Database Users

Towards enabling fastboot

edit: Kindle Fire fastboot working. Allows for reflashing ROMs and booting over USB.
Recommended that you have your kindle already opened so that you can get to the battery cable to hard reset if necessary.
Instructions to follow.
transfuntioner said:
<posting here as i dont have access to devel forum yet>
Looking at the bootloader & the u-boot source, it looks like there's 2 ways to get to fastboot. The bootmode nvram setting, and a special usb cable.. I think I'll go the nvram route though I havent investigated how to set it yet.
Just to be prepared I'm going to add usb driver's inf.
%SingleBootLoaderInterface% = USB_Install, USB\VID_1949&PID_0FFF
So .. anyone else working on this?
Click to expand...
Click to collapse

I dont have a gingerbread build handy, is there another dev that can build me a fastboot.exe to include 0x1949?
I think my fire is stuck in fastboot mode.

transfuntioner said:
I dont have a gingerbread build handy, is there another dev that can build me a fastboot.exe to include 0x1949?
I think my fire is stuck in fastboot mode.
Click to expand...
Click to collapse
NVM on the fastboot.exe request, I have a working one.
fastboot mode is confirmed .. i have a fastboot talking to the fire. It shows up in 'fastboot devices' (the id is 0123456789abcdef), and responds to reboot & boot commands.
Now trying to boot out of fb mode, I should have set the 'other' nvram bootmode

NOTE: Instructions are terse and intended towards developers for now.
Standard disclaimer, I am not liable if you brick your fire.
Requisities:
- working adb, (on windows) with the additional %SingleBootLoaderInterface% entry mentioned
- working fastboot binary that recognizes / allows specifying the vendor id (0x1949)
- root. it may work without, but you probably want or have it already
Also recommended:
- boot.img from the latest sw update.
Procedure:
- get a adb shell
- use the '/system/bin/idme' command to set the bootmode. I suggest you first run 'idme ?' and write down your default, mine is "4000 0".
- if you set bootmode to 0x4002, the fire will stay in fastboot mode when it reboots
- if you set bootmode to 0x4003, it's supposed to timeout from fastboot mode, but I did not have much luck getting a normal boot after the timeout (did not play too much here).
- if you decide you dont want fastboot mode, run 'idme bootmode "4000 0"' to reset back to default for normal booting.
WARNING:
IF YOU REBOOT AT THIS POINT THE FIRE WILL BE IN THE FASTBOOT MODE. I HAVE NOT FOUND A WAY TO EXIT THIS MODE AND RETURN TO THE NORMAL OS WITHOUT A WORKING FASTBOOT CLIENT.
REPEAT:
YOU MAY BE BRICKED IF YOU DONT HAVE WORKING TOOLS.
When you boot into fastboot mode, it will show the "Kindle Fire" logo. The power button does not appear to do anything; therefore, if you boot a bad kernel/image it may get stuck and require a hard reset (pulling the battery cable).
You should now have access to the standard flashboot functionality (update, flash, usb boot, etc). Note that reboot-bootloader will bring you back to fastboot.
I currently use 'fastboot boot boot.img' (from the sw update) to get back to a working state. Once booted, use idme to disable fastboot.
Now, on to recovery's & custom roms!

so any more information on the "special usb cable" like what size resistor on pin 4?

death2all110 said:
so any more information on the "special usb cable" like what size resistor on pin 4?
Click to expand...
Click to collapse
I dont have hardware handy to determine this, but having a cable will definitely make things easier going forward.
Brief updates..
Unlike previously mentioned, it looks like long press power button typically should work.
The idme command is available in the bootloader. So you can set normal bootup mode from fastboot, then reboot. eg.
fastboot oem idme bootmode 4000
fastboot reboot

How to get latest update pack ?
Sent from my SAMSUNG-SGH-I777 using XDA Premium App

any idea what tools i can use to check what amount of resistance i need? I may just go out to the garage and grab 3 100k resistors and try the numerous SGS2 methods (specifically 3 resistors twisted together and jumping pins 4 & 5

Stuck in fastboot
Hello,
I followed these steps including adding the %SingleBootLoaderInterface% line mentions to the usb inf. I was able to get the Kindle Fire to set bootmode to 0x4002.
I downloaded fastboot from here, 32-bit only?
http://forum.xda-developers.com/showthread.php?t=463627
Tried to get fastboot 64-bit via this route, no good:
http://rootzwiki.com/topic/4551-guide-making-fastboot-work-on-64-bit-windows-7-systems/
Now that it's in bootmode, neither my x64 PC or x86 Mac can see the device via a recent fastboot.exe and fastboot-mac application using a standard mini-USB cable. Suggestions? Is there a different fastboot.exe that I should be using?
transfuntioner said:
NOTE: Instructions are terse and intended towards developers for now.
Standard disclaimer, I am not liable if you brick your fire.
Requisities:
- working adb, (on windows) with the additional %SingleBootLoaderInterface% entry mentioned
- working fastboot binary that recognizes / allows specifying the vendor id (0x1949)
- root. it may work without, but you probably want or have it already
Also recommended:
- boot.img from the latest sw update.
Procedure:
- get a adb shell
- use the '/system/bin/idme' command to set the bootmode. I suggest you first run 'idme ?' and write down your default, mine is "4000 0".
- if you set bootmode to 0x4002, the fire will stay in fastboot mode when it reboots
- if you set bootmode to 0x4003, it's supposed to timeout from fastboot mode, but I did not have much luck getting a normal boot after the timeout (did not play too much here).
- if you decide you dont want fastboot mode, run 'idme bootmode "4000 0"' to reset back to default for normal booting.
WARNING:
IF YOU REBOOT AT THIS POINT THE FIRE WILL BE IN THE FASTBOOT MODE. I HAVE NOT FOUND A WAY TO EXIT THIS MODE AND RETURN TO THE NORMAL OS WITHOUT A WORKING FASTBOOT CLIENT.
REPEAT:
YOU MAY BE BRICKED IF YOU DONT HAVE WORKING TOOLS.
When you boot into fastboot mode, it will show the "Kindle Fire" logo. The power button does not appear to do anything; therefore, if you boot a bad kernel/image it may get stuck and require a hard reset (pulling the battery cable).
You should now have access to the standard flashboot functionality (update, flash, usb boot, etc). Note that reboot-bootloader will bring you back to fastboot.
I currently use 'fastboot boot boot.img' (from the sw update) to get back to a working state. Once booted, use idme to disable fastboot.
Now, on to recovery's & custom roms!
Click to expand...
Click to collapse

