Related
TWRP Custom Recovery for the Onn Android Tablet series
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model
Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.
Reserved also
grabbing this one too cuz why not
Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?
Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....
Amazing!! Gonna install and test 8" right now.
Has anyone tried a GSI on these tablets yet?
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.
MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.
WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!
Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.
@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.
Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?
Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup
diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.
Team Win Recovery Project 3.x, or TWRP3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
HTML:
#include <std_disclaimer.h>
/*
* Your warranty is now void.
*
* We are not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this recovery
* before flashing it! YOU are choosing to make these modifications, and if
* y
Let’s start with the installation process
If you already unlocked your bootloader, start with step 3.
If you are already rooted, start with step 4.
If you already installed a previous version of TWRP, start with step 4.
If you already have TWRP installed and just want to root, start with step 5.
First you need to unlock your bootloader. You can do so by enabling developer settings first, enable oem unlocking, then shut down your phone, hold volume up and down at the same time and while holding them plugin your charger. Your phone now should show a green screen with instructions to unlock the bootloader. Just follow them and after the unlocking your data should get wiped. After that your device will boot up and land in setup screen. Do not setup anything, just skip as much as possible, because your phone will get wiped again. Enable developer settings and make sure oem unlocking is greyed out and enabled. (If it does not show up, connect to a network first!)
Now you need to overwrite vbmeta partition, so you can flash third party partitions. Download vbmeta.tar then go into download mode on your device. Put vbmeta.tar to AP in Odin, click start. This should finish pretty quickly, so pay attention when your device reboots, because you need to boot into recovery (Hold power and volume up after the screen turns black). When booted into recovery, wipe your data and reboot normally into system. Now you can setup your phone as usual and make sure oem unlocking is still greyed out and enabled!
Time to flash recovery. Download (link is at the end of this post) the latest version as zip and extract it. You should end up with one single file named recovery.img. Pack it as tar with 7zip or any other compression tool you prefer. This packed tar file should only contain recovery.img and nothing else, also make sure the name is still recovery.img, otherwise Odin will refuse to flash it. In Odin put the tar file in AP and simply hit start. Congrats you now have TWRP installed!
Developers specific details
Sources
https://github.com/blacktox/r1q
https://github.com/Grarak/android_bootable_recovery-1
Downloads
https://github.com/blacktox/r1q/releases
To flash it in Odin pack it as tar with 7zip or a compression tool of your liking.
XDA:DevDB Information
twrp galaxy a80, Tool/Utility for the Samsung Galaxy A80
Contributors
blackbuga
Version Information
Status: Testing
Created 2019-11-09
Last Updated 2019-11-09
Good day. Excuse me, where is vbmeta.tar located?
---------- Post added at 11:19 PM ---------- Previous post was at 10:48 PM ----------
Can find out. Is this accurate for the SM-A805? I hope it doesn’t matter F / DS and others? And what does the root look like? Can Magisk be installed?
If of course you can? Describe the points more clearly, since the description indicates points 1 2 3 4 but they are not! There is only a TWRP installation. And as I understand it ROOT. But in the archive folder r1q-3.3.1. As I understand it, just sew this archive through TWRP?
I understood your instructions. I did everything as expected! In TWRP, the car does not work! I can’t press anything.
Twrp booted but no touch. I cannot control twrp. Installed SG7 fw and now TWRP stucks on teamwin logo.
I will upload new build with fix for touch
Sent from my SM-A805F using Tapatalk
Now it just doesn't load further than the logo! !(
blackbuga said:
I will upload new build with fix for touch
Sent from my SM-A805F using Tapatalk
Click to expand...
Click to collapse
Awesome!
https://github.com/blacktox/r1q/releases/download/TWRP/recovery.img
NEW BUILD FOXED TOUCHSCREEN
Anyone managed to get this recovery fully working and flash a gsi?
Is it possible to flash a GSI with this TWRP? If anyone has successfully done so please post install instructions...
At start i want to say that I'm not responsible for your bricked devices, houses set on fire, bla bla bla and so on.
Hello
Since I see that many users are having problems with unlocking bootloader, flashing twrp and getting properly working Magisk. So here i come.
Downloads:
Everything you need you find here, on my OneDrive.
Unlocking Bootloader
BEWARE! After unlocking bootloader your DRM widevine will change to L3.
Steps:
- download and install Realme_x2_Pro_DeepTesting.apk,
- open app and apply for deep test,
- enable Developer Options by tapping 7 times Version in Settings > About Phone
- go to developer options and enable OEM unlock and USB debugging,
- open app once again after some time tap "Query verification status",
- If you got approved application tap "Start the in-depth test" and phone will reboot to bootloader,
- on PC, download fastboot tools from somewhere else(unless you already have it, its not on my OneDrive)
- open folder where you have your fastboot installed, hold shift and click right mouse buton and choose "open command prompt here"(or Power Shell in newer version of windows),
- connect your phone to PC, and write
Code:
fastboot flashing unlock
- now on phone select "yes"
- now your phone will reboot and erase all your data,
- now you have unlocked bootloader.
