Related
Important notice! : iLLNiSS made me aware of a serious risk!
If you play with the firmwares manually and not with the flash all bat then DO NOT flash the blobs!
These are the actual bootloader files and stuffing up here will cause a hard brick!
I have to stress this out as it is serious thanks to not having working APX drivers a flshing programs for the Shield!
For starters, I uploaded a copy of the 7.2 developer firmware here:
7.2 developer ZIP on Dropbox
It is the full 1.1Gb update and not the 422mb block based one.
I have done some extensive tests since the first block based update wrecked my rooted Shield.
Some of it will end up in this post as info for everyone.
But lets start with what seems to be the problem for a lot of users right now who run a rooted Shield : Fixing the problem
A downgrade is officially not supported by Nvidia but my tests showed it works just fine if you only go back to the 7.1.
So far my tests showed differen sources for a Shield no longer working after the OTA.
1. The device had an unlocked bootloader and you got the 422mb block update.
This would have stuffed your bootloader and the Shield won't go past 1/4 on the progress bar for the update.
You are in luck as just flashing the 7.1 bootloader will fix it.
After that just dismiss the update and change the settings to manual updates.https://forum.xda-developers.com/editpost.php?do=editpost&p=78466377
2. Your device was already fully rooted and you got the full update that resulted in your Shield doing all sorts of thing but nothing properly anymore.
As long as your apps are still there and the Shield is still somhow usable you are lucky again.
A downgrade to 7.1 will fix it, I will explain the steps required further down.
3. You made bid mods, used Magisk or other rooting tools and now your Shield complains that your system is corrupt.
Bad luck if your bootloader is locked as you loose it all.
Lucky if the bootloader is unlocked as you might be able to keep most if not all during the downgrade.
General words of warning:
Even if your bootloader was unlocked from day one I can not garantee that the downgrade will keep all settings, apps, databases and so on.
For me it works fine as I kept all vital databases on external storage.
The procedures are all based on the developer firmware, on the stock firmware some things can still be done but then again you should not have more than software problems.
On the stock firmware the bootloader is locked by default and you can use some things required to owngrade due to the restrictions of a stock system.
General downgrade procedure for the developer firmware to get back to 7.1 :
If the update did get stuck on the progess bar early on and a reboot won't fix it so you can dismiss the update you just follow the steps.
If you can reboot into the 7.1 then just dismiss the update.
Trust issues or curruption warnings at boot but an otherwise working shield on 7.1 require to flash the 7.1 bootloader again.
In some cases it is possible to skip the corruption warning with a connected controller.
A reboot once you got to the homescreen will determine how bad it is.
Reboot goes fine: You are good.
Reboot keeps nagging with warnings other than the unlocked bootloader: Downgrade.
The downgrade is only required if you have problems or the Shield already runs on the 7.2!
In almost all other cases just flashing the 7.1 bootloader is sufficient.
Fixing a stuffed Shield by sideloading the 7.1 firmware while keping all apps and things:
Enable USB debugging and allow the connections for the computer if you still have access to the settings.
Otherwise you need to flash the 7.1 fresh and might loose vital things that need to install again.
Reboot into the stock recovery, if you use TWRP flashed on the Shield already then please flash the recovery from the 7.1 firmware first.
Hook up the controller and pressing A or B should get you into the normal recover screen past the dead droid.
ADB sideload XXX - where the xxx stands for the filename you have for the developer ZIP.
After the rebbot you should be back on your 7.1 homescreen and can dismiss the 7.2 update.
Also change the update settings while at it
Fixing a fully stuffed Shield and then downgrading to the 7.1 firmware:
If all went down south then you tried a few things and realised there is no way to get your data back and even less to prevent the 7.2 update.
Installing the 7.1 from scratch forces the setup wizard and before you can get anywhere you need to update to 7.2
So much easier to use the linked 7.2 update from above until Nvidia provides it on their download servers.
A vital thing to do is to keep the bootloader locked!!
Same for NOT having TWRP installed on the Shield!
If in doubt flash the 7.1 boot and recovery partitions first then go back into the stock recovery and wipe the cache.
Coming from a stock developer firmware with just an unlocked bootloader you are good to go.
Sideload the 7.2 update.
Unplug when the reboot starts and go into fastboot to lock the bootloader: Fastboot oem lock.
This is a vital step as the new kernel otherwise could ruin the completion of the install.
Ignore the double hassles and go through the wizard so you can enter the settings again to enable the developer mode and USB debugging.
Unlock the bootloader so you can do it all again Last time I promise!
Once you have both the bootloader unlocked AND the Shield in a usable condition past the setup wizard:
Reboot into the recovery to sideload the 7.1 firmware.
After the next reboot you are back on the 7.1 homescreen drirectly and can dismiss the update.
Possible tricks that can help you to prevent the installation of the 7.2 update if you come from a fresh 7.1 install instead:
Don't allow the reboot and instead use ADB to reboot into the recovery.
Wipe the cache - this will remove the scripts required to start the update after the reboot.
The next reboot should bring you back to the homescreen where you can stop the new download of the update and change the update settings.
TWRP, full root and new security measures in 7.2:
The 4.9 kernel used also makes use of a Fstab configuration that no longer includes the system partition.
This and other restrictions currently make the normal use of Magisk impossible.
With no system partition available to Magisk the changes in the boot process come to a stop and the Shield gets stuck during boot.
The added restrictions also make it very, very hard to manually add SU and busybox.
At least without getting the currupt system popup on every boot and finding out that a lot of things still don't work properly.
A final 7.2 firmware is said to be available on the download servers today.
If this final is no different from the current OTA then it will not be of any use for users requiring a fully rooted devices.
With the stock recovery still using the old kernel all attempts to use recovery functions to alter the system for rooting fail as well.
Can't blame the company as all this is part of Google revamp og security and closing backdoors and loopholes for possible attackers.
Personally I think it is Googles way of keeping control over devices they don't actually own.
Anyways I did make some little progress:
Plans for the near future:
Security is good but I like to know what my Android devices are doing and especially what Google likes to collect if I can not find ways to stop it.
So I will not try to use any backdoors or secrurity vulnerablilites in the new kernel to allow a full root on my Shield.
I will go the route I know best: Manual labour
The bootloader is already fixed to allow what we are used to from previous developer firmwares.
As SU and busybox can not be manually entered at this stage I will try to include them directly in the stock 7.1 firmware while renaming the OTA updater to have it a bit easier.
Assuming that works as expected I will do the same on the 7.2 firmware and compare the corresponding scripts and so on.
If the standard SU still works on an "unlocked" 7.2 I should be able to adjust the Magisk ZIP accordingly to implement it into the bootloader.
Only need to figure out if Magisk then has enough rights to work and the system is still happy to accept the changes.
I noly have the 16Gb 2017 model to work with but since the bootloader seems to be same for all Shield models I think if it works then it should do so for all models.
In the meantime I hope the infos here will help some pople to get their shield back without the need to sent it in.
Update 25/12/18: I got TWRP working on 7.2
This is only true for the 2017 model though as I have only this for testing.
Currently creating a backup to the internal storage.
If the restore works then I will upload the new TWRP - for the said model only!
Give me a day or two to fix it for the other models too.
There is progress on the rooting front as well.
Created new scripts for my kitchen to be able to handle the new file_context thing.
A fully pre-rooted and totally unsecure (in terms of ABD, DM-verity and such) is already cooked, just did not dare yet to try it out as I have a real life job too.
As for the pre-rooted firmware:
Things have changed quite a bit with the new kernel in terms of "just adding SU or Magisk".
Magisk might see an update for this problem soon, SU however seems to tally fail on two levels.
So far I was unable to do a full install of the modded firmware.
Flashed all at once and the boot just hangs.
Bootloader, reboot, then the rest seems to work.
At least for the basic install of the system.
If I add SU and busybox the system still ends up with a corrup notice during boot and then it fails.
Tune in over the next few days for progress updates at the end of the thread.
Major developments will be added right here.
Just a matter of finding the last restrictions.
Once that is done Magisk should be possible as well.
Ok, TWRP boot fine, does a backup but fails to restore the system to a bootable state.
Will now check if at least installing a zip works.
Well, it did not, so TWRP has to wait a few more days
I edited post 3 with instructions on how to "unbrick" and go back to 7.1.
Update 27/12/18: A friend of mine found some intersting stuff.
A 7.2 firmware offering a pure Android without any TV stuff but also a full root possible.
I hope he will share his finding here soon or allow me post it all in his name.
For now lets just say: It really works if done the rght way!
Full write rights, installing Magisk modules and all.
All thanks to an undocumented flaw in the device security structures, so even without any hidden backdoors or such LOL
Update: Whiteak was so kind to provide a working root solution in post 36, please check it.
I can confirm it is working as promised.
So the credits for this one go to Whiteak and the credits for the idea and use of the DTB file to Zulu99 - great idea!
To prevent any problems I advise to perform a factory wipe after the install and before the first boot.
Switch to the stock recovery to do this then boot as normal an enjoy.
A complete firmware with the required mods is sitting on my PC just waiting for idiot behing the keyboard to figure out how to pack it properly for flashing.
Once that problem is sorted and also TWRP working again things will get a lot easier.
Annoying update:
I was not able to confirm my web findings on the 7.2 firmwares bootloader but it seems other devices running the same type of kernel and bootloader and a bit lost now.
AVB is fully implemented on the latest level.
(Again I am working on confirming or denying these findings!)
This means any alteration to vital parts of the system will fail with a corruption warning or worse.
Custom recovery access is limited if not fully restricted.
But even if it works you still need a firmware to flash that either is able to disable all this crap, hoping the bootloader alone will allow it, or
to hope Nvidia will provide a future bootloader update with these restrictions removed.
We can not downgrade the bootloader and even if there is some old one out there that would actually be flashable the risk is high to end with a brick anyway.
The DTB, at least in my tests gives us the required system wide write access but I have no information about the AVM verfified boot other than that Zulu99's firmware works.
But if it was compiled with the NVidia developer suite then it will be signed accordingly so the bootloader accepts it.
Could not find any info on how his firmware was actually created.
It gives me the hope though that once I have a fully working TWRP again that my modded 7.2 will work as expected and with no restrictions anymore.
Thanks for the info.
Edit: Will use this post to list options to recover the Shield is all seems lost.
As a result of far too much rom cooking and mods I needed a 100% working way to recover the Shield in case things turn very ugly.
So lets sum up what I define as very ugly when playing with firmwares:
1. Firmware installed but the Shield just hangs on the logo.
2. Firmware installed and now the system is corrupt and even it is boots it takes forever to get around the nag screens.
3. Firmware downgrade attempted but now the Shield won't even boot anymore.
4. Anything that would qualify for a soft brick.
My worst case when I only got a flashing white screen after trying to restore a TWRP backup under 7.2.
There any many way that work for a variety of boot problems but it takes too long to list all cases I encountered with a list of fixes that work or a comment that only the below way works.
So just to be clear here: This is not for any recovery purpose other than fixing what can't be fixed through a factory reset or fresh flashing of the firmware!
1. Get the Shield into Fastboot mode: Connect wired controller and male to male USB cable.
2. Power the Shield up while holding A and B on the controller.
Keep holding until you see the fastboot menu on the screen.
3. Install the 7.1 recovery firmware for your Shield type after unpacking it.
With Fastboot connection working type: flash-all.bat and hit enter.
4. Keep an eye on the progess!
5. Once the Shield is finnished and reboots, hold the A and B buttons on the controller again to enter fastboot mode!
Do not let the Shield boot up other than into the fastboot mode!
