Related
This how-to originally started out as a part of the Kindle Fire For Beginners (KFFB) guide, but evolved into this supplemental guide. Because of its origin, this guide assumes the reader is already familiar with KFFB, so reading it is a mandatory prerequisite. Users who post questions in this thread already covered in KFFB will be directed to go back and read it again.
My motives for writing this guide are very much in line with the reasons why I wrote KFFB. I'm hoping users will take the time to learn what they are doing and why they are doing it instead of crossing their fingers and hitting a button on an automated program. While I understand this is the more tedious route to their destination, the knowledge gained here can be used to get back on track when things go wrong or methods inevitably change over time.
The first post in this series details the process of rooting and installing a ROM on a stock device. The two share many of the same preliminary steps, so it makes sense to go over both at the same time.
Preparations
Again, please read Kindle Fire For Beginners before continuing. The conventions introduced in KFFB (e.g. having KFU installed in "C:\kfu") will continue to be used here. Make sure the battery is fully charged. A drained battery is not something you'll ever want to encounter and especially not while in the middle of this process. Create a new folder "C:\kfu\software" on your hard drive. Downloaded software to be installed on the Kindle Fire will be moved there.
Download and install WinMD5Free to some place on your Computer. The developers for most of the software you'll download for the Kindle Fire will provide an MD5 checksum. The checksum is used to verify the integrity of downloaded file, so you can be sure that you haven't gotten a bad download or a corrupted file. Tell WinMD5Free what file you want to check and compare the calculated checksum with the one provided by the developer. If the two match, you can be confident about installing it on your Kindle Fire.
For all required software listed in this document...
Extract (unzip) the files from the compressed archive (unless otherwise noted)
Verify the MD5 checksums if they have been provided
Move them to the C:\kfu\software folder
As with any other how-to guide, it's always a good idea to just read through the document first to get a basic idea of the process involved. Once you are comfortable with the concepts, then go back through and actually perform the steps required.
Getting to fastboot mode
The first step to modifying the Kindle Fire is to get the device into fastboot mode. The easiest and safest way to do this on a stock device is to use a factory cable. The factory cable is safe because it does not require the bootmode to be changed on the device. If something unexpected happens, you'll be able to disconnect the factory cable and reboot straight back into the stock software.
If you choose not to use a factory cable and change the bootmode to get into fastboot mode, you'll be taking a small gamble that you'll be able to issue fastboot commands to the device and change the bootmode back to normal. If you cannot change the bootmode back for some reason (e.g. your device drivers for fastboot mode fail to recognize the device), the device will be stuck in fastboot mode until you find a way to do so. In nearly every case, if you are able to issue the adb commands to get into fastboot mode, you should be able to send the fastboot commands necessary to get out of it. This is just a fair warning out of an abundance of caution... make sure you've done everything to ensure the ADB device drivers have been installed properly.
If you have a factory cable, you can turn the Kindle Fire off and connect the cable to the device, then the computer. The Kindle Fire will power up and put you directly into fastboot mode. You can then skip the rest of this section and go directly to flashing a recovery and bootloader. Otherwise...
Required software:
pokey9000's fbmode
1) Boot up the Kindle Fire normally and connect a USB cable to the device and computer.
2) Copy pokey9000's fbmode program into a user writeable location on the Kindle Fire...
Code:
adb push C:\kfu\software\fbmode /data/local/tmp/
3) Change the permissions on the fbmode program so it can be executed (run) on the device...
Code:
adb shell chmod 755 /data/local/tmp/fbmode
4) Execute (run) the fbmode program to change the bootmode to fastboot...
Code:
adb shell /data/local/tmp/fbmode
5) Reboot the device...
Code:
adb reboot
Note: In case you are wondering why the "adb shell idme bootmode 4002" command previously discussed in KFFB was not used here, that command requires root privileges not available in the stock configuration. Without root privileges, the above workaround is required.
Installing a recovery and custom bootloader
Required software:
FIREFIREFIRE bootloader
TeamWin Recovery Project (TWRP) recovery
Note: Do not extract the contents of the FIREFIREFIRE bootloader zip file. It will be flashed as-is with TWRP recovery.
1) Install the TWRP recovery...
Code:
fastboot -i 0x1949 flash recovery C:\kfu\software\openrecovery-twrp-2.2.2.1-blaze.img
2) Set the bootmode to recovery (5001)...
Code:
fastboot -i 0x1949 oem idme bootmode 5001
3) Reboot the device into TWRP recovery. If you used a factory cable to get into fastboot mode, turn off the device by holding down the power button for about 20 seconds. Replace the factory cable with a generic USB cable and the device will start up again automatically. Otherwise...