Flashing Custom Recovery
I will guide you how to flash Custom Recovery.
Steps:
- connect phone to PC,
- on your PC in command prompt type adb reboot bootloader,
- download TWRP image from mauronofrio or OrangeFox image from thread put in your fastboot tools folder on PC,
- download vbmeta.img from my OneDrive and put in your fastboot tools folder on PC,
- type
Code:
fastboot flash recovery *******.img
- type
Code:
fastboot flash vbmeta vbmeta.img
- when flashing is done, on your phone select "Recovery Mode" with volume +/- buttons and accept with power key,
- now it will boot into TWRP
Getting properly working Magisk
For now I recommend always using Magisk Canary Debug version cause it supports realme phones(stable needs magiskfix to get out of Core only mode).
Steps:
-download Magisk Canary zip to your phones internal storage,
- boot to Custom Recovery,
- flash magisk,
- reboot to OS.
Updating ColorOS on rooted phone via TWRP
Use Magisk Canary cause it supports realme phones(stable needs magiskfix to get out of Core only mode).
This is the only way to update ColorOS via TWRP without losing magisk or running into damaged boot/recovery image message on boot for now.
Steps:
- download latest Magisk Canary, vbmeta.img and latest update package(ozip) for your device(cn rom for cn device, global rom for eu/in device), if you download update via official OTA app the package is located in
Code:
/data/oppo/coloros/OTA/.otaPackage
- reboot to Custom Recovery,
- flash latest ozip through twrp recovery(don't reboot yet),
- flash vbmeta.img through Custom Recovery
- flash magisk(if flashing fail, than reboot recovery),
- reboot to system.
Locking Bootloader
Think twice after evey step you did if it's done correctly before doing next step to prevent HARD BRICKS.
Steps:
- download right latest ozip for your device from realme site(don't cross flash device, flash global ozip on eu/in devices and cn ozip for cn devices),
- boot to Custom Recovery,
- Flash ozip and after don't do anything else, just reboot to system,
- let it boot to OS and replace Custom Recovery with stock recovery.
- (optional) boot to recovery to check if it is stock, if its stock recovery than you can lock bootloader(don't ever try to lock with Custom Recovery),
- reboot device to bootloader and through adb go with:
Code:
fastboot flashing lock
- accept locking bootloader query on phone,
- device now will reboot and perform factory reset.
F.A.Q.
Q: Can't flash xxxxxxxx.zip(or xxxxxxx.ozip/xxxxxxx.img) in Custom Recovery cause it throws an error, what to do?
A: Reboot recovery and try again.
...
...
hello bro, so when we do this is imposible to relock bootloader?
Arn0ldx said:
hello bro, so when we do this is imposible to relock bootloader?
Click to expand...
Click to collapse
It is possible, but you need to use for it some other guide as I will not guide how to. It's because I don't want users to cry over their mistakes in my thread.
Jerry08 said:
It is possible, but you need to use for it some other guide as I will not guide how to. It's because I don't want users to cry over their mistakes in my thread.
Click to expand...
Click to collapse
OK bro I'll wait then
this method is compatible with CN version? Can we install a stock Rom or EU rom after unlocking the bootloader? It's really pity for the fingerprint I think as the majority will wait a fix for this issue before doing that
Thank you for your work anyway
Nice Work
Great Guide. But at this time i'm not willing to trade fingerprint unlock for root and magisk .
Already losing the loading animation for using my good old lawnchair was disappointing can go back to coloros launcher easy though.
Maybe someone will/can find a trick for this boot unlock problem.
Thanks for your efforts!
As I don't own a X2 Pro (yet) I'd like to know how presumably it is to get a solution for the "losing fingerprint problem"?
From other phones I know, that Widevine Lv1 gets lost but I never had the problem of losing my fingerprint scanner.
I'm planning to purchase X2 Pro and it seems a flaw for me if unlocking bootloader will disable fingerprint.
Does anyone ever try not to set up fingerprint, pattern or PIN lock from the first phone setup and then directly unlocking bootloader, flash TWRP, magisk and still have locking features working?
rooveg said:
I'm planning to purchase X2 Pro and it seems a flaw for me if unlocking bootloader will disable fingerprint.
Does anyone ever try not to set up fingerprint, pattern or PIN lock from the first phone setup and then directly unlocking bootloader, flash TWRP, magisk and still have locking features working?
Click to expand...
Click to collapse
Doesn't work. I tried it like that when I got the phone. Not logging in or setting anything on the phone, went straight to installing the unlock APK and unlocking the bootloader, still the FP issue.
rooveg said:
I'm planning to purchase X2 Pro and it seems a flaw for me if unlocking bootloader will disable fingerprint.
