboot to bootloader directly from recovery: (this is for safety since if you boot from an unmodified boot.img you'll have to start from F again.
adb reboot bootloader
2.) Use fastboot to flash the new boot image:
fastboot flash boot boot-new.img
3.) You may restart normally.
For those who've read this far, everything above has been rendered obsolete! Here's an editor for the SPL itself for the partition sizes:
http://intersectraven.euroskank.com/tools/SPLHexEditor.exe
*Instructions are in dla5244's thread 2nd post.
Try it at your own risk though!
Credits:
dla5244 - for bringing S-OFF to our N1 even after a looong time since its release
Firerat - for the original patch idea
Lbcoder - for coming up with the idea in the Desire thread
Reserved!
(I'm learning to reserve now... )
2 Questions:
Is the userdata space where downloaded apps go?
why didn't you choose any other partition to transfer empty space from?
drzplaya1121 said:
2 Questions:
Is the userdata space where downloaded apps go?
why didn't you choose any other partition to transfer empty space from?
Click to expand...
Click to collapse
1.) Yes.
2.) This is a sample. If you want to transfer from system or to system from cache, this example will show you how to do so.
thank U. Now I have no need to buy a new phone because of constantly running out of memory
Does it mean that every time I flash a new kernel, the whole effort will go waste?
Also, can I use the same procedure for Amon RA recovery??
rjmohit said:
Does it mean that every time I flash a new rom (which obviously has a different boot.img), the whole effort will go waste?
Also, can I use the same procedure for Amon RA recovery??
Click to expand...
Click to collapse
For that you need to do only steps D, F and G. If you flash only a kernel which uses koush's anykernel updater, you don't need to do anything.
intersectRaven said:
For that you need to do only steps D, F and G. If you flash only a kernel which uses koush's anykernel updater, you don't need to do anything.
Click to expand...
Click to collapse
Thanks.
One more silly question
Will the following procedure work.
1. Flash any ROM.
2. Then flash the modified boot.img (which may not belong to that ROM).
3. Then optionally flash the desired kernel.
rjmohit said:
Thanks.
One more silly question
Will the following procedure work.
1. Flash any ROM.
2. Then flash the modified boot.img (which may not belong to that ROM).
3. Then optionally flash the desired kernel.
Click to expand...
Click to collapse
Yeah. That would work since you're replacing the kernel anyways. What's important is that the kernel is compatible with the ROM.
Well done IR cannot wait to resize my data partition..
Okay, I extracted the recovery.img file, now when I try to extract recovery.img-kernel.gz, it gives the following error: not in gzip format. Exactly same happens for boot.img. I tried extracting it with different extractors on windows and ubuntu, nothing worked. Pls help.
I don't like using MTD because over time you will notice lag. If your already using sd-ext then your data is basically not being used. And I believe that cache never gets past 50% usage. Just putting in my two cents
rjmohit said:
Okay, I extracted the recovery.img file, now when I try to extract recovery.img-kernel.gz, it gives the following error: not in gzip format. Exactly same happens for boot.img. I tried extracting it with different extractors on windows and ubuntu, nothing worked. Pls help.
Click to expand...
Click to collapse
That's odd. In my installation, it worked flawlessly. Were there no errors during the run of unpack?
blahbl4hblah said:
I don't like using MTD because over time you will notice lag. If your already using sd-ext then your data is basically not being used. And I believe that cache never gets past 50% usage. Just putting in my two cents
Click to expand...
Click to collapse
intersectRaven said:
That's odd. In my installation, it worked flawlessly. Were there no errors during the run of unpack?
Click to expand...
Click to collapse
Nope. No errors. :-/
rjmohit said:
Nope. No errors. :-/
Click to expand...
Click to collapse
Found the problem. It seems it was never compressed in the first place. Ark sees this and just copies the file without the .gz extension.
*Instructions edited accordingly.
I may sound a bit noobish, but I'm facing one more hindrance:
How exactly do I run the mkbootimg file in the ubuntu terminal? I mean, can you give me the exact syntax?
I was facing a similar problem with the perl script, but then I found a solution on google, but didnt find anything for the mkbootimg. Can I run it under windows cmd?
rjmohit said:
I may sound a bit noobish, but I'm facing one more hindrance:
How exactly do I run the mkbootimg file in the ubuntu terminal? I mean, can you give me the exact syntax?
I was facing a similar problem with the perl script, but then I found a solution on google, but didnt find anything for the mkbootimg. Can I run it under windows cmd?
Click to expand...
Click to collapse
I already posted the syntax in the instructions. You just need to make sure the mkbootimg file has execute permissions in order for it to run.
Updated OP with SPL editor program.
intersectRaven said:
Updated OP with SPL editor program.
Click to expand...
Click to collapse
I tried your program. Everything worked fine. Just that my /cache now shows 290 MB free, while I had resized it to 20 MB!! Is that a bug? /system & /data show proper sizes though. thanks.
rjmohit said:
I tried your program. Everything worked fine. Just that my /cache now shows 290 MB free, while I had resized it to 20 MB!! Is that a bug? /system & /data show proper sizes though. thanks.
Click to expand...
Click to collapse
Is it the display on the program or display on the Android device when booted?
Wait, I found it. It's a bug. Thanks! I'll edit it when I get home. For now, please double check the values by reopening the made file before flashing. If the values are incorrect, please DON'T FLASH!!!
The Problem
TLDR: In Oreo ROMs, i.e. Android 8.0/8.1, DualBoot Patcher no longer works, as patched ROMs/kernels will get stuck on Android logo screen(for the Axon 7, it's the 'ZTE, POWERED BY android' screen), and never boot up.
In Oreo(Android 8.0/8.1), Google introduced a new function to fstab, which is early mounting specific partitions. The purpose was so that Android can boot up faster, by ensuring that essential partitions like /system and /vendor are mounted first and the boot process will not be held back by delays in non-essential things like setting up apps. More details can be found here. So the important changes that affect DualBoot Patcher are: 1) There's an important file 'fstab.qcom', which lists all the partitions that Android can use, that got shifted from the '/' directory(the root partition/ramdisk, Android 7.x and below) to the '/system/vendor/etc' directory(in Android 8.x) 2) In addition, another file 'init.qcom.rc', once found in the '/' directory too(in Android 7.x and below), is now shifted to '/system/vendor/etc/init/hw' directory(in Android 8.x) 3) Because of 1), 'init.qcom.rc' now believes that 'fstab.qcom' is in '/system/vendor/etc' and not '/', and so it asks Android to read 'fstab.qcom' from '/system/vendor/etc' 4) In the 'fstab.qcom' file, there are entries for all partitions except /system(and /vendor for Treble devices). For these 2 partitions, they are now found in the dtb(short for Device Tree Binary). How does this affect DualBoot Patcher? 1) DualBoot Patcher expects that 'fstab.qcom' is still in '/' directory(correct me if I'm wrong), so it fails to find this file in Android 8.x ROMs/kernels 2) DualBoot Patcher expects that '/system' is still defined in 'fstab.qcom', which is not the case. Below are the exact changes that Google made(in the case of our Axon 7), note the red parts(the changes):
fstab.qcom(the strike means those lines are now removed/gone)
Code:
/dev/block/bootdevice/by-name/recovery /recovery emmc defaults defaults
[STRIKE][COLOR="red"]/dev/block/bootdevice/by-name/system /system ext4 ro,barrier=1,discard wait[/COLOR][/STRIKE]
init.qcom.rc
Code:
on fs
wait /dev/block/platform/soc/${ro.boot.bootdevice}
symlink /dev/block/platform/soc/${ro.boot.bootdevice} /dev/block/bootdevice
mount_all [COLOR="Red"]/vendor/etc/fstab.qcom[/COLOR]
dtb(converted into dts with dtc)
Code:
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc/7464900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,discard";
fsmgr_flags = "wait";
status = "disabled";
};
[COLOR="red"]system {
compatible = "android,system";
dev = "/dev/block/platform/soc/624000.ufshc/by-name/system";
type = "ext4";
mnt_flags = "ro,barrier=1,discard";
fsmgr_flags = "wait";
status = "ok";
};[/COLOR]
};
The Solution
There are 3 changes to make for each ROM/kernel: 1) Edit fstab.qcom, dtb and init.qcom.rc 2) Add fstab.qcom and init.qcom.rc back into the ramdisk(i.e. edit the ramdisk) 3) Delete '/system/vendor/etc/fstab.qcom' and '/system/vendor/etc/init/hw/init.qcom.rc'. There are 2 ways you can do this, either manually, or with my script(Work in progress, my sincere apologies)
Method 1: Manually modify ROM and kernel
Files you will need:
Note: the 'files.zip' attached below contains 'dtc', 'magiskboot', 'mkbootimg', 'unpackbootimg'. Extract it to get these files. Feel free to scan them for viruses, I assure you they are clean and not viruses for sure
- boot.img you want to patch
- init.qcom.rc, fstab.qcom from the ROM you are patching
- magiskboot binary(found in /data/magisk or /data/adb/magisk if you installed magisk, otherwise download the one attached below)
- dtc binary(download the one attached below)
If you are patching Hellsgate or Schwifty, you also need:
- unpackbootimg, mkbootimg(attached below)
- Image.gz-dtb(from the flashable zip of the kernel)
Note: You also need a boot.img, but this will be from the ROM you are flashing/have flashed(extract from the ROM zip)
Preliminary step: Prepare the files
- Before you start, I would recommend copying all the files into a directory where you can chmod/execute binaries. I personally recommend '/data/local/tmp', or '/cache'(anywhere in /cache is fine). The guide below assumes that all these files are in the same directory. Also, chmod all the binaries, for example, do this in your working directory:
Code:
chmod 0755 *
- Also, I would recommend backing up 'fstab.qcom' and 'init.qcom.rc'
Additional Step: If you wish to patch kernels like Hellsgate and Schwifty
- First, unpack your ROM's stock kernel:
Code:
./unpackbootimg -i boot.img
- Then, repack the kernel as a Hellsgate/Schwifty kernel:
Code:
./mkbootimg --kernel Image.gz-dtb --ramdisk boot.img-ramdisk.gz --cmdline "androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x237 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 [email protected] androidboot.selinux=permissive buildvariant=userdebug" --base 80000000 --pagesize 4096 --kernel_offset 00008000 --ramdisk_offset 01000000 --second_offset 00f00000 --tags_offset 00000100 --os_version 8.1.0 --os_patch_level [COLOR="red"]2018-06[/COLOR] --hash sha1 --output ./boot-new.img
- Note: For the red part in the above command, adjust for the month that your desired kernel is released. E.g. If your desired kernel was released in 2018 June, you put '2018-06', while if it was released in 2018 July, you put '2018-07', and so on.