Code:
fastboot -i 0x1949 reboot
4) Copy the FIREFIREFIRE bootloader zip file to the /sdcard directory on the Kindle Fire...
Code:
adb push C:\kfu\software\fff-u-boot_v1.4a.zip /sdcard/
5) From the main menu of TWRP, press the "Install" button to flash the FFF bootloader onto the bootloader partition. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
6) Optional: Make a nandroid backup of the stock software. From the main menu of TWRP, press the "Backup" button and then "Swipe to Back Up" to create a snapshot of the stock system. If you change your mind later about rooting or have second thoughts about the ROM, just "Restore" the backup and return to the stock configuration.
Rooting the stock software
Users interested in flashing a custom ROM may elect to skip this section. Rooting the stock software is not a requirement to flash a custom ROM because the custom ROM will completely overwrite the stock software. However, if you are undecided on the question of rooted stock vs. custom ROM, root the stock software first and try that out for a while. The option to flash a custom ROM will still be available at a later time.
The following method of rooting the Kindle Fire stock software has been tested on 6.3.x and 6.2.x systems. Skip step #5 when rooting 6.2.x systems because the root checker does not exist in those versions.
Required software:
Superuser by ChainsDD
Note: Two separate files will be needed from the contents of this zip file: the su binary from the system\bin folder and the Superuser.apk file from system\app folder.
This section assumes the device is already booted into TWRP recovery.
1) Remount the /system partition in read/write mode...
Code:
adb shell mount system
2) Copy the su binary onto the device...
Code:
adb push C:\kfu\software\su /system/xbin/
3) Change the owner of the su binary to root...
Code:
adb shell chown root:root /system/xbin/su
4) Set permissions for the su binary to run as root...
Code:
adb shell chmod 6755 /system/xbin/su
5) Disable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
6) Change the bootmode back to normal...
Code:
adb shell idme bootmode 4000
7) Reboot the system...
Code:
adb reboot
8) Once the Kindle Fire has rebooted into the system, install the Superuser app...
Code:
adb install C:\kfu\software\Superuser.apk
Congratulations! You have gained root privileges on the stock Kindle Fire software!
Installing a custom ROM
It should go without saying, but users who intend on staying with a rooted stock device need to skip this section. Flashing a custom ROM will overwrite the stock software and leave no trace of the original Kindle Fire interface.
Required software:
Any ROM you choose to install. Check the KF Development List as a starting point.
Note: Do not extract the contents of the ROM archive. The recovery program will need the actual zip file to install.
This section assumes the device is already booted into TWRP recovery.
1) Carefully read the ROM thread for specific directions and warnings provided by the developer when flashing any new ROM.
2) Copy the custom ROM zip file to the /sdcard directory on the Kindle Fire...
Code:
adb push C:\kfu\software\ROM.zip /sdcard/
You must replace the "ROM.zip" part of the above command to the actual name ROM's zip file you've downloaded.
3) From the main menu of TWRP, "Wipe -> Factory Reset" to remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature.
4) From the main menu of TWRP, "Install" to flash the ROM onto your device. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
5) From the main menu of TWRP, "Reboot -> System" to boot into the newly flash ROM.
Congratulations! You have completely replaced the stock Kindle Fire software with a custom ROM!
Cleaning up
The zip files pushed onto the /sdcard during installation are only necessary during the installation process and do not need to take up space on the device after completing the install. Use a file manager or mount the storage device on the host computer to delete the files and reclaim the used space.
Coming soon...?
I've got some other topics in mind, but like I did with the KFFB, I'll see how users respond to this post before I continue. Please feel free to comment and make suggestions. I may not respond to everything, but I will keep the helpful comments in mind if/when I decide to expand this how-to guide. Thanks for reading.
Credits
jcase - For providing the basis for this guide and lending his expertise in rooting devices
pokey9000 - For his work on FFF and providing the fbmode exploit
TeamWin and Dees_Troy - For providing the TWRP recovery and continuing its development
ChainsDD - For the Superuser package
Unroot or Revert to Stock Software
This second post in the series details the procedures required to undo the steps taken in the first. Use it to unroot or revert back to the stock software like it just came from the factory. If you tried out the rooted stock software or a custom ROM for a while, but just prefer the no-frills stock software, you've come to the right place.
Unrooting the stock software
Required software:
None
This section assumes the device is already booted into the system software.
1) Uninstall the Superuser app
Code:
adb uninstall com.noshufou.android.su
2) Optional: Set the bootmode to recovery. Alternatively, use the recovery selection feature in FFF to boot into recovery during startup without manipulating the bootmode setting here. If you are more comfortable setting the bootmode directly...