Does anyone ever try not to set up fingerprint, pattern or PIN lock from the first phone setup and then directly unlocking bootloader, flash TWRP, magisk and still have locking features working?
Click to expand...
Click to collapse
Will not work cause when you unlock bootloader it formats data, so fp lock will be removed...
henrym1203 said:
this method is compatible with CN version? Can we install a stock Rom or EU rom after unlocking the bootloader? It's really pity for the fingerprint I think as the majority will wait a fix for this issue before doing that
Thank you for your work anyway
Click to expand...
Click to collapse
This method should be compatible with CN version. And for the 2nd question answer is: no, at least not yet.
Is the FP issue permenant .i mean i locked the bootloader again and all seems good now....but does that mean the realme x2 pro cannot be rooted without loosing FP???
This sucks big time ...its a shame on oppo/realme
Wow, if there is no method of getting root on this phone and not losing the FPS it would be massive setback ?
Jerry08 said:
Will not work cause when you unlock bootloader it formats data, so fp lock will be removed...
Click to expand...
Click to collapse
I think we're lost in translation.
Is bootloader unlocking and data wipe causing a permanent fp lock removal? Or just the ones that we have already set? If it's the 2nd case, then we can go back and set it up once again, right?
loumaros said:
I think we're lost in translation.
Is bootloader unlocking and data wipe causing a permanent fp lock removal? Or just the ones that we have already set? If it's the 2nd case, then we can go back and set it up once again, right?
Click to expand...
Click to collapse
No, fingerprint sensor is disabled. Can't do anything with it on unlocked bootloader. And once you lock bootloader you get back fingerprint sensor.
Ist there any way/chance of the fingerprint issue getting fixed by xda developers (magisk module, flashable zip, whatever) or can this only by fixed by Realme itself via updating firmware respectively bootloader?
bmwbasti said:
Ist there any way/chance of the fingerprint issue getting fixed by xda developers (magisk module, flashable zip, whatever) or can this only by fixed by Realme itself via updating firmware respectively bootloader?
Click to expand...
Click to collapse
There's always a chance, be patient. I don't see a big issue with fingerprint. I got used to faceunlock. Using for a week already and I like it even more than unlocking with fingerprint.
@Jerry08
Thanks for your answer ?
It's not about not beeing patient, but rather don't have a good feeling if such a mandatory part of the phone won't work. It's just like buying a new car and not beeing able to use the remote control to lock the doors and telling people "I don't mind cause I got used to use the key instead" ?
Don't get me wrong, I'm using faceunlock very often on my device but I have a bunch of apps where I use the fingerprint scanner to log in oder authorize and I would really really miss that feature.
It's less about not beeing able to use the fingerprint scanner for a few weeks but way more about beeing able to use the fingerprint scanner in some days/weeks in connection with an unlocked bootloader (again).
As I need a new phone theese day (and Black Friday is ahead) I can't wait a few month to see, if this issue gets fixed. Otherwise I would just watch the Realme x2 pro forum and buy (or not) in a few weeks or months ?
bmwbasti said:
@Jerry08
Don't get me wrong, I'm using faceunlock very often on my device but I have a bunch of apps where I use the fingerprint scanner to log in oder authorize and I would really really miss that feature.
It's less about not beeing able to use the fingerprint scanner for a few weeks but way more about beeing able to use the fingerprint scanner in some days/weeks in connection with an unlocked bootloader (again).
Click to expand...
Click to collapse
I couldn't agree more. Most banking apps use fingerprint to bypass the password section. Also face unlock is not as secure as fingerprint.
It's a same as I would compromise on the not-so-good-photo quality over the speed and battery life of that device
@Jerry08 I did what you said, replaced the build.prop, then went to twrp, flash it, then flash your magisk canary you provided but build.prop did not get replaced. Here is the file https://drive.google.com/open?id=1CBvMuFwr84PDRZror4H9I8Std_kNNhQg My device name is RMX1991CN
Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
WARNING: ANY BOOTLOADER UNLOCK METHOD INVOLVES THE RISK OF BRICKING YOUR DEVICE PERMANENTLY. WHILE THERE IS USUALLY A WAY TO RECOVER, DO NOT ATTEMPT THIS PROCEDURE IF YOU DO NOT KNOW WHAT YOU ARE DOING. BAD THINGS CAN HAPPEN. YOU HAVE BEEN WARNED!!! YOU MAY BE LEFT WITH A USELESS BRICK!!! READ ALL FURTHER WARNINGS EXPERIMENTAL METHOD IN ORIGINAL DOWNLOAD FILE WORKS, I'M USING IT
If you want a NOOB guide look at this post: https://forum.xda-developers.com/nu...beginner-tutorial-unlock-bootloader-t4131585/
Also note a user has managed to fix the FP sensor post BL unlock, see this post here: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
Still, I suggest root bypass it's better.
