Hallo guys, curently I waiting confirmation from emma registration (5 days), never got confirmation so my registration is not complete and I can't login to emma to install openbootloader, so anybody here please give me binary file (or files) downloaded from emma and share it with me by pm?
I don't know which format use these files downloaded from emma but if anybody have it allready on his disk give me that please, if not, it can be dumped by adb shell in next way:
dd if=/dev/block/platform/msm_sdcc.1/by-name/gpt of=/data/local/tmp/gpt
dd if=/dev/block/platform/msm_sdcc.1/by-name/sbl1 of=/data/local/tmp/sbl1
dd if=/dev/block/platform/msm_sdcc.1/by-name/s1sbl of=/data/local/tmp/s1sbl
dd if=/dev/block/platform/msm_sdcc.1/by-name/dbi of=/data/local/tmp/dbi
dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot
dd if=/dev/block/platform/msm_sdcc.1/by-name/rpm of=/data/local/tmp/rpm
dd if=/dev/block/platform/msm_sdcc.1/by-name/tz of=/data/local/tmp/tz
These seven files will be located under /data/local/tmp folder (gpt, sbl1, s1sbl, dbi, aboot, rpm, tz), add it to the archive and share them with me by pm (don't post it here please), thank you
munjeni said:
Hallo guys, curently I waiting confirmation from emma registration (5 days), never got confirmation so my registration is not complete and I can't login to emma to install openbootloader, so anybody here please give me binary file (or files) downloaded from emma and share it with me by pm?
I don't know which format use these files downloaded from emma but if anybody have it allready on his disk give me that please, if not, it can be dumped by adb shell in next way:
dd if=/dev/block/platform/msm_sdcc.1/by-name/gpt of=/data/local/tmp/gpt
dd if=/dev/block/platform/msm_sdcc.1/by-name/sbl1 of=/data/local/tmp/sbl1
dd if=/dev/block/platform/msm_sdcc.1/by-name/s1sbl of=/data/local/tmp/s1sbl
dd if=/dev/block/platform/msm_sdcc.1/by-name/dbi of=/data/local/tmp/dbi
dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot
dd if=/dev/block/platform/msm_sdcc.1/by-name/rpm of=/data/local/tmp/rpm
dd if=/dev/block/platform/msm_sdcc.1/by-name/tz of=/data/local/tmp/tz
These seven files will be located under /data/local/tmp folder (gpt, sbl1, s1sbl, dbi, aboot, rpm, tz), add it to the archive and share them with me by pm (don't post it here please), thank you
Click to expand...
Click to collapse
Don't need registration for Emma. I don't have the info here, but search it. You just have to download a file and swap it in the Emma folder.
Found it - http://developer.sonymobile.com/services/flash-tool/how-to-download-and-install-the-flash-tool/
Thank you!
Ok got emma working but can't see openbootloader for amami
munjeni said:
Ok got emma working but can't see openbootloader for amami
Click to expand...
Click to collapse
Instructions here -
http://developer.sonymobile.com/201...for-a-range-of-unlocked-xperia-devices-video/
Everything is grayed out until you connect, then you get drop-down menus, one of which has 'ta update' option.
I can see TA update but can't see bootloader update! Whats going on with this? Is ta update mean bootloader update?
Got it now, interesting that these ta update enables recovery option Trim area is realy an misterious thing on xperia devices. Its just writen new Rhine S1 Boot Config Data aka TA unit 84F and freed unit 8FD ... realy interesting. We have only 16mb free space available for recovery:
partitions offsets on amami:
Code:
gpt - 0 to 0x0001FFFF lenght=0x00020000
ta - 0x00020000 to 0x0021FFFF lenght=0x00200000
sbl1 - 0x00220000 to 0x0029FFFF lenght=0x00080000
s1sbl - 0x002A0000 to 0x002DFFFF lenght=0x00040000
dbi - 0x002E0000 to 0x002EFFFF lenght=0x00010000
aboot - 0x002F0000 to 0x0036FFFF lenght=0x00080000
rpm - 0x00370000 to 0x003EFFFF lenght=0x00080000
tz - 0x003F0000 to 0x0046FFFF lenght=0x00080000
alt_sbl1 - 0x00470000 to 0x004EFFFF lenght=0x00080000
alt_s1sbl - 0x004F0000 to 0x0052FFFF lenght=0x00040000
alt_dbi - 0x00530000 to 0x0053FFFF lenght=0x00010000
alt_aboot - 0x00540000 to 0x005BFFFF lenght=0x00080000
alt_rpm - 0x005C0000 to 0x0063FFFF lenght=0x00080000
alt_tz - 0x00640000 to 0x006BFFFF lenght=0x00080000
boot - 0x006C0000 to 0x01ABFFFF lenght=0x01400000
ramdump - 0x01AC0000 to 0x024BFFFF lenght=0x00A00000
fotakernel - 0x024C0000 to 0x034BFFFF lenght=0x01000000
ddr - 0x034C0000 to 0x034C7FFF lenght=0x00008000
Probably we can resize any partition after alt_tz by modifying first part of the bootchain aka gpt partition table... hope somebody figure it out. For example add new EFI partition?
. .
is there any specyfic adventage of useing this Oficial AOSP Recovery provided on Sony Developer website over the CWM or TWRP?
Will it support all flashing all the zip. like twrp, with work no-problem for me?
