Some luv for moto e 1st gen (xt830c) - Moto E General

I kinda doubt too many folks are still using a first gen moto e (xt830c..), however if you
are heres a little - albeit late - love from the cactus patch! I had one of these given to
me a week or so ago, so I set out to root it and what not. Welps, root'in wasn't tootin since
BL couldnt be unlocked.. Until I stumbled upon the Aleph Security initroot path to gaining adb
shell root via command line injection exploit. Woot! So I set out to do this, and succeeded after
a little head banging. Heres how it works:
Boot phone into fastboot mode (volume down + power)
fastboot flash a malicious image to a non-existent partition
set a utag variable via fastboot oem config command
resume booting.
The utag variable set is actually the memnory location aboot will find the malicious payload
at in the form of a ramdisk init string. This string is added to the command line, forcing aboot
to populate the filesystem with the malicious ramdisk contents. This allows you to replace init with a edited copy that sets selinux to permissive, and replaces adbd with a hacked copy.
I decided to take things one step further, and modified this to load TWRP. And hey, it werx gr8!
Anyhow, useage has been beaver-proofed. Extract the motoinit.zip to a folder. Put your phone intofastboot mode, then run init-root.cmd to load the payload for root adb shell, or run init-twrp.cmd to boot into TWRP recovery. These exploits aren't (currently...) persistent, so they would need ran each time you wanted into TWRP or wanted a shell root session. Also, once you are done you'll need to drop back to fastboot mode again and run init-fixbootloop.cmd. This will unset the UTAG variable and allow you to boot normally.

I have an XT830C too. TWRP worked for me and boots, but problem is I get the line "INFOPermission denied" after the flash on both init-xxxx.cmd files on the command prompt, even if I ran it as administrator. Rooting still doesn't work for me. Wish someone found a way to decipher the bootloader unlock code.

Related

wifi turning itself off, driver not being loaded.

Edit: Considering all the complex processes that I've done, I'm willing to do some series of steps again with the gathered knowledge, but I still need some guidance.
Actual status: Losing my mind (not fixed)
Here's the info of my current problem:
I have a XT1563, cid12 (cl)
Working perfectly until android 6.0 OTA. After restart, in the wifi screen loading bar is constantly present and switches itself off after a couple of seconds of activated. Network list is empty, mac address appears as 02:00:00:00:00:00 in wifi details and status of the phone.
Sent it to support and they 'updated the software', when I got it back wifi was working, but when I installed sd and sim cards back it stopped working.
The most relevant logcat message that appears to be the main one is from WifiStateMachine:
Code:
WifiStateMachine: Fail to set up pno, want false now false
WifiStateMachine: Failed to load driver
Things I've done
Most of this steps have been tried with clean installs and removing sd/sim cards
Network Reset
Factory Reset
Flash different stock roms (currently on 6.0.1 MPD24.107-52)
Flashed ultra kernel R2, R3 and squid kernels 14, 15, 15 oc, 15b
Used twrp 2.8.7 and 3.0.0-r2
Used rsd to flash official firmware for my carrier (RETLA-ENTEL_6.0_MPD24.65-25.1)
Flashed CM 12 and CM 13 unofficial
Installed SuperSU and Busybox
Changed owners and permits in persist/
Copied new persist from different sources
Hex edited .bin file in persist/
downloaded WCNSS_wlan_dictionary.dat and put it in persist to comply with symlink in prima/
fastboot oem install [2 of my carriers; entel, claro]
Replaced WCNSS files in persist with the ones available the motorola repo
Copied WCNSS factory file to prima/ folder
Copied WCNSS_qcom_cfg.ini to /data/misc/wifi
went crazy with 776 permissions
Even after flashing stock with RSDLite, bootloader show the modified status as 3 when I think it should be 2. This has led me to think that something is in the file system that android does not like but is not being fixed by RSD nor clean wipes.
From what I understand, the only thing that could be surviving full flashes and wipes are contents in persist/ and modifications to the root of the system, like busybox and superSU. I've not been able to find any way of cleaning the root of the phone and I imagine that's really dangerous.
TL;DR Wifi driver is not loading, persist folder is ok and clean flash does not fix it.
Possibly relevant logcat entries:
E WifiService: Invoking mWifiStateMachine.setWifiEnable
D WifiStateMachine: setting operational mode to 1
E WifiHW : User build,dont Start logging service.
E WifiService: Invoking mWifiStateMachine.setWifiEnabled
E WifiStateMachine: Failed to load driver
D WifiStateMachine: setWifiState: unknown state
Info for nerds:
Source code of WifiStateMachine.java containing the error message:
Code:
public boolean processMessage(Message message) {
switch (message.what) {
case CMD_START_SUPPLICANT:
[B]if (mWifiNative.loadDriver())[/B] {
// Code for loading supplicant
} else {
loge("Failed to load driver");
}
break;
# More code
}
}
WifiNative.java cointains the class being instantiated where the evaluation calls a empty abstract method:
Code:
public native static boolean loadDriver();
I'm having problems for identifying where this class is being extended for this method to actually do something. If anyone knows please leave a comment.
Wifi problems and fixes
I've still not found a solution for myself, but I figured I still can give some tips for people with problems, especially considering how confusing is to get information about this.
This is a work in progress. I would gladly receive corrections and new info.
Before anything, do a backup. Even if your wifi does not work, it can save you from a lot of problems. Remember to backup the persist folder, a lot of automated recoveries don't make a backup of that folders because it's supposed to survive flashes but there's ways in which you can do it by mistake. It also helps a lot with bug hunting.
Things you should have already tried:
Plane mode on, reboot, wifi on and plane mode off
Network settings reset in android and reboot
Rebooted to safemode (longpress in power off when turning phone off]
Factory reset in android
Removal of SD and SIM cards
Factory reset in recovery
Flash Stock ROM in RDSlite
Unlock bootloader
Activate developer mode and set usb debug on
Installed custom recovery
Clean Flash stock ROM trough fastboot
Flash custom Kernels
Things you need:
adb and fastboot
usb drivers for the phone
Optional Text editor that preserves text format (avoid notepad and MS word)
Optional Busybox for extended commands in android shell (root required)
Optional If you're in windows and want to mess with adb: A decent console to work with.
Option A: cash with cmder
Install cmder
Install NodeJs
Install cash tipping in cmd npm install cash-global -g (after NodeJs)
Option B: babun
http://babun.github.io/
optional Open text editor for easy copy-paste of long paths and commands
optional Hex editor if you want to edit .bin files. I use XVI32
Useful console commands (In windows you need one of the optional shells described above)
List files and folders
Code:
ls -la [path to list]
Find file/folder in linux (and android shell)
Code:
find / -iname '*[word you're looking]*'
* are 'wildcards', they allow for matching any text (or no text at all)
you can add, before -iname, -type f (for files) or -type d (for folders)
Symlink
It's an alternative of copying files. this allows you to simulate having a file in two different places, but really all paint to one. Modifications in this source are going to affect all the links, so it's easier to configure. Android does this a lot.
Code:
ln -s [path to] [from]
Copy files and folders
Code:
cp [-R if you want to move folders] [path to source] [path to target]
logcat for essential wifi messages (short-colored) If someone know more, please let me know
Code:
adb logcat -v brief -v color WifiSerice:V WifiHW:V WifiStateMachine:V FileUtils:V QSEECOMAPI:V *:S
change owners and permissions
the flag -R makes the command work for files and subfolders
Code:
chown user:group [path to file or folder]
chmod [num of user][num of group][num of all] [path to file or folder] [SIZE="2"](e.g. chmod 660 /persist/WCNSS_qcom_wlan_nv.bin)[/SIZE]
grep
This one is awesome; It's for filtering the results of any command, so you can use it for filtering.
Code:
[command you want to filter] | grep -i [term you're looking for]
For example, [adb logcat] gives you a huge list of messages, but [adb logcat | grep -i wifi] gives you just the lines that contain 'wifi'
From my experience, this are the common folders related to wifi configs:
Code:
/persist/
/system/etc/firmware/wlan/prima/
/system/etc/wifi/
/data/misc/wifi/
Command list for do a full clean flash:
please note that system.img_sparsechunk can vary in number according to ROM, but I've put 9 in here because failed commands don't write to phone
note: fastboot flash partition gpt.bin works perfectly when used first, but for me it's failing when I erase system and boot first.
Code:
fastboot erase system -w
fastboot erase boot
fastboot erase fsg
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash system system.img_sparsechunk.9
fastboot flash modem NON-HLOS.bin.
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot erase customize
fastboot erase clogo
fastboot reboot (or reboot-bootloader)
Important: Every time you flash, do a clean wipe. In fastboot this usually means using erase system -w and erase boot before flashing.
Be aware that for getting the logcat your phone must be booted to android OS.
Be aware that for copying and modifying important files you must access the phone's shell either in recovery mode or switching to root with the command (su) that's only accesible if you're rooted.