Code:
adb shell su -c 'idme bootmode 5001'
3) Reboot the device into recovery...
Code:
adb reboot
4) Mount the data partition...
Code:
adb shell mount data
5) Optional: Delete the files that the Superuser app left behind...
Code:
adb shell rm -rf /data/data/com.noshufou.android.su
6) Mount the system partition...
Code:
adb shell mount system
7) Re-enable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted.bak /system/bin/check_rooted
8) Delete the su binary from the device...
Code:
adb shell rm /system/xbin/su
9) From the main menu of TWRP, "Reboot -> System" to restart the device into the system software.
Congratulations! You have unrooted the stock Kindle Fire software!
Reverting to stock software
Required software:
Amazon Kindle Fire Software Update
Warning: Installing the Amazon Kindle Fire Software Update will not only replace the system software, but also overwrite the bootloader and recovery with the stock versions. Any custom bootloader and recovery like FFF and TWRP will be overwritten in the process.
This section assumes the device is already booted into TWRP recovery.
1) Copy the update bin file to the /sdcard as update.zip
Code:
adb push C:\kfu\software\update-kindle-6.3.1_D01E_4107720.bin /sdcard/update.zip
2) From the main menu of TWRP, "Wipe -> Factory Reset" to remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature.
3) From the main menu of TWRP, press the "Install" button to flash the stock software onto your device. Navigate to the /sdcard directory on the left and select the "update.zip" file from the list on the right. Then simply "Swipe to Confirm Flash" to install.
4) Optional: From the main menu of TWRP, "Wipe -> SD Card" to remove all files on the USB mountable storage space. This step will permanently delete all of the files that appear on a computer when the device is connected as a USB storage device.
5) From the main menu of TWRP, "Reboot -> System" to restart the device into the system software.
Congratulations! You have reverted the device to a completely stock Kindle Fire!
KFFB Supplement Post #3
Reserved...
Great explanations!
I wanted to thank you for explaining everything clearly so that people can understand what they are doing when installing their bootloader, recovery and new ROMs.
Thanks again... plee3
Thanks so much!
This worked flawlessly. I had gotten stuck trying to root with KFU (I think the driver is slightly funky in fastboot - so KFU failed to flash either recovery or bootloader and left me in fastboot mode) but using the '-i 0x1949' option with fastboot made everything work perfectly.
Once again you have done a beautiful guide. You are very good at this, and always look forward to more guides from you.
Keep um coming !!
Cheers
Thibor69 said:
Once again you have done a beautiful guide. You are very good at this, and always look forward to more guides from you.
Keep um coming !!
Cheers
Click to expand...
Click to collapse
I know, right?
can i follow this to root 6.3.1?
xXezmacXx said:
can i follow this to root 6.3.1?
Click to expand...
Click to collapse
Yes, it's been tested to work from 6.2.0 and up.
Needs Sticky
Great Work. Gets my vote (and really needs) to be sticky'd.
Thanks for listening
Sincerely,
William
[Kindle Fire: gedeROM v1.25 [KeyClicks Added] {3.0 Kernel, CM9, Android 4.0.4} - Stock Kernel]
[HTC Evo 4G Supersonic: MikG 3.11 ROM - Chop Suey Custom Kernel]
[Retired: HTC CDMA Hero: Gingerbread Hero Deck ROM - Stock Kernel]
end.
Thanks to all. I'm glad some of the readers got some use out of it.
Docs009 said:
Great Work. Gets my vote (and really needs) to be sticky'd.
Thanks for listening
Sincerely,
William
[Kindle Fire: gedeROM v1.25 [KeyClicks Added] {3.0 Kernel, CM9, Android 4.0.4} - Stock Kernel]
[HTC Evo 4G Supersonic: MikG 3.11 ROM - Chop Suey Custom Kernel]
[Retired: HTC CDMA Hero: Gingerbread Hero Deck ROM - Stock Kernel]
end.
Click to expand...
Click to collapse
If you think this guide will be useful to other users here, you can ask the moderators to review the thread and possibly make it a sticky. I would ask, but it seems a bit... uncouth to nominate my own post for sticky status.
Thanks for reading!
Gotta tell you, there should be some warnings/things to look out for in this guide. If you install all the latest Android SDKs (I pretend to develop in my spare time) it loads the wrong drivers. It will show up as "Android Device" or something like that. The correct drivers have it show up as "Android Composite Device". If you have the SDK in your path (which you need for Eclipse) after the first reboot it might load the wrong drivers again as it did with me which are the wrong ones and basically you won't be able to communicate with the Kindle again.