Giving the fact that its official recovery i asume its way better and stable then TWRP, but maybe I'm wrong?
freeman94 said:
is there any specyfic adventage of useing this Oficial AOSP Recovery provided on Sony Developer website over the CWM or TWRP?
Will it support all flashing all the zip. like twrp, with work no-problem for me?
Giving the fact that its official recovery i asume its way better and stable then TWRP, but maybe I'm wrong?
Click to expand...
Click to collapse
It's not a recovery itself, but a new bootloader which enables real recovery. You still use TWRP, but before, the recovery was part of the kernel, not its own partition. The new bootloader changes that.
levone1 said:
It's not a recovery itself, but a new bootloader which enables real recovery. You still use TWRP, but before, the recovery was part of the kernel, not its own partition. The new bootloader changes that.
Click to expand...
Click to collapse
levone. are you using the new open boot loader?
Sent from my Nexus 7 using XDA Free mobile app
[email protected] said:
levone. are you using the new open boot loader?
Sent from my Nexus 7 using XDA Free mobile app
Click to expand...
Click to collapse
Yes. Updated with Emma a few months ago.
levone1 said:
It's not a recovery itself, but a new bootloader which enables real recovery. You still use TWRP, but before, the recovery was part of the kernel, not its own partition. The new bootloader changes that.
Click to expand...
Click to collapse
You are wrong! Thats not a new bootloader! We allready had recovery partition (fotakernel) but it was secured and only Sony signed binaries was abble to boot from that partition. Updating "openbootloader" you get everything the same, only trim area is updated (which disabled security on recovery partition so unsigned recoveries can boot now). Aosp recovery is not good, I sugest you to use something but not an AOSP recovery since it can't detect storage and lacks of options! Allso latest AOSP kernel (3.10.xxx) sometimes bootloop and phone locks without a way for restart (power + volumes have no efect, allso reset button under simcard slot have no efect, so in order to restart phone you must open back plate of the phone to remove battery connector or option two to wait until battery got empty! No way for restarting phone)!!!
Edit:
No need to open backplate, just simple longer wait on button combinations (volup+voldown+power) do phone restart. WTH
munjeni said:
You are wrong! Thats not a new bootloader! We allready had recovery partition (fotakernel) but it was secured and only Sony signed binaries was abble to boot from that partition. Updating "openbootloader" you get everything the same, only trim area is updated (which disabled security on recovery partition so unsigned recoveries can boot now). Aosp recovery is not good, I sugest you to use something but not an AOSP recovery since it can't detect storage and lacks of options! Allso latest AOSP kernel (3.10.xxx) sometimes bootloop and phone locks without a way for restart (power + volumes have no efect, allso reset button under simcard slot have no efect, so in order to restart phone you must open back plate of the phone to remove battery connector or option two to wait until battery got empty! No way for restarting phone)!!!
Click to expand...
Click to collapse
You're way ahead of me, and I love your roms, so I receive you fully. Thanks. I don't actually know much about any of it, I just repeat what I've read. I can help you with one thing though... I experienced the same problem with volume button power off not working while I was messing around with Omni, and I discovered that if you press sim-card-slot button while holding power off for 8 seconds, phone will reboot. Then, if you do it right away, you can use power button + volume down to power off. Try it out and let me know. If you can confirm, it might help others out. Keep up the good work.
Thanks pro
Gửi từ D5503 của tôi bằng cách sử dụng Tapatalk
Related
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
ui_print - Disabling OTA survival
ui_print - Removing old files
ui_print - Placing files
ui_print - Post-installation script
ui_print - Unmounting /system and /data
ui_print - Done !
Click to expand...
Click to collapse
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Root is working but the problem is TWRP because is not working its giving error so no flashing other custom rom or mods for now.
Yes root is working fine. I didnt tried twrp or cwm. With this guide, you can use stock odexed and unmodified lolipop rom.
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
jojobans said:
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
Click to expand...
Click to collapse
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
Click to expand...
Click to collapse
evet arkadash
Muhahahah
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
agritux said:
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Click to expand...
Click to collapse
Finally YES!!! thank you so mu ch. Will try later.
Root plus Custom Recovery, or Root Only?
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, one user of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
topet2k12001 said:
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, the OP of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
Click to expand...
Click to collapse
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Just to make sure, this works for v20i only or does it work for, say, my v20h too?
6ril1 said:
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Click to expand...
Click to collapse
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
topet2k12001 said:
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
Click to expand...
Click to collapse
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his flashables 20x original fw flzshable zip (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
6ril1 said:
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his rom (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
Click to expand...
Click to collapse
Yes, however that is a repackaged firmware (extract everything, root it, and then "bump" the necessary components, and then put it back together as a single flashable zip). That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. This guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
topet2k12001 said:
Yes, however that is a repackaged firmware. That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. Your guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
Click to expand...
Click to collapse
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
6ril1 said:
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
Click to expand...
Click to collapse
Ah, sorry I misunderstood what you were saying.
I do not know what rpm.img and tz.zip are for. I did read somewhere in XDA that tz.img is for the "radio" (or transmitter?). But I would suggest to keep those files (tz.img, rpm.img, aboot.img, sbl1.img) at "Kitkat version" because there will be a signature mismatch resulting to "certificate verify" or "security error" - if people want to have a custom recovery.
If people will NOT install a custom recovery (they just want root) then they can use this guide. The device will boot fine without the error messages, since recovery.img is Lollipop non-"bump'd" version (so the signatures match).