Ok. If you made it this far you're probably losing your mind. To debug this, especially if you're going to post asking for help, get the catlog of your phone and/or a precise description to look for clues to your problem (I have a command ready for you above).
Here's some common solutions I've found while trying to solve my own problem: (Credits to the authors of the solutions)
Bad permissions/users
These appear to be correct or usable permissions for relevant files. Consider that there's a lot of fragmentation in this info so they might be wrong.
Confirmation of these would be great:
Code:
-rwxrwx--- wifi wifi /system/etc/wifi
-rw-rw---- wifi wifi /system/etc/wifi/wpa_supplicant.conf
-rwxrwx--- wifi wifi /data/misc/wifi
-rwxrwx--- wifi wifi /data/misc/wifi/sockets
-rw-rw---- wifi wifi /data/misc/wifi/wpa_supplicant.conf
-rw-rw---- system:wifi /data/misc/wifi/WCNSS_qcom_cfg.ini
-rw-rw---- wifi wifi WCNSS_qcom_wlan_nv.bin
-rw-rw---- root root WCNSS_wlan_dictionary.dat
-rwxrwx--- is 770, -rw-rw---- is 660
Is reported in some places that the parent folder of wpa_supplicant.conf should be -rw-rw---- wifi wifi
Missing or badly configured wpa_supplicant.conf
The solution is place a new copy of the file in the correct folders. If someone has a 'oficial' source or more info let me know
I remember reading that some people had success deleting the file so the SO rebuilds it. Do it to your discretion and remember to backup
Missing WCNSS files
These files are essential and must be in the correct paths for wifi drivers to load.
There's a lot of different sources for this files, but from my experiencie they don't change a lot (last commits are more than one year old).
Files in oficial source repository from motorola
These posts have info and files
http://forum.xda-developers.com/showthread.php?t=2589790
http://forum.xda-developers.com/showpost.php?p=48861415&postcount=19
Paths of relevant files. Please consider that not just because it's here means you need it
Code:
/persist/WCNSS_qcom_wlan_nv.bin
/persist/WCNSS_qcom_wlan_factory_nv.bin
/persist/WCNSS_qcom_wlan_dictionary.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini
/system/etc/firmware/wlan/prima/WCNSS_cfg.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_nv.bin
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_dictionary.dat
/system/etc/firmware/wlan/prima/WCNSS_qcom_wlan_factory_nv.bin
/data/misc/wifi/WCNSS_qcom_cfg.ini
/data/misc/wifi/wpa_supplicant.conf
Missing /persist/drm/widevine and/or /persist/prov
Check this two posts:
http://forum.xda-developers.com/showthread.php?t=2589790
http://forum.xda-developers.com/showpost.php?p=48861415&postcount=19
In there you can find backups to get the folders, restore them to /persist/ and check permissions.
Bad MAC address in WCNSS_qcom_wlan_nv.bin
Sometimes the file WCNSS_qcom_wlan_nv.bin needs to be updated with the correct mac address.
Since it's a .bin file, it cannot be changed with a text editor. You need to use a hex editor (XVI32 link is in 'things you need' above).
The mac address starts at 'A' (since is hex) or, more simply, after 10 'cells'. Be aware that in this editor changes get 'inserted' instead of modified, so you have to delete the initial 6 addresses of the old mac.
Put the file back, and check permissions. There's two copies of this file: one in /persist/ and another in /system/etc/firmware/wlan/prima/ change one or both according with your situation
Some logcat messages and details about them
For getting more messages about wifiHW you need a userdebug build like CyanogenMod. Stock roms don't log wifiHW.
Code:
WifiStateMachine: failed to load driver
WCNSS_qcom_cfg.ini and/or WCNSS_cfg.dat is missing somewhere. In my case this was missing from /system/etc/wifi.
Code:
wcnss_service: CAL file not found
This refers to the calibration file. The source of wcnss-service.c defines this file as "WCNSS_qcom_wlan_cal.bin" in the path "/data/misc/wifi/WCNSS_qcom_wlan_cal.bin". however, source show that CAL file is not used if the factory file is present. Source in link gives this address '"/data/misc/wifi/WCN_FACTORY" which is weird because from posts in xda this file has the name "CNSS_qcom_wlan_factory_nv.bin" I'll update if I have more info
Info for nerds:
How android Wifi works:
https://community.freescale.com/docs/DOC-93603
source code for wifi opt framework - android 6.0.1 r22
source code for wifi qcom framework - android 6.0.1 r22
you need hex editor to edit those .bin files.www.droidrzr.com/topic/65438-how-to-change-your-mac-address-xt926/
forum.xda-developers.com/nexus-4/help/nexus-4-mac-changer-spoofing-t2180809/page3
Thank you for your answer!
I'll make the edit in the file but I'll take a while to report back on the results because it's already too late in here.
Considering this, would it make sense for a nonmatching mac address show up as 02:00:00:00:00 in the wifi details screen?
RoDeltaLambda said:
Thank you for your answer!
I'll make the edit in the file but I'll take a while to report back on the results because it's already too late in here.
Considering this, would it make sense for a nonmatching mac address show up as 02:00:00:00:00 in the wifi details screen?
Click to expand...
Click to collapse
Yes, your Mac address is fine, just checked I also have the same
try this and report if its working
1. Put the phone into airplane mode.
2. Restart the phone.
3. Turn on WiFi.
4. Connect to the WiFi network.
5. Turn off airplane mode.
bablu048 said:
Yes, your Mac address is fine, just checked I also have the same
try this and report if its working
1. Put the phone into airplane mode.
2. Restart the phone.
3. Turn on WiFi.
4. Connect to the WiFi network.
5. Turn off airplane mode.
Click to expand...
Click to collapse
I've tried those steps and it's not working.
Logcat shows "WifiStateMachine: Failed to load driver" in each attempt.
I will update the .bin modifications results in a couple of minutes
bablu048 said:
you need hex editor to edit those .bin files.www.droidrzr.com/topic/65438-how-to-change-your-mac-address-xt926/
forum.xda-developers.com/nexus-4/help/nexus-4-mac-changer-spoofing-t2180809/page3
Click to expand...
Click to collapse
I have tried the modifications to no avail.
Steps I did:
get the wifi mac address from the recovery logs
adb pull the files on recovery with persist mounted
hex edited the lines taken from the screenshot on your second link (Both _factory_nv.bin and _nv.bin
adb pushed lines back to mounted persist on recovery
cleaned data/cache/dalvik
rebooted to system
Is there something in the /data/ folder that could be causing the issue? Now both files show back at -rw-r--r-- permissions with root:root owner. I'll try again without wiping data this time and post the report.
RoDeltaLambda said:
I have tried the modifications to no avail.
Click to expand...
Click to collapse
I think this thread solved the problem just by replacing the files from another device forum.cyanogenmod.org/topic/84876-wifi-failure-after-cm11-install-still-present-after-restore-from-backup/
bablu048 said:
I think this thread solved the problem just by replacing the files from another device forum.cyanogenmod.org/topic/84876-wifi-failure-after-cm11-install-still-present-after-restore-from-backup/
Click to expand...
Click to collapse
I have tried the steps in that topic, copying the exact same files in /persist and /prima. Problem still persists
From that topic I've learned that at flash time the files from persist are taken out and sent to system folders. I will try to reflash now with the new files and permissions set up
After the actions of my last post and before the new flash, I scanned the results of adb logcat *: D | grep Wifi
Here are some entries that could be of interest:
more possibly relevant logcat entries:
Code:
[SIZE="2"][I]Initially country code appears to be empty:[/I][/SIZE]
I WifiService: WifiService trying to set country code to with persist set to true
WifiService: Client connection lost with reason: 4
I WifiService: WifiService trying to set country code to cl with persist set to true
E WifiService: Invoking mWifiStateMachine.setWifiEnable
D WifiStateMachine: setting operational mode to 1
E WifiHW : User build,dont Start logging service.
E WifiService: Invoking mWifiStateMachine.setWifiEnabled
E WifiStateMachine: Failed to load driver
D WifiStateMachine: setWifiState: unknown state
RoDeltaLambda said:
I have tried the steps in that topic, copying the exact same files in /persist and /prima. Problem still persists
From that topic I've learned that at flash time the files from persist are taken out and sent to system folders. I will try to reflash now with the new files and permissions set up
Click to expand...
Click to collapse
I've fully flashed the device with RSD and problem still persist.
Eager to hear some more ideas.
I noticed that in system/etc/firmware/prima, adding to the files I copied, there's one symlink: WCNSS_wlan_dictionary.dat -> /persist/WCNSS_wlan_dictionary.dat
This file is not present in my persist folder (nor the rest of the files in the phone, based on adb shell find . -name WCNSS_wlan_dictionary.dat). I imagine this could clearly cause a problem with the wifi driver looking for a file that does not exist.