Took me almost an hour to get this thing off the "Kindle Fire" loading screen because of this problem/unawareness.
ExploreMN said:
Well, I followed the instructions. Got as far as "adb shell reboot" after the fbmode command. Now it just sits at "kindle fire" and shows up as an unknown device in device manager.
Is there anyway to recover from this or did I just junk my fire?
Click to expand...
Click to collapse
Your Kindle Fire is fine... it's in fastboot mode. The computer is most likely the problem. You'll have to make sure your device drivers are working properly, so the computer can send fastboot commands to the device.
http://forum.xda-developers.com/showpost.php?p=23747671&postcount=2
kinfauns said:
Your Kindle Fire is fine... it's in fastboot mode. The computer is most likely the problem. You'll have to make sure your device drivers are working properly, so the computer can send fastboot commands to the device.
http://forum.xda-developers.com/showpost.php?p=23747671&postcount=2
Click to expand...
Click to collapse
Thanks Kinfauns. I actually got it fixed without even reading about it...I get a little medieval on things that frustrate me and eventually got it figured out...I edited my post to warn people about what tripped me up!
ExploreMN said:
Gotta tell you, there should be some warnings/things to look out for in this guide. If you install all the latest Android SDKs (I pretend to develop in my spare time) it loads the wrong drivers. It will show up as "Android Device" or something like that. The correct drivers have it show up as "Android Composite Device". If you have the SDK in your path (which you need for Eclipse) after the first reboot it might load the wrong drivers again as it did with me which are the wrong ones and basically you won't be able to communicate with the Kindle again.
Took me almost an hour to get this thing off the "Kindle Fire" loading screen because of this problem/unawareness.
Click to expand...
Click to collapse
Well, I actually tell you at the beginning of this guide to read my guide for beginners. In that guide, I tell you to use the driver installer included in KFU. Any how-to guide has to make some set of assumptions and I made the assumption that you'd actually follow the previous set of instructions before proceeding onto the next. I think you'd agree that I cannot possibly account for every possible deviation a user might take away from my actual directions. If I even attempted such a thing, this guide would turn into Encyclopedia Britannica.
In addition, I also gave you ample warning about putting your device into fastboot mode by manipulating the bootmode. I made a clear suggestion for you to get a factory cable and use it to get into fastboot mode the "safe" way. I've never seen any other rooting guide/utility even make mention of this possibility, so I've gone above and beyond what you'd get anywhere else.
With those things together, I believe I've done the very best I can to minimize the possibility that you might get stuck and have to "get a little medieval" on your device. Regardless, I'm glad you got it figured out. Good luck with the rest of it.
kinfauns said:
Well, I actually tell you at the beginning of this guide to read my guide for beginners. In that guide, I tell you to use the driver installer included in KFU.
Click to expand...
Click to collapse
True enough. Just didn't think it would keep reloading the drivers from the SDK if the SDK was in the path for Eclipse. I'm guessing anyone who set up Eclipse would not think this is an issue and might get stuck like I did...so it's still worth mentioning. (to me at least)
The second installment of this how-to guide has been posted. Included are instructions on unrooting and reverting back to the stock software. Suggestions and comments are always appreciated. Thanks!
Thank you for the excellent guide.
For what it's worth, this guide is very helpful for the admitted "noob" who has somehow failed with a utility like KFU and needs to go back and work through the pieces step by step. Thank you for laying out an instruction manual with enough detail to not only do the steps needed - but also to begin to understand what I'm doing.
I've rooted my KF (thanks to your assistance) so that I could install Swype. I then was able to use OTA-Rootkeeper to "hide" my SU file so that I can use Amazon media on my Fire as I want to, but still get the benefits I wanted from a rooted device (primarily the use of the Android Market, "Google Play", and the use of Swype).
For those that don't *really* want to unroot but do want to still use the Amazon content tools, I HIGHLY recommend the OTA-Rootkeeper utility.
Thanks again!
Kinfauns,
My Kinde Fire was bricked, with power problems. So I did the short trick to repair the bootloaders, using the linux stick and this script here, provided by firekit: usb_fix_parts_and_install_fff_twrp
When I look into device manager i have "Android Phone - Android Composite ADB Interface", at printers and devices the name shows as Kindle.
Can I go direct to these instructions here?
Rooting the stock software
Users interested in flashing a custom ROM may elect to skip this section. Rooting the stock software is not a requirement to flash a custom ROM because the custom ROM will completely overwrite the stock software. However, if you are undecided on the question of rooted stock vs. custom ROM, root the stock software first and try that out for a while. The option to flash a custom ROM will still be available at a later time.