- From now on, take note that everytime I mention 'boot.img', for you, it will be 'boot-new.img'(I'll bold each one that you have to change to 'boot-new.img')
Step 1: Unpack the boot.img
Code:
./magiskboot --unpack [COLOR="red"]boot.img[/COLOR]
- Now you get 3 additional files: 1) kernel(not editing this) 2) ramdisk.cpio(gonna edit this) 3) dtb(also editing this)
Step 2: Decompile the dtb
Note: dtb is a BINARY so don't open it with a text editor
Code:
./dtc -I dtb -O dts -o dt.txt dtb
- Another note: It will probably give you a lot of warnings, but it's harmless so just ignore them(I've edited multiple kernels and tested them myself, no bugs so far)
Step 3: Edit the decompiled dts
- Open the created 'dt.txt' with a root text editor(I use Simple Explorer, you can use FX file explorer, or ES file explorer)
- Search for this word:
Code:
/system
. You should find this line:
Code:
dev = "/dev/block/platform/soc/624000.ufshc/by-name/system";
- Remove the entire chunk quoted below:
Code:
system {
compatible = "android,system";
dev = "/dev/block/platform/soc/624000.ufshc/by-name/system";
type = "ext4";
mnt_flags = "ro,barrier=1,discard";
fsmgr_flags = "wait";
status = "ok";
};
- Take note that you will have to remove 1 '};'(at the bottom of the above quote), nothing more, nothing less
Step 4: Recompile the dtb
Code:
./dtc -I dts -O dtb -o dtb1 dt.txt
- Again, it might give you a lot of warnings but just ignore them
- Also, rename the new dtb so that magiskboot will compile this new dtb into your modified kernel:
Code:
mv dtb dtb.bak
Code:
mv dtb1 dtb
Step 5: Edit fstab.qcom
- Open 'fstab.qcom' file with a root text editor
- Add the following red line, below the line about '/recovery', above the line about '/data':
Code:
/dev/block/bootdevice/by-name/recovery /recovery emmc defaults defaults
[COLOR="red"]/dev/block/bootdevice/by-name/system /system ext4 ro,barrier=1,discard wait[/COLOR]
/dev/block/bootdevice/by-name/userdata /data f2fs nosuid,nodev,noatime,nodiratime,data_flush wait,check,encryptable=/dev/block/bootdevice/by-name/cryptkey,quota,formattable[/CODE]
- Save the 'fstab.qcom' file
Step 6: Edit init.qcom.rc
- Open 'init.qcom.rc' with a root text editor
- Look for this line:
Code:
mount_all /vendor/etc/fstab.qcom
- Change it into this line:
Code:
mount_all [COLOR="red"]/fstab.qcom[/COLOR]
- Save the 'init.qcom.rc' file
Step 7: Modify kernel ramdisk
-First do:
Code:
./magiskboot --cpio ramdisk.cpio 'add 0640 fstab.qcom fstab.qcom'
- Then do:
Code:
./magiskboot --cpio ramdisk.cpio 'add 0750 init.qcom.rc init.qcom.rc'
Step 8: Create a new, DBP-compatible boot.img
Code:
./magiskboot --repack [COLOR="red"]boot.img[/COLOR]
- You will get a new boot.img, named 'new-boot.img'
Step 9: Install the modified kernel
- First, flash the boot.img(using TWRP or Flashify or another tool)
- Then, delete these 2 files:
Code:
/system/vendor/etc/fstab.qcom
and
Code:
/system/vendor/etc/init/hw/init.qcom.rc
- Note: Make sure you do not reboot after installing boot.img and before deleting the above 2 files
That's it! If you completed all the steps above properly, you should have a working DBP-compatible boot.img that you can put in a flashable zip and patch with DualBoot Patcher
if you don't know how to make a flashable zip to install your modified boot.img, you can use the one I attached below(named 'flashable-kernel-template.zip'). What you have to do is download it, then extract it and make a new zip containing your modified boot.img(basically, create a new zip with the 'META-INF' folder from my zip and your 'boot.img'. The zip automatically deletes
Code:
/system/vendor/etc/fstab.qcom
and
Code:
/system/vendor/etc/init/hw/init.qcom.rc
so you won't need to do this yourself
Note: If you are using my flashable zip, note that you have to rename your modified 'new-boot.img' to 'boot.img' before you compress it into a new flashable zip. Otherwise you will get an error when flashing in recovery
Note 2: Avoid using the flashable zip template for non-modified kernels, it can render your ROM unable to boot!
Method 2: Work in Progress
Method 2: Use my automated script
Please do leave feedback on whether this guide is clear, and also if any of the steps are not working for you! Happy Dualbooting
Sources:
Github Problem Discussion
Problem Solution
Reserved 1
Reserved 2
This is going to be useful. Personally I just want to run custom O as primary and N as a secondary. Mainly because O doesn't have properly working Daydream and for a couple of games that aren't compatible anymore with O. If I'm only trying to attach LOS14.1 as secondary I wouldn't need to patch anything extra O from this guide? Though I can't install the patched ROM it gives an error.
Edit: Oops missed reading from the old guide the primary ROM needs to be stock. I guess I need to patch then. Do I need Linux to do all the editing?
Infy_AsiX said:
This is going to be useful. Personally I just want to run custom O as primary and N as a secondary. Mainly because O doesn't have properly working Daydream and for a couple of games that aren't compatible anymore with O. If I'm only trying to attach LOS14.1 as secondary I wouldn't need to patch anything extra O from this guide? Though I can't install the patched ROM it gives an error.
Edit: Oops missed reading from the old guide the primary ROM needs to be stock. I guess I need to patch then. Do I need Linux to do all the editing?
Click to expand...
Click to collapse
Actually yeah, if your custom O is primary you don't need to patch it(the kernel, I mean)! You still need to patch the ROM so that it doesn't wipe /system when you OTA update your custom O, which means you need an unpatched custom O stock kernel flsshable zip(sorry for the mouthful). But if you don't OTA update then no need The last I tried, using stock ROM as secondary worked for me though? Didn't find any issues. But I might just be lucky, be careful if you try that.
As for your last question, nope all these commands are meant for Terminal Emulator app on an Android phone! Just use the binaries in the attached files.zip, they are all compiled for Android and do not work on Linux desktops. All the best If you need help just ask here!
haoyangw said:
Actually yeah, if your custom O is primary you don't need to patch it(the kernel, I mean)! You still need to patch the ROM so that it doesn't wipe /system when you OTA update your custom O, which means you need an unpatched custom O stock kernel flsshable zip(sorry for the mouthful). But if you don't OTA update then no need The last I tried, using stock ROM as secondary worked for me though? Didn't find any issues. But I might just be lucky, be careful if you try that.
As for your last question, nope all these commands are meant for Terminal Emulator app on an Android phone! Just use the binaries in the attached files.zip, they are all compiled for Android and do not work on Linux desktops. All the best If you need help just ask here!
Click to expand...
Click to collapse
Figured out the error after dual boot patch on LOS14.1 was my mistake in modifying the update-script incorrectly. Nothing to do with N/O/this guide. However now I tried installing it to data slot so dirty flashing and restoring the system partition won't be complicated. The issue is trying to boot primary it vibrates five times at ZTE logo and goes to recovery. Trying to switch to primary in dualbootutilities gives an error something like (from memory) data/media/0/boot.img cannot be found. I guess DBP installed even on data changes the structure of boot and primary on O doesn't fit so can't boot. Just want your advice, it probably means patching O when O is primary is necessary then?
Infy_AsiX said:
Figured out the error after dual boot patch on LOS14.1 was my mistake in modifying the update-script incorrectly. Nothing to do with N/O/this guide. However now I tried installing it to data slot so dirty flashing and restoring the system partition won't be complicated. The issue is trying to boot primary it vibrates five times at ZTE logo and goes to recovery. Trying to switch to primary in dualbootutilities gives an error something like (from memory) data/media/0/boot.img cannot be found. I guess DBP installed even on data changes the structure of boot and primary on O doesn't fit so can't boot. Just want your advice, it probably means patching O when O is primary is necessary then?
Click to expand...
Click to collapse
Oh you mean you flashed custom O, and after that you flashed you N data slot ROM? You're partially right, if you flash your data slot ROM after a non-patched ROM, you'll have the data slot kernel installed i.e. the LOS 14.1 stock kernel, which cannot boot an O ROM. This is because DBP works by storing multiple kernels on your /data/media/0/Multiboot folder, when you 'switch ROMs' actually what happens is DBP flashes the kernel of the ROM you're switching to. Obviously a N kernel cannot boot an O ROM so you cannot boot. Unfortunately, DBP only stores kernels that you flash with patched zips(i.e. if you flash a DBP-patched ROM/kernel zip, only then will DBP store the kernel in its custom Multiboot folder). So because you didn't patch your O primary ROM, its kernel is not saved and you cannot use DBPUtilities. What you can do is either make your own non-patched kernel zip file for your O ROM's stock kernel that you flash everytime you want to switch to primary, or you patch your primary ROM and then you can use DBPUtilities. However B01 kernel has a slightly different precedure for adding DBP support that this guide doesn't explain(I'm sorry) I'll update it when I find time. Don't follow this guide to patch B01! It won't boot, I tried But I know what changes to make when modifying a B01 kernel don't worry
lost this post when I pressed reply. This RR-O Kranoner 20180511 has the fstab.qcom and init.qcom.rc still on root / directory. But patching only DBP patching hellsgate kernel after having LOS14.1 on data slot 1 still has the same issue. Alternatively installing the mod boot.img allows primary to boot but after using DBP utilities to switch to data slot 1 (onscreen says success) the data slot 1 gets stuck on ZTE logo with 5 vibrates instead. Even tried flashing the final Beastmode 14.1 kernel DBP patched to data slot 1 after switched, five vibrates to recovery.