Someone has a reliable source where I could get this file? I can try to delete it to see if the SO tries to rebuild something, but I would prefer the safest option first.
have you tried flashing back stock recovery then do a factory reset from there?
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
bablu048 said:
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
Click to expand...
Click to collapse
Thank you for the file and the instructions. I've checked the diff with 3 different sources:
Meninblack007 - vendor
huawei_msm8916
google android source code
All match, so I'll asume this is a universal file without modifications.
Moving this file to persist/ folder made no difference
I've also tried taking the files from motorola official github repo, copy them to persist/ and flash. Without success this far.
I'll send factory_nv.bin to prima folder and report back
flash the firmware through rsd lite, lock the bootloader and take it again to service center.
I am out of ideas and also Google searches.. I'll keep looking and report if I find anything else.
bablu048 said:
copy WCNSS_qcom_wlan_factory_nv.bin to your SD card. Use your filemanger to copy this file to /prima. Reboot
Activate wi-fi, the you'll find your mac adress under Settings > About Phone > Status > Wi-fi MAC Adress
Open WCNSS_qcom_wlan_factory_nv.bin on your phone or PC with a hex editor and type your mac adress inside that file and save it.
File attached just remove .txt
The file is from xt1562
Click to expand...
Click to collapse
I've copied the file between the locations trough adb shell and there's no noticeable difference.
MAC address does not appear either in this screen:
I'll post this image and the versions of the phone in the OP
did u try ultra kernel?
i have same problem.
i flash ultra kernel(r3), and my wifi work fine.
jalal-jap said:
did u try ultra kernel?
i have same problem.
i flash ultra kernel(r3), and my wifi work fine.
Click to expand...
Click to collapse
Yes I've tried.
Flashed ultra kernel R2, R3 and squid kernels 14, 15, 15 oc, 15b
Click to expand...
Click to collapse
Considering all the changes I've done, it was a good idea to try again.
I've tried the last release of squid kernel, since the dev of ultra kernel recommended this one for 6.0.1.
Installed the kernel, wiped cache/dalvik and rebooted without success. Logcat is still showing failure at loading drivers.
The main problem I'm having is that the failure point is not correctly specified, so now I'll try to dig deeper into logcats to see if I pinpoint the source of the issue. If anyone can let me know about some complementary logs, I would be super grateful.
I've installed CM to have a userdebug build, in order to debug more in detail thanks to the logs of wifiHW.
After fixing an error of missing WCNSS_qcom_cfg.ini in /system/etc/wifi (Copied from prima folder) I've came across this error appearing persistently:
Code:
wcnss_service: Failed to open /dev/wcnss_ctrl : Bad address
I've looked around but there's no info of how could I deal with this. I will dig around a little more but if someone has a tip I would gladly hear

*UPDATED**UNLOCK TOOL (4-2019) for ALL Versions of BLU R1-HD

BLU R1-HD bootloader unlock script tool, and TWRP install tool.
Download is a zip file, unpack it to somewhere you will remember. Run the dirty-cow-tool.bat // mtk-su-tool.bat
The included files and folders are set to hidden, in effort to keep them safe from accidental delete.
Must have adb+fastboot + drivers installed and setup prior to using tool
Easiest method to install adb + fastboot on windows is with "15 second adb + fastboot install TOOL"
LINK==>ADB+FASTBOOT
It is for windows
In linux :
"sudo apt-get install android-tools-adb"
"sudo apt-get install android-tools-fastboot" Some fastboot commands were missing when i used this one ie "fastboot flashing get_unlock_ability"
"sudo apt-get install fastboot" worked better when I tried. ( i used that command as a check before doing the unlock, so it was needed only for that check)
Using Tool
On Windows?
Unzip the downloaded file to a new folder, open new
folder and click on "dirty-cow-tool.bat". // "mtk-su-tool.bat"
Do the steps in order (1-2-3-4) to be unlocked, then
Step (5) to get to second page where step (1) is root
The rest is optional
On Linux?
Unzip downloaded file to new folder folder .
Open folder. Then open R1-Linux-tool-v2 folder
Open terminal from that folder and type
" . R1-HD-TOOL.sh "
Same order of steps (1,2,3,4) step (5) for extra
Steps (1 on second menu) for superSU root.
Second menu steps (2,3,4,5,6,7,8) are optional.
**Linux Note**
The tool uses "fastboot flashing get_unlock_ability" as one of the methods to check before doing the unlock.
The version of fastboot that installed with "apt-get install android-tools-fastboot" did not recognize
this command. But "apt-get install fastboot" updated some version and then the command was recognized.
******OTHER NOTES****
--- this has been mentioned in the general thread and the modified v17 thread, but It has come up again so I wanted to make note of it.----
--- The newest blu versions (V7.4.2 and V17) Have made changes to "toolbox" and this effects things like "adaway" and "titanium backup"
--- The suggested fix is to install busy-box. I have had success with the version from play store, some prefer to use f-droid version. Either one will do. Install it and open the app. From in the app you need to do an install.
CHANGE LOG
V1:. Initial release : removed
V2:. : fixed typos preventing proper function
V3:.: switch file verification to md5 check instead of "ls-l" comparison.
V4: current version: add extras page, add SU flash, de-bloat script, Added Fm Radio, Added pre-loader roll back
V5: Fixed wrong loop "goto" line that made preloader rollback do "MTK_BLU Debloat v2" instead
V6: Added manual pause to script for mods that need recovery (Extra's 5) . Added redundent recovery flash command .
Few reports of recovery "not Sticking" and needed to run the flash commands manually one by one. Maybe the redundent
flash will make it survive. If still having problem with recovery "staying install" try manually flashing
here is link to the steps needed. FLASH RECOVERY
V7 Improved logs Added line to make batch run as sub-process so if error occurs , will not close
V7.1 : Updated the fm radio install zip and include the needed selinux mode changer app
V8: fixed dependency of needing to be unzipped to location w/o spaces in name. (when used from location with spaces, tool used to fail to push needed files).
.. added more time to allow dirtycow to "spawn" its root shell. Recent testing has shown sometimes it takes longer than the 60 seconds allowed in the script. Now it is looped 3 times.
V9 Added full path to abd push lines for recovery flash files. included fastboot.exe file to address some version issue where user s version would not output text file I coded into script for a verification ( included file is called by script, no need to do anything different with it)
V10: Moved zip file to included folder to help preserve locations when unpacked, added device check before running tool; So tool not used on wrong device, Rearranged order of operations on extra's page. (recovery installed options) Push files while in android before rebooting to recovery( should improve reliability for multiple reports of not automatically installing options for some)
******I have received some reports that some devices are reporting "ro.build.product =R1_HD and not "BLU_R1_HD" like mine, so the added device check is blocking tool from starting If this happens to you , you can make edit to the .bat file like below.
Change this line
Code:
:next_check
find "BLU_R1_HD" "%~dp0workingproduct.txt"
To this
Code:
:next_check
find "R1_HD" "%~dp0workingproduct.txt"
it is line #23
V11: Updated device model verification lines
MTK-SU: Replaced all dirty-cow part with New MTK-SU binary(elf) from @diplomatic
source
Click to expand...
Click to collapse
Credits to @Diplomatic for his work on the Mtk_su that I used used to make this tool work again after Dirty-Cow was patched.
DOWNLOAD LINK
Preferred to use the Downloads tab of this thread.
Archived downloads on android file host also == link
XDA:DevDB Information
R1-HD Dirty-cow Unlock Tool, Tool/Utility for the BLU R1 HD
Contributors
mrmazak, vampirefo for his recovery, lopestom for his recovery, emc2cube for his debloat zips, christianrodher for his dirtycow method,
Source Code: https://github.com/mrmazakblu/DirtyCow-R1_HD
Version Information
Status: Testing
Current Stable Version: V11
Stable Release Date: 2017-04-11
Current Beta Version: MTK-SU
Beta Release Date: 2019-04-14
Created 2017-02-22
Last Updated 2019-04-18
Reserved
Items planed to be addressed in next release:
--Add few more file integrity checks to the extra's page
--Add copy log to clipboard option so it is easier to post log entry if needed-------*********----already-_added to github copy of batch file
--Add a verification step that checks what recovery is installed( to prevent trying to do steps on extra's page with stock recovery)
--Possibly move to a "fastboot boot recovery" instead of "adb reboot recovery" for the same reason as above
--Add wget or similar to the extra's items so initial "TOOL" size is smaller (not that 40-50MB is big, but to some it may be )
--Add additional "selinux mode changer apk" for fm radio install rather than just the note that says it needs to be found.
Reserved
Works great on OEM 6.6, thanks for the tool!