MegaNZ Link for Root without unlocking the Bootloader, and without breaking the FP, also includes instructions for installing BlackMagic5G (explanation below), adding HD VOLTE, how to restore from a brick, and some other cool tricks: https://mega.nz/file/igphSCTD#OybJo9t1zwvJ0bdbAcN2BCqxWXAfHdhk3JFB4_5xkVc
I suggest you flash my BlackMagic5G and don't unlock your bootloader at all - just root. It's CN 2.52 ROM based. You'll get VOLTE, , GApps installed, Rooted with Magisk, TWRP, debloated, YouTube Vanced, AdAway, SmartPack Kernel Manager, etc. - looks like the Global / NA variant of the ROM. Almost perfect except still uses Messages and Phone from Nubia. Plus you will enable Face Unlock not available in the Global or NA versions of the ROM, and FP will still work! Click on the Google Search bar widget and the mic icon takes you to the Google Assistant, the left icon is Google Feed, type in the middle bar for a Google Search. Has 1Weather Free weather widget that looks great, and Google Calendar widget for your whole month of activities. Translate, Lens, Chrome, all the Google Apps are there. And the Chinese Nubia apps are nearly all GONE!
MegaNZ Link for BlackMagic5G Beta - IT'S ONLY THE DATA PARTITION + ROOTED KERNEL + NA SPLASH SCREEN, you NEED to 1) install the Red Magic 2.52 ROM below FIRST 2) Root using the first link posted above 3) Flash restore this from TWRP: https://mega.nz/file/r9hF2BwS#RrAXiFWSBNX8dLqfrH8nNHo_uigPC8uYXonwhALhGbo
MegaNZ Link for the Red Magic 5G CN 2.52 ROM: https://mega.nz/file/aoxBFAqY#EDt2OZBGTME4ZGKnERKpK_t-aJT_rWgD0aqBFkilRcY
*** NOW THE BOOTLOADER UNLOCK INSTRUCTIONS ***
Go to Settings / About phone / Build Number (NX659_J_ENCommon_V3.08 on North American Variant), click 7 times, Now you are a developer message appears, go back a menu to Settings / Other system settings / Developer options.
Enable:
OEM unlocking "Allow the bootloader to be unlocked"
USB debugging "Debug mode when USB is connected"
Install Minimal ADB and Fastboot (Windows 10 in this example): https://www.androidfilehost.com/?fid=746010030569952951
Default install path is:
C:\Program Files (x86)\Minimal ADB and Fastboot\
Go to the Search button on the bottom on Windows 10, type cmd, Command Prompt will appear in the menu. Right click it and Run as Administrator. All commands to be typed will be run in this Command Prompt window (referred to as terminal) unless otherwise stated to run on the phone.
Now Terminal window appears (it says Administrator: Command Prompt in the heading):
Text displayed is:
Microsoft Windows
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>
Typed in terminal:
cd "c:\Program Files (x86)\Minimal ADB and Fastboot"
I now connected the phone to a USB port on the PC.
On the phone, a Window appeared:
"Allow USB debugging?"
The computer's RSA key fingerprint is:
[36 digit code] Example:
C8:A17:E2:01:F6:A1
:368:10:E8:33:20:FB:
93:7D
Always allow from this computer (it's my computer so I clicked it since I trust the computer)
CANCEL / ALLOW (I clicked ALLOW)
Typed in terminal:
adb reboot bootloader
The phone reboots. Once the phone screen boots, in the center it says: Now you are in fastboot mode.
From the terminal I typed:
fastboot oem nubia_unlock NUBIA_NX659J
The terminal now displayed:
...
(bootloader) START update nubia fastboot unlock flag!!!
(bootloader) START set state to 1 ok!!!
In the terminal I typed:
fastboot flashing unlock *** DO NOT TYPE THIS IF YOU WANT TO KEEP A WORKING FP!!! READ TOP OF POST!!! AVOID THIS WITH THE EXPERIMENTAL METHOD OF ROOT WITH NO BL UNLOCK ***
Now a screen appeared on the phone with a big <!> red icon in the left corner. The rest in white text is a warning message. "By unlocking the bootloader, you will be able to install custom operating system on this phone. A custom OS is not subject to the same level of testing as the original OS, and can cause your phone and installed applications to stop working properly-
Software integrity cannot be guaranteed with a custom OS, so any data stored on the phone while the bootloader is unlocked may be at risk.
To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data on your phone.
Press the Volume keys to select whether to unlock the bootloader, then the Power Button to continue."
I selected UNLOCK BOOTLOADER and my device was completely erased. The factory OS loaded then. This process takes some time to complete.
Now the device rebooted with a warning message, and a big <!> yellow icon in the left corner.
"The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.