6. Lock the bootloader! Fastboot oem lock
Confirm with the controller, then go down and select the recovery kernel.
7. Once the dead droid is on the screen press B on the controller to enter the real recovery.
If B does not work try A
8. Select the factory reset option to wipe all!
9. Once the wipe is done you can boot into 7.1 as normal again.
10. With a bit of chance you might even get directly to the homescreen if the previous setup was completed.
If you need the full seup wizard again and are forced to update to 7.2 then at least the update will work fine this time around.
In case you desire to go back to the 7.1:
If you just finnished the above only to end with the 7.2 then set it up and flash the 7.1 - you won't get the setup wizard again and can skip the update.
If you are on a working 7.2 that was update the OTA way but want to go back:
1. Install the 7.1 firmware.
2. Lock the bootloader.
3. Boot and then skip the update to 7.2.
Any idea what to do if the Shield sticks at the NVidia logo when you select Recovery from Fastboot? I reflashed boot and got the same result.
psycho_asylum said:
Any idea what to do if the Shield sticks at the NVidia logo when you select Recovery from Fastboot? I reflashed boot and got the same result.
Click to expand...
Click to collapse
It won't work from fastboot.
Fastboot operates on a different level and calling the recovery from there lets it end up in nowhere with no access to the system.
You need to boot into recovery through ADB as (for the new model) without a power button and usable hardware buttons we can't get into it otherwise.
Having said that, the fastboot way should still work with an unmodified bootloader.
When the dead droid is on the screen the recovery should be available after pressing the A button on the wired up controller.
But during my tests on 7.2 it did not always work, so you might have to try a few times and also try the B button.
Downunder35m said:
It won't work from fastboot.
Fastboot operates on a different level and calling the recovery from there lets it end up in nowhere with no access to the system.
You need to boot into recovery through ADB as (for the new model) without a power button and usable hardware buttons we can't get into it otherwise.
Having said that, the fastboot way should still work with an unmodified bootloader.
When the dead droid is on the screen the recovery should be available after pressing the A button on the wired up controller.
But during my tests on 7.2 it did not always work, so you might have to try a few times and also try the B button.
Click to expand...
Click to collapse
I have not been able to get to the dead droid screen.
Downunder35m said:
For starters, I uploaded a copy of the 7.2 developer firmware here:
7.2 developer ZIP on Dropbox
It is the full 1.1Gb update and not the 422mb block based one.
(snip)
Click to expand...
Click to collapse
Thanks for posting this, but please note that this firmware is only for the 2017 16GB model and cannot be used with a 2015 or Pro model.
I just got a 7.2.1 update that forced me to update. Wouldn't give me an option to skip it... As soon as I turned on my Shield, it said something about the 7.2.1 update and then rebooted and installed.
I was holding off on updating too so I didn't lose root. Now I'm unrooted and am unable to get Magisk working again until I can get my hands on a 7.2.1 bootloader... Bleh.
Weird, I am not getting the 7.2.1 at all here.
And since yesterday the OTA only tries the block based but not the full image.
AthieN said:
I just got a 7.2.1 update that forced me to update. Wouldn't give me an option to skip it... As soon as I turned on my Shield, it said something about the 7.2.1 update and then rebooted and installed.
I was holding off on updating too so I didn't lose root. Now I'm unrooted and am unable to get Magisk working again until I can get my hands on a 7.2.1 bootloader... Bleh.
Click to expand...
Click to collapse
I was able to downgrade using the 7.2 image after setting up the device on 7.2.1 OTA just make sure you disable automatic updates
Thanks downunder this kind of in-depth info is always appriciated man........i like to learn these kind of things, having bits here and bits there gives a better picture of the whole, while also giving us upto date current info.
Thanks for taking the time to write this :good:
---------- Post added at 07:35 AM ---------- Previous post was at 07:27 AM ----------
Edit
Hi downunder, could you confirm i have this correctly
With no access to fastboot thus no twrp or root, are you implying, assuming your able to inject root into stock firmware, that, i'd be able to flash this stock+root rom in STOCK recovery, which i do have access to?
Edit: im under the impression that stock firmware zips are checked by stock recoveries, so modifying a stock firmware zip tends to fail this check and thus wont install/flash.......which makes me think im misunderstanding here......or just hoping im not
If so, im interested
Edit
i just read your second post which near enought answers my curiousity, so that'll teach me to read beyond the first post before asking answered questions ........even if the post excites me............ahhh, who am i kidding, ill probabably do it again........the equivelancy of a mental post boner........not controllable
Sorry for the disgusting analogy
SyberHexen said:
I was able to downgrade using the 7.2 image after setting up the device on 7.2.1 OTA just make sure you disable automatic updates
Click to expand...
Click to collapse
Did I understand it correctly? You successfully downgraded from 7.2.1 to 7.2?
ErAzOr2k said:
Did I understand it correctly? You successfully downgraded from 7.2.1 to 7.2?
Click to expand...
Click to collapse
Yes,
Just ran flash all from the bootloader. For the newly released 7.2 developer_rooted factory image.
As long as we don't jump to Android 9 we should always be able to downgrade through a full factory firmware.
Once Android 9 comes this might not work anymore due to the massive changes involved for the boot and system checks.
@banderos101: Unless you really did something bad you should always be able to enter the fastboot mode to flash a full firmware.
If I have some time after xmas I will have another look on the options of signing the zip properly or simply to fake it.
Biggest problem will be to generate the corret SHA checksums ince all is installed so I can use the same checksums in the check files.
The bootloader needs them to identify the system and vendor as genuine.
The system needs them to confirm all is actually unmodified as otherwise all fails to boot at some stage.
Modding a proper userdebug firmware is not really that hard, but converting a release version that also is a true and secure user release...
Lets just say that it won't be an easy task.
As it looks like the kernel is a keeper I might have to figure something out unless TopJohnWu won't enjoy a break after his exams and works on a way to get Magisk working with out kernel.
At least I figured out why the recovery trick isn't working for me.
The system partition is not mounted for the sideload mode.
To apply an update the stuff is written directly onto the partition, so no file level access left to play with and break things
In comparison you could say the shield is now like a modern car with keyless operation only.
You know you can start it with ease, if you only could the remote that you left in the drivers seat when you locked the door
SyberHexen said:
Yes,
Just ran flash all from the bootloader. For the newly released 7.2 developer_rooted factory image.
Click to expand...
Click to collapse
Just wondering what is achieved by going back to 7.2?
What do you mean "going back"?
Right now the 7.2 is the official and latest firmware.
I was unable to get my hands in the 7.2.1 but guess it might have been a testversion for certain models only.
I wasted a few hours trying to fix the system image.
First stage was only to get the basic "features" back, like full ADB support, enabling the support to use SU and busybox....
Just what is required to actually allow these nice apps we like to gain root to work.
This backfired badly as right after the start the bootloader complained about the system being corrup and no override to get past this worked.
So of course I then removed the known restrictions from the bootloader...
As you guessed it the damn thing then did not even boot at all, just jumped right into the (locked) recovery mode.
A half decent comparision with my last manual root on a tv box that was a success showed I still did the right things...
If anyone wondered why we needed a new bootloader for the support of smart helpers an some codes stuff:
We didn't as all this could have been done with the 7.1 bootloader as well.
Since my root attempts so far all ended either in disaster or in a root access that failed shortly after/corrupted the system, I took a look of the general kernel changes that were published for other devices.
Before I could find anything meaningful I realised the 4.9 kernel is actually a requirement for Android Pie!
With that info sorted I started digging inti the new "security" features Pie can offer.
I will try to keep it simple and to the stuff that actually concerns us for rooting purposes:
The new boot process with Pie is aimed at being secure from the hardware level up and all the way into the system partion once the boot is completed.
So the hardware checks if the bootloader is actually usable - we had that for a long time, nothing new.
Once the bootloader starts and reaches the point of actually getting somewhere, all partitions required will be checks by either a hash check or a trusted certificate gererated at boot time that is compared to the previous certificate.
Only if that is fine the bootloader will call upon the system and vendor partitions.
The handover of control from bootloader to the system is made far more secure as well.
SELinux is called early on to ensure that only trusted apps and tasks can work but also to all a new control level.
System related apps no longer run as root or with special permissions.
Instead every single app and service runs as its own user!
And under SELinux conditions this means nothing can access anything that it is not entitled to unless included as a user for the other app.
And with that sorted the vendor stuff is called to ensure all hardware and vendor related stuff is still genuine - this include the required certs but also the recovery and bootloader hash codes and certs.
So if something is fishy either SELinux will stop us or the vendor stuff will just overwrite it all.
Once we finally reach the system stage the recovery is checked if called from within the system, if fully implemented it could mean that using an official update on a modded firmware will delete all data as the encryption from the old system is declared invalid.
Sadly it does not stop there because even with full rigths (faked or otherwise) to access the system partition with write access we still can not just change things.
If something belongs to a user (a secure app) than a change will corrupt the system.
To overcome all this without using vulnerabilities that so far no one has found, a compatible userdebug release has to be created from the official user firmware.
DM-Verity needs to be disabled as well as all partition encryption stuff.
The bootloader needs to be adjusted to reflect these changes and the required turst certificates generated and included in both system and boot images.
The only problem here is that the kernel won't allow these changes unless it itself is a userdebug kernel.
After that it is only the little efford to go through about 60 different scripts to remove or redirect the calls for all boot and system security related things.
If then by some chance all this actually boots up and goes all the way into a usable homescreen the entire stuff needs to be secured again.
This time so that the final system has a correct cert and checksum that matches those we need to include in the bootloader.
Anyone knows how to gain full access to the trusted keystore on the 4.9 kernel? LOL
For the moment I don't really care about all the stuff above.
I would be happy to figue out what to make out of these new fstab configurations without the vital partitions listed.
The real aprtitions used have not changed but it is impossible include them in the fastab, doing so causes the bootloader to fail.
Presumably because the kernel realised we try to get around the verification process.
This and some other minor things are also the reason TWRP fails so badly, same for the stock recovery by the way.
Since TWRP is toy a lot us like:
TWRP and 7.2....
Without a system partion in the bootloader fastab TWRP can not mount it.
Same for all other things TWRP needs to mount as it simply does not have the right to access these areas.
To make things worse, we need system access to even start TWRP through fastboot.
So, now matter if we flash or start it through fastboot: The bootloader and system will realise our recovery does not match the checksum.
What does al this now mean in terms a lot more people are able to understand?
Let me try...
Imagine the 7.2 in a running version would be just some encrypted file with a lot of folders in it.
And like PGP or other encryptions software we know there is a private and a public key.
With the public key you can see a lot and use most the encrypted file - but only to a level that is required, nothing above your low level clearance.
For every attempt to write into this file or to make changes we need the private key.
If you follow so far then lets just say the recovery (stock) and Fastboot can be, to some extent, used for this access.
But since every folder in the encrypted file also uses private and public keys it is like tracing a tree.
Although it is getting too long, let me give you the example of just adding SU to the sytem partition:
Adding SU into the system image is no big deal.
Singing this image to get a usable key and including this key into the keystore is.
Assume we would just be able to do it....
SU needs to be called quite early in the boot process.
It then elevates the access level for certain things and also intercepts all root related requests from apps and services.
Except of course those that already had these rights by default.
Problem here is that adding the scripts we need plus changing some others means violating the tree of trust on the device and we get locked out.
Finding a spot to add the required rights for SU might be still possible.
On the other hand it will be impossible to give SU any rights or access to "trusted user" owned parts, files, folders, partitions....
The entire concept of SU just fails.
I will have to check how much of the new features are active in the 7.2 kernel that hinder us.
If I find enough it might be possible it enough to call for a Magisk update.