I had the same issue....but i fixed it!
Code:
fastboot -i 0x1949 oem idme bootmode 0x4000
fastbooot -i 0x1949 reboot

Played with the 0x4003 fastboot "countdown" mode a bit. Seems like it is timing out of fastboot, but not continuing to boot up the rest of the way. After a few seconds the kindle fire logo goes away and the device no longer responds to fastboot commands. Waited maybe a minute or so after it left fastboot and it didn't boot. Though since you found that we can set the bootmode value from fastboot it doesn't really matter.
Also have been playing around with attempting to get my fire to boot a modified boot image. So far I've simply extracted the kernel/initrd from the 6.1 update boot.img and repacked it without modifications. Unfortunately the Fire refused to boot the resulting image.
Going to continue fiddling.

Well managed to successfully repack a boot.img.
The problem i was facing was caused by 2 issues while running mkbootimg.
1) Derped and didn't specify the correct page size (4096)
2) Needed to include a base address of 0x80000000.

wait i'm stuck in the phase where it times out after the kindle logo and it doesn't respond to fastboot commands... what did you do to get out of that?
any help would be GREATLY appreciated before my battery dies. i have my clockwork port saved on the sdcard!
or if somebody can upload their fastboot binary
edit: got it, i needed to specify the vendor id as mentioned on the bottom of page one
thanks to those who were trying to help me (although probably nobody as it's 3am...)

JackpotClavin said:
wait i'm stuck in the phase where it times out after the kindle logo and it doesn't respond to fastboot commands... what did you do to get out of that?
any help would be GREATLY appreciated before my battery dies. i have my clockwork port saved on the sdcard!
or if somebody can upload their fastboot binary
Click to expand...
Click to collapse
I did a long press of the power button and it turned off. Then before turning it back on i ran:
Code:
fastboot oem idme bootmode 4000
Let it sit in "waiting for device" and powered the kindle back on.
Attached my fastboot binary for linux if it's useful for you. It's compiled from AOSP with the 0x1949 vendorid added in.

I don't have the -i option on my version of fastboot. Could you post a windows version of the one you're using?
Edit: found version of fastboot.exe that supports -i in SDK_r07.
I can't post outside links yet, but here's the URL:
code.google.com/p/softy-warely/downloads/detail?name=android-sdk_r07-windows.zip&can=2&q=
Thanks death2all110. Got it to reboot to break out of the fastboot cycle.
New question:
I did fastboot -i 0x1949 boot recovery.img (from the Kindle 6.1 update) and now I can't fastboot back in to break out of the fastboot cycle again:
C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot -i 0x1949 oem idme bootmode 4000
< waiting for device >

I'm giving CM7 a shot right now. Gonna fastboot flash the system.img generated as well as the boot.img although I doubt this will work

death2all110 said:
any idea what tools i can use to check what amount of resistance i need? I may just go out to the garage and grab 3 100k resistors and try the numerous SGS2 methods (specifically 3 resistors twisted together and jumping pins 4 & 5
Click to expand...
Click to collapse
I dont think it'll hurt to try.. FWIW I didnt see anythign obvious in the source or from quick googling for the specs. Didnt spend a lot of effort on it though.

JackpotClavin said:
I'm giving CM7 a shot right now. Gonna fastboot flash the system.img generated as well as the boot.img although I doubt this will work
Click to expand...
Click to collapse
Yeah I am going to play with existing gingerbread builds as well because I dont think ICS will ever finish building on my machine!
I am planning on just flashing system.img and then usb boot with the stock kindle kernel / boot.img.

It didnt do anything, I found a Micro USB for LG Devices with selectable resistance. But I might buy an actual USB jig for the SGS2 but i dont want to waste my money on it if it doesn't work...
Hmm. Theres gotta be a way...

careful flashing
This may be known to experienced android devs but I thought I'd mention as I am not & just ran into it.
When you flash an individual partition you're limited by the ram, in this case the image size needs to be less than the value reported.
fastboot getvar downloadsize
downloadsize: 1d0000000
So around 486 megs.. just some extras steps needed if you're working with the 512M system partition.

[HOWTO] Installing the unlocked bootloader and fixing broken recovery in leaked ICS

Some of us used the flash-stock-then-flash-CWM method of installing the ICS leak, but were left without a working recovery. The method below allows you to unlock the bootloader and install a custom CWM.
This method may or may not work for you. I take NO CREDIT for making this happen, I'm just writing a quick howto. Thanks to strra for making it convenient.
Typically, attempting to boot into Recovery would generate an error that recovery image was not verified (something along those lines).
Thanks for all the devs who made this possible - you guys are amazing. Donate to them if you can, they deserve it.
I TAKE NO RESPONSIBILITY IF YOU TURN YOUR A500 INTO A PAPERWEIGHT.
If you don't feel comfortable with this possibility, stop here.​
Install the A500 drivers from Acer on PC (from Acer's site).
Install and launch Android terminal app on tablet. Run the following command:
Code:
dmesg>/mnt/external_sd/dmesg.txt
Open up dmesg.txt and look for androidboot.serialno. That is your CPUID. In my case, the serial number reported by the OS, on the box, in the MicroSD slot was NOT my cpuid.
Use Vache's site to convert that number into your SBK (four long hex values).
Extract all of the required files (batch.rar and nvflash) from strra's post into c:\nvflash.
Open up a Windows command prompt (cmd.exe) and then `cd c:\nvflash`.
Launch `run.bat`, but don't enter your SBK yet.
Power down the tablet.
Use a paper clip and hold down the Reset button. Do not release it. Hold down power for 3 secs and then release it. After another second, remove the paper clip. Your Windows PC should then detect your device and install the APX driver. You should then have an APX USB device installed. If you do not have an APX USB device listed in your system tray, you cannot proceed.
Go back to the Windows command prompt and enter your SBK. Once you enter it, the process should begin. If you receive a USB write error, your SBK is incorrect.
Once the process begins, the Windows command prompt will read "Press any key when your A500 is in bootloader mode". Do not continue until the tablet is in Download Mode.
Once the tablet reads "download mode" (something along those lines), you are in bootloader mode. You can proceed and it will begin formatting the various partitions and installing the recovery.
Once the process completes, it should say PASS. You can then power off the tablet and power it back on again.
Make sure your tablet boots.
Power the tablet down and attempt to launch CWM via Power+VolDown.
PROTIP
Remount /system rw:
Code:
su
mount -o remount,rw -t ext4 /dev/block/mmcblk0p3 /system