Visit this link on another device:
g.co/ABH"
Now the device reloads the firmware apparently and wipes all user data. Upon setting up the phone, the fingerprint display registration comes up and asked to place my finger on the back of the phone. There is no fingerprint sensor on the back of the Redmagic 5G! It is under the screen! So this step must be skipped. The ROM setup is corrupt or incomplete, a beta possibly. I setup the phone then went into Settings / Security to try to add a fingerprint. The button to add fingerprint then appears. Once I click the button, I get this error:
Loss of fingerprint calibration data
Loss of fingerprint calibration data was detected.
Currently unable to complete fingerprint entry,
please contact Nuia after-sales service via
4007006600
See the XDA post for recalibrating the FP: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
ROOT FOR ALL DEVICES:
(These files are included in the tools download zip, Magisk 20.4 and MagiskManager-v7.5.1.apk, but this is the official source as updates post): Go to XDA and Download Magisk Manager and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power, release the power button once the screen shows it loading, hold the volume up down until you see TWRP pop up). Flash Magisk from TWRP Install / Zip / sdcard / Magisk.zip reboot and you'll have root.
BL unlock first method was tested on North American variant and it works. But it breaks your FP sensor and gives you an annoying boot prompt.
If at any time you want to remove the OEM Bootloader unlock, you plug into the PC, go to the terminal for Minimal ADB and Fastboot, type:
adb reboot fastboot
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing lock (screen will prompt to relock BL, choose to Relock)
The phone should reboot and install the original software. BUT...
If it says you are corrupted well, you have more issues.
You'll have to reflash the stock recovery.img, reboot to stock recovery, wipe data, wipe cache, and flash the CN update.zip rom to a flash drive FORMATTED TO FAT32 (annoying as hell) But you NEED a USB-C to OTG Adapter to attach a Flash Drive / SDCARD this way). If you don't have one, you better reflash TWRP using the prior instructions and flash the update.zip from there. Install, select the update.zip, flash. Wipe Data, Cache, ART/Dalvik. Reboot.
Now it should WIPE the entire phone and be back to normal Android 10 setup non rooted, no unlocked bootloader. Always beware of data loss doing root functions!!! Always be prepared to setup your phone entirely over again. Google Backup is very good to turn on before you do any of this stuff if you have already installed apps.
*** WARNING - THIS BYPASS METHOD COULD GO AWAY AT ANYTIME. IT SHOULD EVENTUALLY BE FIXED BY NUBIA ***
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
You were able to actually install TWRP? Not just boot it? I thought A10 devices cant have twrp permanently installed?
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
mslezak said:
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
Click to expand...
Click to collapse
So its not permanent? Thats what I thought.
Well it could be permanent...
VZTech said:
So its not permanent? Thats what I thought.
Click to expand...
Click to collapse
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
mslezak said:
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
Click to expand...
Click to collapse
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Can anyone send me backup of the super partition?
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Future updates...
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
Yes what I've been told by prior Redmagic Users 3 and 3S is the ROM is released, as long as your boot.img is not patched with Magisk, it can be installed through the menus in Settings / About Phone / Update or someplace like that. You just download the ROM to the appropriate folder on the phone.
So far I have 1 link to a China ROM update here: https://ui.nubia.cn/rom/detail/65
Now on how to install the ROM, I use the Chrome browser set to autotranslate webpages. Most of the Chinese will be translated from here: https://bbs.nubia.com//thread-1136030-1-1.html
Basically it's going to wipe your device clean, and you can use a Nubia backup tool which will save all your items to a folder. Which then you should copy to your PC before installing the new ROM. Then it gives you instructions to get that data back onto your updated device.
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
VZTech said:
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
Click to expand...
Click to collapse
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
You should be able to flash the latest ROM via EDL mode if you've ever used EDL mode before, it usually requires shorting pins together in the device, although some recoveries will let you just boot into EDL mode if the phone still boots. It will be detected. Although on this device with the dynamic partition, I don't know how you would flash these in EDL mode... dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm that do not look like fastboot flashable parts. Possibly the unbrick tool for Redmagic 3/3S could be modified to do this for you.
mslezak said:
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
Click to expand...
Click to collapse
Yes those .img files can easily be fastboot flashed. Unfortunately it wont solve his problem. He needs the nubia unbrick tool, which is tough to get. I dont understand why Nubia makes things difficult. They should provide proper Fastboot files.
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
apersomany said:
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
Click to expand...
Click to collapse
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
mslezak said:
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
Click to expand...
Click to collapse
Thank you so much!
Okay I can't add anything special but daaamn this community is amazing. So much help I love you all
To relock BL repeat the instructions with 1 different command
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
Just in case if somebody need a Chinese version of official ROM v2.46 for RedMagic 5G.
Code:
https://mega.nz/file/vc0DiabR#npahTop-JXZ9Mwv-lA7G6DxTG2qqOOAf6AwW8NdEEKw
mslezak said:
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
Click to expand...
Click to collapse
we found out that using the cn rom it all works without even unlocking the bootloader, even while oem unlock was disabled in dev options but there is some kind of vbmeta img required. a full guide is incoming.