But I guess it is of little use for just one set of devices, so maybe once more devices on the 4.9 kernel fail to work with Magisk it will be easier to spot a usable pattern.
In case someone else if already working ona mdified system: Please let me know how you made it boot after the changes
Shield Tv 16 2017 - OTA update 7.2.1 Ready for updating
Im on 7.1. I have been waiting for 7.2 developer image, which is now out and just noticed 7.2.1 is available OTA. I'm really confused what to do. I want to keep root without bricking my Shield. Should I Stay with what I have as it is running well.
I am not even sure if it is safe trying to update to dev 7.2 image (or if I would want to) by hooking to computer and using ADB Fastboot tools.
Is there any good reason to update to 7.2 or 7.21? and if so how would I go about doing it? Which program is good for flashing developer images or OTA updates. I used to use flash-fire, which seems to be obsolete now and have heard TWRP is incompatible rooting with SU with OREO updates????
Should I play it safe and stay with what I have rather than experiment and end up with a brick? (wouldn't be the first time)
Anyone know if 7.21 is some-kind of bug fix?
Alot of questions but hope someone has some answers.
Thanks for any info.
"You know you can start it with ease, if you only could the remote that you left in the drivers seat when you locked the door "
My fastboot issue
Yeah, i think i busted the microusb somehow with a faulty usb hub, whenever i plug the usb to my raspberrypi/windows box(for adb/fastboot) now, it turns off all usb ports on the pi aswell as the windows box, even when the shield is unplugged, some sort of earth problem maybe
......all i have is adb over network, adb reboot bootloader simply reboots back to system, adb reboot recovery works though.
ive read that fastboot over tcp(ethernet) had been introduced a couple of android versions ago, but i dont think its been implemented in our shields
infact heres a link
https://www.androidpolice.com/2016/...-capabilities-wireless-flashing-isnt-far-off/
Looks like it needs to be specifically added onto a build
As far as you making a stock root build, if you can, that would awesome, more then awesome, but if it becomes more work then you thought dont worry about it, its not like their making it easy
Also, sounds like 4.9/future android is gonna be a nightmare for root......... having the ability to root so that the option is there to see whats going on in the background of these devices, these devices posessing cameras/microphones/old+latest sensors/personal files/personal info, which reside on our personal beings or in our homes........is just one reason why i dont want to see root go away
So what is the purpose of the developer image of 7.2?
Rather, I know the stated purpose of the developer image, but if it is locked in the way described it sounds like the benefit is negated for typical developers.
(e.g. sometimes I debug an application without permissions in order to benchmark or debug a problem).
For casual users of the shield, using ad blockers and whatnot, is there any benefit to derive from installing the developer rom over stock? Does "adb root" still work?
What is left as the difference. It doesn't sound like they produced a userdebug build of the OS.
Thanks
The 2 new updates are horrible. I have gone back to 7.1. They have crippled my shield. I'll wait for a new update.
Hello everyone,
i am new to the device and i have read the threads on unlocking BL & rooting. However, I am still unsure about how to update the device after rooting. Can someone please write out a high level few lines?
You flash the stock firmware then root it again.
Well Id though Id done this enough for that to be a simple job (I did manage to root the device the day I bought it..) But I seem to be having an issue reflashing the boot.img back to the device using Fastboot after updating OTA to 12 .Any ideas?
Well I'm completely out of ideas. I've tried Canary build of Magisk, I've tried using the patched boot.img (waiting on any device eternally in Fastboot).I've tried patching the AP file (as .md5 and as .tar) Process fails each time.....
I was on Rooted 11 but I thought I could UNroot then grab 12 and REroot. Well I did actually have 12 installed (briefly) but now I've got an UNrooted 11, that just sux ,and I should've have never tried to get 12 lol. My BL is still unlocked of course so I just really want to go back to where I started if rooted 12 is a no-go for now. Any help would be greatly appreciated .
Ahalol I'm sorry for high jacking your thread but it said exactly what I wanted to ask :/
Thanks XDA as always!
I finally got it, all good.
ahalol said:
Hello everyone,
i am new to the device and i have read the threads on unlocking BL & rooting. However, I am still unsure about how to update the device after rooting. Can someone please write out a high level few lines?
Click to expand...
Click to collapse
For future reference for anybody who may read this in the future, updating a rooted Tab S7 / S7+ without losing your data is pretty much outlined step by step in the official Magisk installation guide.
Installation
The Magic Mask for Android
topjohnwu.github.io
Scroll down to the Samsung section, and then "Upgrading the OS". It's basically the same as Odin flashing the firmware as you normally would to restore to stock, except you're flashing the Magisk patched AP file in the AP slot instead, and using HOME_CSC instead of CSC in the CSC slot. CSC wipes data, HOME_CSC does not.
With the exception of a few weird Samsung devices (like the S6 Lite), don't listen to ppl who tell you to extract the boot image and flash separately. Just follow the *official* (I felt the emphasis was necessary here, again) Magisk installation guide in this case... Download the firmware file via Frija or whatever your source for firmware is (honestly dude.. just use Frija), extract the files, copy the AP file to your tablet (recommend adb push, not MTP), and use the Magisk app to patch the ENTIRE AP file. This is important because Magisk will also patch out other parts of the firmware like vbmeta, which is what allows it to work around avb restrictions. If you attempt to flash the full bone stock firmware and then a patched boot image separately, you will likely get an error that results in the need to wipe data, because avb (Android Verified Boot) has been violated without having had vbmeta patched among possibly other things, and then have fun with the misery of wiping and starting over... Anyway, after patching the FULL AP file in Magisk app, make sure there were no errors in the log (btw, this is where you can clearly see that Magisk is patching more than just the boot image...) and copy it back to your computer (again, like adb push was recommended before, use adb pull to move to computer), and then flash the BL / Magisk patched AP / HOME_CSC files in their respective slots (and CP if you have LTE model) in download mode. It'll reboot probably twice, then optimize apps before finishing booting to your updated system.
tl;dr - read the official Magisk guide I linked above (notice yet that I keep mentioning this?? lol)
My post is assuming you are on bone stock rooted ROM without custom recovery and/or encryption disabled mods and stuff (e.g. multidisabler mod). Every update for me goes without a hiccup, and I am fairly heavily modded with SafetyNet passing and everything (LSposed / GravityBox / Firefds kit / a bunch of Magisk modules). Loving that these tablets keep Widevine L1 even after rooting.. was my primary reason for buying! I also like / prefer the fact that my tablet is still encrypted without custom recovery so that the chances are my data is still safe should the tablet ever be lost or stolen. Anyway, if you do have custom recovery or flashed multidisabler already, I would definitely do your due diligence and research / ask questions to find out if there's anything different you have to do (different in relation to the official Magisk installation guide resource, or any pre-/post-install quirks).
Sorry, I know I rambled a bit but I hope this post is somewhat informative and able to be followed. Typing it from phone and browser is kinda glitching out. But I just felt the need to type this all out. It seems I don't see so much more misinformation on XDA than on the Samsung subforums lol. D:
i5lee8bit said:
For future reference for anybody who may read this in the future, updating a rooted Tab S7 / S7+ without losing your data is pretty much outlined step by step in the official Magisk installation guide.
Installation
The Magic Mask for Android
topjohnwu.github.io
Scroll down to the Samsung section, and then "Upgrading the OS". It's basically the same as Odin flashing the firmware as you normally would to restore to stock, except you're flashing the Magisk patched AP file in the AP slot instead, and using HOME_CSC instead of CSC in the CSC slot. CSC wipes data, HOME_CSC does not.
With the exception of a few weird Samsung devices (like the S6 Lite), don't listen to ppl who tell you to extract the boot image and flash separately. Just follow the *official* (I felt the emphasis was necessary here, again) Magisk installation guide in this case... Download the firmware file via Frija or whatever your source for firmware is (honestly dude.. just use Frija), extract the files, copy the AP file to your tablet (recommend adb push, not MTP), and use the Magisk app to patch the ENTIRE AP file. This is important because Magisk will also patch out other parts of the firmware like vbmeta, which is what allows it to work around avb restrictions. If you attempt to flash the full bone stock firmware and then a patched boot image separately, you will likely get an error that results in the need to wipe data, because avb (Android Verified Boot) has been violated without having had vbmeta patched among possibly other things, and then have fun with the misery of wiping and starting over... Anyway, after patching the FULL AP file in Magisk app, make sure there were no errors in the log (btw, this is where you can clearly see that Magisk is patching more than just the boot image...) and copy it back to your computer (again, like adb push was recommended before, use adb pull to move to computer), and then flash the BL / Magisk patched AP / HOME_CSC files in their respective slots (and CP if you have LTE model) in download mode. It'll reboot probably twice, then optimize apps before finishing booting to your updated system.
tl;dr - read the official Magisk guide I linked above (notice yet that I keep mentioning this?? lol)
My post is assuming you are on bone stock rooted ROM without custom recovery and/or encryption disabled mods and stuff (e.g. multidisabler mod). Every update for me goes without a hiccup, and I am fairly heavily modded with SafetyNet passing and everything (LSposed / GravityBox / Firefds kit / a bunch of Magisk modules). Loving that these tablets keep Widevine L1 even after rooting.. was my primary reason for buying! I also like / prefer the fact that my tablet is still encrypted without custom recovery so that the chances are my data is still safe should the tablet ever be lost or stolen. Anyway, if you do have custom recovery or flashed multidisabler already, I would definitely do your due diligence and research / ask questions to find out if there's anything different you have to do (different in relation to the official Magisk installation guide resource, or any pre-/post-install quirks).
Sorry, I know I rambled a bit but I hope this post is somewhat informative and able to be followed. Typing it from phone and browser is kinda glitching out. But I just felt the need to type this all out. It seems I don't see so much more misinformation on XDA than on the Samsung subforums lol. D:
Click to expand...
Click to collapse
cheers mate. I am leaning towards rooting my tab s7 now. it dont sound to hard.
Edit I did it did you also have to install safety net module to get safety check working
**Edit: Be sure to read comments at the end of this post******
I've already posted this a few times but I figured I would try to save some people time who want/need to root from any security patch. This is a copy and paste from an answer I gave in another thread but it's a basic how to.
Install DSU sideloader app from playstore to boot a prerooted GSI then use Partitions Backup and Restore app from playstore to save copies on your device. Install magisk app and patch the extracted boot.img and then transfer backups along with the patched boot image to your PC for safekeeping and flash the patched boot.img in fastboot. You can rename any .bin files to .img to flash them if they get extracted as a .bin file. Check your settings in the partitions Backup and Restore app before starting the backup process. You can choose to save them in an easy to find directory and for me it was better to choose to save them RAW/uncompressed then just compress them all into a single archive rather than having a hundred separate archives for each individual partition because it makes it easier if you have to reflash things if you need to recover. You may want to disable battery optimization for the app because it takes a while to extract all the images doing a full backup but its well worth the wait time if it saves you from a brick later on.
I wish I had time to elaborate but hopefully someone else can take the time to elaborate and add to this for anyone needing step by step. I'm surprised nobody has done this already.
Credits to AndyYan for giving advice on the root method. I stole this from him and just made a post with a title that makes it easier to find since so many are still asking how to go about rooting their devices.
*****REQUEST TO COMMUNITY********
There are many who are already on August Security patch and i dont have time to update and post the newest images. So if you are on august patch and pull backups I ask that someone please be so kind as to upload a copy of your backup to Google Drive or a filehosting server of choice and post a new thread so that others can unbrick their devices.