The following method of rooting the Kindle Fire stock software has been tested on 6.3.x and 6.2.x systems. Skip step #5 when rooting 6.2.x systems because the root checker does not exist in those versions.
Required software:
Superuser by ChainsDD
Note: Download the latest zip for Gingerbread/ICS (the filename should end in "efghi-signed.zip"). Two separate files will be needed from the contents of this zip file: the su binary from the system\bin folder and the Superuser.apk file from system\app folder.
This section assumes the device is already booted into TWRP recovery.
1) Remount the /system partition in read/write mode...
Code:
adb shell mount system
2) Copy the su binary onto the device...
Code:
adb push C:\kfu\software\su /system/xbin/
3) Change the owner of the su binary to root...
Code:
adb shell chown root:root /system/xbin/su
4) Set permissions for the su binary to run as root...
Code:
adb shell chmod 6755 /system/xbin/su
5) Disable the root checker by renaming the check_rooted executable...
Code:
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
6) Change the bootmode back to normal...
Code:
adb shell idme bootmode 4000
7) Reboot the system...
Code:
adb reboot
8) Once the Kindle Fire has rebooted into the system, install the Superuser app...
Code:
adb install C:\kfu\software\Superuser.apk
Congratulations! You have gained root privileges on the stock Kindle Fire software!
Click to expand...
Click to collapse
DuendePaladino said:
Kinfauns,
My Kinde Fire was bricked, with power problems. So I did the short trick to repair the bootloaders, using the linux stick and this script here, provided by firekit: usb_fix_parts_and_install_fff_twrp
When I look into device manager i have "Android Phone - Android Composite ADB Interface", at printers and devices the name shows as Kindle.
Can I go direct to these instructions here?
Click to expand...
Click to collapse
If you used that script in Firekit, you should have FFF 1.2 and TWRP 2.0.0 installed, so technically, yes.... you can boot into TWRP and start following those directions. However, I would recommend that you upgrade your bootloader and recovery to the versions I have in the previous section... FFF 1.4a and TWRP 2.1.1. I won't go into all the reasons why, but they are "better" and likely to keep you out of trouble in the future. Since you already have FFF installed, it will be easy for you to get into fastboot mode. Once you are in fastboot mode, start with flashing TWRP and continue on from there.
Hi, i need a fix for this and fast !!! I've tried all that is listed on xda about this issue, but to no avail. Anyway, i forgot my pattern and went to the forgot pattern menu. My wifi was off, so i figured it would give a prompt of some kind to turn on the wifi and then log on to my google account. But nooooo, google supposes that everyone's wifi is on all the time. Please help, what do i do ? I rebooted to recovery, i made a nandroid and currently i am adb pulling the twrp folder from my N7. I would have just factory reseted it, no probs, but i remembered i have some EXTREMELY important works in colornote that i can't afford to lose. Please help, what do i do ?????
Looks like you answered your own question. Unless your Android isn't encrypted, just boot into TWRP and backup your data using adb:
adb pull /data/data C:\backup
Click to expand...
Click to collapse
The main thing you will have to concern about is restoring those data and make it readable by the app. There are several ways, but you can either:
adb push C:\backup\colornotes /data/data/colornotes
Click to expand...
Click to collapse
Don't forget some devices you need to give it write permission first: adb remount rw, though should not be needed with TWRP. Or just copy the folder back using a rooted file manager.
Then go into adb shell and fix permission of the files so the app can get access to them:
adb shell
su - (again shouldn't be needed wile in TWRP)
chmod -R 644 /data/data/colornotes (or 777 for full access)
Click to expand...
Click to collapse
Tips while in adb shell:
Check permissions of files by typing: ls -la
Check what partition is mounted and whether you have write privilege to it by typing: cat /etc/fstab
Also, if you use a custom rom like CyanogenMod or AOKP, there is an option to enable all widgets on the lockscreen. Just put the Power Control widget on the lockscreen, then you can toggle WiFi on and off. (Can't remember if this is also possible with stock.)
Have fun.
OR have a look here.
Looks like either of the two methods suggested would be feasible with only a recovery running, but the 2nd one is easiest (as a custom recovery wouldn't necessarily provide a statically-linked sqlite3 utility).
if it works it doesn't require any wiping.
BTW guess how I found this.... wait for it .... wait for it.... wait for it.... I used google search.
Hi, i forgot to mention that i made the twrp backup while i was locked out and whenever i try to restore from the backup after a factory reset, it goes back to square one... And when i did a full wipe and hoped to use titanium backup to extract stuff from the nandroid, it just gives me and empty list, but the backup is there, all 5gb of it
iAndroidOS said:
Hi, i forgot to mention that i made the twrp backup while i was locked out and whenever i try to restore from the backup after a factory reset, it goes back to square one...