So I got the one-click-root.sh done, maybe. Can some linux users go over it, make sure I didn't do anything stupid? I don't exactly have a device to check it with atm, and I am not pro with scripting, barely novice, so it is a pretty basic conversion of the batch file. Still, it might work . Just would like a few eyes on first.
https://github.com/theredbaron1834/Scripts/blob/master/one-click-root.sh
Also, I looked at dirty-cow-tool.bat. However, wow, more an advanced batch file, and I am not sure what the first half does, so not sure how to convert . However, it seems if anyone does get it, the eqiv of goto for linux is funtions. simple cheatsheet:
Code:
function stuff {
echo "this stuff is run via the function"
{
stuff #goes to stuff and runs function
theredbaron1834 said:
So I got the one-click-root.sh done, maybe. Can some linux users go over it, make sure I didn't do anything stupid? I don't exactly have a device to check it with atm, and I am not pro with scripting, barely novice, so it is a pretty basic conversion of the batch file. Still, it might work . Just would like a few eyes on first.
https://github.com/theredbaron1834/Scripts/blob/master/one-click-root.sh
Also, I looked at dirty-cow-tool.bat. However, wow, more an advanced batch file, and I am not sure what the first half does, so not sure how to convert . However, it seems if anyone does get it, the eqiv of goto for linux is funtions. simple cheatsheet:
Code:
function stuff {
echo "this stuff is run via the function"
{
stuff #goes to stuff and runs function
Click to expand...
Click to collapse
thank you for your input.
As far as the begining of the batch, It is adding a few folders to the "path" variable so help ensure the "adb push" commands find the files it is trying to push. Then it sets some folder "flags" to hidden so that the files the batch needs don't get accidentally moved or changed. Then the large section with mostly "echo" that is to set up the "simulated" G.U.I.
The lines of just "::::::::::" are simply used to help with reading the batch file. i use them to seperate functions. They are not needed.
The lines with only 2 "::" are standard windows comment / remark line entries
The lines with 1 ":" are the beginning line of the loop/ function == the line that "goto *" searches for
Does Works to unlock 7.4.2?
khyr said:
Does Works to unlock 7.4.2?
Click to expand...
Click to collapse
It is supposed to. It is the same base codes used from original script, and that one was confirmed to work. I Do not have first hand use of V7.4.2 so it is only confirmed through other users.
The dirty-cow being used has been patched by google in Dec but blu has not rolled out the patch. So there is no reason for it not to work.
edit:
I have the linux version ready.
-the first step, (ADB Push) is ready. including md5 file checks
-step 2 is ready= running dirty-cow with md5 check before final writing to mmcblk device
-step 3 is ready unlocking bootloader = including check if unlock is done, but need to fix the "unlock_adility" check
I can make to file to compare and grep the line needed, but cannot "sed" the extra information or do a > < comparison
-step 4 is ready .--flash twrp
Finished 90% of tool.
still need to tweek the log feature.
I ran tests on the lop back to menu and test ran
1. push files for dirty-cow and md5 check . then made push fail to verify the check method was valid ==pass
2. run dirty cow commands and md5 verification on resulting file. ==pass
3.unlock bootloader --- I ran it (needed to fake the already unlocked check) it works == pass
4 . flash twrp --installed both version i have, both install fine ===pass
5 extra menus -- ran . install su-----debloat---rebloat--- add fm radio--- preloader roll back =====all pass
(bootloader roll back needs manual intervention to re-enter fastboot during the boot loop that is unavoidable)
6. instruction ====not written yet
7. exit yes it closes == pass
8. logs --- needs completeing
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
torchredfrc said:
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
Click to expand...
Click to collapse
no it does not.
the /sdcard is the internal memory and the Download folder is already there.
you might be having issues but the folder is already part of normal system
mrmazak said:
no it does not.
the /sdcard is the internal memory and the Download folder is already there.
you might be having issues but the folder is already part of normal system
Click to expand...
Click to collapse
Fair enough, my restore didn't have /sdcard/Download and I made an assumption that /sdcard was my mounted card. Thanks for the insight.
OOPS
found typo on V4 of tool. batch files sets variables for "return", from loop functions. And two returns were set to same label9, so if you had tried to do extra's menu option #8. "ROLL Back Preloader" , instead it was running option # 5. " MTK_BLU Debloat v2"
fixed and still reading and re-reading to search for errors.
This looks bad.
The reason I put together this tool was I felt it was important to make a way to minimize the problems usually associated with android modifications. By making "typo's" a thing of the past, and I found them in my own script.
re-posted V5 combined with linux V2--
torchredfrc said:
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
Click to expand...
Click to collapse
I'm a total noob, and I'd like to know how to proceed with the supersu and all the other parts of step 5. Thank you
gabriel986 said:
I'm a total noob, and I'd like to know how to proceed with the supersu and all the other parts of step 5. Thank you
Click to expand...
Click to collapse
Ok. After you have completed upto twrp install. You can do the options on #5. It is all programed and automatic. What is does is put zip files onto the phone and reboots phone into recovery, then recovery installs them.
mrmazak said:
Ok. After you have completed upto twrp install. You can do the options on #5. It is all programed and automatic. What is does is put zip files onto the phone and reboots phone into recovery, then recovery installs them.
Click to expand...
Click to collapse
I get up to the recovery installation, but then I can not access such recovery on the phone, If I turn it on with power+vol up, it takes me to the default factory recovery by blu.
And If I try to the super su step with the phone on, it resets it, and get it to the screen with the dead android, while the script just shows the ADB DETECTED message.
In case it's needed, my R1 HD is running on
BLU_R0010UU_V7.4.2_GENERIC 09-11-2016 13:38
gabriel986 said:
I get up to the recovery installation, but then I can not access such recovery on the phone, If I turn it on with power+vol up, it takes me to the default factory recovery by blu.
And If I try to the super su step with the phone on, it resets it, and get it to the screen with the dead android, while the script just shows the ADB DETECTED message.
Click to expand...
Click to collapse
You missed a step in the process.
As tool finishes the recovery install it comes to a "pause" in the script, you need to hold the volume up button on phone "before" pressing button on pc keyboard to continue.
If phone does a normal reboot at this point then the system will replace the newly installed recovery with the stock one.
Giving you the situation you have now.
This step I cannot control, you must press volume button on phone to get the boot menu, and directly boot into recovery to ensure that the install sticks.
mrmazak said:
You missed a step in the process.
As tool finishes the recovery install it comes to a "pause" in the script, you need to hold the volume up button on phone "before" pressing button on pc keyboard to continue.
If phone does a normal reboot at this point then the system will replace the newly installed recovery with the stock one.
Giving you the situation you have now.
This step I cannot control, you must press volume button on phone to get the boot menu, and directly boot into recovery to ensure that the install sticks.
Click to expand...
Click to collapse
trying again....
for how long should I press the volume up key?
gabriel986 said:
trying again....
for how long should I press the volume up key?
Click to expand...
Click to collapse
When tool says Hold button , keep it held. Then continue the script. Phone should reboot to the boot menu. Then let go of volume
Some phones do not accept the fastboot reboot command, on those phones need to hold power to shut off. Then volume and power together to come on, release power when screen come on
mrmazak said:
When tool says Hold button , keep it held. Then continue the script. Phone should reboot to the boot menu. Then let go of volume
Some phones do not accept the fastboot reboot command, on those phones need to hold power to shut off. Then volume and power together to come on, release power when screen come on
Click to expand...
Click to collapse
ok.. trying again
---------- Post added at 02:00 PM ---------- Previous post was at 01:46 PM ----------
gabriel986 said:
trying again....
for how long should I press the volume up key?
Click to expand...
Click to collapse
it beat me!
I get stuck in that part of the process, If anyone uploads a video to check what i'm doing wrong, I'll be grateful.

[Guide][Root] How to install the latest Google software update

This guide is primarily intended for rooted users updating to the latest security update, since stock users can just take the OTA.
Key points
User data and applications are kept intact
You do not have to remove your PIN, password, or fingerprint
You do not have to remove TWRP, Magisk, your custom kernel, dtbo, or anything
This is intended for monthly security updates; developer previews and beta releases may or may not work with this method. You're welcome to try, but all may not work as expected
Installing Update:
Make sure you have the latest Google SDK Platform Tools. Extract the archive to a location of your choosing (creates platform-tools folder)
Get the latest taimen Factory Image (not OTA) from Google's Developer Page and save to a location of your choosing
Extract the archive, and open the extracted folder. You should see a list of files:
bootloader-taimen-[version string].img
flash-all.bat
flash-all.sh
flash-base.sh
image-taimen-[version string].zip
radio-taimen-[version string]
.img
Open the flash-all script (flash-all.bat for Windows, flash-all.sh for Linux/OSX) in your favorite text editor.
Find the line that reads "fastboot -w update image-taimen-[version].zip and remove "-w" (the wipe user data switch). Save and close the flash-all script.
Move (cut and paste, etc) all of these files to the platform-tools folder.