*Please ***DO NOT include**** the following partitions*:
DEVINFO
DINFO
FRP
KEYMASTER_A
KEYMASTER_B
KEYSTORE
LOGDUMP
***MDM1M9KEFS1
***MDM1M9KEFS2
***MDM1M9KEFS3
***MDM1M9KEFS4
MODEMDUMP
OPLUS_SEC_A
OPLUS_SEC_B
RAWDUMP
SECDATA
STORSEC
USERDATA
VM-KEYSTORE
*** These partitions may/contain YOUR personal device info, DO NOT make these public***
You can make a new Google account for the sole purpose of uploading these for the community so as not to fill your own GDrive. Be sure to change permissions for the images to share with anyone who has the link. This would be very much appreciated by many.
*****Update 09/18/2022*****
Thanks to ctschrodinger88 & dmtec for posting more detailed instructions!!! you can find ctschrodinger88's instructions below, scroll down to the 5th post.
dmtec also posted instructions in another thread linked here: https://forum.xda-developers.com/t/august-boot-img.4491831/post-87426877
we are still in need of august modems if anyone cares to upload them to their drive and link them or any other filehosting service.
can you suggest me a pre rooted gsi rom please?
thanks
fictisio said:
can you suggest me a pre rooted gsi rom please?
thanks
Click to expand...
Click to collapse
i used crdroid but its buggy, launcher crashes but its useable, atleast to get this done and then be sure to discard it in the DSU sideloader notification when you reboot so the inactive slot is empty, it will make for easier updates/mods later
has anyone had luck flashing the file in this article? https://www.getdroidtips.com/oneplus-nord-2t-5g-firmware-flash-file-2/#google_vignette
I used the info provided and referenced here as a guide and some external pieces and have things working.
I'll caveat the following, I don't remember the current firmware version I started with, but I'll try to remember to update.
I have the Nord N20 5g, but not the T-mo branded one, though in looking at this, the concepts should be the same.
Base assumptions:
- If you haven't done these beforehand, stop and take care of it. Research if you need, but please DO NOT just keep going or copy, paste, and run, without understanding to some extent what you're doing. If you just run commands it can be much harder to fix later.
a. Your phones bootloader is unlocked. (If you haven't already done it, when you do, your data will be gone, so if you care, back it up NOW)
b. You have access to an Android terminal of some sort (adb or on-device terminal) and you know how to use it. Unless you absolutely can't use a computer for some reason, I would use adb, it makes data backup easier (IMO).
c. You have somewhere to store your backed up partitions (THIS IS IMPORTANT)
Step 0: Download a pre-rooted Generic System Image (GSI) to use. Put it in a good working directory. This page links to several. https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list
I used the LineageOS image by @AndyYan
If you are wondering about the various file endings this is the basic version
Code:
<ARCH>_xyZ
<ARCH> can either be arm, a64 (arm32_binder64) or arm64
x can either be a or b
y can either be v, o, g or f
Z can be N or S
b = a/b
a = a-only
g = gapps
o = gapps-go
v = vanilla (no gapps included)
f = floss (free & open source apps instead gapps)
N = no superuser
S = superuser included
From: https://forum.xda-developers.com/t/teclast-t30-t1px-suitable-gsi-roms.4211427/
Step 1: Enable the Dynamic System Update (DSU) feature flag, you can follow the exact steps for this in this section https://developer.android.com/topic/dsu#feature-flag
If you are unsure, just run the `adb shell` command.
Step 2:
If the image you downloaded needs to be in ".gz" format. Some of the tools will handle alternate types, but that's because it rebundles it at ".gz", you can save some effort doing it yourself.
Code:
gzip -c [IMG_NAME]..img> [IMG_NAME].gz
Step 3: Push the image to the device
`adb push [IMG_NAME].gz /storage/emulated/0/`
This is where I switched from ADB to on-the-device.
Step 4: Download the DSU Sideloader: https://github.com/VegaBobo/DSU-Sideloader
You can do this with adb but I wasn't able to get it to run, so I went with the DSU Sideloader app above which made it much simpler.
Step 5: Run DSU Sideloader. You can follow the instruction there in the README. You will need to run a command that the app provides, either via adb or an emulator. Then you will reboot via the notification.
Step 6: [Once you reboot] Enable Developer tools in phone settings.
Step 7: BACKUP, BACKUP, BACKUP (Please do this now. It will help make life much, much better if you ever have an issue and need to reset.)
This was my process:
Bash:
adb shell
su
mkdir /sdcard/partitions
cd /dev/block/by-name/
for x in *; do dd if=/dev/block/by-name/$x of=/sdcard/partitions/$x ; done
# Note the collective size will be greater than the default space on the GSI boot, so you will want to separate things
# Back on local machine
mkdir [working_dir]
cd [working_dir]
adb pull /sdcard/partitions
# Your files from the adb command should populate the folder
mv [working_dir]/partitions/* [working_dir]/
# On device
rm /sdcard/partitions/*
# repeat the commands above as often as needed.
I don't know for sure all the files you will want to backup, but I pulled everything just to be safe. Keep them safe, because it is your safety net if you fall.
Step 8: Get boot_a or boot_b back on the device along with Magisk.apk (Please only download from here: https://github.com/topjohnwu/Magisk/releases)
Step 9: Install Magisk.apk (you can do this via
Code:
adb install ./magisk.apk
)
Step 10: Launch Magisk and install it to the book image stored on your sdcard.
Step 11: Pull the patched image to your local machine.
Code:
adb pull /sdcard/Download/magisk_patched-[stuff].img
Step 12: Boot phone to fastboot
Code:
adb reboot bootloader
Step 13: This is where there is an ideal and a real.
Ideal command
Code:
fastboot boot magisk_patched.img
where fastboot transfers the files and things just work, and if you reboot the system the regular boot.img is used. I haven't been able to get that to with this device.
I instead just ran
Code:
fastboot flash boot magisk_patched.img
which replaced the existing boot image, which is good, if it works, but if it doesn't, this is why you have backups!!!! Reboot the phone.
Step 14: When you boot, finish installing Magisk and you'll be ready to go.
If I remember other steps I'll add, or if you have questions I will try to help answer.
I just got a MetroPCS nord n20 (gn2200) and will try to root in the next couple days.
ScarletWizard said:
n20
Click to expand...
Click to collapse
Have they removed the unlock portal?
Damn, it's been a long time. Glad to be back.
ScarletWizard said:
No. My serial is 7 digits
Click to expand...
Click to collapse
seems to be a common defect.... if ur device is paid off oneplus can generate you a token but it takes weeks of back-and-forth with support to get it escalated...tmobile may or may not allow you to do that on a device that isnt paid off but i wouldnt even ask tmobile about it if your not paid off already, will only make it harder for those who are trying to unlock theirs if it IS the case that tmobile doesnt want you to unlock it until youve paid the device off in full....oneplus will probably uphold tmobiles decision if your device isnt paid off. for now, we are able to unlock tmobile devices through the portal regardless of the financial status of the device. though you will still be SIM locked unless tmobile unlocks that for you. and their definitely NOT gonna do THAT til it gets paid off.
U.S. carriers dont like customers having unlocked devices and is against most user-agreement policies and can get your service terminated leaving you owing for a device you cant use and for the price of the contract you were on for service
your device is a CPH2459 and not a GN2200?
fictisio said:
can you suggest me a pre rooted gsi rom please?
thanks
Click to expand...
Click to collapse
Andy Yan's Lineage18 or 19..
DrScrad said:
Andy Yan's Lineage18 or 19..
Click to expand...
Click to collapse
pixel experience, crdroid... havent gotten kaleidoscope to work yet. Have heard that someone got aosp a13 going.... There are so many and so long as u use a matching security patch ur good. might work with a newer patch but of the ones ive tried i got thw matching patches to work. If you find one thats on a newer patch in the gsi page you should be able to follow the link and find an older release to match the patch ur on. If ur on may patch try to find a may patch just to make it pess likepy that there will be priblems. If on july or august, likewise find july or august sec patch release. newer patched systems MIGHT work with ur older patched bootloader and other partitions(modems etc...) but def would not advise just straight flashing mismatching security patches... Best to sideload first and see if u can get it working first. Its not very simple to dual boot these devices but i think someone did some work and posted a work around for doing that on a/b devices somewhere on xda......
Am willing to share my stock image with anyone willing to help. I am on the September security update on a OnePlus Nord N20 5G unlocked (Non-Carrier). I am running version 11 and android security update 2022-09-05.
I am having real issues getting LineageOS through DSU. It fails immediately on start every time. Bootloader is unlocked, it even shows through fastboot (Secure boot = on though), flag is set per instructions, and I am trying to install lineage-19.1-20221011-UNOFFICIAL-arm64_bvS.gz . I tried two different versions of the DSU app but nada.
oromis995 said:
Am willing to share my stock image with anyone willing to help. I am on the September security update on a OnePlus Nord N20 5G unlocked (Non-Carrier). I am running version 11 and android security update 2022-09-05.
I am having real issues getting LineageOS through DSU. It fails immediately on start every time. Bootloader is unlocked, it even shows through fastboot (Secure boot = on though), flag is set per instructions, and I am trying to install lineage-19.1-20221011-UNOFFICIAL-arm64_bvS.gz . I tried two different versions of the DSU app but nada.
Click to expand...
Click to collapse
make sure u r using a lineage version with the same security patch as your current OS if your on September u need a GSI on september. i personally gave up on lineage after trying a couple but was successful with a few others while dsu sideloader still worked for me, im not sure what i did to break it on my devices but i havent been able to get it to work on either device in a while.
i have yet to try the october firmware but it should be easy to downgrade and root if you think its the new updates. although make sure ur disabling verity. u might wanna disable the checks on vbmeta_boot too... i usually just disable it on all 3 vbmeta's to be safe.... i have a full july dump and someone else has posted the august dump on TG but that doesnt help in your case since you have the CPH2459 and we are on GN2200's nobody has been able to successfully crossflash them yet and im not sure if it will be possible or not but everyone that has tried it has bricked their devices so far. most have gotten them running again but have lost fingerprint
ScarletWizard said:
im on gn2200
Click to expand...
Click to collapse
Ok my last upload didn't upload correctly for some reason. I will re upload tomorrow I think..... I need to figure out exactly which partitions are device-specific.... I know which partitions get updated in the incrementals so if all of them don't get flashed then everything won't match but I have a feeling that the incrementals update a device-specific partition or two and if so then u will lose fingerprint at minimum...... I think I should just pull full backup of all partitions and then go for it. Worst case so long as u do everything right. U just don't boot and have to reflash the stock boot image... Be sure to flash the stock image to both slots just in case and then switch back to ur active slot and flash the patched boot image. I mean if it was me I would b comfortable doing it but that's completely ur call, I don't wanna encourage anything because there ALWAYS a risk something could go wrong. Power outage or something and it's screwed up but any time u r flashing u will always be taking a risk. Though I think the risk is minimal so long as u do everything right and there's not much to the simple root process, patch the boot image and flash, if it doesn't work then reflash the stock one. If it DIES work out for u we would b grateful for the October firmware if u wanna share it, we didn't get October yet.
ScarletWizard said:
If it dies. Lol scary.
I'm in the process of doing the partition thing
Click to expand...
Click to collapse
If it DOES.. Sry
ScarletWizard said:
who is the ADMIN of this n20 thread?
Click to expand...