Click to expand...
Click to collapse
Well, that is to be expected, is it not? You are restoring exactly what is already there - effectively a no-op.
OK, I just booted into TWRP (2.4.1.0) and confirmed that the (equivalent of the) following disabled my pattern lock on the next boot:
cd /data/system
mkdir foo
mv locksettings.* foo
mv gesture.key foo
I did all of the above (the 'cd' command is implicit) using TWRPs touch interface - didn't even need adb.
ymmv as I am using jdq39/4.2.2 and my tablet was not in a "locked-out" state, but its an easy thing to try.
Hi,
So today the front of my Nexus 4 cracked and rendered it completely dysfunctional. The worst part is that there's a screen lock, making it impossible for me to access through Android File Transfer. I was reading that you could use adb and screencast to access the phone and to unlock it, allowing for me to retrieve files. But after installing and running commands, it seemed like I couldn't find a device when I inputted the command 'adb devices'. I know, I searched it up and I think the reason is that usb debugging was not enabled (I don't remember if I did or didn't enable it at all). I've read past threads which explain how to enable it even with a cracked screen but I'm just too confused on how to do it. All this SDK and AVD stuff confuses the heck out of me (I'm fairly new to the whole Android notion) so I practically have the IQ of a 5 year old. My phone is rooted (In which it did wipe the memory so that may be why debugging could be off) and I'm currently flashing Cyanogenmod. Could someone please explain to me how do I enable debugging with a dysfunctional screen like I'm 5? Also, if there were an easier alternative to retrieving/backing up my files that would be nice knowing too because all of this stuff is currently doing my head in.
Thanks!
You can try to access adb from recovery too.
Turn off phone and start by holding VOL-DOWN and POWER together. You will boot into BOOTLOADER mode and there switch to RECOVERY MODE by VOLUME button (2 times press is this mode). If you have installed CyanogenMOD, then you have probably advanced recovery (CWM or TWRP). Now try command "adb devices".
If you haven't CWM or TWRP recovery installed, boot again into BOOTLOADER mode and flash recovery by fastboot.
xjcook said:
You can try to access adb from recovery too.
Turn off phone and start by holding VOL-DOWN and POWER together. You will boot into BOOTLOADER mode and there switch to RECOVERY MODE by VOLUME button (2 times press is this mode). If you have installed CyanogenMOD, then you have probably advanced recovery (CWM or TWRP). Now try command "adb devices".
If you haven't CWM or TWRP recovery installed, boot again into BOOTLOADER mode and flash recovery by fastboot.
Click to expand...
Click to collapse
Thanks for the quick reply,
After I hit advanced recovery and selecting my backup, which option do I press? Do I restore the boot, system, data, cache, or sd-ext?
Also typing in adb devices only lists the recovery device and I don't seem to be able to access it through Android File Transfer, what do I do with the serial number it tells me?
By the way I don't have any backups when I had no screen pattern so wouldn't recovering those areas still give get me locked out?
loolnicetry said:
Thanks for the quick reply,
After I hit advanced recovery and selecting my backup, which option do I press? Do I restore the boot, system, data, cache, or sd-ext?
Also typing in adb devices only lists the recovery device and I don't seem to be able to access it through Android File Transfer, what do I do with the serial number it tells me?
By the way I don't have any backups when I had no screen pattern so wouldn't recovering those areas still give get me locked out?
Click to expand...
Click to collapse
Android File Transfer is not working in recovery mode, but you can pull required files by "adb pull /sdcard/some-file-or-folder/ /to/some/path/on/your-system/". Of course you can pull whole /sdcard/. You can try also adb backup (I didn't try it yet). From recovery you can also make nandroid backup of the system and transfer to computer by adb pull.
In recovery mode you have access to full system (maybe you must mount some partitions), that means you can use magic command "adb shell", to get shell (in shell you can use "ls" for list files, "cd" for change directory) and do what you want. To remove screen lock try some guide from XDA, I've found for example [GUIDE][HOW-TO]Crack android pattern lock! or [EASIEST]Crack Android Pattern/Pin/Password Lockscreen without root.
I hope this will help you.
xjcook said:
Android File Transfer is not working in recovery mode, but you can pull required files by "adb pull /sdcard/some-file-or-folder/ /to/some/path/on/your-system/". Of course you can pull whole /sdcard/. You can try also adb backup (I didn't try it yet). From recovery you can also make nandroid backup of the system and transfer to computer by adb pull.