Enable USB Debugging from the Developer Options menu on your device (press "Build Number" 7 times if not already visible)
With your device plugged into the computer, open a command prompt in the platform-tools folder
Windows: Open the folder, hold down Shift and right click inside the folder, "Open Command window here"
Linux: If you're on Linux you already know how to do this
OSX: Open a folder in a terminal
Reboot to bootloader:
Code:
adb reboot bootloader
Execute update script in terminal:
Windows:
Code:
flash-all.bat
Linux/OSX:
Code:
./flash-all.sh
The device will reboot a few times while updating
Restoring root and/or a custom recovery
Download latest:
TWRP image
Magisk zip
TWRP zip
(Optional) Custom kernel zip
Place all files in the platform-tools folder
Reboot to bootloader
Boot TWRP image.
Code:
fastboot boot [twrp image filename].img
Push zip files to /tmp
Code:
adb push [magisk filename].zip /tmp
Optional: TWRP persistent installation + custom kernel:
Code:
adb push [twrp filename].zip /tmp
adb push [custom kernel filename].zip /tmp
Install Magisk:
Code:
adb shell twrp install /tmp/[magisk filename].zip
Optional: TWRP persistent installation + custom kernel:
Code:
adb shell twrp install /tmp/[twrp filename].zip
adb shell twrp install /tmp/[custom kernel filename].zip
adb shell twrp install /tmp/[magisk filename].zip
Reboot to system
[ Reserved ]
[ Reserved Post ]
[Deleted]
tlbland0426 said:
Nice guide but correct me if I'm wrong but I don't believe there is a working solution for Magisk yet
Click to expand...
Click to collapse
Magisk works fine...
twiz0r said:
Magisk works fine...
Click to expand...
Click to collapse
He probably was referring to P
Telperion said:
This guide is primarily intended for rooted users updating to the latest security update, since stock users can just take the OTA.
Key points
User data and applications are kept intact
You do not have to remove your PIN, password, or fingerprint
This is intended for monthly security updates; developer previews and beta releases may not work as expected
Installing Update:
Make sure you have the latest Google SDK Platform Tools. Extract the archive to a location of your choosing (creates platform-tools folder)
Get the latest taimen Factory Image from Google's Developer Page and save to a location of your choosing
Extract the archive, and open the extracted folder. You should see a list of files: bootloader-taimen-[version string].img/B]
flash-all.bat
flash-all.sh
flash-base.sh
image-taimen-[version string].zip
radio-taimen-[version string]
.img
Open the flash-all script (flash-all.bat for Windows, flash-all.sh for Linux/OSX) in your favorite text editor.
Find the line that reads "fastboot -w update image-taimen-[version].zip and remove "-w" (the wipe user data switch). Save and close the flash-all script.
Move (cut and paste, etc) all of these files to the platform-tools folder.
Enable USB Debugging from the Developer Options menu on your device (press "Build Number" 7 times if not already visible)
With your device plugged into the computer, open a command prompt in the platform-tools folder
Windows: Open the folder, hold down Shift and right click inside the folder, "Open Command window here"
Linux: If you're on Linux you already know how to do this
OSX: Open a folder in a terminal
Reboot to bootloader:
Execute update script in terminal:
Windows:
Linux/OSX:
The device will reboot a few times while updating
Restoring root and/or a custom recovery
Download latest:
TWRP image
Magisk zip
TWRP zip
(Optional) Custom kernel zip
Place all files in the platform-tools folder
Reboot to bootloader
Boot TWRP image.
Note: As of the February security update, TWRP 3.2.1-0 cannot decrypt the /data/ partition. When prompted for your PIN, cancel. You can keep /system/ read-only.
Push zip files to /tmp
Optional: TWRP persistent installation + custom kernel:
Install Magisk:
Optional: TWRP persistent installation + custom kernel:
Reboot to system
Click to expand...
Click to collapse
Will this method work if I already have TWRP installed or is this for people who have the factory recovery? I understand that I'll have to reinstall TWRP after. I just wanna make sure that this will work with TWRP installed before I do it. Thanks for the great tutorial btw!
Update: Guide worked perfectly for me!
I would say the guide worked perfectly, but even after removing the "-w", my phone immediately proceeded to wipe all data anyway.
HOWEVER!: This may have been personal error as the first time I did the "flash-all" bat, I forgot to "unlock_critical" (perhaps you should add this to your guide as mine seemed to have reset itself). I therefore had to flash again, which may have caused a corrupted file and automatically initiated the system wipe.
Secondly, on the first boot/install of TWRP, I would not recommend flashing absolutely everything in one go as for me it borked the install of Magisk and caused me all sorts of issues with Google Play (no idea how, but it did).
I would only suggest booting to TWRP and installing that zip, then going back into recovery afterwards and then flashing your kernel, then finally flashing Magisk (may be an issue related to my kernel and Magisk overwriting each other?).
Then go back into TWRP a final time and flash Dolby/VIPER, etc...
Eleiyas said:
I would say the guide worked perfectly, but even after removing the "-w", my phone immediately proceeded to wipe all data anyway.
HOWEVER!: This may have been personal error as the first time I did the "flash-all" bat, I forgot to "unlock_critical" (perhaps you should add this to your guide as mine seemed to have reset itself). I therefore had to flash again, which may have caused a corrupted file and automatically initiated the system wipe.
Secondly, on the first boot/install of TWRP, I would not recommend flashing absolutely everything in one go as for me it borked the install of Magisk and caused me all sorts of issues with Google Play (no idea how, but it did).
I would only suggest booting to TWRP and installing that zip, then going back into recovery afterwards and then flashing your kernel, then finally flashing Magisk (may be an issue related to my kernel and Magisk overwriting each other?).
Then go back into TWRP a final time and flash Dolby/VIPER, etc...
Click to expand...
Click to collapse
Well once you issues the "unlock_critical" it was wiped right?
Hey guys, I followed this today and it wiped data. I am not sure if Google has changed the flash-all.bat file, but I do recall in the past following these exact steps, opening the flash-all.bat, removing "-w" and that saving the data.
Today though, when I opened the bat for image (8.1.0 (OPM2.171019.029.B1, May 2018)) here's what it says: @Echo off
:: Copyright 2012 The Android Open Source Project
::
:: Licensed under the Apache License, Version 2.0 (the "License");
:: you may not use this file except in compliance with the License.
:: You may obtain a copy of the License at
::
:: http://www.apache.org/licenses/LICENSE-2.0
::
:: Unless required by applicable law or agreed to in writing, software
:: distributed under the License is distributed on an "AS IS" BASIS,
:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
:: See the License for the specific language governing permissions and
:: limitations under the License.
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-taimen-tmz12a.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-taimen-g8998-00164-1710262031.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot update image-taimen-opm1.171019.011.zip
echo Press any key to exit...
pause >nul
exit
//////////////////
So there's no -w there by default apparently. When I didn't see it I assumed I would be alright. Not the case lol. But thankfully I had already backed up the few things that mattered so it wasn't a huge deal but nevertheless, is there something i am missing for future reference?
Teffy said:
Hey guys, I followed this today and it wiped data. I am not sure if Google has changed the flash-all.bat file, but I do recall in the past following these exact steps, opening the flash-all.bat, removing "-w" and that saving the data.
Today though, when I opened the bat for image (8.1.0 (OPM2.171019.029.B1, May 2018)) here's what it says: @Echo off
:: Copyright 2012 The Android Open Source Project
::
:: Licensed under the Apache License, Version 2.0 (the "License");
:: you may not use this file except in compliance with the License.
:: You may obtain a copy of the License at
::
:: http://www.apache.org/licenses/LICENSE-2.0
::
:: Unless required by applicable law or agreed to in writing, software
:: distributed under the License is distributed on an "AS IS" BASIS,
:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
:: See the License for the specific language governing permissions and
:: limitations under the License.
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-taimen-tmz12a.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-taimen-g8998-00164-1710262031.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot update image-taimen-opm1.171019.011.zip
echo Press any key to exit...
pause >nul
exit
//////////////////
So there's no -w there by default apparently. When I didn't see it I assumed I would be alright. Not the case lol. But thankfully I had already backed up the few things that mattered so it wasn't a huge deal but nevertheless, is there something i am missing for future reference?
Click to expand...
Click to collapse
Did this occur when you tried to edit the flash-all.bat file? If so, how were you trying to edit the file?
Badger50 said:
Did this occur when you tried to edit the flash-all.bat file? If so, how were you trying to edit the file?
Click to expand...
Click to collapse
I'm not sure if you're confused about what I wrote so I'll recap. I edited the flashall with notepad but remember I never ended up changing anything at all because the file did not contain "-w" on first open after extraction.
So essentially, I did all the steps except when I editted the flash-all I didn't actually have to edit anything because there was no -w (I included full text as is, first open in my post). Then I continued through rest of the steps. Everything worked fine other than it did wipe use data at the very end.
Teffy said:
I'm not sure if you're confused about what I wrote so I'll recap. I edited the flashall with notepad but remember I never ended up changing anything at all because the file did not contain "-w" on first open after extraction.
So essentially, I did all the steps except when I editted the flash-all I didn't actually have to edit anything because there was no -w (I included full text as is, first open in my post). Then I continued through rest of the steps. Everything worked fine other than it did wipe use data at the very end.