Worked perfectly! Thanks!

yaw
worker for me too... thanks to all for this work!

good write-up
also, another protip:
if you right click the title bar of the command prompt, you can go to edit>paste to copy/paste the SBK... should make things a little easier

@strra:
You don't happen to know the location of the apk's for `Acer Media` and `Weather`, do you?
I'd like to add them to the following list of bloat that can go (another PROTIP) once you remount /system rw.
Under /system/app, rename:
3DPhotoBrowser-apk
AcerNidus-apk
Clearfi-apk
aupeo-apk

Problem with recovery
When it launches download mode, it says entering download mode in acer boot screen and it stays like that. How much time should I wait until it enters download mode? Or is that download mode? When it shows PASS message then under appears a red text saying LNX image not certified or something like that, why? Please help me. Thanks.
Now my tablet boots with a white text on it saying custom bootloader. But i don't have recovery mode.

Luescoff said:
Now my tablet boots with a white text on it saying custom bootloader. But i don't have recovery mode.
Click to expand...
Click to collapse
Install new recovery with fastboot. Boot into Android normally and connect it to PC with Android SDK (you need working adb and fastboot commands).
Check if adb sees your device:
Code:
adb devices
Boot into bootloader:
Code:
adb reboot bootloader
If you haven't been in bootloader mode before you might need to install fastboot drivers (from ACER Drivers for example).
Check if fastboot sees your device:
Code:
fastboot devices
My a500 didn't return its ID so fastboot is showing a device with "?" instead of ID. It is ok.
Install new recovery (here it is in recovery.img file, change it to yours):
Code:
fastboot erase recovery
fastboot flash recovery recovery.img
fastboot reboot
When device will be booting just hold Volume Down like always to get into recovery.
You can also test and boot recovery.img directly from PC with fastboot:
Code:
fastboot boot recovery.img
You can test with fastboot boot command as it doesn't overwrite anything in device's flash. It downloads boot image (like recovery.img or boot.img into RAM and runs it from there).

jm77 said:
@strra:
You don't happen to know the location of the apk's for `Acer Media` and `Weather`, do you?
I'd like to add them to the following list of bloat that can go (another PROTIP) once you remount /system rw.
Under /system/app, rename:
3DPhotoBrowser-apk
AcerNidus-apk
Clearfi-apk
aupeo-apk
Click to expand...
Click to collapse
You can also add social Jogger
Link to facebook .
and all the links to there so called book shelf apps like link to games link to media .there are 4 of them They Hog resources even if you NEVER use them.I forget all there names and im on Vachs rom he has removed them all.

@jm77: Maybe could you split the DL link (batch.rar) and add the link to the OP of the orig. thread for downloading the bootloader binary (so when I update it people get the updated version directly)?

jm77 said:
@strra:
You don't happen to know the location of the apk's for `Acer Media` and `Weather`, do you?
.......
Click to expand...
Click to collapse
Acer hid them in flexrom/app this time around!

Thanks for the help.

yaworski said:
Install new recovery with fastboot. Boot into Android normally and connect it to PC with Android SDK (you need working adb and fastboot commands).
Check if adb sees your device:
Code:
adb devices
Boot into bootloader:
Code:
adb reboot bootloader
If you haven't been in bootloader mode before you might need to install fastboot drivers (from ACER Drivers for example).
Check if fastboot sees your device:
Code:
fastboot devices
My a500 didn't return its ID so fastboot is showing a device with "?" instead of ID. It is ok.
Install new recovery (here it is in recovery.img file, change it to yours):
Code:
fastboot erase recovery
fastboot flash recovery recovery.img
fastboot reboot
When device will be booting just hold Volume Down like always to get into recovery.
You can also test and boot recovery.img directly from PC with fastboot:
Code:
fastboot boot recovery.img
You can test with fastboot boot command as it doesn't overwrite anything in device's flash. It downloads boot image (like recovery.img or boot.img into RAM and runs it from there).
Click to expand...
Click to collapse
Thank you, yaworski
For a mysterious reason the only way to boot in CWM recovery mode on my a500 is passing by your last command
Code:
fastboot boot recovery.img
The classical "volume-/power" method brings me to the "dead android man" with the exclamation mark... Same thing if I use the "Acer recovery" app.
In others words, the only way to open the recovery is passing by the bootloader and the fastboot commands...
Any idea for the reason of that?