Click to collapse
Just look.for the moderator edits lol
PsYk0n4uT said:
seems to be a common defect.... if ur device is paid off oneplus can generate you a token but it takes weeks of back-and-forth with support to get it escalated...tmobile may or may not allow you to do that on a device that isnt paid off but i wouldnt even ask tmobile about it if your not paid off already, will only make it harder for those who are trying to unlock theirs if it IS the case that tmobile doesnt want you to unlock it until youve paid the device off in full....oneplus will probably uphold tmobiles decision if your device isnt paid off. for now, we are able to unlock tmobile devices through the portal regardless of the financial status of the device. though you will still be SIM locked unless tmobile unlocks that for you. and their definitely NOT gonna do THAT til it gets paid off.
U.S. carriers dont like customers having unlocked devices and is against most user-agreement policies and can get your service terminated leaving you owing for a device you cant use and for the price of the contract you were on for service
Click to expand...
Click to collapse
One small problem, although Metron PCS uses T-Mobile towers, they are their own entity and T-Mobile does not have their Bootloader codes. Only OnePlus and Metro PCS have the Metro PCS unlock.bin file. That's what I came here was to try and find a dedicated metro bootloader unlock web page. Like the T-Mobile dedicated page. There is not one so it's going too take several calls over several weeks unless some one here knows a different way or a link to a metro PCS bootloader unlock page? Anyone chime in on this and save all of us that are running in circles back down the straight path to an unlocked bootloader..
jayram1408 said:
One small problem, although Metron PCS uses T-Mobile towers, they are their own entity and T-Mobile does not have their Bootloader codes. Only OnePlus and Metro PCS have the Metro PCS unlock.bin file. That's what I came here was to try and find a dedicated metro bootloader unlock web page. Like the T-Mobile dedicated page. There is not one so it's going too take several calls over several weeks unless some one here knows a different way or a link to a metro PCS bootloader unlock page? Anyone chime in on this and save all of us that are running in circles back down the straight path to an unlocked bootloader..
Click to expand...
Click to collapse
I'm about to file a FCC complaint to get mine then.
I'd like to start by saying after 2 weeks of researching and piecing guides together to unbrick my phone was hell. But once i found the right route it took me less thank 10mins all from a simple tool called Fastboot Enhanced V1.3.0. Now this Nifty little tool took me from bricked phone which was saying "Your img(Boot, Recovery) have been destroyed please flash the right files or contact customer service to fix this problem to Unbricked in less than 10 minutes. It took me 2 weeks of researching but it's finally done. Now most of you will say well you could have use MSMTool or the MTK or even SP Flash Tool. Those are all fine and dandy and all but one problem with those. YOU have to SCOUR the internet to TRY to find files you need to actually be able to use them. I been over several guides. I had when a guide basically says this 1) DO THIS SKIP SKIP SKIP important parts 2) NOW DO THIS. Like WTH was i supposed to do in between 1 and 2. Todays guides lack thoroughism and complettioin. Guides these days take Half Ste;ps and then thrown together.
I will also leave a step by step instructions on how to use the Fastboot Enhanced V1.3.0 in DETAIL on how to get your phone from what mine did to Unbricked state. I will also attack Nord N200 5G DE2118 .img FIles for those who have a hard time scouring the internet for things. I for one get agitated and aggravated as hell when searching the internet for things. Especially when you have to pc things together. I will leave files if it's Fine by staff. Now these files have come directly from my OnePlus Nord N200 DE2118 extracted less than 2 hours ago 10:04 p.m. EST September 10th 2022. Can Only attach One File? and i can't even remove the accidental clicked bmp pic of COD BO Cold War Zombies.
Guide For Using Fastboot Enhanced V1.3.0
1) Download Fastboot Enhanced Tool from: https://forum.xda-developers.com/t/...enhance-payload-dumper-image-flasher.4310553/ from XDA Which is how I came across it. . The Tool is a WINDOWS ONLY Tool. (How many guides i came accross that didn't state whether it's for Windows or Linux) I use Dual Boot so I have both.
2) Install Fastboot Enhanced V1.3.0 and wait for it to finish. Now you will only have to be in Fastboot Mode to do any of this. I can't believe how a semi hard problem was fixed really easy
3) Now you will Have to Have a Payload.Bin File which can be found with any OEM Firmware for Your specific Phone. The Payload.bin allows you to be able to do a Payload Dump Using Fastboot enhance it is at this point if any of your partitions are missing or corrupt you will find out because it will tell you if you can understand the way it's explains it.
4) This Nifty little tool will tell you your device naem whether your phone is using secure boot or not, current slot your phone is using if you have an a/b partition scheme and the update Status. This is Listed Under basice properties. AGAIN MAKE SURE YOUR IN FASTBOOT MODE.
5) Next tab is the Partitions Tab which will List all your partitions currently on your phone . To the right of your listed partitions you will have and ACTIONS Tab. This is the tab where you can flash, erase, delete, create, and Resize your partitions. With this tool You CAN Flash Important Partions So be careful what you flash.
6) Next Tab Over is the Payload Dumper. This is the Tab where you need the Payload.bin File for your specific phone. this will give you payload version manifest size, metadata signatures size Metadata Signatures (Base64), data blobs, singatures size signatures (Base64) Fuill package Yes or No. Timestamp and block size. also under payload dumper tab another tab shows up called the Dynamic Partition Metadata. Now this will list your REALLY IMPORTANT Dynamic Partitions These are the partitions you don't want to flash anything over them. It will give you the Partition group size, which partitions are included and tells you wheter snapshot is enabled or not.
7) Under The payload Dumper tab the partitions tab gets a different Actions box. This time i'ts a box that let's you extract your .IMG files from your phone it allows for incremental as well as to ignore unknown operations and ignore checksums also under this partitions tab it gives you a checksum for each and every one of your partitionss. Ok now on to the Simple but yet comprehensive guide.
8) Now to start you want to add the Payload.bin to the Payload Dumper and then click on the Partitions tab. Once under this tab you will select each partition and hit the extract button and extract it to a folder named something like Flash FIles.
9) you hace to do this for each partition. Once done you will have your .IMG files from your exact phone for future use as well. You then want to click on the Fastboot Visualization tab and then click on Partitions.
10) Once under the partitions tab here, you will want to start flashing your .IMG files to the partitions. it should take you around 10 to 15 mins total to finish flashing everything.
11) Once your finished flashing you want to do a quick Terminal and do a FASTBOOT -W and then Fastboot Reboot and watch your phone start working again.
FEEL FREE TO LEAVE ANY COMMENTS SUGGESTIONS ON WHAT COULD HAVE BEEN BETTER OR IF IT'S NOT ENOUGH DETAIL. I TAKE CONSTRUCTIVE CRITICISM WITH A GRAIN OF SALT. THIS WAS MY FIRST GUIDE I EVER PUT TOGETHER. LOL THIS GUIDE TOOK ME LONGER THAN IT DID UNBRICKING MY PHONE.
BELOW YOU WILL FIND .IMG FILES FOR ONEPLUS NORD N200 DE2118
Thanks so much man. This phone has been an absolute pain in my ass to unbrick, the issue Ive had with Fastboot enchance is that all the firmware versions Ive found seem to contain images it doesnt recognize for the phone.
Do you have the original OTA for these , or the un-extracted payload.bin youd possibly be able to post?
So I went through the process without success, the only abnormalities I noticed were that my device did not have a partition for "my_carrier.img" , so that wasnt flashed.
And upon using the fastboot -w command, it did execute but at the end was given the message "Erase successful, but not automatically formatting.
File system type raw not supported."
Silent_Song1982 said:
Thanks so much man. This phone has been an absolute pain in my ass to unbrick, the issue Ive had with Fastboot enchance is that all the firmware versions Ive found seem to contain images it doesnt recognize for the phone.
Do you have the original OTA for these , or the un-extracted payload.bin youd possibly be able to post?
Click to expand...
Click to collapse
I found the way MSMTool works too. I'm going to probably write a guide for that too. MSMTool is so much easier.
Silent_Song1982 said:
So I went through the process without success, the only abnormalities I noticed were that my device did not have a partition for "my_carrier.img" , so that wasnt flashed.
And upon using the fastboot -w command, it did execute but at the end was given the message "Erase successful, but not automatically formatting.
File system type raw not supported."
Click to expand...
Click to collapse
I had a lot of issues with Fastboot Enhance too until I realized I was the one causing errors. Any logical partition it doesn't recognize you can create an empty partition wiht that name and it will resize it then copy it over. Also make sure whatever slot you're on, so say slot a, your logic paritions would be system_a, system_ext_a, vendor_a, product_a and odm_a except I dont see odm.img in the list of file by OP so I'm not sure if that will even help.
and now i have ran into HARD BRICKED mode trying to flash a custom from. phone will only load EDL and everytime I try msmtool I get the error Check OCDT CDT file empty please redownload it. and I scoured the internet for 4 days now and all I can find is stuff like What is .CDT extension but nothing about having and empty CDT file for android. getting frustrated with it now
Link575 said:
I had a lot of issues with Fastboot Enhance too until I realized I was the one causing errors. Any logical partition it doesn't recognize you can create an empty partition wiht that name and it will resize it then copy it over. Also make sure whatever slot you're on, so say slot a, your logic paritions would be system_a, system_ext_a, vendor_a, product_a and odm_a except I dont see odm.img in the list of file by OP so I'm not sure if that will even help.
Click to expand...
Click to collapse
here is the ODM file. if you might be able to post a cdt file much apppreciated
sorry took so long to upload it for you
MiniNinja2024 said:
here is the ODM file. if you might be able to post a cdt file much apppreciated
sorry took so long to upload it for you
Click to expand...
Click to collapse
Hey I appreciate it but I didn't need it I was just informing the poster above that the ODM file was missing and that might cause an issue when using Enhanced Fastboot. Not really sure what a cdt file is though, sorry.
Im in the US and have the unlocked N200, to unbrick mines i used the MSM tool and selected MetroPCS as my carrier. then after i had phone functionality i put the correct rom on my phone.
hitsndc said:
Im in the US and have the unlocked N200, to unbrick mines i used the MSM tool and selected MetroPCS as my carrier. then after i had phone functionality i put the correct rom on my phone.
Click to expand...
Click to collapse
my phones being recognized as a Oneplus A5000 for some reason now. and it's a Nord N200 i've also been stumped by the attached pic and my phone is stuck in EDL mode
hitsndc said:
Im in the US and have the unlocked N200, to unbrick mines i used the MSM tool and selected MetroPCS as my carrier. then after i had phone functionality i put the correct rom on my phone.
Click to expand...
Click to collapse
Can you link me to the MSM tool you used? I think there might be a few different versions of it floating around for the Nord N200. Mine was purchased unlocked
vipermark7 said:
Can you link me to the MSM tool you used? I think there might be a few different versions of it floating around for the Nord N200. Mine was purchased unlocked
Click to expand...
Click to collapse
this is my version
DE18CB_T-Mobile-MetroPCS_OxygenOS_11.0.1.7.zip | by Scanman0 for OnePlus Nord N200 5G
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
androidfilehost.com
also my phone is stuck in EDL mode and it registers as an android oneplus a5000 tablet for some odd reason i've tried just about every single n200 file out ever since my phone got stuck in EDL mode and evertime same result cdt file
also i had some with same version that i know personally send me his cdt file and same thing says it's empty
and my phone is the Metro-by Tmobile
vipermark7 said:
Can you link me to the MSM tool you used? I think there might be a few different versions of it floating around for the Nord N200. Mine was purchased unlocked
Click to expand...
Click to collapse
and i'm in Florida
Can someone please dump the firmware from this phone & upload it please?
cryptojoe37 said:
Can someone please dump the firmware from this phone & upload it please?
Click to expand...
Click to collapse
I gave up on this phone. no long working on it. Was having major pains with it.
I need the loader from the firmware
cryptojoe37 said:
I need the loader from the firmware
Click to expand...