Lost Magisk install after step nine. Just reinstalling it is fine. Did you forget the flashable zip template by the way?
Infy_AsiX said:
lost this post when I pressed reply. This RR-O Kranoner 20180511 has the fstab.qcom and init.qcom.rc still on root / directory. But patching only DBP patching hellsgate kernel after having LOS14.1 on data slot 1 still has the same issue. Alternatively installing the mod boot.img allows primary to boot but after using DBP utilities to switch to data slot 1 (onscreen says success) the data slot 1 gets stuck on ZTE logo with 5 vibrates instead. Even tried flashing the final Beastmode 14.1 kernel DBP patched to data slot 1 after switched, five vibrates to recovery.
Lost Magisk install after step nine. Just reinstalling it is fine. Did you forget the flashable zip template by the way?
Click to expand...
Click to collapse
Oh hmm did you install the right version of Hellsgate for your data slot 1? I think LOS 14.1 needs a very old version(R2.1? I think). I'm not sure about beastmode kernel though, I'm sorry And thanks for the reminder about the zip template, o dear I forgot about it I'll upload it now!
haoyangw said:
Oh hmm did you install the right version of Hellsgate for your data slot 1? I think LOS 14.1 needs a very old version(R2.1? I think). I'm not sure about beastmode kernel though, I'm sorry And thanks for the reminder about the zip template, o dear I forgot about it I'll upload it now!
Click to expand...
Click to collapse
Sorry that post was worded poorly due to rushed recalling. I meant RR-O primary had Hellsgate kernel patched by this guide, which shouldn't be necessary as the two issue ROM files are still on root directory (patching with DBP instead didn't work as I posted before)? Still had to install the mod boot.img to manage to boot but then data slot 1 LOS14.1 won't boot. I was going to try patching with this guide the kernel I intend for LOS14.1 but it's lacking the image.gz-dtb file, I'd only patched it with DBP and that should be enough as it's an N ROM. I guess I could use an older hellsgate suited to N but Beastmode was updated til a little later so I'd prefer it.
Thanks for the zip template. Just checking, it's not actually needed if I can just install the modded boot.img directly in TWRP anyway?
Infy_AsiX said:
Sorry that post was worded poorly due to rushed recalling. I meant RR-O primary had Hellsgate kernel patched by this guide, which shouldn't be necessary as the two issue ROM files are still on root directory (patching with DBP instead didn't work as I posted before)? Still had to install the mod boot.img to manage to boot but then data slot 1 LOS14.1 won't boot. I was going to try patching with this guide the kernel I intend for LOS14.1 but it's lacking the image.gz-dtb file, I'd only patched it with DBP and that should be enough as it's an N ROM. I guess I could use an older hellsgate suited to N but Beastmode was updated til a little later so I'd prefer it.
Thanks for the zip template. Just checking, it's not actually needed if I can just install the modded boot.img directly in TWRP anyway?
Click to expand...
Click to collapse
Oh you're right, if the 2 files are still present you don't have to patch using this guide. Just checking, what version of hellsgate are you using for primary? And yes you're right! N ROMs/kernels don't have to be patched with this guide for DBP I'm not very sure why you can't boot and get the 5 led flashes though
As for your last question, you're right no need this zip in you install using TWRP.
haoyangw said:
Oh you're right, if the 2 files are still present you don't have to patch using this guide. Just checking, what version of hellsgate are you using for primary? And yes you're right! N ROMs/kernels don't have to be patched with this guide for DBP I'm not very sure why you can't boot and get the 5 led flashes though
As for your last question, you're right no need this zip in you install using TWRP.
Click to expand...
Click to collapse
The last B32+10 hellsgate v3.0. Dunno but the guide did manage to allow primary to boot whereas it wouldn't before. Both N hellsgate and beastmode are lacking the image.gz-dtb so I can't patch them. I guess I'll try stock next, I really wanted KCAL to use on Daydream tho ::crying:. If that fails I might try stock N as primary when I'm about to clean flash update O.
Infy_AsiX said:
The last B32+10 hellsgate v3.0. Dunno but the guide did manage to allow primary to boot whereas it wouldn't before. Both N hellsgate and beastmode are lacking the image.gz-dtb so I can't patch them. I guess I'll try stock next, I really wanted KCAL to use on Daydream tho ::crying:. If that fails I might try stock N as primary when I'm about to clean flash update O.
Click to expand...
Click to collapse
Oh dear I'm sorry to hear Just checking are you using LOS 14.1 builds from 2018? I might know what's wrong
haoyangw said:
Oh dear I'm sorry to hear Just checking are you using LOS 14.1 builds from 2018? I might know what's wrong
Click to expand...
Click to collapse
yeah latest official
Sent from my Xperia Z3C using XDA Labs
Infy_AsiX said:
yeah latest official
Click to expand...
Click to collapse
Oh I probably should add this in the OP, Nougat builds with 2018 Security patch level behaves the same way as Oreo ROMs, they also have the init.qcom.rc and fstab.qcom in /system. So I would believe that latest LOS 14.1 also needs the exact same patching method as Oreo(if you can check and confirm this that'll be great). I haven't analysed the Nougat hellsgate and beastmode kernels so I'm not sure how to patch them, I'll let you know asap when I find out something. Sorry about the mistake, I didn't realise there's still a Nougat ROM being regularly updated
Great thanks for the guide and mods. Sorry for the late follow up, it did take awhile to get working. After some confusion and trouble with figuring out how some O ROMs still don't use the early mount method. While N ROM and kernels don't in fact need patching by this guide. Also B12 can't be dual booted with any N ROMs due to bootstack incompatibility (flashing bootstack after a DBP install doesn't seem to take effect to help). My target kernel was Hellsgate 3 for B32+10, which oddly needed fstab.qcom modded per guide but not init.qcom.rc all despite the kernel being for non early mount ROMs. Yes really, after all of that figured out, I got it working!
I'm glad to report it works as intended with the right setup. Now with B12 ROMs currently all affected by the wired audio cpu extra 50% load bug, using B32+10 is a working fallback. The trade off being apparently dual-sim issues (reported by some as present, some not), no GCam HDR support and improper hi-res audio support (though hi-fi DAC was already working and hi-res is debatably useless). In any case if dual booting O with N is desired B32+10 is the latest supported available with above stated differences. This is the only way presently for using a stable-ish O ROM and N's fully functioning Daydream and a couple of AAA games deprecated after N such as Fahrenheit: Indigo Prophecy and Jade Empire. Now I can also play around testing Kranoner's N Vertex EAS supported ROM and kernel.
I've attached the B32+10 Hellsgate 3 modded per this guide using Kranoner's 180511 RR-O for anyone interested in getting it straight working without the mess. A few pointers. The zip still needs needs to be patched to primary/secondary/whatever chosen slot before use. Magisk has to be reinstalled after installing the modified kernel, primary Magisk zip does not need DB patching. Using secondary slot, to fill up like huge wasted space 6GB system partition is smart if you're not installing many apps.
Sent from my ZTE Axon 7 using XDA Labs
////[removed]////
Tried this with my device and it didn't work. Alcatel Tetra with 8.1 Stock. Runs GSI images up to 10. MT6739 SOC. Doesn't boot if you simply remove the entry. Couldn't even change ro to rw and have it boot. I was able to remove verify and that was about it. I was able to get the fstab and init file migrated back to ramdisk and it booted once i modified the init file to point to the right locations. I got DBP supporting my treble device properly. The last step is to figure out how to disable/remove the system early mount. This topic seems dead but I figure it's worth a try. I've been working on this Project on and off for 2+ months now and would really like to hit paydirt.
you do realize this is an Axon7 thread , yes?
mrrocketdog said:
you do realize this is an Axon7 thread , yes?
Click to expand...
Click to collapse
I'm Sure he's not lost .
U realize this is a place Dev's take ideas from each other and try to port it to other devices Right?
Recently purchased an iplay 7t after reading the xda review. This is replacing an LG v400 tablet that I had rooted. I updated the iplay to build T701_V1.20_20191112, enabled developer options, enabled oem unlock bootloader, found the corresponding firmware pac, installed magisk and used it to patch boot.img. So far so good.
I entered fastboot, then I attempted to flash the modified boot.img and was told:
Code:
target didn't report max-download-size
sending 'boot' (18584 KB)...
OKAY [ 0.593s]
writing 'boot'...
FAILED (remote: Flashing Lock Flag is locked. Please unlock it first!)
finished. total time: 0.608s
I tried various options to unlock the bootloader:
Code:
> fastboot getvar unlocked
unlocked:
finished. total time: -0.000s
> fastboot oem unlock
...
FAILED (remote: unknown cmd.)
finished. total time: -0.000s
> fastboot oem unlock-go
...
FAILED (remote: unknown cmd.)
finished. total time: 0.002s
> fastboot flashing get_unlock_ability
...
FAILED (remote: Not implement.)
finished. total time: -0.000s
> fastboot flashing unlock
...
FAILED (remote: Not implemet.)
finished. total time: -0.000s
> fastboot flashing unlock_critical
...
FAILED (remote: Not implement.)
finished. total time: 0.016s
> fastboot flashing unlock_bootloader
fastboot: usage: unknown 'flashing' command unlock_bootloader
> fastboot flashing unlock_bootloader_nonce
fastboot: usage: unknown 'flashing' command unlock_bootloader_nonce
Okay ... fine. I fired up SPD Research tool and attempted to use it to flash the modified boot.img. It transfers the image and then times out.
As a sanity check I used SPD Research tool to flash the original boot.img and that worked fine.