So should the odmdata in the bat file be 0x300d8011 or 0xb00d8011. It has 0x300d8011, but i saw another post where it should match was EUU uses as 0xb00d8011.
Thanks.

castafiore said:
Thank you, yaworski
For a mysterious reason the only way to boot in CWM recovery mode on my a500 is passing by your last command
Code:
fastboot boot recovery.img
The classical "volume-/power" method brings me to the "dead android man" with the exclamation mark... Same thing if I use the "Acer recovery" app.
In others words, the only way to open the recovery is passing by the bootloader and the fastboot commands...
Any idea for the reason of that?
Click to expand...
Click to collapse
it's because you didn't delete recovery-from-boot.p from /system and it's reflashing stock recovery whenever you boot into android

I want to make a backup of my current EBT before I try flashing this new one. When I enter APX mode (reset button + power), I get "Acer Picasso USB Boot-recovery driver" listed in my device manager.
Then I issue the command (i blanked out most of my SBK here).
Code:
nvflash --read 4 myboot.img --sbk 0x8E000006 0x9C000001 0x22000002 0xF0000002 --sync
I've tried different flags like --bct --odmdate --configuration but i always get:
Code:
Nvflash started
rcm version 0X4
Command send failed (usb write failed)
Following that, the device dissappears from my windows device manager.
I've also tried the first command from run.bat with both odmdata values
Code:
nvflash --bct bct.bct --setbct --bl bootloader.bin --configfile flash.cfg --odmdata 0xb00d8011 --sbk 0x8E000006 0x9C000001 0x22000002 0xF0000002 --sync
nvflash --bct bct.bct --setbct --bl bootloader.bin --configfile flash.cfg --odmdata 0x300d8011 --sbk 0x8E000006 0x9C000001 0x22000002 0xF0000002 --sync
Both of these give the error message same message.
Any ideas?
---------- Post added at 01:21 PM ---------- Previous post was at 01:11 PM ----------
Also, just tried the run.bat as is (well.. i removed the "cls" so the screen woudln't blank. Get the same error..
Code:
C:\Users\james\Downloads\bootloader>run
****************************************************************
* This will boot your A500 into bootloader mode, *
* flash patched bootloader V2, and flash Thor Recovery 1.7 *
****************************************************************
****************************************************************
* Before executing, be sure to delete recovery-from-boot.p *
* from /system to ensure recovery will stick *
****************************************************************
****************************************
* Reboot your tablet into APX mode *
****************************************
Generate your SBK with your CPUID from here : http://vache-android.com/v1/index.
php?site=sbk
Enter your SBK:0x8E000006 0x9C000001 0x22000002 0xF0000002
Loading bootloader...
Nvflash started
rcm version 0X4
[COLOR="Red"]Command send failed (usb write failed)
[/COLOR] **********************************************************
* Press any key when your A500 is in bootloader mode *
**********************************************************
Press any key to continue . . .

strra said:
it's because you didn't delete recovery-from-boot.p from /system and it's reflashing stock recovery whenever you boot into android
Click to expand...
Click to collapse
Thank you, strra.
I suspected it, to be honest, since I've noticed this advice when I launched the run.bat
But, my question has been/is still now: how to remove this "recovery-from-boot.p" ?
Can it be done when in APX mode? Do the adb commands work in APX mode?

castafiore said:
Thank you, strra.
I suspected it, to be honest, since I've noticed this advice when I launched the run.bat
But, my question has been/is still now: how to remove this "recovery-from-boot.p" ?
Can it be done when in APX mode? Do the adb commands work in APX mode?
Click to expand...
Click to collapse
While in Android you need to remount your /system partition as writable and just delete the file with rm command . If you didn't replaced your boot.img yet with patched one, just use
Code:
fastboot boot boot.img
command where boot.img is patched kernel, then wait until Android is started (it will run on patched kernel from ram like with recovery).
When you run on patched kernel and you use adb shell then you will have root from the beginning. Then just use
Code:
mount -o remount,rw /system
and you can remove the file.

Thanks for your quick and clear answer, yaworski
Booting on this patched boot.img is the trick.

fastboot boot recovery.img doesnt work for me, and i'm no able to mount rw to delete the recovery-from-boot.p. what can i do now??? i'm stuck in this leak version...

querobolo said:
fastboot boot recovery.img doesnt work for me, and i'm no able to mount rw to delete the recovery-from-boot.p. what can i do now??? i'm stuck in this leak version...
Click to expand...
Click to collapse
Did you flash the patched bootloader in APX mode using nvflash? Because all above instructions work only on unlocked and patched bootloader with "secure" flag off.

[GUIDE] Unlock Bootloader, Install Custom Recovery, and Root the Pixel C (2/4/2016)