Click to collapse
the loader ? bootloader?
michaelwaycraig67 said:
the loader ? bootloader?
Click to expand...
Click to collapse
abl/xbl partitions. perhaps some other.
zmashine said:
abl/xbl partitions. perhaps some other.
Click to expand...
Click to collapse
uploading now will give a link after uploaded
zmashine said:
abl/xbl partitions. perhaps some other.
Click to expand...
Click to collapse
2.74 GB file on MEGA
mega.nz
MiniNinja2024 said:
I'd like to start by saying after 2 weeks of researching and piecing guides together to unbrick my phone was hell. But once i found the right route it took me less thank 10mins all from a simple tool called Fastboot Enhanced V1.3.0. Now this Nifty little tool took me from bricked phone which was saying "Your img(Boot, Recovery) have been destroyed please flash the right files or contact customer service to fix this problem to Unbricked in less than 10 minutes. It took me 2 weeks of researching but it's finally done. Now most of you will say well you could have use MSMTool or the MTK or even SP Flash Tool. Those are all fine and dandy and all but one problem with those. YOU have to SCOUR the internet to TRY to find files you need to actually be able to use them. I been over several guides. I had when a guide basically says this 1) DO THIS SKIP SKIP SKIP important parts 2) NOW DO THIS. Like WTH was i supposed to do in between 1 and 2. Todays guides lack thoroughism and complettioin. Guides these days take Half Ste;ps and then thrown together.
I will also leave a step by step instructions on how to use the Fastboot Enhanced V1.3.0 in DETAIL on how to get your phone from what mine did to Unbricked state. I will also attack Nord N200 5G DE2118 .img FIles for those who have a hard time scouring the internet for things. I for one get agitated and aggravated as hell when searching the internet for things. Especially when you have to pc things together. I will leave files if it's Fine by staff. Now these files have come directly from my OnePlus Nord N200 DE2118 extracted less than 2 hours ago 10:04 p.m. EST September 10th 2022. Can Only attach One File? and i can't even remove the accidental clicked bmp pic of COD BO Cold War Zombies.
Guide For Using Fastboot Enhanced V1.3.0
1) Download Fastboot Enhanced Tool from: https://forum.xda-developers.com/t/...enhance-payload-dumper-image-flasher.4310553/ from XDA Which is how I came across it. . The Tool is a WINDOWS ONLY Tool. (How many guides i came accross that didn't state whether it's for Windows or Linux) I use Dual Boot so I have both.
2) Install Fastboot Enhanced V1.3.0 and wait for it to finish. Now you will only have to be in Fastboot Mode to do any of this. I can't believe how a semi hard problem was fixed really easy
3) Now you will Have to Have a Payload.Bin File which can be found with any OEM Firmware for Your specific Phone. The Payload.bin allows you to be able to do a Payload Dump Using Fastboot enhance it is at this point if any of your partitions are missing or corrupt you will find out because it will tell you if you can understand the way it's explains it.
4) This Nifty little tool will tell you your device naem whether your phone is using secure boot or not, current slot your phone is using if you have an a/b partition scheme and the update Status. This is Listed Under basice properties. AGAIN MAKE SURE YOUR IN FASTBOOT MODE.
5) Next tab is the Partitions Tab which will List all your partitions currently on your phone . To the right of your listed partitions you will have and ACTIONS Tab. This is the tab where you can flash, erase, delete, create, and Resize your partitions. With this tool You CAN Flash Important Partions So be careful what you flash.
6) Next Tab Over is the Payload Dumper. This is the Tab where you need the Payload.bin File for your specific phone. this will give you payload version manifest size, metadata signatures size Metadata Signatures (Base64), data blobs, singatures size signatures (Base64) Fuill package Yes or No. Timestamp and block size. also under payload dumper tab another tab shows up called the Dynamic Partition Metadata. Now this will list your REALLY IMPORTANT Dynamic Partitions These are the partitions you don't want to flash anything over them. It will give you the Partition group size, which partitions are included and tells you wheter snapshot is enabled or not.
7) Under The payload Dumper tab the partitions tab gets a different Actions box. This time i'ts a box that let's you extract your .IMG files from your phone it allows for incremental as well as to ignore unknown operations and ignore checksums also under this partitions tab it gives you a checksum for each and every one of your partitionss. Ok now on to the Simple but yet comprehensive guide.
8) Now to start you want to add the Payload.bin to the Payload Dumper and then click on the Partitions tab. Once under this tab you will select each partition and hit the extract button and extract it to a folder named something like Flash FIles.
9) you hace to do this for each partition. Once done you will have your .IMG files from your exact phone for future use as well. You then want to click on the Fastboot Visualization tab and then click on Partitions.
10) Once under the partitions tab here, you will want to start flashing your .IMG files to the partitions. it should take you around 10 to 15 mins total to finish flashing everything.
11) Once your finished flashing you want to do a quick Terminal and do a FASTBOOT -W and then Fastboot Reboot and watch your phone start working again.
FEEL FREE TO LEAVE ANY COMMENTS SUGGESTIONS ON WHAT COULD HAVE BEEN BETTER OR IF IT'S NOT ENOUGH DETAIL. I TAKE CONSTRUCTIVE CRITICISM WITH A GRAIN OF SALT. THIS WAS MY FIRST GUIDE I EVER PUT TOGETHER. LOL THIS GUIDE TOOK ME LONGER THAN IT DID UNBRICKING MY PHONE.
BELOW YOU WILL FIND .IMG FILES FOR ONEPLUS NORD N200 DE2118
Click to expand...
Click to collapse
I still do not understand what I have to flash to get an OS back on this device. All I have is fastboot... soft bricked. I have de2117 ( "best buy" model). Reading all these instructions and I am still very confused
(Moderators, please make this post a sticky, and i will keep it updated of any changes or issues that might come up in future builds, thanks)
To clarify things.... I am the dude who figured out how to side-step from model to model... I have went from 2419 (android 12 .11), to 2413 (android 13), Down to 2415 (android 12 .08), then 2417 (android 12.10), back up to 2415 (android 13), down to 2415 (android 12 .05), 2417 (android 12 .08) and finally a FULL sidestep 2417 (12 .08) to 2415 (12.08) which the latter is supposed to be impossible, with downgrade package, yet i am sitting here and i have done it!
Spoiler: Credits for discovery ===>
!!! Credit for discovering the Downgrade Packages, and Information about OPPO/Oneplus Bootloader restrictions goes to, Maamdroid , and EtherealRemnant !... Without their most important input, i would not have had the courage, and knowledge of exactly what i was going up against, in attempting a region change on a BL/Carrier locked device. They were the geniuses who helped me derive this method, i was just the guinea pig willing to go Dr. Frankenstein on my T-Mobile locked, handicapped device. !!!!
Spoiler: ***DISCLAIMER***
**" I TAKE NO RESPONSIBILITY FOR BRICKS, BOOTLOOPS, SYSTEM CRASHES, INSTABILITY.... WORLD FAMINE, 6G MUTANT INVASION, NANO BOTS ENTERING YOUR FANNY, TRUMP RE-ELECTION, CIVIL WAR, YOU FORGETTING TO DO THAT THING YOU WERE SUPPOSED TO DO EARLIER.... 72 HOUR KARDASHIAN MARATHONS, GLOBAL WARMING, YO MAMA SLAPPING YOU, OR ANY OTHER SIDE EFFECT FROM ATTEMPTING THESE IMAGINARY WORDS THAT YOU THINK YOU ARE READING, YET YOU ARENT BECAUSE READING HASNT BEEN INVENTED YET IN YOUR TIMELINE B.C.5182 , AND THE FACT THAT YOU ARE A MEAT POPSICLE... PROCEED ONLY IF YOU FEEL FULLY CONFIDENT IN THE ANALYSIS YOU ARE ABOUT TO IMAGINE READING , AND THEN REPEAT AFTER ME: ***
" I AM FULLY AWARE OF THE RISKS INVOLVED WITH MAKING MODIFICATIONS OR EXPLOITING FUNCTIONS THAT WERE NOT INTENDED TO BE USED IN THE METHOD I AM ABOUT TO USE THEM FOR. AND IF A ZOMBIE APOCALYPSE ERUPTS DUE TO ANY MISTAKE I MADE FLASHING THE FILES LISTED HERE, I WILL NOT EVER ... EVER... EVEN CONSIDER ANY WORDS READ FROM HERE, AS HAVING ANY THING BUT A TRULY POSITIVE EFFECT UPON MY LIFE! " .... PROCEED!
Spoiler: Only open if you acknowledge the risk!
The ONLY requirements of the downgrade packages on the 10T, is that you CANNOT downgrade to a build version that is lower than your current one IF you are attempting to region hop while staying on the same version of android.... (ie. you cannot go from A12 .10, to A12 .08... but you can go from 2415 A12 .05 to 2413 A12 .08) Got that?
One other important thing is that in the zip file that contains the payload.bin, there is an additional file named payload_properties.txt. You need to open that file in a text editor, and look for the line about the "Update_Engine_Check_Disable".... by default it is set to 0 which makes Local Updater check to see if the models match in some files. A mismatch will just cancel your update. Local updater is KEY to doing any Region Swaps, especially with a locked bootloader. This is because Local Updater does NOT perform any of the flashing itself... that whole progress bar is your phone verifying the contents of the payload.bin to make sure that all files in the manifests are present, and compatible with your device... it actually KEEPS YOU FROM BRICKING your phone because of a mismatched file/ or bad flash. If Local Updater detects ANYTHING that is not interchangeable, it will crash during the verification, your phone will reboot, and start normally as if you never attempted an update.
Local updater is also not capable (afaik) of applying ANY changes to the Bootloader, or boot partition. As well it seems limited in its ability to even fully access some userdata files. All of my developer options were in exactly the same state that they were prior to each flash. The only deviation of that , was in DOWNGRADING from A13 to A12... but every upgrade, no matter which model fw used seemed to have done the 'Data, system, bin, etc, var, lib, and kernel, plus a few others' , but the truly secure partitions such as 'aboot, xbl, and system-priv' + deep memory blocks werent touched i believe.
The END result of each region swap will be your device FULLY IDENTIFYING as the model for that region.. (ex. 2419 will now show as 2415 if Global, 2413 if India, or 2417 if North America)
This will change EVERY TIME you flash a different region, and Local Updater will block you from flashing if it detects a lower build, EXCEPT for the 2415 Downgrade Package. So ALWAYS use that as a base if you want to go to another region. <ie. to go from 2413 to 2417, i recommend first flashing the 2415 downgrade, which will put you on A.08 build, then you can update to any region you want, even the Android 13 builds.... but if you want to go to a different region and back to 12, you must use that 2415 Downgrade or Local updater will stop you. The 2415 is a signed official rollback package direct from oneplus, so it allows you to downgrade from pretty much any version.
***** KEY FACT ***** This ONLY applies to OTA upgrade and downgrade packages that come in a single zip file that contains 3 items. Payload.bin Payload_properties.txt and Meta_Inf folder ... If you unzip the fw that you dl, and it contains anything other than those 3 that i just named, you either have a Fastboot package, a Full system package, or a MODIFIED package which you should NOT interact with unless you completely trust the source it was dl from. I have seen some NAAAAASTY scripts, coded in Russian, Vietnamese, Chinese, and Wingdings (yes that weird windows font!) ... and they are becoming VERY GOOD at moving to an app directory, changing a files name and replacing that file with WHATEVER IT IS, but renamed to a something common to the location! So by doing that, those files evade most onboard detection, if they have modified code, because that file name was whitelisted . Stick with the signed rollback package, and OTA either direct from the Oneplus community websire, or from the "gsmmafia" site, as both are packages sourced direct from the manufacturer and contain no modified code!