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
You can flash their NX659J-update.zip files directly from TWRP that's how we restored our bricked devices already. So OTA updates no, but you can download them anyway and flash from TWRP directly. Yes we have to figure out a concrete restore method which isn't 100% working yet. I.e. all your data is lost this way apparently AT THIS MOMENT... MORE TO COME.
DOES NOT WORK WITH NEW FIRMWARES FOR ANDROID 12! WILL NOT BOOT AND YOU WILL FIND YOURSELF IN EDL MODE TRYING TO UNBRICK YOUR PHONE.
Similar to https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ but for pre-built custom ROMs, such as official LineageOS.
WARNING: This will wipe your data - as far as I know there is no way to change the bootloader status (locked/unlocked) without a wipe.
IMPORTANT
If you mount ANY partition R/W after installing your ROM, you will no longer be able to boot. This means you will not be able to install ANY flash-able zips, INCLUDING GAPPS!
You will still get a warning message on boot, though it will be yellow rather than orange and just point out that your operating system is custom.
It is unlikely it will fix your banking app, as the bootloader status will be yellow (rather than orange/red for unlocked).
If your ROM developer's verity key changes and you update, you will be stuck and not be able to get back to a working device without wiping your data.
In short this is pointless, carries a lot of risk and the only benefit you get is the questionable extra security of a locked bootloader that will only load an operating system that is signed by a key that you have explicitly trusted.
So how to do it?
STEP 1:
Download your ROM (eg: official LineageOS, or LineageOS with MicroG). Keep the ZIP to one side as we will need it later.
STEP 2:
Unlock your bootloader and install your ROM as normal, following the instructions given by the ROM maintainer. You must NOT flash any flash-able zips after installing the ROM or you will no longer be able to boot.
At this stage it is assumed you have your chosen ROM installed and your boot loader is unlocked.
STEP 3:
On your computer, extract the ZIP file containing the ROM.
STEP 4:
Use: payload dumper to extract the payload.bin file.
STEP 5:
Use: this tool to extract the public key from the vbmeta.img file.
Code:
ruby ./run.rb ./extracted/vbmeta.img output
This will generate "output.pem" and "output.img".
STEP 6:
Reboot into fastboot, run:
Code:
fastboot erase avb_custom_key
fastboot flash avb_custom_key ./output.img
fastboot oem lock
At this point your phone should reboot, wipe itself, have a locked boot loader and successfully boot your ROM of choice. When upgrading in the future you can extract the public key in the same way and compare it to the one you have loaded into fastboot to ensure you won't be forced into having to wipe your device again.
If something goes wrong and your ROM does not boot and gives a red error about corrupt OS, you will need to unlock the bootloader again in order for things to work.
Very nice! Will i be able to flash magisk before and still be ok?
I don't know (sorry) I've never used Magisk. I think it modifies the boot image right? If so I don't expect it would work as the boot image signature must match the one that is in the vbmeta image.
rlees85 said:
Similar to https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ but for pre-built custom ROMs, such as official LineageOS.
WARNING: This will wipe your data - as far as I know there is no way to change the bootloader status (locked/unlocked) without a wipe.
IMPORTANT
If you mount ANY partition R/W after installing your ROM, you will no longer be able to boot. This means you will not be able to install ANY flash-able zips, INCLUDING GAPPS!
You will still get a warning message on boot, though it will be yellow rather than orange and just point out that your operating system is custom.
It is unlikely it will fix your banking app, as the bootloader status will be yellow (rather than orange/red for unlocked).
If your ROM developer's verity key changes and you update, you will be stuck and not be able to get back to a working device without wiping your data.
In short this is pointless, carries a lot of risk and the only benefit you get is the questionable extra security of a locked bootloader that will only load an operating system that is signed by a key that you have explicitly trusted.
So how to do it?
STEP 1:
Download your ROM (eg: official LineageOS, or LineageOS with MicroG). Keep the ZIP to one side as we will need it later.
STEP 2:
Unlock your bootloader and install your ROM as normal, following the instructions given by the ROM maintainer. You must NOT flash any flash-able zips after installing the ROM or you will no longer be able to boot.
At this stage it is assumed you have your chosen ROM installed and your boot loader is unlocked.
STEP 3:
On your computer, extract the ZIP file containing the ROM.
STEP 4:
Use: payload dumper to extract the payload.bin file.
STEP 5:
Use: this tool to extract the public key from the vbmeta.img file.
Code:
ruby ./run.rb ./extracted/vbmeta.img output
This will generate "output.pem" and "output.img".
STEP 6:
Reboot into fastboot, run:
Code:
fastboot erase avb_custom_key
fastboot flash avb_custom_key ./output.img
fastboot oem lock
At this point your phone should reboot, wipe itself, have a locked boot loader and successfully boot your ROM of choice. When upgrading in the future you can extract the public key in the same way and compare it to the one you have loaded into fastboot to ensure you won't be forced into having to wipe your device again.