I'll note the modified image is smaller than the original, however padding the modified image with zeros to the same size didn't seem to help. Using SPD Research tool to flash the padded image still timed out.
I am looking to open a request up on the Alldocube support site (currently their registration form is giving me an error), in the meantime ... suggestions? Has anyone successfully flashed a modified boot.img on this device / rooted this device?
in the "developer option" on your phone, you should enable the "allow unlock bootloader" option.
DR.Doyle said:
in the "developer option" on your phone, you should enable the "allow unlock bootloader" option.
Click to expand...
Click to collapse
Yes ... I have that enabled.
Okay I was able to unlock the bootloader by using the procedure documented for the Qin 2 Pro. With the bootloader unlocked on reboot the device notes:
Code:
INFO: LOCK FLAG IS : UNLOCKED!!!
followed by:
Code:
WARNING: LOCK FLAG IS : UNLOCKED, SKIP VERIFY!!!
Using fastboot I can now reflash the stock vbmeta and the stock recovery without any problems and the stock recovery boots fine.
Also if I re-sign the stock recovery, then I can't flash it (fastboot flash hangs) until I've flashed a modified vbmeta containing the new public key for the re-signed recovery. Meaning flashing vbmeta is "working".
All this seems like I'm on the right track.
However attempting to boot into the re-signed stock recovery results in:
Code:
INFO: LOCK FLAG IS : UNLOCKED!!!
followed by the device hanging (without displaying the WARNING message) so there is still something that's unhappy.
Any thoughts on how to get to the point that I can flash a useable re-signed stock recovery? If I can get that to work, then I should be in good shape to install magisk.
jwehle said:
Okay I was able to unlock the bootloader by using the procedure documented for the Qin 2 Pro. With the bootloader unlocked on reboot the device notes:
Code:
INFO: LOCK FLAG IS : UNLOCKED!!!
followed by:
Code:
WARNING: LOCK FLAG IS : UNLOCKED, SKIP VERIFY!!!
Using fastboot I can now reflash the stock vbmeta and the stock recovery without any problems and the stock recovery boots fine.
Also if I re-sign the stock recovery, then I can't flash it (fastboot flash hangs) until I've flashed a modified vbmeta containing the new public key for the re-signed recovery. Meaning flashing vbmeta is "working".
All this seems like I'm on the right track.
However attempting to boot into the re-signed stock recovery results in:
Code:
INFO: LOCK FLAG IS : UNLOCKED!!!
followed by the device hanging (without displaying the WARNING message) so there is still something that's unhappy.
Any thoughts on how to get to the point that I can flash a useable re-signed stock recovery? If I can get that to work, then I should be in good shape to install magisk.
Click to expand...
Click to collapse
Dear jwehle:
good job, i have also modify the pac firmware file which based on chinese vesion firmware:T701-1101-vbmetapri-vennofbe-systemnore-recpri01.pac
What's modified:
1.resgin the vbmeta img
2.delete fbe Force encryption in vendor partitions
3.delete the script in system.img to prevent factory recovery restore
4.modify recovery.img to a magisk build-in recovery
please use SPD_Research_Tool to flash the pac,change the android os language from chinese to english ,install magiskmanager app ,and the use adb command (adb reboot recovery)to let tablet reboot to recovery.
after tablet reboot to android os again ,open magiskmanager app,you can see the magisk can get root authority .
how to change language from chinese to english,please see attach png file.
Considering that the Android os you are using is in English version(including Google services),according to the modification points above, you can try to use the vbmeta and recovery (built in magisk) modified by your own signature , and then delete the fbe Force encryption、 recovery restoration in the system and vendor images , then use the SPD_Research_Tool to package the imgs into a pac image, flash the pac image, install the magiskmanager app, and use the adb command to restart the machine into recovery mode, so you can use magisk to get root permissions.
twrp egg:https://mega.nz/#!YZ9VDZbT!1ptlOI6g3FS_ES-cLGhLy9ybGtdHQ8vzVHaasAXglXo
and last thanks PeterCxy on xda 、the other masters sifu on 4pda agian.
wangyiling said:
Dear jwehle:
good job, i have also modify the pac firmware file which based on chinese vesion firmware:T701-1101-vbmetapri-vennofbe-systemnore-recpri01.pac
What's modified:
1.resgin the vbmeta img
2.delete fbe Force encryption in vendor partitions
3.delete the script in system.img to prevent factory recovery restore
4.modify recovery.img to a magisk build-in recovery.
Click to expand...
Click to collapse
Thanks for supplying the modified PAC and for explaining the changes.
Your PAC seemed to work fine and now that I have a better understanding
of things I should be able build my own PAC when I have a chance.
Your time and effort in explaining things is appreciated.
What's the significance of removing the encryption for the vendor partitions?
jwehle said:
What's the significance of removing the encryption for the vendor partitions?
Click to expand...
Click to collapse
the vendor img in my pac,just use ext4 format.i have use simg2img convert the oringin vendor img to ext4 format,and modify the fstab file in vendor/etc folder.
fstab.sp9832e_1h10:
Code:
/dev/block/platform/soc/soc:ap-ahb/20600000.sdio/by-name/userdata /data f2fs noatime,nosuid,nodev,discard,inline_xattr,inline_data wait,check,[COLOR="DarkOrange"]fileencryption[/COLOR]=aes-256-xts,reservedsize=128M
/dev/block/platform/soc/soc:ap-ahb/20600000.sdio/by-name/userdata /data ext4 noatime,nosuid,nodev,nomblk_io_submit,noauto_da_alloc wait,check,[COLOR="darkorange"]fileencryption[/COLOR]=aes-256-xts
---------->
Code:
/dev/block/platform/soc/soc:ap-ahb/20600000.sdio/by-name/userdata /data f2fs noatime,nosuid,nodev,discard,inline_xattr,inline_data wait,check,[COLOR="darkorange"]encryptable[/COLOR]=aes-256-xts,reservedsize=128M
/dev/block/platform/soc/soc:ap-ahb/20600000.sdio/by-name/userdata /data ext4 noatime,nosuid,nodev,nomblk_io_submit,noauto_da_alloc wait,check,[COLOR="darkorange"]encryptable[/COLOR]=aes-256-xts
wangyiling said:
the vendor img in my pac,just use ext4 format.i have use simg2img convert the oringin vendor img to ext4 format,and modify the fstab file in vendor/etc folder.
Click to expand...
Click to collapse
Actually, I was more curious as to why it was necessary / desirable to remove the encryption from the vendor partitions.
jwehle said:
Actually, I was more curious as to why it was necessary / desirable to remove the encryption from the vendor partitions.
Click to expand...
Click to collapse
Just for twrp to read the data partition, convenient for personal use。
It looks like the issue on this tablet is similar to what the magisk documentation mentions regarding the new Samsung tablets. Meaning after the bootloader is unlocked when rooting you should flash newly signed versions of the following:
Code:
vbmeta
boot
recovery
What was happening is when the system started normally it saw that recovery image had been modified so it checked if the boot image was the factory standard image. Since I hadn't touched the boot image the OS went ahead and attempted to replace the recovery image I flashed with a standard recovery image generated on the fly from the factory standard boot image. This caused a soft-brick when I rebooted into recovery since that recovery image wasn't signed using the public key specified by my replacement vbmeta.
By also flashing a newly signed boot image because the signature is different from what's it knows about the system no longer attempts to use it to refresh the recovery image.
Here's an outline of what I did to successfully root the device:
Use the Qin 2 Pro instructions / tools to unlock the boot loader.
Flash the appropriate factory standard firmware to establish a know starting point. I used iplay7t(T701)-Android9.0-ALLDOCUBE-191112 from the Alldocube web site.
Use SPD Rsearch Tool to extract vbmeta-sign.img, boot.img, and recovery.img.
Use avbtool (with the below patch) to extract the public keys from vbmeta-sign.img like so:
Code:
avbtool info_image --image vbmeta-sign.img.
Use make (with the below makefile) to sign vbmeta, boot, and recovery using a new key.
Flashed vbmeta, boot, and recovery.
Booted into recovery, saw that it worked, and did a factory reset.
Used magisk to patch recovery.img in the normal fashion, signed the patched recovery using the new key, and flashed the patched recovery.
Proceed to finish installing magisk in the normal fashion.
Notes:
rsa4096_vbmeta.pem is the private key mentioned in the Qin 2 Pro article.
The dhtbsign-vbmeta command is basically the dhtb signing python script from Qin 2 Pro article.
Here's the trival patch for avbtool to dump the public keys.
Code:
--- avbtool 2020-02-22 22:11:55.107787032 -0500
+++ avbtool.dumpkeys 2020-02-22 22:15:36.046283077 -0500
@@ -1657,6 +1657,10 @@ class AvbChainPartitionDescriptor(AvbDes
Arguments:
o: The object to write the output to.
"""
+ kfd = open(self.partition_name, "w");
+ kfd.write(self.public_key);
+ kfd.close();
+
o.write(' Chain Partition descriptor:\n')
o.write(' Partition Name: {}\n'.format(self.partition_name))
o.write(' Rollback Index Location: {}\n'.format(
Here's the makefile I used for signing the images.
Code:
all: boot-sign.img recovery-sign.img vbmeta-sign.img
vbmeta-sign.img: Makefile avb4096_pkmd.bin keys/*
avbtool make_vbmeta_image --output vbmeta.img --padding_size 16384 \
--key ../rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 0 \
--chain_partition boot:1:avb4096_pkmd.bin \
--chain_partition system:3:keys/system \
--chain_partition vendor:4:keys/vendor \
--chain_partition product:10:keys/product \
--chain_partition dtbo:9:keys/dtbo \
--chain_partition recovery:2:avb4096_pkmd.bin \
--chain_partition l_modem:5:keys/l_modem \
--chain_partition l_ldsp:6:keys/l_ldsp \
--chain_partition l_gdsp:7:keys/l_gdsp \
--chain_partition pm_sys:8:keys/pm_sys \
--chain_partition dtb:11:keys/dtb
dhtbsign-vbmeta vbmeta.img vbmeta-sign.img
@rm -f vbmeta.img
avb4096_pkmd.bin: avb4096.pem
avbtool extract_public_key --key avb4096.pem --output avb4096_pkmd.bin
avb4096.pem:
openssl genrsa -out avb4096.pem 4096
boot-sign.img: boot.img avb4096.pem
cp boot.img boot-sign.img
avbtool add_hash_footer --image boot-sign.img \
--partition_name boot --partition_size 36700160 \
--key avb4096.pem --algorithm SHA256_RSA4096
recovery-sign.img: recovery.img avb4096.pem
cp recovery.img recovery-sign.img
avbtool add_hash_footer --image recovery-sign.img \
--partition_name recovery --partition_size 36700160 \
--key avb4096.pem --algorithm SHA256_RSA4096
@ jwehle,Very grateful for your detailed sharing
Did you have any trouble getting the tablet to populate the fastboot devices list?