***How to get the OTA files for the region you want to switch to... follow instructions EXACTLY and you wont have an error.***
You have to use the "OXYGEN UPDATER" app from the google play store... When you first open it , it will tell you that your device is on the current version... ignore that, and you have to open the settings menu for it, and go enable ADVANCED MODE.... This will allow you to go back and CHOOSE what device you are supposedly using. (kinda a cheap override command)... doing this will let you choose the 2417 (NA) model. **Now once again HIGHLY IMPORTANT that you are doing this ONLY after flashing the Downgrade/Rollback so that you will be on 2415 A.08 build... cuz then when you select the 2417 model, it will show an update available for 2417 A.12 build. and also the Android 13 Beta. Pick whichever you want, and click download... NOW once downloaded DO NOT HIT THE REBOOT BUTTON.... this will attempt to flash it via normal methods... instead jump into ADB , go to Shell, and head to /sdcard/ and start looking for the folder where it just downloaded the update. It places it sometimes in the main /Sdcard/ folder, and other times in the /Sdcard/Android/Data/<app name>/ folder.... you will know it when u see it. Find it and copy it to your computer and then you have the official OTA saved. After that, make sure it is moved to the /Sdcard/ folder and use "local updater". Will ask you to confirm, click Ok, and it should start the verification and flash process.
Be advised it will APPEAR like its frozen or no progress for like 4 minutes, then it will slowly start moving. Once it gets to 99, it will appear stuck again... just be patient and about 5 min later it will complete. Total flash time is arouund 20-25 min.
DO NOT FORGET TO UNPACK THE ZIP FILE
EDIT THE PAYLOAD_PROPERTIES.TXT
CHANGE THE "0" TO A "1" ON THE ENGINE_UPDATE_CHECK_DISABLE =
SAVE THE CHANGES, AND RE - ZIP THE CONTENTS
THEN COPY THIS ZIP FILE TO YOUR /SDCARD/ FOLDER!
if you dont it will fail!
Links to Downgrader Packages used can be found HERE
EDIT: I went ahead and linked the main files necessary for this whole process here for ease, and my peace of mind. Now I know that you have all re required tools. Enjoy!
2015 Rollback Package, courtesy of EtherealRemnant
Oxygen Updater (for current OTA of region)
Local Update apk (official)
... And to clarify again.. This does NOT unlock the bootloader, nor does it change our T-Mobile Devices ability to unlock via conventional methods. (still working on that)
Quick expl. In our T-Mobile models, Oppo worked directly with the carrier and enabled a feature new to Android 12 and future builds, which allows the FACTORY bootloader to be wrapped up and hidden from the FastBoot binary... And move a "copy" of the bootloader into "userspace" partitions. These partitions are called AFTER the initial secure boot has passed, and therefore disabled normal FastBoot operations. Instead in userspace, "FastbootD" is enabled, and for all who know of it, that is not much more than a glorified recovery. All OEM, and Flashing commands are rendered inoperable, because bootloader operations cannot be modified once the system is up, or in "default mode". This proves my theory of Local updater not modifying partitions. It uses the currently identified locations of the files that need to be updated to the new region on just changes them where they are already located. For "FastBoot mode" to work properly, it would need to UNWRAP the original bootloader, and disable the "Userspace Init" instructions, which cannot be done on a already running OS.
If somehow you are LUCKY and after your region change, you are able to run 'adb reboot bootloader' ... And your device starts in 'Fastboot Mode' and does not kick you out, then you should be fully able to run the Unlock commands to unlock your bootloader, without need to flash anything else. The chances of that are very minute... But I have seen stranger things with this device. Tho most likely, that command will reboot you right back into normal android immediately .
I have this problem with bootloader and I don't know how to solve it on ghasedak24 website.
mrwilliamm said:
I have this problem with bootloader and I don't know how to solve it on ghasedak24 website.
Click to expand...
Click to collapse
what you mean??? i dont have any info pertaining to the real bootloader for this, the Tmobile model. Ours ships with this Oppo/Oneplus Hybrid crap what makes Fastboot Mode inaccessible. It doesnt respond to the keypress method of getting to it... and adb reboot bootloader attempts to boot into it, but the phone reboots exactly .5 seconds aftter it shows the screen. The only thing you can access is FASTBOOTD which give you literally ZERO functions that we need for the bootloader. OEM, BOOT, Flashing, Flash all fail in FASTBOOTD. Other than that man i honestly would suggest you speak with MAAMDROID because they seem to know more about the OPPO loader. MY knowledge of what is taking place came from me interrogating a Oneplus employee for about 4 straight hours when he broke and told me everything.
NOW I WILL STATE ONE DEVELOPMENT.... The GSMMAFIA user who is responsible for all the MSM firmwares that are now available for the 10T, is 100% legit. You can download the entire UPDATED Full Flash FW including the MSM TOOL... for free.... but without a login/pass authenticated, they are not much help to us. BUT... i have confirmed that the guy is a REAL Oneplus Employee, and he uses official software to remote connect and flash the MSM Unbrick firmware to your device. His charge is $45 ... but he is HIGHLY sensitive to ppl with Fiddler, or any capture programs running on your computer, so much to the point that he checks your app tray and task manager when he remote connects, and if he even sees one of these kinda programs, you lose your $45 and he disconnects. Just head to the GSM Mafia page for the 10T firmware and you can get his WhatsAPP number to contact him and setup.
Me personally, I have WAY MORE than just Fiddler, Wireshark, Proxifier, WinpCap, and many more programs that i know will spook him, and i am not gonna wipe my pc for something that is not guaranteed to do what i want. BUT if you have a bootloader error, you have nothing to lose, and flashing a full, Unbrick fw thru MSM, like he does just MIGHT format all partitions first and therefore erase the instruction init filee that locks up fastboot. Literally EVERY model except the 2419 has normal Fastboot, and an unlockable BL....
Just a thought!
I did not find any over the air or upgrade packages for the 2417 model from the above link. How did you get back to the 2417 model? And what APK did you use because some of them did not work on my device. It would just say verification failed. I thought I tried to go from a global.08 to the over the air .10 2417 model but it didn't work for me it just said verification failed. I did try to go sideways from the global .10 to the North American .10 but it also did a verification failed. maybe I'll try again. I got the over-the-air 2417 model update from the OnePlus updater app.
tdamocles said:
I did not find any over the air or upgrade packages for the 2417 model. How did you get back to the 2417 model? And what APK did you use because some of them did not work on my device. It would just say verification failed. I thought I tried to go from a global.08 to the over the air .10 2417 model but it didn't work for me it just said verification failed. I did try to go sideways from the global .10 to the North American .10 but it also did a verification failed. maybe I'll try again
Click to expand...
Click to collapse
You have to use the "OXYGEN UPDATER" app from the google play store... When you first open it , it will tell you that your device is on the current version... ignore that, and you have to open the settings menu for it, and go enable ADVANCED MODE.... This will allow you to go back and CHOOSE what device you are supposedly using. (kinda a cheap override command)... doing this will let you choose the 2417 (NA) model. **Now once again HIGHLY IMPORTANT that you are doing this ONLY after flashing the Downgrade/Rollback so that you will be on 2415 A.08 build... cuz then when you select the 2417 model, it will show an update available for 2417 A.12 build. and also the Android 13 Beta. Pick whichever you want, and click download... NOW once downloaded DO NOT HIT THE REBOOT BUTTON.... this will attempt to flash it via normal methods... instead jump into ADB , go to Shell, and head to /sdcard/ and start looking for the folder where it just downloaded the update. It places it sometimes in the main /Sdcard/ folder, and other times in the /Sdcard/Android/Data/<app name>/ folder.... you will know it when u see it. Find it and copy it to your computer and then you have the official OTA saved. After that, make sure it is moved to the /Sdcard/ folder and use "local updater". Will ask you to confirm, click Ok, and it should start the verification and flash process.
Be advised it will APPEAR like its frozen or no progress for like 4 minutes, then it will slowly start moving. Once it gets to 99, it will appear stuck again... just be patient and about 5 min later it will complete. Total flash time is arouund 20-25 min.
DO NOT FORGET TO UNPACK THE ZIP FILE
EDIT THE PAYLOAD_PROPERTIES.TXT
CHANGE THE "0" TO A "1" ON THE ENGINE_UPDATE_CHECK_DISABLE =
SAVE THE CHANGES, AND RE - ZIP THE CONTENTS
THEN COPY THIS ZIP FILE TO YOUR /SDCARD/ FOLDER!
if you dont it will fail!
thx for reminding me.. adding to OP
beatbreakee said:
You have to use the "OXYGEN UPDATER" app from the google play store... When you first open it , it will tell you that your device is on the current version... ignore that, and you have to open the settings menu for it, and go enable ADVANCED MODE.... This will allow you to go back and CHOOSE what device you are supposedly using. (kinda a cheap override command)... doing this will let you choose the 2417 (NA) model. **Now once again HIGHLY IMPORTANT that you are doing this ONLY after flashing the Downgrade/Rollback so that you will be on 2415 A.08 build... cuz then when you select the 2417 model, it will show an update available for 2417 A.12 build. and also the Android 13 Beta. Pick whichever you want, and click download... NOW once downloaded DO NOT HIT THE REBOOT BUTTON.... this will attempt to flash it via normal methods... instead jump into ADB , go to Shell, and head to /sdcard/ and start looking for the folder where it just downloaded the update. It places it sometimes in the main /Sdcard/ folder, and other times in the /Sdcard/Android/Data/<app name>/ folder.... you will know it when u see it. Find it and copy it to your computer and then you have the official OTA saved. After that, make sure it is moved to the /Sdcard/ folder and use "local updater". Will ask you to confirm, click Ok, and it should start the verification and flash process.
Be advised it will APPEAR like its frozen or no progress for like 4 minutes, then it will slowly start moving. Once it gets to 99, it will appear stuck again... just be patient and about 5 min later it will complete. Total flash time is arouund 20-25 min.
DO NOT FORGET TO UNPACK THE ZIP FILE
EDIT THE PAYLOAD_PROPERTIES.TXT
CHANGE THE "0" TO A "1" ON THE ENGINE_UPDATE_CHECK_DISABLE =
SAVE THE CHANGES, AND RE - ZIP THE CONTENTS
THEN COPY THIS ZIP FILE TO YOUR /SDCARD/ FOLDER!
if you dont it will fail!
thx for reminding me.. adding to OP
Click to expand...
Click to collapse
the OP updater app only shows the 500mb OTA 2417 and not the 4gb full install. Will it still work? On the global version .08 I could not get the in built local install to install anything without verification failure. Also 2417 variant does not have beta 13.
tdamocles said:
the OP updater app only shows the 500mb OTA 2417 and not the 4gb full install. Will it still work? On the global version .08 I could not get the in built local install to install anything without verification failure. Also 2417 variant does not have beta 13.
Click to expand...
Click to collapse
Links straight from 1+ community... android 13 OTA update packages for 2413, 2415, and 2417 ....
AND
Rollback packages for the same respective models... All in zip format. Must unpack and change payload_properties... Yadda yadda....
Android 13 all regions and Android 12 rollback all regions!
Now you can rollback to any region you want and start from there! I must remind EVERYONE... If you have not Sim unlocked your device prior to changing regions, you will lose that ability for the near future, because there will not be a T-Mobile official upgrade/rollback packages released afaik until maybe after the new year. (Don't know why.. just relaying what T-Mobile told me!). But the Unlock apk is strictly for the 2419 model and there is not currently a way back to it.