Click to expand...
Click to collapse
I'm always confused my friend. I got it now That's pretty weird for sure. Never encountered that with all the factory images since November. Must have been a rouge download or something. I'll be on the lookout for it though in the coming months :good::good:
Can anyone confirm if this process still works on the June update?
Thanks
docluv01 said:
Can anyone confirm if this process still works on the June update?
Thanks
Click to expand...
Click to collapse
Don't see why not. It's pretty much the same as the one I use :good:
docluv01 said:
Can anyone confirm if this process still works on the June update?
Thanks
Click to expand...
Click to collapse
It worked when I flashed a device from May to Beta 2 this week, so June should still work.
My June factory flash all. bat still had the - w in it. I removed - w, saved it, ran it and worked fine. My Substratum black theme for Inbox still works as well. No data wiped at all.
If I use this method to update, is it just "dirty flashing" the device? So all my settings, apps and their data and the internal storage will remain intact? If not it's better just to flash the full OTA zip as it was suggested for me in another thread by @Badger50 ?
matekaneve said:
If I use this method to update, is it just "dirty flashing" the device? So all my settings, apps and their data and the internal storage will remain intact? If not it's better just to flash the full OTA zip as it was suggested for me in another thread by @Badger50 ?
Click to expand...
Click to collapse
Either way, your data will not be wiped. Google dirty OTA's stock, non rooted folks every month ??
Windows 10. Shift, right click menu has powershell instead of cmd.exe. Powershell doesn't work well for this. Someone tipped me to typing cmd into the path window of file explorer to get the cmd prompt going. Much easier to use than that powershell stuff.

Fire HD8 7th Gen - recovery completely gone

Hello,
Please and thanks in advance for any assistance!
I've successfully rooted my HD8 7th gen fire tablet, thanks to the many helpful posts here. However during some of my failed attempts while using Magisk, TWRP App, etc, I've somehow managed to wipe out my stock Recovery partition/files. I can do normal booting fine and I'm sure that I have root, as confirmed by the # at ADB shell and the Root Checker apps available.
I've tried the following:
-Entered Fastboot mode and tried several commands there: always resulting in a 'the command you input is restricted on locked hw' (So, obviously, my bootloader is locked (but I've overwritten it somehow, so it makes me think that at some point I was able to unlock it and overwrite it?)
-Flashfire, TWRP, Magisk and Flashify apps - successful messages every time I try, but no joy when trying to enter recovery mode (it's possible I'm trying to flash the wrong recovery.img file? - does anyone have it and what is it's size? i searched my tablet for the file and found two: one 17mb and the other 8mb - both "flashed" successfully, but no joy when trying to boot into them)
-adb su commands
-Giving up and doing a full Factory Restore via the GUI - it just tries to reboot to the recovery mode, which doesn't exist, so i can't do anything.
-Giving up and doing a full Factory Restore via Fastboot mode - 'the command you input is restricted on locked hw'
I was so happy I was able to obtain root, but if something gets wonky or I decide to try the much raved about resurrection image, i need to have the recovery boot available if/when everything goes wrong.
Please and thanks again for any advice.
Daveychan said:
Please and thanks again for any advice.
Click to expand...
Click to collapse
It's fairly simple but cumbersome to recreate recovery with root. You need to locate the original install-recovery script for your Rom. You may search in /etc or /system/etc . Most likely though your SuperSu deleted it.
So you download your particular Rom version from amazon, unpack it into a system image via mtk-extractor, mount that system image, and find the files.
You can mount this extracted system.bin either on Linux, or directly on your tablet. Just push it to /sdcard, and do this: https://stackoverflow.com/questions/36448234/how-to-mount-a-loop-device-in-android
Then you run the full install-recovery script which will patch your boot.img into recovery partition.
Alternatively, you can beg someone here to dump their HD8 2017 recovery, and upload the image here. So you can dd it in using root into the appropriate partition.
See, I told you - it's all very simple !
Edit: @dondraper23 - can you help a fellow XDA-er? Just dd your HD8 2017 recovery, and post it here.
Code:
dd if=/dev/block/platform/soc/by-name/recovery of=/sdcard/recovery.img
Then zip it, and post it here.
Thank you very much for the fast reply. Much appreciated!
I’ll give this a try ASAP and post back.
If anyone has the recovery.img for the HD8 Gen7, please do post it.
Thank you again!
Okay, i've spent several hours on this and I need to ask for more help.
I managed to get the system.img file from the Amazon .bin as you described. (I used the MTK Extractor for that. It's 1.57 GB by the way.) Next, I moved the system.img file to my Fire's SD card, then I connected the Fire to my Linux, and mounted the system.img file in Linux so I can see the file directory.
I can now see the install-recovery.sh file, located in the /bin folder of the mounted image, but it's read-only. Even by opening to that path via terminal with SU and trying to chmod 777 the file, it's still locked as read-only.
So, I don't know what to do next. I can't copy the file, and I don't see how to run the file via Fire anyway. (Was I supposed to somehow mount the system.img file via ADB commands and then run it that way? If so, I don't know how to do that.)
Sorry if I've asked something obvious or silly. As before, I appreciate the assistance!
Please and Thanks!
Daveychan said:
Okay, i've spent several hours on this and I need to ask for more help.
I managed to get the system.img file from the Amazon .bin as you described. (I used the MTK Extractor for that. It's 1.57 GB by the way.) Next, I moved the system.img file to my Fire's SD card, then I connected the Fire to my Linux, and mounted the system.img file in Linux so I can see the file directory.
I can now see the install-recovery.sh file, located in the /bin folder of the mounted image, but it's read-only. Even by opening to that path via terminal with SU and trying to chmod 777 the file, it's still locked as read-only.
So, I don't know what to do next. I can't copy the file, and I don't see how to run the file via Fire anyway. (Was I supposed to somehow mount the system.img file via ADB commands and then run it that way? If so, I don't know how to do that.)
Sorry if I've asked something obvious or silly. As before, I appreciate the assistance!
Please and Thanks!
Click to expand...
Click to collapse
Sure, just copy that install-recovery.sh file to your tablet, into /data/local/tmp. There is also another file you will need, it's /system/recovery-from-boot.p . Copy this one to /data/local/tmp as well. Then edit your install recovery script, to point to this /data/local/tmp/recovery-from-boot.p . Then just su, chmod 777 your install recovery script, and run it. It should take your boot, and patch it into recovery using recovery-from-boot.p patch file.
Thank you for the fast reply. But because that sh file its read-only, I can't open it or copy it.
Error when running the script
Hello again,
I managed to get around the read-only problem (opening everything as Superuser in Linux was the trick to making that work, for other noobs who may be following along with my pain here.)
I grabbed those two files as you indicated and followed the instructions. Unfortunately I was met with a ton of error messages. Here they are:
=====================
[email protected]:/data/local/tmp # /data/local/tmp/install-recovery.sh
contents of partition "/dev/block/platform/mtk-msdc.0/by-name/recovery" didn't match EMMC:/dev/block/platform/mtk-msdc.0/by-name/recovery:7022592:38eeb844c578f6bbfb6edf8ddf7ba1112200a25c
file "EMMC:/dev/block/platform/mtk-msdc.0/by-name/recovery:7022592:38eeb844c578f6bbfb6edf8ddf7ba1112200a25c" doesn't have any of expected sha1 sums; checking cache
failed to stat "/cache/saved.file": No such file or directory
failed to load cache file
patch EMMC:/dev/block/platform/mtk-msdc.0/by-name/boot:4720640:9dc6d0ebab0b237a7b2f31ae0fabe026da83cda5: LoadPartitionContents called with bad filename (EMMC:/dev/block/platform/mtk-msdc.0/by-name/recovery)
contents of partition "/dev/block/platform/mtk-msdc.0/by-name/recovery" didn't match EMMC:/dev/block/platform/mtk-msdc.0/by-name/recovery
contents of partition "/dev/block/platform/mtk-msdc.0/by-name/boot" didn't match EMMC:/dev/block/platform/mtk-msdc.0/by-name/boot:4720640:9dc6d0ebab0b237a7b2f31ae0fabe026da83cda5
source file is bad; trying copy
failed to stat "/cache/saved.file": No such file or directory
failed to read copy file
=====================
I'm attaching the two files i pulled from the system.img file - as converted from the .bin file downloaded from Amazon (as above), in case you are still willing to help out and can take a look. (I edited the install-recovery.sh file to the correct path already, so it's not the original anymore.)
MUCH APPRECIATED!
Thank you!
Daveychan said:
Hello,
Please and thanks in advance for any assistance!
I've successfully rooted my HD8 7th gen fire tablet, thanks to the many helpful posts here. However during some of my failed attempts while using Magisk, TWRP App, etc, I've somehow managed to wipe out my stock Recovery partition/files. I can do normal booting fine and I'm sure that I have root, as confirmed by the # at ADB shell and the Root Checker apps available.