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
6ril1 said:
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
Click to expand...
Click to collapse
Yes, that's another way of approaching it. Or maybe create a flashable zip from it. But we will still need to instruct users to extract their Kitkat Image files (I don't think all Image partitions are the same for all variants), that's why I find the manual method (like @autoprime) to be a good approach because I personally find it to be more "universal".
One example: the D858HK does not have cust.img.
So for us to create an all-in-one script, zip, or approach, it would be difficult because of the many variants of the LG G3. Maybe if there were not that many variants, I'm sure skilled people like you can have a universal and convenient solution. For now, I still think that manual flashing is more universal.
topet2k12001 said:
Yes, that's another way of approaching it.
Click to expand...
Click to collapse
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
6ril1 said:
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
Click to expand...
Click to collapse
So that explains why even if the Lollipop versions are included/flashed, they won't cause an issue of signature mismatch. The Image file that causes a signature mismatch when you flash a "bump'd" file is aboot.img (the Android Bootloader). Which explains also in my experiment (prior to discovering it all and creating a thread) why I was initially able to "fix" my issue, following @autoprime's tutorial, when I flashed aboot.img - however, in exchange I lost "bump" status.
So basically, people will need to flash their Kitkat version of aboot.img and "bump" will still work (and will have custom recovery). That is our hypothesis at this point.
This reminds me: in my how-to guide, there was a user complaining about fast battery drain. Maybe if I advise him to flash the Lollipop version of rpm.img, that would help alleviate the issue. I will do an experiment and if this will succeed, I will update my how-to guide. In your case, for this thread's purpose, you may also do an experiment and create scripts.
Nice teamwork.
I don't know what "trustzone" is though. Will it affect signature mismatches? sbl1.img and rpm.img seem to be self-explanatory.
EDIT:
As mentioned previously, it is very dangerous to flash any of the restricted boot partitions such as sbl1, sbl2, sbl3, aboot or rpm. However it is safe to flash any other partition in order to install custom Linux builds and run them.
Click to expand...
Click to collapse
...do we really want people to touch this?
@MikeChannon removed OP. please close
what? lol
I'm away from PC for few days but if someone has luck with 1050l please update.
Sent from my YOGA Tablet 2-1050L using Tapatalk
This is awesome, to unlock the full potential of the tablet!
Works on my 1380F
Oh! I gave up on the unlock
Now, thank you for opening the possibilities!
Thank you! XD!
Worked on my already unlocked 1050F..... Bring on the fun people....
and the first tester prize goes to @workdowg ... as usual i might add
just when i was ready to write: come'on all of you dwarf 1050 owners
so we already have confirmation from 1050 (workdowg), i would say 99% it's the same on 830
again after you flash it you can leave it there (it's a good feeling to know that you have an unlocked bootloader)
and now the really important questions will follow:
- is this a permanent root?
- it already installs linux/windows or do i have to put my sdcard in?
- where's the link to the marshmallow cm rom ?
I succeeded. np (flashing, 1050F)
But how can I know that I had unlocked? (how to check?)
neverapple88 said:
I succeeded. np (flashing, 1050F)
But how can I know that I had unlocked? (how to check?)
Click to expand...
Click to collapse
if it boots up to Android AFTER you flashed the patched esp image then you are
it allows whatever boot image (in boot or fastboot or recovery partition) to be loaded without being checked for valid signature (ie you can modify your boot images from now on and flash them and you will no longer get the "verification failed" error message that a locked bootloader would give)
ionioni said:
if it boots up to Android AFTER you flashed the patched esp image then you are
it allows whatever boot image (in boot or fastboot or recovery partition) to be loaded without being checked for valid signature (ie you can modify your boot images from now on and flash them and you will no longer get the "verification failed" error message that a locked bootloader would give)
Click to expand...
Click to collapse
Thank you! :victory:
neverapple88 said:
Thank you! :victory:
Click to expand...
Click to collapse
if you really want to test with some more tangible result (the already tested) extract then flash the attached file, boot to fastboot and flash with
fastboot flash boot boot-selinux-permissive.img
it will make your selinux permissive ie log & ALLOW operations that are violating the selinux policy. the original stock has selinux in enforcing mode ie log & BLOCK
before you flash the modded boot image open an adb shell and check the selinux mode, input
getenforce (it should output enforcing)
now go to fastboot and flash the modded image as per above instructed, reboot and enter in the same command
getenforce (should output permissive now)
there you go... on a locked bootloader it would have hang on boot start after you flashed the modded image with some verification failed error message (and it's true, the modded image is by no way digitally signed )
ps. this is made from a stock 1050f boot image so it works/testing on 1050f only (the other 830 and 1380 models will most likely hang on boot or at least blank the screen due to different configurations in the original images, but it's the same concept, this is made at the special request of our korean guy)
ionioni said:
if you really want to test with some more tangible result (the already tested) extract then flash the attached file, boot to fastboot and flash with
fastboot flash boot boot-selinux-permissive.img
it will make your selinux permissive ie log & ALLOW operations that are violating the selinux policy. the original stock has selinux in enforcing mode ie log & BLOCK
before you flash the modded boot image open an adb shell and check the selinux mode, input
getenforce (it should output enforcing)
now go to fastboot and flash the modded image as per above instructed, reboot and enter in the same command
getenforce (should output permissive now)
there you go... on a locked bootloader it would have hang on boot start after you flashed the modded image with some verification failed error message (and it's true, the modded image is by no way digitally signed )
ps. this is made from a stock 1050f boot image so it works/testing on 1050f only (the other 830 and 1380 models will most likely hang on boot or at least blank the screen due to different configurations in the original images, but it's the same concept, this is made at the special request of our korean guy)
Click to expand...