I have USB drivers installed and can view the tablet's internal storage when it's not in fastboot mode. She's plugged directly into the mobo and I've tried two cables.
When in fastboot mode, it comes up in the Windows Device Manager as fastboot Gadget and drivers are apparently not available. I've tried using Zadig to feed it a driver of some kind, but still nothing.
MissAyako said:
Did you have any trouble getting the tablet to populate the fastboot devices list?
I have USB drivers installed and can view the tablet's internal storage when it's not in fastboot mode. She's plugged directly into the mobo and I've tried two cables.
When in fastboot mode, it comes up in the Windows Device Manager as fastboot Gadget and drivers are apparently not available. I've tried using Zadig to feed it a driver of some kind, but still nothing.
Click to expand...
Click to collapse
Seems the issue was with Windows. I thought I would be able to get the unlock token with Windows and then use WSL to do the rest of the signing, but apparently not.
Luckily I had an old laptop lying around. I threw Linux Mint on it and it worked just fine.
It didn't seem to work just using a live USB; I had to install Linux to the hard disk, but YMMV.
jwehle said:
It looks like the issue on this tablet is similar to what the magisk documentation mentions regarding the new Samsung tablets. Meaning after the bootloader is unlocked when rooting you should flash newly signed versions of the following:
Click to expand...
Click to collapse
This was wonderful, thank you! I've added some of my own notes below as an experience of what I encountered when attempting this process myself (spoiler'd because it is a lot).
I do not have enough post count to add links, but titles to the relevant articles has been added.
Follow steps in Article "Guide: How to Unlock Xiaomi Qin 2 (Pro) and Install Custom ROMs" from step 1 to (and including) step 10 (Unlocking section).
Notes:
- A Linux PC is necessary.
- You'll have to mark the "fastboot" file from the "Android_device_unlock.rar" archive as executable (chmod +x).
- Run the "fastboot" file as root.
- Getting the "SPD Research Tool" to pick up the tablet and not let the tablet try to move to either the charging
screen or the bootlogo is difficult, but do-able. Press and hold Power+Vol_Up and release when Windows does its
USB device detected chime.
- Flashing takes a few minutes (I think around 300 seconds).
- The SPD Research Tool extracts the PAC file contents into a folder. Grab the system images from there.
- The "avbtool" is available to be cloned via git from Google's repo
- The avbtool is a python script that is patched with three lines of code at line 1776:
Code:
kfd = open(self.partition_name, "w");
kfd.write(self.public_key);
kfd.close();
- When you use the patched avbtool on the vbmeta-sign.img file you copied (avbtool info_image --image vbmeta-sign.img)
it will produce several partitions with relative public keys that need to be stored in separate files for the next step.
The contents of the files are simply the public key and the partition name as the file name. Store the files in a folder named "keys".
- When creating the makefile, ensure that proper indentation is used. The code segment below is properly formatted (hopefully). If you get make errors, remove and re-indent the lines.
- If your "rsa4096_vbmeta.pem" keyfile is not placed alongside the makefile, ensure the --key flag points to this file.
- The makefile exists in the same directory as the system images.
- I had to insert local paths to the avbtool, as it was not installed to the system PATH.
- The dhtbsign-vbmeta.py command is located below. Make sure to mark this as executable as well.
Everything else is rather straightforward.
# makefile
Code:
all: boot-sign.img recovery-sign.img vbmeta-sign.img
vbmeta-sign.img: makefile avb4096_pkmd.bin keys/*
avbtool make_vbmeta_image --output vbmeta.img --padding_size 16384 \
--key rsa4096_vbmeta.pem --algorithm SHA256_RSA4096 --flag 0 \
--chain_partition boot:1:avb4096_pkmd.bin \
--chain_partition system:3:keys/system \
--chain_partition vendor:4:keys/vendor \
--chain_partition product:10:keys/product \
--chain_partition dtbo:9:keys/dtbo \
--chain_partition recovery:2:avb4096_pkmd.bin \
--chain_partition l_modem:5:keys/l_modem \
--chain_partition l_ldsp:6:keys/l_ldsp \
--chain_partition l_gdsp:7:keys/l_gdsp \
--chain_partition pm_sys:8:keys/pm_sys \
--chain_partition dtb:11:keys/dtb
./dhtbsign-vbmeta.py vbmeta.img vbmeta-sign.img
@rm -f vbmeta.img
avb4096_pkmd.bin: avb4096.pem
avbtool extract_public_key --key avb4096.pem --output avb4096_pkmd.bin
avb4096.pem:
openssl genrsa -out avb4096.pem 4096
boot-sign.img: boot.img avb4096.pem
cp boot.img boot-sign.img
avbtool add_hash_footer --image boot-sign.img \
--partition_name boot --partition_size 36700160 \
--key avb4096.pem --algorithm SHA256_RSA4096
recovery-sign.img: recovery.img avb4096.pem
cp recovery.img recovery-sign.img
# dhtbsign-vbmeta.py file (from "How I Unlocked Xiaomi Qin 2 Pro and Installed Phh GSI")
Code:
#!/usr/bin/env python
import hashlib
import sys
f = open(sys.argv[1], "rb")
b = f.read()
sha = hashlib.sha256(b).digest()
f.close()
f = open("vbmeta_signed.img", "wb")
f.write(b)
f.seek(1048576 - 512)
f.write(b'\x44\x48\x54\x42\x01\x00\x00\x00')
f.write(sha)
f.write(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00')
f.seek(1048576 - 1)
f.write(b'\x00')
f.close()
wuxianlin has build a twrp device for T701.
i think this will be a help .
Help me
Sir help pliz same problem my device ,same chipset , Symphony i95 ,pliz sir modify my pac file pliz....
wangyiling said:
Dear jwehle:
good job, i have also modify the pac firmware file which based on chinese vesion firmware:T701-1101-vbmetapri-vennofbe-systemnore-recpri01.pac
What's modified:
1.resgin the vbmeta img
2.delete fbe Force encryption in vendor partitions
3.delete the script in system.img to prevent factory recovery restore
4.modify recovery.img to a magisk build-in recovery
please use SPD_Research_Tool to flash the pac,change the android os language from chinese to english ,install magiskmanager app ,and the use adb command (adb reboot recovery)to let tablet reboot to recovery.
after tablet reboot to android os again ,open magiskmanager app,you can see the magisk can get root authority .
how to change language from chinese to english,please see attach png file.
Considering that the Android os you are using is in English version(including Google services),according to the modification points above, you can try to use the vbmeta and recovery (built in magisk) modified by your own signature , and then delete the fbe Force encryption、 recovery restoration in the system and vendor images , then use the SPD_Research_Tool to package the imgs into a pac image, flash the pac image, install the magiskmanager app, and use the adb command to restart the machine into recovery mode, so you can use magisk to get root permissions.
twrp egg:https://mega.nz/#!YZ9VDZbT!1ptlOI6g3FS_ES-cLGhLy9ybGtdHQ8vzVHaasAXglXo
and last thanks PeterCxy on xda 、the other masters sifu on 4pda agian.
Click to expand...
Click to collapse
can i just flash the pac without unlocking the bootloader.
thanks in advances
hidroela said:
can i just flash the pac without unlocking the bootloader.
thanks in advances
Click to expand...
Click to collapse
yes,just falsh pac
wangyiling said:
yes,just falsh pac
Click to expand...
Click to collapse
i did unlocked the bootloader and flash the pac and follow the instructions for magisk to work, but after a third reboot Root was gone.
i don't know what I am missing.
Easy to way to install a GSI on your Samsung A21s without installing a Virtual Linux.
NFC, Screen Cast, and USB MTP unfortunately is not working with AOSP 10 and 11. Backup all your data.
If don't want to make one, download my Pre-Rooted GSIs below and flash.
*Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Android 10 -> Download (MediaFire)Android 11 -> Download (MediaFire)Android 11 - AOSP 11.0 v306 -> Download (MEGA) - NEWAndroid 10 Screenshots
1. Requirements:
1. Unlock your Bootloader2. Download and Install a Linux Subsystem -> Ubuntu Subsystem -> "Tutorial How to install Linux Subsystem on Windows 10 | or search how to"3. GSI Android 10 A/B Gapps -> Download only the "arm64, A/B". I recommend releases from Treble Experimentations AOSP like "system-roar-arm64-ab-gapps.img.xz". 4. Samsung.zip -> There's all needed tools and files - Odin, 7-Zip ZS etc...
- Download Samsung.zip and extract the folder "Samsung" to your desktop, and extract your chosen GSI using to this folder.
- Download your stock firmware and extract the super.img.lz4 file from AP_A217XXXXXXXXXX_XXX_XXXX_REV00_XXX.tar.md5 with 7-Zip ZS.
- Now extract super.img.lz4 using 7-Zip ZS (don't use 7-zip) to Samsung folder. Rename super.img to stock_super.img.
2. Convert stock_super.img to raw_super.img:Open CMD ad use this codes:
cd C:\Users\%USERNAME%\Desktop\Samsungsimg2img.exe stock_super.img raw_super.img
Wait...