In recovery mode you have access to full system (maybe you must mount some partitions), that means you can use magic command "adb shell", to get shell (in shell you can use "ls" for list files, "cd" for change directory) and do what you want. To remove screen lock try some guide from XDA, I've found for example [GUIDE][HOW-TO]Crack android pattern lock! or [EASIEST]Crack Android Pattern/Pin/Password Lockscreen without root.
I hope this will help you.
Click to expand...
Click to collapse
I CANNOT THANK YOU ENOUGH! You were easy to understand and got straight to the point which was perfect! On a side note, do you know if there's a way I can extract and save my sms messages and read them on my computer? I know I can take out the .db file but it's complicated to open on a Mac and it's quite an effort. (Considering my phone still has a lock on it)
loolnicetry said:
I CANNOT THANK YOU ENOUGH! You were easy to understand and got straight to the point which was perfect! On a side note, do you know if there's a way I can extract and save my sms messages and read them on my computer? I know I can take out the .db file but it's complicated to open on a Mac and it's quite an effort. (Considering my phone still has a lock on it)
Click to expand...
Click to collapse
I'm really happy that I helped you!
Android is storing messages, contacts in SQLite database, there is not another way to grab these files from recovery. But it's not complicated to extract these files. Download for Mac OS X sqlite-shell-osx-x86-XXX.zip from SQLite Download Page and extract it somewhere.
Then pull messages by
Code:
cd /path/where/is/extracted-sqlite
adb pull /data/data/com.android.providers.telephony/databases/mmssms.db .
Finally you can list your messages by
Code:
./sqlite3 mmssms.db 'select address,body from sms'
If last command is not working try make it executable and repeat previous step
Code:
chmod +x sqlite3
xjcook said:
I'm really happy that I helped you!
Android is storing messages, contacts in SQLite database, there is not another way to grab these files from recovery. But it's not complicated to extract these files. Download for Mac OS X sqlite-shell-osx-x86-XXX.zip from and extract it somewhere.
Then pull messages by
Code:
cd /path/where/is/extracted-sqlite
adb pull /data/data/com.android.providers.telephony/databases/mmssms.db .
Finally you can list your messages by
Code:
./sqlite3 mmssms.db 'select address,body from sms'
If last command is not working try make it executable and repeat previous step
Code:
chmod +x sqlite3
Click to expand...
Click to collapse
For the pulling of the .db file, it says the remote object does not exist, what should I do?
loolnicetry said:
For the pulling of the .db file, it says the remote object does not exist, what should I do?
Click to expand...
Click to collapse
Hmm that is strange, maybe this will help you (especially check first answer): http://stackoverflow.com/questions/12266374/backup-full-sms-mms-contents-via-adb
Sent from my Nexus 4 using Tapatalk
xjcook said:
Hmm that is strange, maybe this will help you (especially check first answer):
Sent from my Nexus 4 using Tapatalk
Click to expand...
Click to collapse
When I try to enter the $mkdir command it says it's not found. Am I meant to include the $ in the command?
xjcook said:
Hmm that is strange, maybe this will help you (especially check first answer): http://stackoverflow.com/questions/12266374/backup-full-sms-mms-contents-via-adb
Sent from my Nexus 4 using Tapatalk
Click to expand...
Click to collapse
I FIXED IT MYSELF! I'm feeling a bit smart haha, it turns out my system and data wasn't mounted and all I had to do was mount it through cwm. Thanks a lot friend you were a great help, I'd be panicking a substantial amount without you!
Hi there, I'm trying to pull root directories like /system and /data without any luck. My purpose it to have them on my PC as a backup, and be able to browse them to pull out apps and pieces of data as necessary if it ever becomes necessary.
Device: Nexus 6P (North American version)
ROM: Stock 6.0.1 Rooted, using Wugfresh Nexus Root Toolkit and SuperSU
PC OS: Windows 7 PC (64 bit)
Adb is working properly and I can easily pull non-root directories like "/sdcard" and so on. I'd like to be able to backup the entire root directory ("/") or at least the child directories (like "/system" and "/data", etc.) Unfortunately, when I try
Code:
adb pull -p "/system" "C:\somewhere"
it skips a bunch of files, so I need to come up with a better method.
I've tried
Code:
adb root
and it tells me it's already running in root mode.
I try
Code:
adb remount
and it does this properly, but doesn't change the effects of all the commands I've tried.
When I run
Code:
adb shell
it enters shell and gives me # by default, so seemingly it is giving me su permission by default?
*** Oddly, when I enter "su" while in shell, it tells me "/sbin/sh: su: not found" which seems odd to me. I think it's possibly that SuperSU is installed as systemless root, or there's something else screwy here, so I guess I'm not sure how to proceed. Still, if that were case, why would adb already be running as root, and why would shell automatically give me the #?