Click to collapse
Thank you for your time.
Test and english search(?) success!
ps. (After the test, find) I've used this app for security : SELinuxModeChanger
Any chance this could be modified for yt3?
Worked on my 1050f. Thanks!
Patched image booting fine on my 1050f.
Thanks
What's droidboot.img?
The original disk contains no droidboot:
Number Start End Size File system Name Flags
1 20.5kB 8409kB 8389kB reserved msftdata
2 8409kB 43.0MB 34.6MB fat32 ESP boot, esp
3 43.0MB 59.8MB 16.8MB boot msftdata
4 59.8MB 80.8MB 21.0MB recovery msftdata
5 80.8MB 97.5MB 16.8MB fastboot msftdata
6 97.5MB 106MB 8389kB reserved_1 msftdata
7 106MB 139MB 33.6MB panic msftdata
8 139MB 676MB 537MB ext4 factory msftdata
9 676MB 685MB 8389kB misc msftdata
10 685MB 819MB 134MB ext4 config msftdata
11 819MB 953MB 134MB ext4 cache msftdata
12 953MB 1222MB 268MB ext4 logs msftdata
13 1222MB 3369MB 2147MB ext4 system msftdata
14 3369MB 31.3GB 27.9GB ext4 data msftdata
Click to expand...
Click to collapse
cocacola2015 said:
What's droidboot.img?
The original disk contains no droidboot:
Click to expand...
Click to collapse
Fastboot
From my LG-G4, Rooted running Stock 5.1
---------- Post added at 01:57 AM ---------- Previous post was at 01:54 AM ----------
workdowg said:
Fastboot
From my LG-G4, Rooted running Stock 5.1
Click to expand...
Click to collapse
And it changed significantly from kit Kat to lollipop.
From my LG-G4, Rooted running Stock 5.1
ionioni said:
if you really want to test with some more tangible result (the already tested) extract then flash the attached file, boot to fastboot and flash with
fastboot flash boot boot-selinux-permissive.img
it will make your selinux permissive ie log & ALLOW operations that are violating the selinux policy. the original stock has selinux in enforcing mode ie log & BLOCK
before you flash the modded boot image open an adb shell and check the selinux mode, input
getenforce (it should output enforcing)
now go to fastboot and flash the modded image as per above instructed, reboot and enter in the same command
getenforce (should output permissive now)
there you go... on a locked bootloader it would have hang on boot start after you flashed the modded image with some verification failed error message (and it's true, the modded image is by no way digitally signed )
ps. this is made from a stock 1050f boot image so it works/testing on 1050f only (the other 830 and 1380 models will most likely hang on boot or at least blank the screen due to different configurations in the original images, but it's the same concept, this is made at the special request of our korean guy)
Click to expand...
Click to collapse
Awesome! I flashed it on my 1050f and it is now finally unlocked and the SELINUX stuff has been successfully tested as well!
I really hope that finally some great custom rom's might get released sooner than later.
Your work was hidden for a while - but finally you decided to make it public.
I was so frustrated about the bootloader policy and the missing possibilities an Android device usually offers. But I see light at the end of the tunnel. Looking forward to see also your work on AoL and other great stuff.
You guys are really the Yoga 2 heroes!
So does this mean we can now get a permanent recovery?
Can you post video guide? Thank's.
pateken said:
Can you post video guide? Thank's.
Click to expand...
Click to collapse
Please don't take this wrong... His instructions are pretty straight forward (1,2,3)... If you don't understand them you may not want to start messing with your tablet like this. Rooting is more than enough for the average user (See HERE for Windows based rooting and HERE for Linux based rooting)...
OK so this is where i tell you if you brick your phone and try this and it makes it worse i am not to blame. this has worked on three different phones that i have used no problem.That being said lets dive on in.
ONLY FOR THE H1711!!!!
Downloads (move them all to sd card root)
UPDATED USERDATA thank aslezak for that
https://uploadfiles.io/n5g32 and that
http://www.mediafire.com/file/gybldrcgw8h6x2w/twrp_first%5B1%5D.img you can thank yuweng for that but it is not fully working yet link will be replaced once fully working is released
Steps
get phone to fastboot mode must be unlocked then use the twrp recovery from downloads via this command on your adb/fastboot installed computer connected to phone :
Code:
fastboot flash recovery twrp_first[1].img
Reboot phone to recovery
go to wipe advanced wipe wipe data and system only
go back to home menu open advanced then terminal
enter this command exactly :
Code:
dd if=/external_sd/userdata.img.bz2 | bzip2 -dc | dd of=/dev/block/bootdevice/by-name/userdata
that will take a loooonnnnnnggggg time approximately 30-45 min
after it shows # in terminal again do this command :
Code:
dd if=/external_sd/system.img.bz2 | bzip2 -dc | dd of=/dev/block/bootdevice/by-name/system
reboot and it should take a loooonnnngggg time but eventually it will finish and you restored if not try asking some of the devs for pointers:laugh::fingers-crossed::highfive:
Make sure you thank everyone who helped aslezak gave me the commands and the userdata img as well as the system img yuweng provided the first semi working twrp (and a few later that are experimental)
if you want root check this thread https://forum.xda-developers.com/huawei-ascend-xt/help/huawei-ascend-xt2-h1711-t3689411/post75115521#post75115521
Your first link for the userdata image says file not found when you go to that link.