I've tried the following:
-Entered Fastboot mode and tried several commands there: always resulting in a 'the command you input is restricted on locked hw' (So, obviously, my bootloader is locked (but I've overwritten it somehow, so it makes me think that at some point I was able to unlock it and overwrite it?)
-Flashfire, TWRP, Magisk and Flashify apps - successful messages every time I try, but no joy when trying to enter recovery mode (it's possible I'm trying to flash the wrong recovery.img file? - does anyone have it and what is it's size? i searched my tablet for the file and found two: one 17mb and the other 8mb - both "flashed" successfully, but no joy when trying to boot into them)
-adb su commands
-Giving up and doing a full Factory Restore via the GUI - it just tries to reboot to the recovery mode, which doesn't exist, so i can't do anything.
-Giving up and doing a full Factory Restore via Fastboot mode - 'the command you input is restricted on locked hw'
I was so happy I was able to obtain root, but if something gets wonky or I decide to try the much raved about resurrection image, i need to have the recovery boot available if/when everything goes wrong.
Please and thanks again for any advice.
Click to expand...
Click to collapse
You shuld try:
-Extract an ota update in a folder
-Run from the folder with the extracted files
Code:
fastboot flash boot boot.img
the recovery is in boot.img, doing this helped me on a similar situation
Thanks to @bibikalka for pointing me to this thread
On the 7th gen fire hd8 TWRP doesn't work yet
t0x1cSH said:
You shuld try:
-Extract an ota update in a folder
-Run from the folder with the extracted files
Code:
fastboot flash boot boot.img
the recovery is in boot.img, doing this helped me on a similar situation
Thanks to @bibikalka for pointing me to this thread
On the 7th gen fire hd8 TWRP doesn't work yet
Click to expand...
Click to collapse
It's not enough to reflash boot.img ! Recovery is created on boot by patching boot.img, but the OP's fire has messed up recovery creation scripts due to SuperSu. So he needs to either re-run the recovery creation script manually - which seems to produce errors, or simply flash a full recovery image - hence my request to extract it from a fire with working recovery.
Hey, I'll pull the recovery off mine tomorrow
NFSP G35 said:
Hey, I'll pull the recovery off mine tomorrow
Click to expand...
Click to collapse
That would be fantastic! Thank you much!
Here you go
Daveychan said:
That would be fantastic! Thank you much!
Click to expand...
Click to collapse
Just FYI, to flash this image file into recovery (assuming you have the recovery image sitting in /sdcard/recovery.img):
Code:
dd if=/sdcard/recovery.img of=/dev/block/platform/mtk-msdc.0/by-name/recovery
bibikalka said:
It's not enough to reflash boot.img ! Recovery is created on boot by patching boot.img, but the OP's fire has messed up recovery creation scripts due to SuperSu. So he needs to either re-run the recovery creation script manually - which seems to produce errors, or simply flash a full recovery image - hence my request to extract it from a fire with working recovery.
Click to expand...
Click to collapse
this is the recovery partition straight from my hd8 2017
but i am very curious about a thing, if you look at booth the boot.img and the recovery partition they contains exactly the same data, in the same structure so why cant he simply flash boot.img?
t0x1cSH said:
this is the recovery partition straight from my hd8 2017
but i am very curious about a thing, if you look at booth the boot.img and the recovery partition they contains exactly the same data, in the same structure so why cant he simply flash boot.img?
Click to expand...
Click to collapse
They do have a lot of similarities, that's why recovery is created by patching boot via a relatively small patch file. But, they are still different! That recovery menu is contained entirely within the recovery image, while the boot image does not do that.
Just to add to this, you don't need to flash the boot.img to use install-recovery.sh.
You can also modify the script to read boot from an img file.
k4y0z said:
Just to add to this, you don't need to flash the boot.img to use install-recovery.sh.
You can also modify the script to read boot from an img file.
Click to expand...
Click to collapse
Do you care to post a script that does that, and writes into a recovery image file? The syntax of that patch command is a bit messy, so I would not mind having a debugged working script
Hello again,
My apologies for the delay, work was busy this week, and I couldn't find the time to check the solution until now.
I'm so VERY HAPPY to report that all worked well, and the recovery.img and the command line you provided worked perfectly. (WOW! Thank you!)
For those who want the details, the message after the command in the terminal was:
==
#dd if=/sdcard/recovery.img of=/dev/block/platform/mtk-msdc.0/by-name/recovery
----
34816+0 records in
34816+0 records out
17825792 bytes transferred in 1.159 secs (15380320 bytes/sec)
==
I then did a full power down, and then a started it up again while holding the top-left Volume key and the Power key, and look at that! I'm sitting at the Amazon system recovery screen again! <insert YAY! here>
I'm not sure if it matters, but I thought I'd mention it. At the bottom of the screen in orange letters, it says:
===
E:Error in /cache/recovery/last_kmsg
(No space left on device)
===
So, after a little bit of searching, I selected "wipe cache partition", rebooted again into recovery, and the error is gone now.
Another normal reboot started the "Optimizing apps..." thingy, but it finished quickly and I can confirm that all my stuff is still there. Just to be sure, I did another reboot to recovery, no error messages this time, and then another regular reboot, with no optimizing.
It appears that everything in my world is good again!
My sincerest gratitude and appreciation to all who helped contribute and support this solution.
THANK YOU VERY MUCH!
Daveychan said:
the much raved about resurrection image .
Click to expand...
Click to collapse
Out of curiosity, what is this? There is an image, other than stock, for the 7th Gen HD8?
Resurrection-remix
xnatex21 said:
Out of curiosity, what is this? There is an image, other than stock, for the 7th Gen HD8?
Click to expand...
Click to collapse
It's a WIP for the HD8 I've read. My friend has this on his HD7 and swears it's twice as fast as the regular.
Here's some info:
https://forum.xda-developers.com/kindle-fire-hd/7-development/rom-resurrection-remix-5-1-x-t3234535
and here:
https://forum.xda-developers.com/le-pro3/development/9-0-resurrection-remix-v7-0-t3894663

[Guide]Installing Lineage

Installing Lineage​
Few quick things.
Since the 8T does not have a single unified guide like FunkWizard did for other OnePlus devices, I'm adding some things that are likely important, but don't necessarily have to do with installing LOS.
This will be similar to my 6T installing Lineage guide. However the 8T is a newer device, and new to me. Expect it to change and get updated as things change. I'll add in pictures like the 6T guide soon.
I also want to address a common question, you can use Windows for this process. I prefer Linux, and Fastboot just works in Linux without driver issues. If you have Fastboot and ADB working in Windows already feel free to use that if you want. If you use Windows, remove "sudo" from the commands (this is for Linux).
I am using a Global 8T, and have only tested these methods on such.
Make Sure OOS is Updated​1. Start fresh, and make sure OOS is up to date.
This should be self explanatory. Go to settings, and system, check for updates. Download and install any system updates OOS has to make sure you have the latest firmware on your device.
Unlock the Bootloader​2. Unlock the Bootloader
sudo fastboot flashing unlock
For this step you will need fastboot. I use Linux, and honestly I feel like it's easier and more reliable for fastboot and ADB so that's what I'm including here in these steps. It's easy to boot from a USB.
To create a bootable Linux flash drive you can use Unetbootin, which you can download for free here (Your other option would be to burn the ISO straight to a DVD and skip the unetbootin step):
https://unetbootin.github.io/
For Linux, I'm using Linux Mint Cinnamon, You can download for free here:
https://www.linuxmint.com/download.php
Then run unetbootin (yours will look a little different, I'm running it in Linux):
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Point it to the Linux ISO, and tell it where an empty flash drive is. It will erase everything on the flash drive. Afterwards you can load whatever you want on the flash drive. However be aware when booting Linux from this drive you can't access what is on the drive (at least not by normal methods).
After this has successfully completed, reboot the PC, and boot from the USB drive. Your PC will boot into Linux (turning off the PC and removing the USB drive will make it boot up like normal again).
Next we need to install fastboot and adb. You need to open up the "start menu" and open the "synaptic package manager". You can find this stuff in the menus, however the easiest way to get to these items is to just start typing the name of the item. See below:
Search fastboot, click the boxes, choose install. Then search for ADB, click the boxes, choose install and then click apply. That will install most of the stuff we need, but really old versions of fastboot and adb. You must update fastboot to install LOS. Time to open up a terminal:
In the terminal run these commands to update fastboot and adb (this is downloading them directly from Google).
wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip
unzip \platform-tools-latest-linux.zip
sudo cp platform-tools/adb /usr/bin/adb
sudo cp platform-tools/fastboot /usr/bin/fastboot
Next you need to make sure OEM unlocking is enabled. If you haven't tapped on the build number and enabled devloper options, do this now. enabling USB debugging for the moment, would also be helpful.
Now would be a good time to back everything up. The phone will get wiped.