3. Extract raw_super.img:On your Samsung folder, use SHIFT key of your keyboard + right click and click at "Open Linux Shell Here", wait a little, and use this code and wait the extraction:
./lpunpack --slot=0 raw_super.img
*If the extraction is completed, verify if there's this files odm.img, system.img, vendor.img and product.img. Delete or rename system.img and product.img, then extract your GSI to Samsung folder and rename the xxx.img file to system.img.
4. Pack all the files and Flash:No math here! Just use this code on Terminal and wait (Ignore errors like "Partition system, vendor, odm will resize..." or "Invalid sparce file format at header magic...")
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:5557452800 --group main:3819597824 --partition system:readonly:3340271616:main --image system=./system.img --partition vendor:readonly:474976256:main --image vendor=./vendor.img --partition odm:readonly:4349952:main --image odm=./odm.img --sparse --output ./super.img
Wait....
Use 7-Zip to archive the super.img to .tar (super.tar) and flash it on Odin (AP) and wait the phone to boot.
Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Notes:I not responsible for any damage on your phone. If anything occurs, just flash your stock regional firmware through Odin.
If this tutorial did not work, you did something wrong or your phone is not supported. Don't forget to wipe your data through Recovery, it's very important.
If you want Magisk working on your A21s I recommend you to report to an issue Topjohnwu at Github.
Dear Wer99,
I Successfully Made A Non-Rooted GSI By Following Your [Tutorial / Guide],
I'm Wondering How Could I Add SuperSU & Root Permission In It
GSI : [CherishOS, AOSP10, AOSP11]
Wer99 said:
Easy to way to install a GSI on your Samsung A21s without installing a Virtual Linux.
NFC, Screen Cast, and USB MTP unfortunately is not working with AOSP 10 and 11. Backup all your data.
If don't want to make one, download my Pre-Rooted GSIs below and flash.
*Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Android 10 -> Download (MediaFire)Android 11 -> Download (MediaFire)Android 11 - AOSP 11.0 v306 -> Download (MEGA) - NEWAndroid 10 Screenshots
1. Requirements:
1. Unlock your Bootloader2. Download and Install a Linux Subsystem -> Ubuntu Subsystem -> "Tutorial How to install Linux Subsystem on Windows 10 | or search how to"3. GSI Android 10 A/B Gapps -> Download only the "arm64, A/B". I recommend releases from Treble Experimentations AOSP like "system-roar-arm64-ab-gapps.img.xz". 4. Samsung.zip -> There's all needed tools and files - Odin, 7-Zip ZS etc...
- Download Samsung.zip and extract the folder "Samsung" to your desktop, and extract your chosen GSI using to this folder.
- Download your stock firmware and extract the super.img.lz4 file from AP_A217XXXXXXXXXX_XXX_XXXX_REV00_XXX.tar.md5 with 7-Zip ZS.
- Now extract super.img.lz4 using 7-Zip ZS (don't use 7-zip) to Samsung folder. Rename super.img to stock_super.img.
2. Convert stock_super.img to raw_super.img:Open CMD ad use this codes:
cd C:\Users\%USERNAME%\Desktop\Samsungsimg2img.exe stock_super.img raw_super.img
Wait...
3. Extract raw_super.img:On your Samsung folder, use SHIFT key of your keyboard + right click and click at "Open Linux Shell Here", wait a little, and use this code and wait the extraction:
./lpunpack --slot=0 raw_super.img
*If the extraction is completed, verify if there's this files odm.img, system.img, vendor.img and product.img. Delete or rename system.img and product.img, then extract your GSI to Samsung folder and rename the xxx.img file to system.img.
4. Pack all the files and Flash:No math here! Just use this code on Terminal and wait (Ignore errors like "Partition system, vendor, odm will resize..." or "Invalid sparce file format at header magic...")
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:5557452800 --group main:3819597824 --partition system:readonly:3340271616:main --image system=./system.img --partition vendor:readonly:474976256:main --image vendor=./vendor.img --partition odm:readonly:4349952:main --image odm=./odm.img --sparse --output ./super.img
Wait....
Use 7-Zip to archive the super.img to .tar (super.tar) and flash it on Odin (AP) and wait the phone to boot.
Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Notes:I not responsible for any damage on your phone. If anything occurs, just flash your stock regional firmware through Odin.
If this tutorial did not work, you did something wrong or your phone is not supported. Don't forget to wipe your data through Recovery, it's very important.
If you want Magisk working on your A21s I recommend you to report to an issue Topjohnwu at Github.
Click to expand...
Click to collapse
I tried all of this and I even went as far as trying to literally change the filesystem UUID and the filesystem of system.img as well, I detected some issues when booting a GSI and it's that the filesystem and the filesystem UUID's had to match (filesystem had to be EXT2 for some reason), and after I did all of that, I flashed the super.img to my phone but after a few seconds of it trying to boot (10 seconds after it's past the unlocked bootloader screen) it just reboots and kicks me to fastboot mode, a friend of mine told me that if it booted to fastboot it meant that the bootloader was able to pass instructions to the OS but failed, hence why it kicked me to fastboot, and after that I tried with different GSIs and neither of them worked sadly.
Also in the attributes I'd recommend changing "readonly" to "none" so that the partitions are Read/Write from super.img, after flashing super.img, just edit the fstab file (located in "/etc/fstab" for recovery) and replace "ro" in the mount points with "rw" so that you can read and write data to them, the point of this is to make the partitions read and write so that you can edit them and install anything you'd like, and that's exactly the reason I did it.
After some time we got a modded magisk apk that does work and doesn't have the legacy device detection issue that it had before, due to the phone using dynamic partitions and using a ramdisk, Magisk would detect the device as legacy and it would use "SAR_init", something that the device doesn't needs and because the boot process fails, it reboots.
Also, before I realized that you could make the partitions inside super.img read/write, I would usually use readonly and it wouldn't work either, I'd appreciate if you could help me with this.
Wer99 said:
Easy to way to install a GSI on your Samsung A21s without installing a Virtual Linux.
NFC, Screen Cast, and USB MTP unfortunately is not working with AOSP 10 and 11. Backup all your data.
If don't want to make one, download my Pre-Rooted GSIs below and flash.
*Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Android 10 -> Download (MediaFire)Android 11 -> Download (MediaFire)Android 11 - AOSP 11.0 v306 -> Download (MEGA) - NEWAndroid 10 Screenshots
1. Requirements:
1. Unlock your Bootloader2. Download and Install a Linux Subsystem -> Ubuntu Subsystem -> "Tutorial How to install Linux Subsystem on Windows 10 | or search how to"3. GSI Android 10 A/B Gapps -> Download only the "arm64, A/B". I recommend releases from Treble Experimentations AOSP like "system-roar-arm64-ab-gapps.img.xz". 4. Samsung.zip -> There's all needed tools and files - Odin, 7-Zip ZS etc...
- Download Samsung.zip and extract the folder "Samsung" to your desktop, and extract your chosen GSI using to this folder.
- Download your stock firmware and extract the super.img.lz4 file from AP_A217XXXXXXXXXX_XXX_XXXX_REV00_XXX.tar.md5 with 7-Zip ZS.
- Now extract super.img.lz4 using 7-Zip ZS (don't use 7-zip) to Samsung folder. Rename super.img to stock_super.img.
2. Convert stock_super.img to raw_super.img:Open CMD ad use this codes:
cd C:\Users\%USERNAME%\Desktop\Samsungsimg2img.exe stock_super.img raw_super.img
Wait...
3. Extract raw_super.img:On your Samsung folder, use SHIFT key of your keyboard + right click and click at "Open Linux Shell Here", wait a little, and use this code and wait the extraction:
./lpunpack --slot=0 raw_super.img
*If the extraction is completed, verify if there's this files odm.img, system.img, vendor.img and product.img. Delete or rename system.img and product.img, then extract your GSI to Samsung folder and rename the xxx.img file to system.img.
4. Pack all the files and Flash:No math here! Just use this code on Terminal and wait (Ignore errors like "Partition system, vendor, odm will resize..." or "Invalid sparce file format at header magic...")
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:5557452800 --group main:3819597824 --partition system:readonly:3340271616:main --image system=./system.img --partition vendor:readonly:474976256:main --image vendor=./vendor.img --partition odm:readonly:4349952:main --image odm=./odm.img --sparse --output ./super.img
Wait....
Use 7-Zip to archive the super.img to .tar (super.tar) and flash it on Odin (AP) and wait the phone to boot.
Unlock your Bootloader and wipe your data using your stock recovery and quickly boot to Download Mode and flash the super.tar on Odin (AP):
Notes:I not responsible for any damage on your phone. If anything occurs, just flash your stock regional firmware through Odin.
If this tutorial did not work, you did something wrong or your phone is not supported. Don't forget to wipe your data through Recovery, it's very important.
If you want Magisk working on your A21s I recommend you to report to an issue Topjohnwu at Github.
Click to expand...
Click to collapse
Also, Just so you know, the recovery that we have is OrangeFox R11 which is currently an alpha build, thanks to magisk I was able to use the tool "dd" in termux to flash the recovery.img to /dev/block/by-name/recovery (aka the recovery partition) and this helped me bypass DL mode which is even worse now that I upgraded to U5 (I regret it and I tried downgrading from recovery instead of DL mode but the linux kernel itself protects the mmcblk0boot0 partition which is supposed to be the partition where the "BL" is located, and I tried flashing the sboot.bin file to that partition and it didn't work due to it being protected
Anyways back to the original topic, I don't know how but after flashing OrangeFox R11 with dd in android (I used su with magisk of course because), OrangeFox managed to boot with stock vbmeta and this build was supposedly built with A10's firmware in mind, not A11's firmware, so I have some hopes that flashing super.img from recovery might work if given the right vendor and firmware, I even flashed a vbmeta that was made for U3 from OrangeFox and it booted without any issues, oddly enough OneUI booted with that U3 vbmeta.img
LonelyCracker said:
Dear Wer99,
I Successfully Made A Non-Rooted GSI By Following Your [Tutorial / Guide],
I'm Wondering How Could I Add SuperSU & Root Permission In It
GSI : [CherishOS, AOSP10, AOSP11]
Click to expand...