UPDATED USERDATA
freedomwarrior said:
Your first link for the userdata image says file not found when you go to that link.
Click to expand...
Click to collapse
Sim unlock
Hey guys,
has anyone managed to find a way to simunlock this phone? I bought one on blackfriday for $49 and since then its been sitting in my closet because it does not accept any other network's sim.
aslezak said:
UPDATED USERDATA
Click to expand...
Click to collapse
That one don't work either
FULL ROOT... ON MY HUAWEI XT2!! Twrp supersu and custom rom !!!
Sent from my HUAWEI H1711 using XDA Labs
The problem with this seems to be, at least for me, that a .bz2 file is not recognized by the recovery as an installable zip.
The dd trick worked for me, but the system image here, is not full stock. IT seems to have a mix of super_su and magisk in it.
Root is working, but I can't seem to mount system as r/w
So trying to figure this out. I used this image to do a restore, and my phone was rooted with magisk.
First time a program tried root, it said that super su was installed. When I went to another one, it said that magisk was installed.
Anyrate, at one time I was able to mount system r/w and make changes. Now it seems that I can't for whatever reason. I don't know exactly how I got it
to the state to be able to modify the system.
I actually pulled an entire copy of the rom at one time, with a dd command. Of course that can't be reflashed from twrp. But I'd like to be able to mount it somehow on a pc so I could do a stringsearch for all files that have an ro, in them to find the master files where the filesystems are mounted, and edit those....
crashburn833 said:
OK so this is where i tell you if you brick your phone and try this and it makes it worse i am not to blame. this has worked on three different phones that i have used no problem.That being said lets dive on in.
ONLY FOR THE H1711!!!!
Downloads (move them all to sd card root)
UPDATED USERDATA thank aslezak for that
https://uploadfiles.io/n5g32 and that
http://www.mediafire.com/file/gybldrcgw8h6x2w/twrp_first%5B1%5D.img you can thank yuweng for that but it is not fully working yet link will be replaced once fully working is released
Steps
get phone to fastboot mode must be unlocked then use the twrp recovery from downloads via this command on your adb/fastboot installed computer connected to phone :
Code:
fastboot flash recovery twrp_first[1].img
Reboot phone to recovery
go to wipe advanced wipe wipe data and system only
go back to home menu open advanced then terminal
enter this command exactly :
Code:
dd if=/external_sd/userdata.img.bz2 | bzip2 -dc | dd of=/dev/block/bootdevice/by-name/userdata
that will take a loooonnnnnnggggg time approximately 30-45 min
after it shows # in terminal again do this command :
Code:
dd if=/external_sd/system.img.bz2 | bzip2 -dc | dd of=/dev/block/bootdevice/by-name/system
reboot and it should take a loooonnnngggg time but eventually it will finish and you restored if not try asking some of the devs for pointers:laugh::fingers-crossed::highfive:
Make sure you thank everyone who helped aslezak gave me the commands and the userdata img as well as the system img yuweng provided the first semi working twrp (and a few later that are experimental)
if you want root check this thread https://forum.xda-developers.com/huawei-ascend-xt/help/huawei-ascend-xt2-h1711-t3689411/post75115521#post75115521
Click to expand...
Click to collapse
the system.img requires a monthly membership, could an updated link using something like mega or mediafire be created please?
one789 said:
FULL ROOT... ON MY HUAWEI XT2!! Twrp supersu and custom rom !!!
Sent from my HUAWEI H1711 using XDA Labs
Click to expand...
Click to collapse
what custom rom?
HELP PLEEEASE! Bricked h1711
Badly need mmcblk0.img for H1711! Had TWRP and phone was rooted but I screwed up and flashed a wrong IMG. Now I have the dreaded QHSUSB_BULK issue. Nothing but a black screen and a blue light. I googled "How to fix QHSUSB_BULK or Qualcomm HS-USB QDLoader 9008 error" and went on forum.hovatek.com where it said "This error is an indication that the phone is hard bricked due to a corrupted Bootloader. It could occur randomly or after you make a change to the phone, causing the phone to go into Qualcomm Emergency Download Mode." It also stated that I could fix it by creating a bootable SD card using the phone's original mmcblk0.img file using a program called Win32DiskImager. I don't have mmcblk0.img and I can't boot into recovery or fastboot. PLEASE PLEASE HELP!!!! Also first two links in OP's post don't work. Any files or advise you can contribute would be GREATLY appreciated! THANKS!
mmcblk0.img would contain all phone partitions including those with personal information like IMEI number and the /data partition that should not be shared.
Nobody should be sharing that without understanding it contains their IMEI number and other possibly personal information in /data and I'm sure it would be at least 8-10GB.
And what would you do with the file anyway if you can't get into fastboot or recovery?
Whit3Rabbit said:
Badly need mmcblk0.img for H1711! Hard bricked Dreaded QHSUSB_BULK issue. Need mmcblk0.img PLEASE PLEASE HELP!!!! I've lost recovery and fastboot! Nothing but a black screen and a blue light.
Click to expand...