If something goes wrong and your ROM does not boot and gives a red error about corrupt OS, you will need to unlock the bootloader again in order for things to work.
Click to expand...
Click to collapse
Thank You Soooooooo much, may God bless you always. By the way it's working with LineageOS microG as well.
rlees85 said:
Similar to https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ but for pre-built custom ROMs, such as official LineageOS.
WARNING: This will wipe your data - as far as I know there is no way to change the bootloader status (locked/unlocked) without a wipe.
IMPORTANT
If you mount ANY partition R/W after installing your ROM, you will no longer be able to boot. This means you will not be able to install ANY flash-able zips, INCLUDING GAPPS!
You will still get a warning message on boot, though it will be yellow rather than orange and just point out that your operating system is custom.
It is unlikely it will fix your banking app, as the bootloader status will be yellow (rather than orange/red for unlocked).
If your ROM developer's verity key changes and you update, you will be stuck and not be able to get back to a working device without wiping your data.
In short this is pointless, carries a lot of risk and the only benefit you get is the questionable extra security of a locked bootloader that will only load an operating system that is signed by a key that you have explicitly trusted.
So how to do it?
STEP 1:
Download your ROM (eg: official LineageOS, or LineageOS with MicroG). Keep the ZIP to one side as we will need it later.
STEP 2:
Unlock your bootloader and install your ROM as normal, following the instructions given by the ROM maintainer. You must NOT flash any flash-able zips after installing the ROM or you will no longer be able to boot.
At this stage it is assumed you have your chosen ROM installed and your boot loader is unlocked.
STEP 3:
On your computer, extract the ZIP file containing the ROM.
STEP 4:
Use: payload dumper to extract the payload.bin file.
STEP 5:
Use: this tool to extract the public key from the vbmeta.img file.
Code:
ruby ./run.rb ./extracted/vbmeta.img output
This will generate "output.pem" and "output.img".
STEP 6:
Reboot into fastboot, run:
Code:
fastboot erase avb_custom_key
fastboot flash avb_custom_key ./output.img
fastboot oem lock
At this point your phone should reboot, wipe itself, have a locked boot loader and successfully boot your ROM of choice. When upgrading in the future you can extract the public key in the same way and compare it to the one you have loaded into fastboot to ensure you won't be forced into having to wipe your device again.
If something goes wrong and your ROM does not boot and gives a red error about corrupt OS, you will need to unlock the bootloader again in order for things to work.
Click to expand...
Click to collapse
If I may to ask, Why the OEM unlocking toggle doesn't appear in the Developer options menu after the steps above done successfully ?
ahmed.elsersi said:
If I may to ask, Why the OEM unlocking toggle doesn't appear in the Developer options menu after the steps above done successfully ?
Click to expand...
Click to collapse
The offical builds of LineageOS do not inlcude the OEM lock option in them for the 7/7Pro/8T (maybe others), so it does not appear in developers options.
To get it you'd have to recomiple LineageOS (maybe tweak build.props?).
Anyone thinking of doing this might be interested in a post I made over on reddit talking about relocking, which includes info on why using pre buildt ROM is probably a bad idea.
WhitbyGreg said:
The offical builds of LineageOS do not inlcude the OEM lock option in them for the 7/7Pro/8T (maybe others), so it does not appear in developers options.
To get it you'd have to recomiple LineageOS (maybe tweak build.props?).
Click to expand...
Click to collapse
Thank you, I appreciate it.
rlees85 said:
Similar to https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ but for pre-built custom ROMs, such as official LineageOS.
WARNING: This will wipe your data - as far as I know there is no way to change the bootloader status (locked/unlocked) without a wipe.
IMPORTANT
If you mount ANY partition R/W after installing your ROM, you will no longer be able to boot. This means you will not be able to install ANY flash-able zips, INCLUDING GAPPS!
You will still get a warning message on boot, though it will be yellow rather than orange and just point out that your operating system is custom.
It is unlikely it will fix your banking app, as the bootloader status will be yellow (rather than orange/red for unlocked).
If your ROM developer's verity key changes and you update, you will be stuck and not be able to get back to a working device without wiping your data.
In short this is pointless, carries a lot of risk and the only benefit you get is the questionable extra security of a locked bootloader that will only load an operating system that is signed by a key that you have explicitly trusted.
So how to do it?
STEP 1:
Download your ROM (eg: official LineageOS, or LineageOS with MicroG). Keep the ZIP to one side as we will need it later.
STEP 2:
Unlock your bootloader and install your ROM as normal, following the instructions given by the ROM maintainer. You must NOT flash any flash-able zips after installing the ROM or you will no longer be able to boot.
At this stage it is assumed you have your chosen ROM installed and your boot loader is unlocked.
STEP 3:
On your computer, extract the ZIP file containing the ROM.
STEP 4:
Use: payload dumper to extract the payload.bin file.