The instructions in this guide are outdated and way more complicated than necessary. Once the official release of Android 7.0 Nougat becomes available/rooted, I will update the procedures in this thread. In the meantime, I recommend referencing this post along with the original instructions.
A massive shout out to @cheep5k8 for all the hard work he did in getting root and recovery working on the Pixel C. Please donate to him if you can. He deserves it.
Disclaimer: This will wipe your device. Backup anything important before you start. I mostly made this guide for selfish reasons. cheep5k8 has done a great job but some of the instructions are a little vague. I like being spoon fed and I wanted a resource to refer to in the future. You know the drill. If it breaks, not my problem. Post in the forums or hop onto the XDA IRC channel.
There may be more efficient ways to do this, but this will get you where you need to be. If you find any problems or have any suggestions, feel free to reply (BE VERY SPECIFIC WITH STEPS) and I will do my best to update the instructions.
Prerequisites:
ADB/Fastboot - Minimal ADB and Fastboot
ADB/Fastboot Drivers - I recommend using Wugfresh's Nexus Root Toolkit and using the full driver installation guide. Alternatively, you can install them yourself using the official Google Drivers (no installer)
An easy way to access the ADB prompt is to navigate to the directory that ADB is installed in, hold shift and right click inside the directory. This will give you an expanded right click menu that includes an option to "Open command window here." Select this option and a command prompt will open that is already in the ADB directory, saving you from having to do a bunch of cd nonsense. You can check to see if your device is recognized in ADB by typing "adb devices." If ADB and the driver are all working correctly, it should come back with something like "5A20001071 device." You can also check to make sure your device is recognized in fastboot by booting to the bootloader and typing "fastboot devices." It will show something similar.
Necessary Files:
Pixel C Recovery - Cheap5k8's Recovery -- NYCHitman's Recovery (newer)
Pixel C Root files - Download the XCeeD kernel, su.img, and SuperUser.apk
Copy these files to your directory that contains the ADB and Fastboot executables.
Device Prep:
Enable developer mode
Go to Settings > About tablet
Tap on Build Number 7 times until it says "You are now a developer"
Enable OEM Unlocking
Go to Settings > Developer options
Enable OEM Unlocking
Tap on Enable when a disclaimer pops up
Enable USB Debugging (ADB)
Go to Settings > Developer options
Enable USB debugging
Tap on OK when prompted with a disclaimer
If the ADB USB driver has been installed, you will see a popup that says "The computer's RSA key fingerprint is: xx:xx:xx:xx(blah blah)"
Check the box next to "Always allow from this computer"
Tap on OK
Unlock Bootloader:
Open ADB prompt (see prerequisites)
Input the following:
Code:
adb reboot-bootloader
The device will now boot into the bootloader and say
Code:
Waiting for fastboot command...
Input the following to unlock the bootloader:
Code:
fastboot flashing unlock
You will be prompted on the tablet screen with a warning about unlocking the bootloader.
Press the power button to unlock the bootloader.
The device will reboot and say "Bootloader is unlocked and OS verification is OFF. Device will continue booting in 30 seconds." You will also hear an audible beep. You will then see the green android with some spinny stuff. This is the userdata being formatted.
When complete, the device will boot back into the bootloader and say
Code:
Waiting for fastboot command...
Boot back into Android by inputting:
Code:
fastboot reboot
Your Pixel C will be reset, so you will need to re-enable USB debugging. Connect to your wireless network and then skip past everything else in the initial setup, as all of this setup info will be wiped again later on. Refer to the "Enable USB Debugging (ADB)" steps above to re-enable USB debugging.
Install Custom Recovery:
Open ADB prompt (see prerequisites)
Input the following:
Code:
adb reboot-bootloader
The device will now boot into the bootloader and say
Code:
Waiting for fastboot command...
With the Pixel C in the Fastboot bootloader and the recovery file in your ADB directory, input the following:
Code:
fastboot flash recovery (replace with custom recovery filename).img
Example:
Code:
C:\>fastboot flash recovery twrp-2.8.7.0-dragon-ryu-01082016-2.img
target reported max download size of 268435456 bytes
erasing 'recovery'...
(bootloader) erasing flash
OKAY [ 0.054s]
sending 'recovery' (13760 KB)...
OKAY [ 0.349s]
writing 'recovery'...
(bootloader) writing flash
OKAY [ 0.375s]
finished. total time: 0.783s
Reboot into Recovery using the physical buttons. If you reboot the device back into Android, it will write over the custom recovery with the stock one. This will be fixed in the future.
Code:
Power + Volume down until screen turns off, keep pressing volume down to boot into Coreboot Bootloader. Navigate to Reboot into Android Recovery with volume down and then press power to select.
Install Root:
In TWRP, navigate to Wipe > Format Data
Type "yes" in the warning prompt and wait for the userdata partition to format. Again, this will wipe your tablet.
Press the Home button at the bottom when the format is complete
Navigate to Reboot > Bootloader to boot back into Fastboot
In the ADB prompt, flash the new kernel:
Code:
fastboot flash boot (replace with xCeeD kernel filename).img
Example:
Code:
C:\>fastboot flash boot xceed-kernel-google-dragon-02-01-2016-RC1.img
target reported max download size of 268435456 bytes
erasing 'boot'...
(bootloader) erasing flash
OKAY [ 0.064s]
sending 'boot' (6220 KB)...
OKAY [ 0.161s]
writing 'boot'...
(bootloader) writing flash
OKAY [ 0.197s]
finished. total time: 0.426s
Reboot into Android. The device may boot twice.
Code:
fastboot reboot
Reboot back into Recovery. Power + Volume down until screen turns off, keep pressing volume down to boot into Coreboot Bootloader. Navigate to Reboot into Android Recovery with volume down and then press power to select.
In TWRP, navigate to Mount and check only Data
In the ADB prompt move su.img to /data:
Code:
adb push su.img /data
Example:
Code:
C:\>adb push su.img /data
5677 KB/s (33554432 bytes in 5.772s)
In TWRP, navigate to Mount and uncheck Data
In TWRP, navigate to Reboot > System
Perform initial device setup
Once you are at the home launcher, re-enable USB debugging (Refer to Device Prep)
In the ADB prompt, install superuser.apk:
Code:
adb install Superuser.apk
Example:
Code:
C:\>adb install Superuser.apk
8612 KB/s (6227998 bytes in 0.706s)
pkg: /data/local/tmp/Superuser.apk
Success
Install Busybox from the Play Store: link
Congrats. You are now rooted (not in the Australian sense).

Big big thanks
Amazing, great job.

P.S. One thing to add, for those who bought SuperSU Pro, you can install that too from the Play Store instead of installing the APK, but at the moment, it will say that the su binary is outdated (because the xCeeD kernel comes with 2.66, but SuperSU is already at 2.67). There needs to be a somewhat better solution but it's a bit hard to come up with it.
xCeeD v1-RC4 will have SuperSU updated to 2.67, and I'm thinking of how to make it possible to flash the normal SuperSU ZIP in TWRP. I will probably modify TWRP in some way to make that possible.

Very good step by step, guide, I went through the same process myself yesterday, although without the benefit of your guide!
Just one additional suggestion I would make, especially for people who have already got things set up nicely on their device.
Before doing anything you can make a backup of your device data using adb.
I used the guide at - http://forum.xda-developers.com/galaxy-nexus/general/guide-phone-backup-unlock-root-t1420351
Although you cannot guarantee everything will restore perfectly (I recommend that for important apps that have the capability - backup the settings manually and remember to copy them off the device), it certainly saved me a heck of a lot of time in putting things back exactly as they were before - and it is a lot quicker than letting google backup restore things.