Click to collapse
divineBliss said:
mmcblk0.img would contain all phone partitions including those with personal information like IMEI number and the /data partition that should not be shared.
Nobody should be sharing that without understanding it contains their IMEI number and other possibly personal information in /data and I'm sure it would be at least 8-10GB.
And what would you do with the file anyway if you can't get into fastboot or recovery?
Click to expand...
Click to collapse
What do you recommend I do? All I have is a black screen and a blue light? thank you btw
If it won't go into fastboot mode and won't boot, I think only Huawei can fix it.
Whit3Rabbit said:
What do you recommend I do? All I have is a black screen and a blue light? thank you btw
Click to expand...
Click to collapse
divineBliss said:
If it won't go into fastboot mode and won't boot, I think only Huawei can fix it.
Click to expand...
Click to collapse
That's what I was afraid of Thank you for the quick response.
Whit3Rabbit said:
Badly need mmcblk0.img for H1711! Had TWRP and phone was rooted but I screwed up and flashed a wrong IMG. Now I have the dreaded QHSUSB_BULK issue. Nothing but a black screen and a blue light. I googled "How to fix QHSUSB_BULK or Qualcomm HS-USB QDLoader 9008 error" and went on forum.hovatek.com where it said "This error is an indication that the phone is hard bricked due to a corrupted Bootloader. It could occur randomly or after you make a change to the phone, causing the phone to go into Qualcomm Emergency Download Mode." It also stated that I could fix it by creating a bootable SD card using the phone's original mmcblk0.img file using a program called Win32DiskImager. I don't have mmcblk0.img and I can't boot into recovery or fastboot. PLEASE PLEASE HELP!!!! Also first two links in OP's post don't work. Any files or advise you can contribute would be GREATLY appreciated! THANKS!
Click to expand...
Click to collapse
What is the link to the info you found?
I have the image you need, but it is 15 GIGs in size, and there is no practical way to send that. I also have a system image, and a boot image with magisk in it, as per the OP.
P.M. me.
I don't see how you can recover this if you don't have recovery or fastboot, and can't boot into the phone. If the bootloader is corrupted, well I just don't know.
Can you get into twrp?
You do know that there are two recoveriess, one erecovery and another recovery.
It seems that POWER and VOL up may get you into one, and POWER and VOL down may get you into another one.
NOTE: I KNOW you can't flash the image via fastboot, cause I tried it. it is just to big.
The files are all to big to post here....
https://nofile.io/f/2sfHn8teU1s/system.img.bz2 I put this up 6 days ago for someone else. I don't know how long the link is good for.
This is the system image from the non-working link. You will need to untar it.
https://nofile.io/f/2sfHn8teU1s/system.img.bz2 <<<<<<<<<< file from Original Post
https://nofile.io/f/vTRffT3CM0s/erecovery.zip <<<<<<<<<< erecovery is same as stock recovery
https://nofile.io/f/3DRA4bYjdsq/twrp-xt2.7z <<<<<<<<<< Hweng's original twrp
https://nofile.io/f/uAET5bTqQVk/patched_boot.zip <<<<<< bootloader patched with magisk for a root that does not touch the system partition.
I'll try to put the 15 gig mmblockp0 up here if it will take it, but it is at the office.
I hope this helps.
I now also have a virgin system image, stock. The image given above appears to also have supersu installed it int.
at least it has a su in the system image. Where magisk, just patches the boot image as I understand it.
Any luck on that stock system.img? I formatted mine like an idiot and now sitting on a phone with no OS
same as above, i will even take the rooted system.img i have all other files needed.
I'm a little bit of a noob at all of this but could someone explain to me how they got twrp and root on their xt2? I can really only process step by step and I haven't found that anywhere yet. I'm getting this phone later today so it'd be really cool to get root on it
littletech said:
I'm a little bit of a noob at all of this but could someone explain to me how they got twrp and root on their xt2? I can really only process step by step and I haven't found that anywhere yet. I'm getting this phone later today so it'd be really cool to get root on it
Click to expand...
Click to collapse
step by step root > https://forum.xda-developers.com/hu...ooting-restoring-huawei-elate-h1711z-t3764391
the files for root are the same for the Elate and the XT2
Blue light black screen fix
Whit3Rabbit said:
That's what I was afraid of Thank you for the quick response.
Click to expand...
Click to collapse
My device suffered the same fate, only a blue light black screen unable to enter boot or recovery. I slowly removed the back cover using my fingernails and removed the two screws holding the metal plate above battery on the right. Popped the left most plug to disconnect the power flow and allow phone to power off completely. Be careful not to touch any of the metal near the plug or you will short. I plugged it back in and held volume down while I inserted USB connected to computer. Tada!! Back in action fastboot ready... So OK now what?? I can't seem to be able to flash an update. Zip just keeps saying failed to load, and system image is too big. Can someone point me to the correct files I need to get her working again? Thanks in advance.
TWRP Custom Recovery for the Onn Android Tablet series
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model
Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.
Reserved also
grabbing this one too cuz why not
Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?
Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....
Amazing!! Gonna install and test 8" right now.
Has anyone tried a GSI on these tablets yet?
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.
WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!
Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.
@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.
Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?
Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.
Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
WARNING: ANY BOOTLOADER UNLOCK METHOD INVOLVES THE RISK OF BRICKING YOUR DEVICE PERMANENTLY. WHILE THERE IS USUALLY A WAY TO RECOVER, DO NOT ATTEMPT THIS PROCEDURE IF YOU DO NOT KNOW WHAT YOU ARE DOING. BAD THINGS CAN HAPPEN. YOU HAVE BEEN WARNED!!! YOU MAY BE LEFT WITH A USELESS BRICK!!! READ ALL FURTHER WARNINGS EXPERIMENTAL METHOD IN ORIGINAL DOWNLOAD FILE WORKS, I'M USING IT
If you want a NOOB guide look at this post: https://forum.xda-developers.com/nu...beginner-tutorial-unlock-bootloader-t4131585/
Also note a user has managed to fix the FP sensor post BL unlock, see this post here: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
Still, I suggest root bypass it's better.
MegaNZ Link for Root without unlocking the Bootloader, and without breaking the FP, also includes instructions for installing BlackMagic5G (explanation below), adding HD VOLTE, how to restore from a brick, and some other cool tricks: https://mega.nz/file/igphSCTD#OybJo9t1zwvJ0bdbAcN2BCqxWXAfHdhk3JFB4_5xkVc
I suggest you flash my BlackMagic5G and don't unlock your bootloader at all - just root. It's CN 2.52 ROM based. You'll get VOLTE, , GApps installed, Rooted with Magisk, TWRP, debloated, YouTube Vanced, AdAway, SmartPack Kernel Manager, etc. - looks like the Global / NA variant of the ROM. Almost perfect except still uses Messages and Phone from Nubia. Plus you will enable Face Unlock not available in the Global or NA versions of the ROM, and FP will still work! Click on the Google Search bar widget and the mic icon takes you to the Google Assistant, the left icon is Google Feed, type in the middle bar for a Google Search. Has 1Weather Free weather widget that looks great, and Google Calendar widget for your whole month of activities. Translate, Lens, Chrome, all the Google Apps are there. And the Chinese Nubia apps are nearly all GONE!
MegaNZ Link for BlackMagic5G Beta - IT'S ONLY THE DATA PARTITION + ROOTED KERNEL + NA SPLASH SCREEN, you NEED to 1) install the Red Magic 2.52 ROM below FIRST 2) Root using the first link posted above 3) Flash restore this from TWRP: https://mega.nz/file/r9hF2BwS#RrAXiFWSBNX8dLqfrH8nNHo_uigPC8uYXonwhALhGbo
MegaNZ Link for the Red Magic 5G CN 2.52 ROM: https://mega.nz/file/aoxBFAqY#EDt2OZBGTME4ZGKnERKpK_t-aJT_rWgD0aqBFkilRcY
*** NOW THE BOOTLOADER UNLOCK INSTRUCTIONS ***
Go to Settings / About phone / Build Number (NX659_J_ENCommon_V3.08 on North American Variant), click 7 times, Now you are a developer message appears, go back a menu to Settings / Other system settings / Developer options.
Enable:
OEM unlocking "Allow the bootloader to be unlocked"
USB debugging "Debug mode when USB is connected"
Install Minimal ADB and Fastboot (Windows 10 in this example): https://www.androidfilehost.com/?fid=746010030569952951
Default install path is:
C:\Program Files (x86)\Minimal ADB and Fastboot\
Go to the Search button on the bottom on Windows 10, type cmd, Command Prompt will appear in the menu. Right click it and Run as Administrator. All commands to be typed will be run in this Command Prompt window (referred to as terminal) unless otherwise stated to run on the phone.
Now Terminal window appears (it says Administrator: Command Prompt in the heading):
Text displayed is:
Microsoft Windows
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>
Typed in terminal:
cd "c:\Program Files (x86)\Minimal ADB and Fastboot"
I now connected the phone to a USB port on the PC.
On the phone, a Window appeared:
"Allow USB debugging?"
The computer's RSA key fingerprint is:
[36 digit code] Example:
C8:A17:E2:01:F6:A1
:368:10:E8:33:20:FB:
93:7D
Always allow from this computer (it's my computer so I clicked it since I trust the computer)
CANCEL / ALLOW (I clicked ALLOW)
Typed in terminal:
adb reboot bootloader
The phone reboots. Once the phone screen boots, in the center it says: Now you are in fastboot mode.
From the terminal I typed:
fastboot oem nubia_unlock NUBIA_NX659J
The terminal now displayed:
...
(bootloader) START update nubia fastboot unlock flag!!!
(bootloader) START set state to 1 ok!!!
In the terminal I typed:
fastboot flashing unlock *** DO NOT TYPE THIS IF YOU WANT TO KEEP A WORKING FP!!! READ TOP OF POST!!! AVOID THIS WITH THE EXPERIMENTAL METHOD OF ROOT WITH NO BL UNLOCK ***
Now a screen appeared on the phone with a big <!> red icon in the left corner. The rest in white text is a warning message. "By unlocking the bootloader, you will be able to install custom operating system on this phone. A custom OS is not subject to the same level of testing as the original OS, and can cause your phone and installed applications to stop working properly-
Software integrity cannot be guaranteed with a custom OS, so any data stored on the phone while the bootloader is unlocked may be at risk.
To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data on your phone.
Press the Volume keys to select whether to unlock the bootloader, then the Power Button to continue."
I selected UNLOCK BOOTLOADER and my device was completely erased. The factory OS loaded then. This process takes some time to complete.
Now the device rebooted with a warning message, and a big <!> yellow icon in the left corner.
"The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.