STEP 5:
Use: this tool to extract the public key from the vbmeta.img file.
Code:
ruby ./run.rb ./extracted/vbmeta.img output
This will generate "output.pem" and "output.img".
STEP 6:
Reboot into fastboot, run:
Code:
fastboot erase avb_custom_key
fastboot flash avb_custom_key ./output.img
fastboot oem lock
At this point your phone should reboot, wipe itself, have a locked boot loader and successfully boot your ROM of choice. When upgrading in the future you can extract the public key in the same way and compare it to the one you have loaded into fastboot to ensure you won't be forced into having to wipe your device again.
If something goes wrong and your ROM does not boot and gives a red error about corrupt OS, you will need to unlock the bootloader again in order for things to work.
Click to expand...
Click to collapse
Great.
Thanks a lot. This worked also perfectly after installing LineageOS on enchilada (OnePlus 6).
See https://wiki.lineageos.org/devices/enchilada/install
Similar to https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ but for pre-built custom ROMs, such as official LineageOS.
WARNING: This will wipe your data - as far as I know there is no way to change the bootloader status (locked/unlocked) without a wipe.
IMPORTANT
If you mount ANY partition R/W after installing your ROM, you will no longer be able to boot. This means you will not be able to install ANY flash-able zips, INCLUDING GAPPS!
You will still get a warning message on boot, though it will be yellow rather than orange and just point out that your operating system is custom.
It is unlikely it will fix your banking app, as the bootloader status will be yellow (rather than orange/red for unlocked).
If your ROM developer's verity key changes and you update, you will be stuck and not be able to get back to a working device IndigoCard Login without wiping your data.
In short this is pointless, carries a lot of risk and the only benefit you get is the questionable extra security of a locked bootloader that will only load an operating system that is signed by a key that you have explicitly trusted.
Click to expand...
Click to collapse
Thanks for the information you shared. Loved the way you explained everything in this blog.
I've gotten to the stage of
Code:
ruby ./run.rb ./extracted/vbmeta.img output
Except I run it directly in the output folder from the payload_dumper process.
When I run it, I get
Code:
ruby ./run.rb ./vbmeta.img output
Traceback (most recent call last):
1: from ./run.rb:46:in `<main>'
./run.rb:46:in `require_relative': cannot load such file -- /home/peter/Phone/phonec/output/lib/AvbVBMetaFooter.rb (LoadError)
It's looking for lib/AvbVBMetaFooter.rb. I've googled that, looked into the run.rb script, and can't find it.
Does anyone have an idea on this?
thanks very much
yiwogir691 said:
Very nice! Will i be able to flash magisk before and still be ok?
Click to expand...
Click to collapse
Working for you?
Scotm95 said:
Thanks for the information you shared. Loved the way you explained everything in this blog.
Click to expand...
Click to collapse
Working for you ?
jetcollins said:
I've gotten to the stage of
Code:
ruby ./run.rb ./extracted/vbmeta.img output
Except I run it directly in the output folder from the payload_dumper process.
When I run it, I get
Code:
ruby ./run.rb ./vbmeta.img output
Traceback (most recent call last):
1: from ./run.rb:46:in `<main>'
./run.rb:46:in `require_relative': cannot load such file -- /home/peter/Phone/phonec/output/lib/AvbVBMetaFooter.rb (LoadError)
It's looking for lib/AvbVBMetaFooter.rb. I've googled that, looked into the run.rb script, and can't find it.
Does anyone have an idea on this?
thanks very much
Click to expand...
Click to collapse
Late reply, sorry, you need to clone the whole repo and not just copy and paste run.rb
The missing files are in the same repo as run.rb
Does anyone tried this guide recently and worked?
Haven't tried it since November but I'm still having the setup running on my phone and auto updates worked without flaws so far.
Has anyone gotten this to work on a OP9 and/or Lineage 19? I was able to follow all the steps and I got a build that I think should work. In fact, it does work until I actually do the re-lock, at which point I get the red broken OS boot screen.
srwalter said:
Has anyone gotten this to work on a OP9 and/or Lineage 19? I was able to follow all the steps and I got a build that I think should work. In fact, it does work until I actually do the re-lock, at which point I get the red broken OS boot screen.
Click to expand...
Click to collapse
[GUIDE] Re-locking the bootloader on the OnePlus 8t with a self-signed build of LOS 18.1
What is this tutorial? This tutorial will: Creating an unofficial build of LineageOS 18.1 suitable for using to re-lock the bootloader on a OnePlus 8t Take you through the process of re-locking your bootloader after installing the above This...
forum.xda-developers.com
I am preparing to update my OnePlus 8T to LineageOS 19.1 MicroG edition. So far I've confirmed the key used for LineageOS 18.1 MicroG edition is the same so I shouldn't have to re-fiddle with any partitions/keys.
When I finally update I will post back here if I screw my phone/get the red message.