And be aware, that if you have ANY belief that you might be considering either doing this or maybe unlocking bootloader if we find an exploit, I highly advise you flip your OEM UNLOCKING switch to ON, now! Because T-Mobile may find a way to turn that toggle grey again if your sim is still locked. Just an fyi
tdamocles said:
the OP updater app only shows the 500mb OTA 2417 and not the 4gb full install. Will it still work? On the global version .08 I could not get the in built local install to install anything without verification failure. Also 2417 variant does not have beta 13
Click to expand...
Click to collapse
GLO version is not NA. GLO is 2415 EU. I know this because this is the reason I'm stuck on 2415.
yes you are correct... and i can honestly say i have NO idea where i got a 2417 beta 1 android 13 firmware from, but I DO have it downloaded to my computer ... I am looking at it. I know for a fact that i got it from some chinese site, or vietnamese ... something like that... but because of that i wont upload or link it, as i stated in my OP, i had 2 of my Laptops, one macbook pro running parallels 18 from bootcamp, AND my Dell laptop, BOTH infected with a VERY FIERCE malware/virus that took me almost 12hrs to find everything altered, and i STILL dont feel 100% about that! I get some random cpu spikes while doing nothing, but cannot find the process doing it. So it was definitely a modified package of android 13 ... C.11 .... (which gives me ideas because if they modded a payload and it still flashed, then maybe i can do the same to crash that dumbass init script somehow.... anyways... different thread)
if i find the link i will post it with caution.... but YES that 573 mb file will work to move you to 2417. Personally i would consider looking more towards using a GSMMAFIA Full Flash FW, for 2417 , but thats just me, and i trust them. but again, Yes this file will work.
(its very funny how the official oneplus site shows 3 different files for 3 Android 13 updates, as well as 3 files for 3 rollback packages
NONE OF WHICH are the 2419.... why create 3 files for 2 versions?
I can't move to 2417 from 2415 with built in updater. Even changed 0 to 1. Downloaded update apk and it doesn't see ota zip in root directory. I think I need full install zip for 2417. Any ideas how to go from the 2415.08 to the 2417.10? What's even better is the global package doesn't want to install either through the inbuilt updater. I have to use the updater APK to install the global package.
There's something in that zip that keeps it from verifying it and it's not the zero and the one. The updater APK doesn't even see that zip file it only sees the GLO zip file.
The incremental GLO a.12 did not want to flash. Failed every time I tried. The full GLO a.12 package was giving me problems flashing also. It would get to 40% complete and then fail. Third time flashing after rebooting finally took.
beatbreakee said:
yes you are correct... and i can honestly say i have NO idea where i got a 2417 beta 1 android 13 firmware from, but I DO have it downloaded to my computer ... I am looking at it. I know for a fact that i got it from some chinese site, or vietnamese ... something like that... but because of that i wont upload or link it, as i stated in my OP, i had 2 of my Laptops, one macbook pro running parallels 18 from bootcamp, AND my Dell laptop, BOTH infected with a VERY FIERCE malware/virus that took me almost 12hrs to find everything altered, and i STILL dont feel 100% about that! I get some random cpu spikes while doing nothing, but cannot find the process doing it. So it was definitely a modified package of android 13 ... C.11 .... (which gives me ideas because if they modded a payload and it still flashed, then maybe i can do the same to crash that dumbass init script somehow.... anyways... different thread)
if i find the link i will post it with caution.... but YES that 573 mb file will work to move you to 2417. Personally i would consider looking more towards using a GSMMAFIA Full Flash FW, for 2417 , but thats just me, and i trust them. but again, Yes this file will work.
(its very funny how the official oneplus site shows 3 different files for 3 Android 13 updates, as well as 3 files for 3 rollback packages
NONE OF WHICH are the 2419.... why create 3 files for 2 versions?
Click to expand...
Click to collapse
Hey you seem like a very competent programmer you should shoot me a private message and add me and discord I have the OnePlus 10t and I've been trying to figure out how to restore it if we run into a problem again I did restore them at once but it doesn't seem like I can do it the same way again I would like to get more details but I want to keep it to a private chat cuz I don't want to get people's hopes up a way to fix a phone that isn't real
This is great! I have been looking to change region from India onto a Global Version.
I have the Oneplus Ace Pro which is a chinese release of the 10T, the seller I bought this from flash it to Oneplus 10T India region.
Will give it more time though, wanted to get feedback first from those that has the Ace Pro Version.
so after doing some research i have found 2 things... 1. Oppo has ppl watching this thread and has made some alterations to the files that come from their server... these are the only 3 i had original copies of but of those 3 ALL of them had a minor difference and all were modified right after I revealed that i had success in converting my 2419 to a 2415. Once i stated that i was able to move to ANY region using my method, SOMETHING very small was changed in the files, and that is the reason the 2417 OTA fails to load in Local Updater... look at the attached pic.
So this is obvious that they are onto us and this is a concern to them. You should still be able to Downgrade with any region that has an Android 13 Beta. The technique works perfectly as long as you have a full version of Android in between.... AKA 12 to 13, and 13 back down to 12. And because of the new links in the OP, you can use local update to roll back to 2413 or 2415 ... I do believe that a 2417 beta is imminent and as such there will have to be a 2417 rollback released with it. There is still no danger with using this method, as you see because if the file is incompatible. local updater will fail to populate it!
Now for the second thing. OPPO used to have a special function in the Engineering Mode, which when activated would re-enable Fastboot Mode on the devices temporarily. This function is still alive in these devices today, only it has been hidden away deeper. This was confirmed to me after another grueling 3 hr chat with OnePlus technicians. I was told, "Sir we do not have access to the program you are asking about. The MSM Tool is completely maintained and controlled by OPPO division, and while yes we are under their ownership, there remains 2 different divisions in our company" ... 1st tech ..... "Sir you would need to enable fastboot mode so that you can flash the original firmware to your device, if it is failing to boot. You need to enter "Factory Mode" and input the locking code which is calculated from your device Imei. Once you have entered the code, you will be instantly rebooted into fastboot mode, and there you will be able to flash the signed firmware to it. Do not attempt to flash unsigned firmware as it will fail if your device comes with a locked bootloader." ..... 2nd tech......
This is not FastbootD he is talking about, because in FastbootD you do not need "Factory Mode" to enter it, and a little bit further research found this post which almost exactly matches what the tech told me!
Factory Mode Unlock
Of course the same way that Oppo decided to interfere with me, they also interfered with this method. They went and simply unlocked engineering mode completely in our devices, which made the screen where you enter the code, vanish. But i guarantee you, that based on some digging into the system files that our devices have running, i found several processes mentioning privileged processes that have simple flags that are called when "pre-boot" functions are initiated. Now in YEARS of time that OPPO has had to deal with the programming these devices they have never managed to actually eliminate "Fastboot Mode". They just become sneakier in hiding it behind user accessible operations. I am fully confident that the same thing applies here. While i dont have all the answers, i implore you all to apply the knowledge i have given and help find just where it is hidden in ours.
To call Engineering Mode on our phones, the code was changed to:
*#899*
Maybe the unlock screen has been hidden in here under a different label... maybe they created a new dialer code, but make no mistake, OPPO must have a need for this mode for repairing our phones otherwise they would eliminate it completely. Oppo is a 2-bit chinese company who is too cheap to design a new OS, and therefore somewhere, there is going to be a method to gain what were looking for. That is all i have for now.... but i am still digging. ( i have managed to get an additional 2 weeks to hold onto the 10t before i have to drop it into the return box and hand it over. So any ideas that you come up with, you DO NOT have to risk your personal devices! I can try ANYTHING on mine with absolutely ZERO ****s to give, as to it getting bricked! BRAINSTORM PPL! let me know what you come up with and i will try it!)
AkayamiShurui said:
Hey you seem like a very competent programmer you should shoot me a private message and add me and discord I have the OnePlus 10t and I've been trying to figure out how to restore it if we run into a problem again I did restore them at once but it doesn't seem like I can do it the same way again I would like to get more details but I want to keep it to a private chat cuz I don't want to get people's hopes up a way to fix a phone that isn't real
Click to expand...
Click to collapse
as soon as i get some free time, possibly this evening or tomorrow morning, i will shoot you a dm and we will link up.
tdamocles said:
There's something in that zip that keeps it from verifying it and it's not the zero and the one. The updater APK doesn't even see that zip file it only sees the GLO zip file.
The incremental GLO a.12 did not want to flash. Failed every time I tried. The full GLO a.12 package was giving me problems flashing also. It would get to 40% complete and then fail. Third time flashing after rebooting finally took.
Click to expand...
Click to collapse
Well i do know that the Zero - One does trigger a fail, thru simple trial and error. But you are correct in that it is much more than that. I have managed to open 2 different Payload.bin files, SWAP highly important files in each such as Boot.img ... and then pack them back, AND THEY STILL FLASHED... so it definitely doesnt have anything to do with the file signatures, because the sigs would change considering the boot.img is of different sizes. There is something possibly hidden in one of the Android Manifest files, or one of the many Build.prop files in the Payload that is what triggers a fail. If we can figure out exactly what file it is, we can find out whether we can alter them, or eliminate them completely. My focus has shifted though, now that we have a working region swap. Now i am focused on this special function of the engineering/factory mode, because if it can be found, it will mean a FULL BL unlock... THAT will negate the need for these, because we will be able to flash whatever we want !
AND YES OPPO.... I KNOW YOU ARE WATCHING MY THREAD NOW! JUST KNOW THAT IDGAF! I AM AND I WILL CONTINUE TO CHIP AT YOUR B.S. ATTEMPT TO KEEP OWNERS FROM DOING WHATEVER THEY WANT WITH THEIR DEVICES! YOU DONT OWN THE PHONES... YOU MANUFACTURE THEM! ONCE THEY LEAVE YOUR WAREHOUSES, AND WE PAY THE STORE FOR THEM, THEY BELONG TO US. IF YOU DONT WANT TO SUPPORT THEM AFTER WE CHANGE THE FW, SO BE IT.... BUT THAT DOES NOT GIVE YOU THE RIGHT TO DENY US THAT OPTION... THIS AINT CHINA! THE VAST MAJORITY OF THE WORLD WHICH PURCHASE YOUR PHONES ARE FREE REPUBLICS, SO YOU DONT DICTATE OR GOVERN THE USAGE OF OUR DEVICES! REALIZE THIS OR BECOME LIKE MOTOROLA, AND SO MANY OTHER COMPANIES WHO WENT OBSOLETE FOR A VERY LONG TIME! WHEN YOUR SALES DECLINE 50% OR MORE BECAUSE YOU ALIENATED A BIG GROUP OF YOUR CUSTOMER BASE, THEY WILL ELIMINATE THE EXECUTIVES WHO WERE RESPONSIBLE FOR THIS LOSS!
beatbreakee said:
as soon as i get some free time, possibly this evening or tomorrow morning, i will shoot you a dm and we will link up.
Click to expand...
Click to collapse
So I actually have a complete list pulled off of my OnePlus 10t the 2417 edition of the ussd codes otherwise the dialer codes that can and should work on the phone I can post them if you want or I can send a link to them.
kramnod said:
This is great! I have been looking to change region from India onto a Global Version.
I have the Oneplus Ace Pro which is a chinese release of the 10T, the seller I bought this from flash it to Oneplus 10T India region.
Will give it more time though, wanted to get feedback first from those that has the Ace Pro Version.
Click to expand...
Click to collapse
Hey man, that happened to me as well... Amazon right?.
So the only issue is the 12GB Ram... And the antennas in my case (I cant get 5G).
So why do you want to change?.....
I want to know so i can change it as well, lol