Visit this link on another device:
g.co/ABH"
Now the device reloads the firmware apparently and wipes all user data. Upon setting up the phone, the fingerprint display registration comes up and asked to place my finger on the back of the phone. There is no fingerprint sensor on the back of the Redmagic 5G! It is under the screen! So this step must be skipped. The ROM setup is corrupt or incomplete, a beta possibly. I setup the phone then went into Settings / Security to try to add a fingerprint. The button to add fingerprint then appears. Once I click the button, I get this error:
Loss of fingerprint calibration data
Loss of fingerprint calibration data was detected.
Currently unable to complete fingerprint entry,
please contact Nuia after-sales service via
4007006600
See the XDA post for recalibrating the FP: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
ROOT FOR ALL DEVICES:
(These files are included in the tools download zip, Magisk 20.4 and MagiskManager-v7.5.1.apk, but this is the official source as updates post): Go to XDA and Download Magisk Manager and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power, release the power button once the screen shows it loading, hold the volume up down until you see TWRP pop up). Flash Magisk from TWRP Install / Zip / sdcard / Magisk.zip reboot and you'll have root.
BL unlock first method was tested on North American variant and it works. But it breaks your FP sensor and gives you an annoying boot prompt.
If at any time you want to remove the OEM Bootloader unlock, you plug into the PC, go to the terminal for Minimal ADB and Fastboot, type:
adb reboot fastboot
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing lock (screen will prompt to relock BL, choose to Relock)
The phone should reboot and install the original software. BUT...
If it says you are corrupted well, you have more issues.
You'll have to reflash the stock recovery.img, reboot to stock recovery, wipe data, wipe cache, and flash the CN update.zip rom to a flash drive FORMATTED TO FAT32 (annoying as hell) But you NEED a USB-C to OTG Adapter to attach a Flash Drive / SDCARD this way). If you don't have one, you better reflash TWRP using the prior instructions and flash the update.zip from there. Install, select the update.zip, flash. Wipe Data, Cache, ART/Dalvik. Reboot.
Now it should WIPE the entire phone and be back to normal Android 10 setup non rooted, no unlocked bootloader. Always beware of data loss doing root functions!!! Always be prepared to setup your phone entirely over again. Google Backup is very good to turn on before you do any of this stuff if you have already installed apps.
*** WARNING - THIS BYPASS METHOD COULD GO AWAY AT ANYTIME. IT SHOULD EVENTUALLY BE FIXED BY NUBIA ***
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
You were able to actually install TWRP? Not just boot it? I thought A10 devices cant have twrp permanently installed?
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
mslezak said:
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
Click to expand...
Click to collapse
So its not permanent? Thats what I thought.
Well it could be permanent...
VZTech said:
So its not permanent? Thats what I thought.
Click to expand...
Click to collapse
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
mslezak said:
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
Click to expand...
Click to collapse
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Can anyone send me backup of the super partition?
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Future updates...
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
Yes what I've been told by prior Redmagic Users 3 and 3S is the ROM is released, as long as your boot.img is not patched with Magisk, it can be installed through the menus in Settings / About Phone / Update or someplace like that. You just download the ROM to the appropriate folder on the phone.
So far I have 1 link to a China ROM update here: https://ui.nubia.cn/rom/detail/65
Now on how to install the ROM, I use the Chrome browser set to autotranslate webpages. Most of the Chinese will be translated from here: https://bbs.nubia.com//thread-1136030-1-1.html
Basically it's going to wipe your device clean, and you can use a Nubia backup tool which will save all your items to a folder. Which then you should copy to your PC before installing the new ROM. Then it gives you instructions to get that data back onto your updated device.
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
VZTech said:
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
Click to expand...
Click to collapse
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
You should be able to flash the latest ROM via EDL mode if you've ever used EDL mode before, it usually requires shorting pins together in the device, although some recoveries will let you just boot into EDL mode if the phone still boots. It will be detected. Although on this device with the dynamic partition, I don't know how you would flash these in EDL mode... dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm that do not look like fastboot flashable parts. Possibly the unbrick tool for Redmagic 3/3S could be modified to do this for you.
mslezak said:
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
Click to expand...
Click to collapse
Yes those .img files can easily be fastboot flashed. Unfortunately it wont solve his problem. He needs the nubia unbrick tool, which is tough to get. I dont understand why Nubia makes things difficult. They should provide proper Fastboot files.
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
apersomany said:
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
Click to expand...
Click to collapse
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
mslezak said:
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
Click to expand...
Click to collapse
Thank you so much!
Okay I can't add anything special but daaamn this community is amazing. So much help I love you all
To relock BL repeat the instructions with 1 different command
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
Just in case if somebody need a Chinese version of official ROM v2.46 for RedMagic 5G.
Code:
https://mega.nz/file/vc0DiabR#npahTop-JXZ9Mwv-lA7G6DxTG2qqOOAf6AwW8NdEEKw
mslezak said:
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
Click to expand...
Click to collapse
we found out that using the cn rom it all works without even unlocking the bootloader, even while oem unlock was disabled in dev options but there is some kind of vbmeta img required. a full guide is incoming.
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
You can flash their NX659J-update.zip files directly from TWRP that's how we restored our bricked devices already. So OTA updates no, but you can download them anyway and flash from TWRP directly. Yes we have to figure out a concrete restore method which isn't 100% working yet. I.e. all your data is lost this way apparently AT THIS MOMENT... MORE TO COME.