Does this void the warranty?
Great job,anyway
Enviado desde mi Pixel C mediante Tapatalk

Cool, but you don't mind make put the video or pictured for guides.
Keep it up!!

there no show up wipe/ fromat data when I into in reboot into android recovery look like said no command

Scarfacez2007 said:
there no show up wipe/ fromat data when I into in reboot into android recovery look like said no command
Click to expand...
Click to collapse
Are you booting into TWRP recovery or the stock Android recovery?

I have unlocked and I was install install custom recovery that all
---------- Post added at 01:11 AM ---------- Previous post was at 12:21 AM ----------
I just installed trwp then I into on reboot into android recovery but still no command

Thank you for this in depth tutorial.. GREATLY appreciated..my C will be in tomorrow just in time for RC4! Hopefully all goes smooth with this. So no need to swipe fastboot fix in twrp??

Scarfacez2007 said:
I have unlocked and I was install install custom recovery that all
---------- Post added at 01:11 AM ---------- Previous post was at 12:21 AM ----------
I just installed trwp then I into on reboot into android recovery but still no command
Click to expand...
Click to collapse
I had that too after my first attempt, I reinstalled TWRP and it worked after the second flash.
There were no errors shown either time.

The same thing - no command, though the TWRP is installed. Re-installing doesn't help at all.
UPD Just managed to do this step by manually booting into recovery without booting the ui.

I updated the instructions saying to use the physical buttons to boot into recovery immediately after writing TWRP to flash. I believe this should mitigate the issue with the device overwriting the custom recovery before the kernel is flashed.

You don't mind guide put with the video or picture?

Scarfacez2007 said:
You don't mind guide put with the video or picture?
Click to expand...
Click to collapse
I have no plans to make a video or pictures.

Finally I got rooted about time!!!! thanks oRAirwolf!!!!

I just wondering I can download Xposed 6.0.1 on my pixel c?

Scarfacez2007 said:
I just wondering I can download Xposed 6.0.1 on my pixel c?
Click to expand...
Click to collapse
I have no idea. I would probably start a new thread in the Q&A section.

Scarfacez2007 said:
I just wondering I can download Xposed 6.0.1 on my pixel c?
Click to expand...
Click to collapse
Yep xposed works fine

How did you get download xposed with arm64 for Google Pixel C? where get it? you don't mind can find for me on link?

[GUIDE]Oneplus X MAC Root Guide

This guide will help mac users with rooting their Oneplus X
BEFORE STARTING!
This could void the warranty of your device.
I won’t be held responsible for anything that happens from doing this tutorial so please proceed at your own risk.
All your data will be erased, so please make a back-up!
Please enable usb debugging in developer options(tap 7 times on build number).
Connect your phone to your mac and you will see Oneplus Drivers in your finder.
Double click on AndroidFileTransfer(OSX).dmg
Drag Android File transfer to the programs folder.
Step 1: Setting up ADB and FASBOOT and unlocking the bootloader
- Power off your phone and hold power button+volume up
- The phone should enter fastboot mode
- Go to https://drive.google.com/drive/u/0/folders/0B-baud5R8XkwLWYxcHNmbGZTY1U
and download the 3 files.
- Go ahead and unzip fastboot.zip then copy over the recovery.img file into fastboot folder.
- Open Terminal
- In Terminal type the following with hitting enter at the end of each line:
cd downloads
cd fastboot
chmod 755 *
./fastboot-mac oem unlock
- Your phone will reboot and you will be asked to unlock the bootloader. Just hit the Power button and unplug
your phone
- Phone will reboot
- Setup your phone
- Copy the UPDATE-SuperSU-2.78.zip to the internal storage of your OnePlus X using Android File Transfer.
- Power off your phone and hold power button+volume up, you should enter fastboot.
- Re-connect the USB cable once in fastboot mode.
Step 2: Flashing custom recovery and rooting
- Open terminal
- In Terminal type the following with hitting enter at the end of each line:
./fastboot-mac flash recovery recovery.img
./fastboot-mac erase cache
- Wait for it to finish and unplug your phone
- Hold down power and volume down for 20 seconds.
- The phone should boot into recovery.
- Once in TWRP recovery, choose “Install”
- Choose the Super SU zip file you copied over to your phone earlier.
- Swipe to flash.
- Choose “Reboot System”.
- If twrp asks your to disable stock recovery, swipe to disable.
YOUR OPX WILL REBOOT AND IS NOW ROOTED!
To check, open to superSU app and check for errors, no errors=rooted!
Thanks to https://theunlockr.com/ for the windows tutorial.
Need help ? Post a comment and I will help. :good:
Noticed spelling mistakes? Please let me know

ᕕ( ಠ‿ಠ)ᕗ
Just hijacking this post here to say, way to go buddy !
jk, reserved

Sorry guys, I know this is a very old thread but I've tried this so many times and did not work. My problem is that nothing happens in my device when I type the command to unlock the bootloader using Terminal.
I get the following message: Brunos-MacBook-Pro:fastboot Brunolima$ ./fastboot-mac oem unlock
...
OKAY [ 0.001s]
finished. total time: 0.001s
Brunos-MacBook-Pro:fastboot Brunolima$
And then that's it. It doesn't reboot and when i manually reboot it is in the same state as before.
Any ideas guys?