Any help is appreciated!!
Thanks!
@Heisenberg I figured I'd tag you because of your extensive experience with the Nexus 6P in particular (and rooting.) Not sure if you may be able to shed some light on the issue here?
DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
Visit this thread for more information
________________________________________________________
CAVEAT
I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
Updating with OTAs should be the same process as the other guides here.
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)
________________________________________________________
STEPS:
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktopfor Mac, type cd desktop or cd /Users/yourname/Desktop
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/bb. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.b. Use Select and Patch a File on boot_a.img
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
10. Reboot and verify it worked.
Forgot to tag it... if an admin is able to do so I'd appreciate it.
Just applied for a bootloader unlock today. When i get approved ill attempt this guide.
I am currently on T-Mobile 11.0.5.7.KB09CB.
Unlike other methods prvoided here for the 8T I got this method to work. Thank you very much!
clarification update: I own the t-mobile kb2007 model of phone
a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
Some prework I had to do for my OnePlus 8T KB2005
-ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
-ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
-With device in bootloader/fastboot, run: fastboot flashing unlock
-verify with your phone to accept
-phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
-renable OEM lock and USB debug
-restart back into bootloader/fastboot
-now you are ready to root
Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
I'm having the same issue although its more tied in with removing youtube as a system app for vanced
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
Actually Is not possible on devices borned with android 10 or above.
giacomowrc said:
Actually Is not possible on devices borned with android 10 or above.
Click to expand...
Click to collapse
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Mpolo87 said:
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Click to expand...
Click to collapse
Yes of course.
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give temporary su access through adb.
Extract boot_a.img and boot_b.img to your computer.
Reboot into OxygenOS and copy boot_a.img and boot_b.img back to your phone.
Use Magisk to patch both images.
Copy the patched images back to your computer.
Use fastboot to temporarily boot using the patched image, giving you temporary root.
Use Magisk to direct install for permanent root.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
________________________________________________________
STEPS:
1. Get the semi-broken TWRP .img. This won't give you a gui but will give you su access over adb. You DON'T want to flash this, we're just booting with it temporarily.
2. Restart your phone into fastboot mode.
3. On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here). Run the following:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb pull /sdcard/boot_b.img boot_b.img
4. Copy the extracted files to a user accessible area of your phone.
5. Install the latest Magisk Canary release to your phone.
a. Select the Install option.b. Use Select and Patch a File on both boot_a.img and boot_b.imgc. You should rename them or make note of the new names given by Magisk. You'll need to use one or the other depending on which partition is active.
6. Copy the patched .img files back to your computer.
7. Restart your phone back into fastboot mode.
8. On your computer, run:
Code:
fastboot getvar all
9. Find which A/B partition is active on this line: (bootloader) current-slot:a/b
10. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot patched-boot-a/b.img
11. You now have temporary root access, to make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
12. Reboot and verify it worked.
Click to expand...
Click to collapse
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
sameog said:
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
Click to expand...
Click to collapse
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Mpolo87 said:
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Click to expand...
Click to collapse
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Please note: I love this guide. It's cohesive and well-written. I just need pictures to "see" on what and where to do. I'm visual.
UPDATE: I followed the tuturial to the best of my ability and I got nothing. I'm giving up and taking a step back.
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./fastboot boot recovery.img
Sending 'boot.img' (64964 KB) OKAY [ 1.660s]
Booting OKAY [ 0.084s]
Finished. Total time: 1.939s
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
OnePlus8T:/ # dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.194981 s, 492 M/s
OnePlus8T:/ # dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.185497 s, 518 M/s
OnePlus8T:/ # exit
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_a.img boot_a.img
/sdcard/boot_a.img: 1 file pulled, 0 skipped. 27.7 MB/s (100663296 bytes in 3.470s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_b.img boot_b.img
/sdcard/boot_b.img: 1 file pulled, 0 skipped. 32.0 MB/s (100663296 bytes in 2.997s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb reboot
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows>
sameog said:
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Click to expand...
Click to collapse
You're missing the command "cd" before the path to change the directory to the new one. It should be cd C:\Users\Mr. Lew\Desktop\oneplus 8t boot image then press enter. Now you can reference any file in that folder by just the name without its entire path as a prefix being required.
A difficult method
zengin said:
Diğer yöntemden hiç de kolay değil.
Click to expand...
Click to collapse
huh?
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
sameog said:
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
Click to expand...
Click to collapse
While this is a temporary solution, it is also a bad solution because you can land with not being able to boot your phone every time an incremental update comes along.