Click to collapse
You don't need SuperSU anymore, There's already a fixed magisk for it, Here's the links:
[SHARING] HOW TO ROOT A21S STOCK ROM WITH MAGISK
Hello friends I just want to share how to root A21S stock rom in case anybody needs it: 1. Unlock bootloader 2. (On PC) Extract boot.img.lz4 from AP...tar file, then copy it to phone 3. (On phone) Install ZArchiver to extract boot.img from...
forum.xda-developers.com
[ROOT] Modified Magisk for Galaxy A21S (R)
It seems that the A21S hasn't had any root since it was released (other than pre-rooted GSI ROMS) When flashing Magisk, the phone went into bootloop, and the only way to fix it was to flash stock rom via Odin. After some analysis, it seems that...
forum.xda-developers.com
David112+ said:
You don't need SuperSU anymore, There's already a fixed magisk for it, Here's the links:
[SHARING] HOW TO ROOT A21S STOCK ROM WITH MAGISK
Hello friends I just want to share how to root A21S stock rom in case anybody needs it: 1. Unlock bootloader 2. (On PC) Extract boot.img.lz4 from AP...tar file, then copy it to phone 3. (On phone) Install ZArchiver to extract boot.img from...
forum.xda-developers.com
[ROOT] Modified Magisk for Galaxy A21S (R)
It seems that the A21S hasn't had any root since it was released (other than pre-rooted GSI ROMS) When flashing Magisk, the phone went into bootloop, and the only way to fix it was to flash stock rom via Odin. After some analysis, it seems that...
forum.xda-developers.com
Click to expand...
Click to collapse
Yeah I Know But I'm Just Interested In Making A Prerooted GSI
LonelyCracker said:
Yeah I Know But I'm Just Interested In Making A Prerooted GSI
Click to expand...
Click to collapse
What's the point of making a prerooted GSI with an outdated root method?
You can't even install modules with SuperSU
To David112+ :
In My Opinion, Prerooted GSI Is Way Better.
You Could See The Comparison I Made Here.
Also Making One GSI Could Gain Me Lots Of Experience.
So I Couldn't Think Of The Reason Why Not
Magisk Patched Stock [Firmware / ROM] Also Have It Own Problem,
Which You Could Find Here.
LonelyCracker said:
To David112+ :
In My Opinion, Prerooted GSI Is Way Better.
You Could See The Comparison I Made Here.
Also Making One GSI Could Gain Me Lots Of Experience.
So I Couldn't Think Of The Reason Why Not
Magisk Patched Stock [Firmware / ROM] Also Have It Own Problem,
Which You Could Find Here.
Click to expand...
Click to collapse
I don't think you've realized or checked the group of the phone but a load of people have already rooted their ROMs with Magisk and so far they have no problems, and still, everyone agrees that installing modules somewhere from the internet is the responsibility of the end user.
And I'm pretty sure that everyone agrees that magisk is the best root method, and even if you wipe data, you can just reinstall the Magisk apk to get the root prompt and finish setting it up, or better yet. use the systemizer module to systemize the magisk apk so that it's installed in system instead of data.
Making a prerooted GSI is just a waste of time, I'd rather just make normal GSI that's flashable on the phone and just install Magisk or systemize the Magisk APK.
I do agree that making a GSI flashable for the phone makes you gain a lot of experience but you're wasting your time into something that barely anyone is going to use, due to the fact that it has SuperSU which is old and outdated and most people prefer Magisk anyways because it's updated and not only that but you can pretty much install anything you'd like with the modules.
To David112+ :
Sorry To Disagree With You, I Was Trying To Acheive A Goal There .
My Goal Was To Get ADB (Android Debug Bridge) With "adb root" Working On Magisk Patched Stock [Firmware / ROM]. After Many Research & Attempt To Acheive That, I Gave Up... I Gained Some Knowledge There Too. I Know That Stock Rom Are For Production Purpose & I Can't Gain Root Access Using ADB (Android Debug Bridge).
Hopefully I Could Get Help Somewhere.
But Fun Fact Is...
I Water-Damaged My Phone
Question :
1.) Is It Possible To Make A Non Rooted GSI & Patch It With Magisk ? How ?
LonelyCracker said:
To David112+ :
Sorry To Disagree With You, I Was Trying To Acheive A Goal There .
My Goal Was To Get ADB (Android Debug Bridge) With "adb root" Working On Magisk Patched Stock [Firmware / ROM]. After Many Research & Attempt To Acheive That, I Gave Up... I Gained Some Knowledge There Too. I Know That Stock Rom Are For Production Purpose & I Can't Gain Root Access Using ADB (Android Debug Bridge).
Hopefully I Could Get Help Somewhere.
But Fun Fact Is...
I Water-Damaged My Phone
Question :
1.) Is It Possible To Make A Non Rooted GSI & Patch It With Magisk ? How ?
Click to expand...
Click to collapse
Custom ROMs should work with ADB root normally
2. To install Magisk just use the links that I shared in this post (https://forum.xda-developers.com/t/...d-gsis-for-samsung-a21s.4269227/post-84975373)
After upgrading to U5, I can't install these GSIs anymore. It bootloop all the times
To David112+ :
But Is Not Possible To Use ADB (Android Debug Bridge) On Magisk Patched Stock [Firmware / ROM]. What I Was Saying Is To Use "adb root" On Magisk Patched Stock [Firmware / ROM]
I'm Only Able To Use The Command "adb root" In Custom GSI Built By Wer99.
Not Every Custom Build GSI Are Prerooted.
Maybe You're Right Magisk Is Better Than Old Little SuperSU. But I Need "adb root" To Work With It
thatha said:
After upgrading to U5, I can't install these GSIs anymore. It bootloop all the times
Click to expand...
Click to collapse
If you have magisk with stock ROM, good news for you, I'll be working a guide in how to get a GSI installed as a magisk module, I tested this with ShapeShiftOS and I got as far as the boot animation of ShapeShiftOS, Once I was booted I checked ADB and sdcard was encrpyted and that's why it wasn't able to start correctly, it was just stuck in the google logo with a loading bar, I'm gonna try decrypting data, formatting and then installing the module
If this does work then I'll be releasing a guide in how to get a GSI of your preference working as a magisk module
Explanation: Thanks to Magisk's Magic Mount feature, I'm able to systemlessly swap the assets of OneUI with a Custom ROM's of my choosing, such as ShapeShiftOS
Edit: This idea is discarded, Because of the userdata partition being encrypted I can't use ShapeShiftOS, and even after decrypting I can't use it because OneUI gets stuck in "Starting android" when using the boot image with patched fstab and magisk
And if I download gsi android 11 through mediafire, will I have to do all this procedure? or just flash on odin? A21S ANDROID 11.
To Oroki:
These GSI Is Ready To Be Flashed.
LonelyCracker said:
To Oroki:
These GSI Is Ready To Be Flashed.
Click to expand...
Click to collapse
but will i have to do topic 2 and 3?
To Oroki :
Please Explain What Do You Mean By Topic 2 & 3
LonelyCracker said:
To Oroki :
Please Explain What Do You Mean By Topic 2 & 3
Click to expand...
Click to collapse
2. Converta stock_super.img em raw_super.img: e3. Extrato raw_super.img:
To Oroki :
Those Step You Provide Aren't Necessary Anymore
It's Patched Which Mean You Don't Have To Do Anything To It
Sorry For Late Reply
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disclaimer:
The user takes sole responsibility for any damage that might arise due to use of this tool.
This includes physical damage (to device), injury, data loss, and also legal matters.
This project was made as a learning initiative and the developer or organization cannot be held liable in any way for the use of it.
Click to expand...
Click to collapse
Kitchen for working with Amlogic firmwareUsed for unpacking/packing amlogic images
Supported features
Unpack/repack Amlogic images
Unpack/repack partitions (system,product,system_ext,oem and odm)
Create flashable zip from amlogic image
Unpack/repack recovery,boot,logo and dtb
Create aml image from supported flashable zips
Support for super image unpack/repack
Dump os from device through /mask mode
Note:
Ignore some errors with dtb (some conditions are missing), decompiling/compiling dtb should work fine.
This tool is tested only in some firmwares and devices.
Theres no guarantee that packed flashable zips or amlogic images will flash successfully.
TODO:
....
Download : https://github.com/althafvly/AmlogicKitchen
Report issues: https://github.com/althafvly/AmlogicKitchen/issues
Flash-tool : https://github.com/althafvly/aml-flash-tool (Use Amlogic USB Burning Tool on windows)
Credits:
Base kitchen (vtx_kitchen) - Vortex
gnuwin32 and cygwin for linux binary ports
aml update tool - osmc
7-Zip - Igor Pavlov
ImgExtractor - unix3dgforce, blackeange and xiaoxindada
AIK - osm0sis
SuperImage tools - LonelyFool
Aml dtb, unpack tools - LineageOS
simg2img - anestisb
img2sdat, sdat2img - xpirt
simg2img - A.S._id
let me know if i missed anyone
Contribution:
If you want to contribute or fix something i broke, just fork and give a pull request with your changes
Support:
XDA is preferred for main discussion. But if you need any other support, check support group.
Reserved
How can I download it? It seems very similar to Vortex's kitchen.
kalehrl said:
How can I download it? It seems very similar to Vortex's kitchen.
Click to expand...
Click to collapse
You can clone the repo or download as zip from github. Yes this was done on top of vtx_kitchen
I just tried it. I unpacked level1 fine. When I tried level2, the terminal window didn't open. I realised I needed python for Windows so I installed it and level2 unpacked fine. Maybe add a notification to install Python. Level3 unpacked boot, logo and recovery but no dtb:
Spoiler: level3
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: recovery.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_RECOVERY_DTBO_SIZE 438
BOARD_RECOVERY_DTBO_OFFSET 15835136
BOARD_HEADER_SIZE 1648
Unpacking ramdisk to "ramdisk/" . . .
Compression used: gzip
20266 blocks
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_HEADER_SIZE 1648
Warning: No ramdisk found to be unpacked!