Hey, I've been trying the same thing. Didn't have your specific issue but I think it may be related to the fact that it's already unlocked.
That said, I to make everything work I basically used this guide + the commands from the official TWRP guide at the page "TWRP for OnePlus X" + the command from a guide in the official OnePlus guide called "[GUIDE] ONYX: How to Unlock Bootloader, Install Custom Recovery, Root, Take EFS Backup & More !!" --- sorry but I can't post links.
All in all the commands I've used where:
adb reboot bootloader
fastboot devices
fastboot oem unlock
fastboot oem device-info
fastboot flash recovery twrp.img
fastboot boot twrp.img
brunolimaam said:
Sorry guys, I know this is a very old thread but I've tried this so many times and did not work. My problem is that nothing happens in my device when I type the command to unlock the bootloader using Terminal.
I get the following message: Brunos-MacBook-Pro:fastboot Brunolima$ ./fastboot-mac oem unlock
...
OKAY [ 0.001s]
finished. total time: 0.001s
Brunos-MacBook-Pro:fastboot Brunolima$
And then that's it. It doesn't reboot and when i manually reboot it is in the same state as before.
Any ideas guys?
Click to expand...
Click to collapse

[GUIDE] [ROOT] LG K7 MS330 - Concise tutorial on rooting with: ADB, TWRP and SuperSU

***MOD EDIT: BE WARNED THAT WHEN PERFORMING THESE INSTRUCTIONS, THAT ALL DATA WILL BE WIPED (FACTORY RESET) FROM THE DEVICE - THIS INCLUDES THE INTERNAL DEVICE STORAGE (INTERNAL SDCARD). YOUR EXTERNAL SD FILES, HOWEVER, ARE SAFE AND WILL NOT BE MODIFIED.***​
Hello.
I will attempt to keep this tutorial as concise as humanly possible, without the expenditure of costly applicably valid information. There are many other persons (whom I do not know) to thank for the majority of this information (from XDA Developers and other sites around the world wide web). Without further adieu: Let's begin!
The base operating system that this tutorial references is a Windows distro (I am operating on: Windows 10 Home OEM).
Target phone specs (http://www.lg.com/us/cell-phones/lg-MS330-White-k7):
Carrier: MetroPCS®[*]
[*]Make: LG K7 ("HW" or "White")
[*]Model: LG MS330
[*]Build number: LMY47V
[*]Software version: MS33010m
[*]Android version: 5.1.1
[*]Android security patch level: 2017-04-01
[*]Kernel version: 3.10.49​
Prerequisites:
A USB cable (able to transfer data)
A functional copy of Windows
An internet connection (to download the software tools)
If you opt to not download and install the stock firmware ROM (*.kdz) and LG UP (used for many things):
You are taking a great risk in the event something catastrophic occurs (no backup; Corrupted partition(s); Broken hard-key reset; etc).
The LG UP tool combined with the ROM file enables you to fully slate the drive on the phone (effectively restoring it to a manufacturers state; No partitions, no data, nothing!).
It also acts as a major fail-safe as previously iterated.
You can also (if you take the time of day) use it to create your own customized 'factory style' bloatware free, customized filled state *.KDZ ROM! Although TWRP backups should be capable of emulating this type of behavior.
The ROM is ~1GB in file size from the server (capped at ~10MB/s download rate at the time of the writing of this post). Translation: It takes a while (~30min) to download. Fortunately for me: I had it and had to use it earlier today (TWRP backup failed).
Software tools (ADB, TWRP, SuperSU, LG UP, ROM):
ADB (Android Debug Bridge): https://developer.android.com/studio/releases/platform-tools.html
TWRP (Team Win Recovery Project) v3.2.1.0: https://twrp.me/lg/lgk7.html
SuperSU (SuperUser) v2.82: http://www.supersu.com/download
LG UP Lab v1.10: https://www.mylgphones.com/download-lg-up-software
Stock ROM (MS33010i -- *.kdz): https://mega.nz/#F!sdwRDLbZ!yPOiRPv5QJS_9I4hzL4ptQ!ddJHSBhR
This will be a step-by-step process; If you skip a step: Make sure you have a good reason!
I will be assuming you have followed the links above and both downloaded and installed the appropriate software (ADB, LG UP). Keeping everything organized is key.
For instance: Create a folder on your main drive ("C" drive is common traditionally). Name this folder "Rooty." Create a short-cut of "adb.exe" and place it there. Place the SuperSU *.zip and *.kdz ROM data files in the same directory as well.
Overview of procedures:
Enable "OEM unlock"
Enable "USB debugging"
Unlock OEM bootloader
Install ("flash") TWRP
Using LG UP (after TWRP is either installed or live loaded)
Install SuperSU
Step 1) Enable developer options
Enabling developer options -- Navigate to "Settings," then to "About phone," then to "Software info," then tap on "Build number" until the dialog states: "No need, you are already a developer."
Step 1.1) Enable OEM unlock option
Traverse two levels up; Tick off "Enable OEM unlock"; Scroll down 2 options and tick off "USB debugging."
Step 2) Unlocking the OEM bootloader
Insert your USB cable to connect your desktop/laptop to your cellphone; When the dialog comes up asking for permission to debug: Accept it (OPTIONAL: Tick off the 'always allow this device'). Ensure "Media device (MTP)" option is selected (it will automatically install the drivers from your phone to your computer if enabled).
Step 2.1) Unlocking the OEM bootloader (for the not-so-technically-inclined)
Create a textfile and name it whatever you'd like (I prefer the filename: "OEM_Unlock.bat").
Copy and paste this script and simply place it in the same directory ('folder') as ADB.
Code:
REM This will reboot the phone into "bootloader" mode
adb reboot bootloader
REM This will unlock the OEM bootloader (a message will display on the starting logo afterwards)
fastboot oem unlock
REM This is just to verify that it was successfully unlocked ("unlocked: yes")
fastboot getvar unlocked
Alternatively: You can manually input the commands one at a time by typing them yourself or copying and pasting.
Step 3) Installing TWRP
You can just use ADB to directly flash the recovery partition of the ROM on the phone:
Code:
fastboot erase recovery
fastboot flash recovery C:/Android/recovery.img
You can also simply 'live boot' into TWRP (less risk of a faulty TWRP):
Code:
fastboot boot C:/Android/recovery.img
Now TWRP is installed (unless you simply loaded the image file into the phone's RAM).
Using LG UP to flash the ROM ("WIPE" every partition of the phone with TWRP; EVERYTHING will be lost:
To use LG UP: You only need to power down the phone fully (ensure it is not yet connected to the computer).
Hold the "VOLUME UP" key (do not release); Insert the USB cable. The phone should (within moments) place itself into "DOWNLOAD MODE." At which point LG UP will recognize the phone. There will be two options: "Refurbished" and "Upgrade"; Tick off 'upgrade' every time! Below that is "3 dots" which enables you to navigate (GUI) to the directory of your desired *.tot or *.kdz file. Simply hit "start" and it'll flash the phone (it usually takes ~300s or ~5m).
Step 4) Installing SuperSU
Through TWRP: Click on "Advanced"; Then click on "ADB Sideload"; Tick both the "Wipe Dalvik cache" and "Wipe cache" (these will force all APKs to be reinstalled via root level). Then slide the bar across. Return your attention to Windows.
You can just use ADB to directly sideload SuperSu onto the phone.
Code:
adb sideload C:/Android/SuperSU.zip
The final page asks if you would like to install the "official TWRP app" and also if you'd like to install it under "system" privileges (one less than root).
The end! You now have root accessible privileges through the "SuperSu" application (which contains root privilege at this point).
Alternatively to manually inputing everything by hand into ADB: I've whipped up this simple batch script for Windows:
Code:
ECHO OFF
CD\
CLS
ECHO Waiting for the device to communicate (ensure you are not in 'recovery,' 'sideload,' or 'bootloader' state)
adb wait-for-device
REM Reboots to the bootloader
adb reboot bootloader
REM Unlocks the OEM bootloader
fastboot oem unlock
REM Quick check to see if it successfully unlocked
fastboot getvar unlocked
REM Flashes (deleting the stock ROM recovery program)
fastboot erase recovery
REM Flashes (copies the TWRP custom recovery program)
fastboot flash recovery C:/Android/recovery.img
REM Loads the TWRP custom recovery program into memory (a "live boot")
fastboot boot C:/Android/recovery.img
REM Pauses execution until the phone boots into "recovery" state
ECHO Wait until the phone enters a "recovery" state...
adb wait-for-recovery
CLS
ECHO Traverse to "Advanced" then to "ADB Sideload"
ECHO Check off clearing both the Dalvik cache and cache
ECHO Press any key *after* you swipe the bar across
ECHO(
PAUSE
REM Copies over the APK to the ROM (security exploit to gain root permissions)
adb sideload C:/Android/SuperSU.zip
adb reboot
How to use the batch script file to root your phone with ADB, TWRP and SuperSU:
Place: SuperSU.zip and TWRP.img in the same directory as the ABD/fastboot executables
Modify the absolute paths and file names to your system (EG: "C:/Android/" and "recovery.img")
I hate to post this, but I feel it to be utterly important to express my deepest gratitude to all those who have posted this information that was scattered about the internet. This is my first Android or PHONE for that matter to root! It was quite the under-taking (nearly a 48 hour scourge of research). I've learned quite a bit how the Android OS works internally as a result; as well as the tool-kits that are commonly used in conjunction with modding the Android (out of the scope of this thread).
I hope this very recently updated and compiled information will help ease the suffering of another's entrance into the world of rooting Android phones. I also hope it really deepens the understanding of what they're doing (EG: The commands being utilized with abd and fastboot).
Here is a helpful link in regards to adb/fastboot:
- Quick reference to abd commands (syntax and meaning): https://developer.android.com/studio/command-line/adb.html
- Alternatively: You can use "adb help" to see a print-out of the commands and arguments (same applies to fastboot).
Happy rooting, y'all!