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
dbg:res-img ver is 0x2
dbg:item level3\logo/bootup
dbg:item level3\logo/bootup_X3
dbg:item level3\logo/upgrade_bar
dbg:item level3\logo/upgrade_error
dbg:item level3\logo/upgrade_fail
dbg:item level3\logo/upgrade_logo
dbg:item level3\logo/upgrade_success
dbg:item level3\logo/upgrade_unfocus
dbg:item level3\logo/upgrade_upgrading
FATAL ERROR: Blob has incorrect magic number
Done.
Press any key to continue . . .
I tried _pack_zip_to_aml.bat but it says to install python from Microsoft store. I uninstalled the existing python, installed python 3.10 from MS store but it still doesn't work.
kalehrl said:
I just tried it. I unpacked level1 fine. When I tried level2, the terminal window didn't open. I realised I needed python for Windows so I installed it and level2 unpacked fine. Maybe add a notification to install Python. Level3 unpacked boot, logo and recovery but no dtb:
Spoiler: level3
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: recovery.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_RECOVERY_DTBO_SIZE 438
BOARD_RECOVERY_DTBO_OFFSET 15835136
BOARD_HEADER_SIZE 1648
Unpacking ramdisk to "ramdisk/" . . .
Compression used: gzip
20266 blocks
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
1 file(s) copied.
Android Image Kitchen - UnpackImg Script
by osm0sis @ xda-developers
Supplied image: boot.img
Setting up work folders . . .
Image type: AOSP
Splitting image to "split_img/" . . .
ANDROID! magic found at: 0
BOARD_KERNEL_CMDLINE androidboot.dtbo_idx=0 --cmdline root=/dev/mmcblk0p18 buildvariant=userdebug
BOARD_KERNEL_BASE 0x01078000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_HASH_TYPE sha1
BOARD_KERNEL_OFFSET 0x00008000
BOARD_RAMDISK_OFFSET 0xfff88000
BOARD_SECOND_OFFSET 0xffe88000
BOARD_TAGS_OFFSET 0xfef88100
BOARD_OS_VERSION 9.0.0
BOARD_OS_PATCH_LEVEL 2018-08
BOARD_HEADER_VERSION 1
BOARD_HEADER_SIZE 1648
Warning: No ramdisk found to be unpacked!
Done!
Failed
1 dir(s) moved.
1 dir(s) moved.
dbg:res-img ver is 0x2
dbg:item level3\logo/bootup
dbg:item level3\logo/bootup_X3
dbg:item level3\logo/upgrade_bar
dbg:item level3\logo/upgrade_error
dbg:item level3\logo/upgrade_fail
dbg:item level3\logo/upgrade_logo
dbg:item level3\logo/upgrade_success
dbg:item level3\logo/upgrade_unfocus
dbg:item level3\logo/upgrade_upgrading
FATAL ERROR: Blob has incorrect magic number
Done.
Press any key to continue . . .
I tried _pack_zip_to_aml.bat but it says to install python from Microsoft store. I uninstalled the existing python, installed python 3.10 from MS store but it still doesn't work.
Click to expand...
Click to collapse
i have made some changes now. download or pull from git and check. fixed python missing error not showing in windows. if its still not extracting your dtb then, link me you firmware or _aml_dtb.PARTITION
I reinstalled Python but this time I selected 'add to path' option which is not selected by default. _pack_zip_to_aml.bat now works but I didn't try the resulting image. DTB still isn't extracted with the updated version of the tool. Vortex's kitchen extracts it fine.
I tried to test the image I made from ota.zip and when I try to unpack level2, I get this error while extracting odm partition while other partitions extract fine. Maybe because my ota.zip is encrypted so maybe you can add some type of detection.Vortex''s edition also errors out when unpacking odm with the same error.
Spoiler: log
.....................
Amlogic Kitchen
.....................
Select level 1,2 or 3: 2
Python 3.10.2
imgextractor: Vortex Edition
Traceback (most recent call last):
File "imgextractor.py", line 374, in <module>
File "imgextractor.py", line 360, in main
File "imgextractor.py", line 346, in __getTypeTarget
File "imgextractor.py", line 338, in checkSignOffset
OSError: [WinError 8] Not enough memory resources are available to process this command
[2700] Failed to execute script imgextractor
imgextractor: Vortex Edition
Convert product.PARTITION to product.raw.img
Extraction from product.PARTITION to product
imgextractor: Vortex Edition
Convert vendor.PARTITION to vendor.raw.img
Extraction from vendor.PARTITION to vendor
kalehrl said:
I reinstalled Python but this time I selected 'add to path' option which is not selected by default. _pack_zip_to_aml.bat now works but I didn't try the resulting image. DTB still isn't extracted with the updated version of the tool. Vortex's kitchen extracts it fine.
I tried to test the image I made from ota.zip and when I try to unpack level2, I get this error while extracting odm partition while other partitions extract fine. Maybe because my ota.zip is encrypted so maybe you can add some type of detection.Vortex''s edition also errors out when unpacking odm with the same error.
Spoiler: log
.....................
Amlogic Kitchen
.....................
Select level 1,2 or 3: 2
Python 3.10.2
imgextractor: Vortex Edition
Traceback (most recent call last):
File "imgextractor.py", line 374, in <module>
File "imgextractor.py", line 360, in main
File "imgextractor.py", line 346, in __getTypeTarget
File "imgextractor.py", line 338, in checkSignOffset
OSError: [WinError 8] Not enough memory resources are available to process this command
[2700] Failed to execute script imgextractor
imgextractor: Vortex Edition
Convert product.PARTITION to product.raw.img
Extraction from product.PARTITION to product
imgextractor: Vortex Edition
Convert vendor.PARTITION to vendor.raw.img
Extraction from vendor.PARTITION to vendor
Click to expand...
Click to collapse
i have pushed a fix for dtb now. odm error is mostly because its an empty partition
2 other kitchens extract the odm partition just fine. The one from CRB: https://forum.xda-developers.com/t/tool-windows-kitchen-crb-v3-0-0-beta14.3947779/ and another one from a Russian developer from 4pda. The partition isn't empty. How does this kitchen handle encrypted partitions? I think in the ota.zip I mentioned, boot and dt.img are encrypted. Vortex's kitchen recognises encrypted partitions and they have .enc suffix at the end. I tested with encrypted factory img for X99 Max + box.
kalehrl said:
2 other kitchens extract the odm partition just fine. The one from CRB: https://forum.xda-developers.com/t/tool-windows-kitchen-crb-v3-0-0-beta14.3947779/ and another one from a Russian developer from 4pda. The partition isn't empty. How does this kitchen handle encrypted partitions? I think in the ota.zip I mentioned, boot and dt.img are encrypted. Vortex's kitchen recognises encrypted partitions and they have .enc suffix at the end. I tested with encrypted factory img for X99 Max + box.
Click to expand...
Click to collapse
i havent tried any firmware with encrypted partitions yet. i will check soon
I can send you my ota.zip if you need it. Here you can find X99 max plus firmware: http://geekbuying.mediafire.com/fil...3_d4_sp6330_100m_20200917_r1(x99max+).7z/file
kalehrl said:
I can send you my ota.zip if you need it. Here you can find X99 max plus firmware: http://geekbuying.mediafire.com/fil...3_d4_sp6330_100m_20200917_r1(x99max+).7z/file
Click to expand...
Click to collapse
Now you can extract odm. i was using an old binary from Vortex. now using python script, same as linux one. and
i think your dtb is encrypted, not sure. im not able extract yours. i can extract meson1 (also dtb). added support for that.
The dtb I attached is not encrypted. It is from a SlimBox custom rom. I will send you the link to my ota.zip in which some files are encrypted, probably boot.img and dt.img. Other files should be fine.
EDIT: With the new version, dtb is decompiled successfully
althafvly said:
Dump os from device through adb/flash/mask mode
Click to expand...
Click to collapse
I've stumbled upon an interesting script for dumping fw via adb from [email protected] I think. Maybe I can send it to you to have a look and improve on it and make it available on github.
It seems that it doesn't extract Android 7.1 images correctly.
system/usr folder isn't extracted and the terminal window closes prematurely.
I tried this image which extracts fine with another tool:
0 byte folder on MEGA
mega.nz
New changes
- Allow user to select vortex/python for extracing firmware in windows
- Added support to dump firmware from mask mode
- Added support for firmwares with super.img
Note: i have only test this in some firmware/device. report if theres any issues.
Create flashable zip from amlogic image
i created a zip can I flash this with or without wiping anything in twrp ?
failed with error 6
cali.s said:
Create flashable zip from amlogic image
i created a zip can I flash this with or without wiping anything in twrp ?
failed with error 6
Click to expand...
Click to collapse
Not sure which device and firmware your are talking about. Its better if you wipe before flashing and its best to flash amlogic image if you have one.
I tried to dump_to_aml.sh Android 6 image but it failed:
[email protected]:/home/kalehrl/Templates/android/AmlogicKitchen# ./dump_to_aml.sh
Code:
.....................
Amlogic Dumper
.....................
Unpacking system
Repacking system
Repacking boot
Repacking recovery
Repacking logo
Enter a name for aml package:
ott
[ERR]f(AmlImagePack.cpp)L1312:Open pack image out/ott.img failed
Image pack FAILED
.....................
Done.
I can send you my TWRP backup of the original iamge to try if you have time.
kalehrl said:
I tried to dump_to_aml.sh Android 6 image but it failed:
[email protected]:/home/kalehrl/Templates/android/AmlogicKitchen# ./dump_to_aml.sh
Code:
.....................
Amlogic Dumper
.....................
Unpacking system
Repacking system
Repacking boot
Repacking recovery
Repacking logo
Enter a name for aml package:
ott
[ERR]f(AmlImagePack.cpp)L1312:Open pack image out/ott.img failed
Image pack FAILED
.....................
Done.
I can send you my TWRP backup of the original iamge to try if you have time.
Click to expand...
Click to collapse
dump to aml script isn't ready yet. Im still testing it. I will check on free time. This error is because script isn't able to create ott.img. Try different name or close any apps which using that ott.img file.