Thanks for the write-up!
The attached SuperSU.zip worked perfect to gain root on my K7 m1 using the adb sideload in Twrp and PC.
My bootloader I had already unlocked. Twrp, I flashed before I accomplished that feat!
Was rooted with Kingroot but wasn't satisfied with that.
Factory reset, and followed your adb sideload instructions to gain root with SuperSU.zip ..
Thanks again my friend.
Custom Roms for the K7 seem to be scarce, unless I am looking in all the wrong places.
Would be much appreciated if anyone could help me on that front?? ... Please let me know.

Good Day
With very insignificant changes to syntax used above I found this works perfectly on OSX as well.
Thanks

hi, i cant seem to unlock the bootloader. i have already enabled oem unlock and usb debuggin from settings but it always fails
Code:
PS C:\adb> adb devices
List of devices attached
ZSTSS8DUSWZD9LCE unauthorized
PS C:\adb> adb reboot bootloader
PS C:\adb> fastboot devices
ZSTSS8DUSWZD9LCE fastboot
PS C:\adb> fastboot oem unlock
...
(bootloader) Start unlock flow
FAILED (remote:
Unlock operation is not allowed
)
finished. total time: 9.294s
I should note that kingrot also failed to root
i dont know whats wrong, imma gonna try factory reset and try again
UPDATE
It seems the allow oem unlock option got disabled by itself somehow, i re enabled, tried again and unlocked succesfully
UPDATE 2
Aaaaand Bootloop, dunno what went wrong, iv'e reached step 4, flashed twrp, then tried to reboot into twrp and now im stuck in bootloop
Code:
PS C:\adb> adb reboot bootloader
PS C:\adb> fastboot oem unlock
...
(bootloader) Start unlock flow
OKAY [ 8.981s]
finished. total time: 8.983s
PS C:\adb> fastboot getvar unlocked
unlocked: yes
finished. total time: 0.003s
PS C:\adb> fastbot erase recovery
fastbot : The term 'fastbot' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ fastbot erase recovery
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (fastbot:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\adb> fastboot erase recovery
erasing 'recovery'...
FAILED (remote: unknown command)
finished. total time: 0.004s
PS C:\adb> fastboot flash recovery c:/adb/lg.img
target reported max download size of 134217728 bytes
sending 'recovery' (12010 KB)...
OKAY [ 0.394s]
writing 'recovery'...
OKAY [ 0.706s]
finished. total time: 1.103s
PS C:\adb> adb reboot recovery
error: device '(null)' not found