Place the phone in fastboot mode. You can do this using the advanced reboot menu or ADB, or the key combinations (all key combos listed below for reference):
Volume Up + Power while turning on will boot to fastboot. (<-- Don't believe this works on the 8T)
Volume Down + Power while turn on will boot to recovery.
Holding Volume Up + Power should force the phone to turn off.
Volume Up + Volume Down should put your phone in Download mode for the MSM Tool.
If you enabled USB Debugging in the terminal window, type (the phone will pop up a warning asking you to allow USB debugging, make sure you allow this):
sudo adb reboot bootloader (<-- This command will make the phone restart to the bootloader / fastboot)
Once there type the command below. Your phone will be wiped. Make sure you backed up any important information. Use the volume buttons to select unlock, and press the power button.
sudo fastboot flashing unlock
Backing up Persist / EFS​3. Backing up the persist partition and EFS backup.
dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img
dd if=/dev/block/bootdevice/by-name/modemst1 of=/sdcard/modemst1.bin
dd if=/dev/block/bootdevice/by-name/modemst2 of=/sdcard/modemst2.bin
Hopefully you never need a backup of your persist paritition or EFS backup. However if anything ever happens you'll be glad you have it. The EFS contains the IMEI, so it is unique to every device. You can do this at any point as long as you have root. The easiest way, epsecially for those not want to root their device is to use the broken TWRP. I got this TWRP and a bunch of my initial rooting information from @Mpolo87 's Guide OnePlus 8T EasyRoot. It is an excellent guide. The TWRP is in step 4. This is not the way you need to root LOS though. Download this TWRP.
Once again from the terminal:
The image explained:
cd Desktop <-- Switched the directory to the Desktop the default directory when you open up the terminal is the /home directory.
sudo fastboot devices <-- Is just checking to see if my PC can see my phone, and making sure it's in fastboot. Sudo is necessary for this distro, as both fastboot and ADB must be run as root.
sudo fastboot boot recovery.img * <-- Sends that TWRP image to the phone to be booted temporarily. Only boot this, never run the command "flash".
With this TWRP loaded it is normal that the screen will be blank and just briefly flash the TWRP logo screen. All we need to do is use the terminal window on the PC. Run these commands:
sudo adb shell
dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img
dd if=/dev/block/bootdevice/by-name/modemst1 of=/sdcard/modemst1.bin
dd if=/dev/block/bootdevice/by-name/modemst2 of=/sdcard/modemst2.bin
exit
sudo adb pull /sdcard/persist.img /home/mint/Desktop
sudo adb pull /sdcard/modemst1.bin /home/mint/Desktop
sudo adb pull /sdcard/modemst2.bin /home/mint/Desktop
It is important to use ADB to pull the files off of the device after creating them. They won't be accessible after you restart. Also if you are using a live Linux distro (USB) the files do not remain on the USB after you restart / power off. So you need to place these files on another hard drive or USB. The persist.img should be ~ 32MB the Modems should be ~ 2MB each. Once you have the files you can run
sudo adb reboot bootloader
Installing Lineage​4. LOS 18.1 Thread
Quick Common questions:
Gapps are not included, you must sideload them if you want them. Personally I use NikGapps, LOS Recommends MindtheGapps.
Official LOS 8T Download Link
Download the latest build, and the recovery image from the link above.
You must have a current version of fastboot / adb to successfully install this. (Update method mentioned previously in this guide) To install Lineage it is as simple as the instructions listed on the LOS site.
From the terminal:
sudo adb reboot bootloader
sudo fastboot flash recovery lineage-18.1-20210506-recovery-kebab.img
Now reboot in recovery. Doesn't matter how you get there. You can use the volume keys to change the options in the bootloader, you can use volume down and power, etc. Once in Lineage Recovery we need to run the copy partitions zip. The link for this is on the LOS install page. However here is a direct link. In LOS recovery choose:
- Apply Update
- Apply from ADB
From the terminal on the PC
- sudo adb sideload copy-partitions-20210323_1922.zip
LOS recovery will warn you about the zip not being signed, flash this anyways. Hit the back button, choose advanced, and then reboot to recovery. It is now time to actually install LOS. In LOS Recovery:
- Factory Reset. (You did backup everything right?)
- Press Format data / factory reset.
- From the main LOS Recovery menu, Apply Update
- Apply from ADB
From the terminal on the PC
- sudo adb sideload lineage-18.1-20210506-nightly-kebab-signed.zip
If you want to install Gapps or Magisk, you must reboot to recovery. Go to advanced and choose reboot to recovery before install anything else. If you are only installing LOS you are ready to reboot to system now.
Optional, Gapps​5. Sideloading Gapps.
For Android 11 I've been using NikGapps:
NikGapps <-- For Lineage 18.1 (Use the R Folders for Android 11. I recommend the "Core" version. I also tested Basic though if you want that level of Gapps. I strongly recommend you grab setup wizard out of the R Addons Folder, I used the regular setup wizard, not the pixel one.)
Remember you need to reboot to recovery once after installing LOS (as mentioned above). This does not mean you need to let LOS boot, just reboot to recovery, so that it switches slots.
In LOS recovery choose:
- Apply update
- Apply from ADB
Now in the terminal on the PC:
- sudo adb sideload NikGapps-core-arm64-11-20210501-signed.zip
- Remember between each zip file you must again hit apply from ADB.
- sudo adb sideload NikGapps-Addon-11-SetupWizard-signed.zip
LOS recovery will warn you about the zip not being signed, flash this anyways.
If you get a warning about them not being signed, choose flash anyways. If you are going to flash Magisk, move to the next section. If you don't need Magisk, reboot to system.
Very Optional, Magisk​5. Sideloading Magisk.
All the devices I've tested with Android 11 have worked fine since Magisk 21.2. At this point I don't see a reason to still run the Canary builds unless you want to for some reason.
Download Magisk: [urlhttps://github.com/topjohnwu/Magisk/releases]Magisk GitHub Link[/url]
This will be flashed in LOS recovery. To get to recovery you can use the ADB (if you enable USB debugging), key combination, or the advanced restart menu, doesn't matter.
In LOS recovery choose:
- Apply update
- Apply from ADB
Now in the terminal on the PC:
- sudo adb sideload Magisk-v22.1.zip
If you get a warning about them not being signed, choose flash anyways. We should be ready to reboot to the system now.
Very Optional, Passing Safety Net​6. Magisk Required.
These items are add-ons are flashed in Magisk after the first boot (Don't flash these in TWRP anymore):
MagiskHide Props Config
Busybox
To flash modules in Magisk press the puzzle piece icon. Then choose install from storage. Now just choose your addons. After flashing the icons it will have a reboot icon at the bottom. You can reboot or you can press back and flash another. After you are done reboot.
You will also need a Terminal Emulator. I personally use:
Terminal Emulator for Android
Once all these are installed the first step is setup Magisk. Under Magisk go to settings:
In version 20.4+ Magisk Hide is no longer on by default. So make sure the Magisk Hide, Hide Magisk from various forms of detection switch is flipped. Then press Hide Magisk Manager. This will bring up a box for you to choose a random name for the Magisk Manager, type whatever you want here. You can leave it Manager if you wish, but I typically change this.
Now open Magisk again. It will ask you to download it again, click ok, then manually open the app again as it says. Now we need to open Magisk hide. This is now under the shield icon, then click the arrow at the top:
These are the apps you don't want to know that you have root. Less is better. You can cause instability problems by just choosing everything. My general rule of thumb is, Google, steaming video, music, and payment apps get selected. In my experience if I come across an app that needs it and I didn't select it, I just clear cache and/or data and re-open the app and it works. There are some big multiplayer apps that ban hardware / people, so do your research (don't ask me, I don't play those games).
Next time to change the device fingerprint using MagiskHide Props Config Module. We do this using the terminal emulator. In the terminal emulator, type "su" to gain root privileges. Then type props to run the module:
Now it's just following the menus. Choose option 1 - Edit device finger print. (type 1, hit enter)
After this you will see a menu of devices. It doesn't matter what device you pick really. If you want apps / Google to think you have a OPPO or Samsung pick one of those Fingerprints. However there's a bit more to passing Safety-net than that. Since Google has changed how things work not all those fingerprints that used to work will work now. Also now you may get an error when you turn on the phone because of the security dates. My 8T passes saftey net, just choosing the 8T and Android 11 fingerprint. Also keep in mind some fingerprints will require Force basic key attestation to pass.
After choosing the fingerprint you want, it will ask you if you want to reboot. Choose yes. After rebooting, you may need to clear the cache from the play store for some apps to appear in it. You should now pass safety net. Check this in Magisk:
Very Optional, Ad Blocking​7. Root required.
You can block many things with a hosts file, most popular would be ads. I've been use StevenBlack's host file which is a compilation of several hosts files. This is located on Github:
https://github.com/StevenBlack/hosts (Scroll down you'll see the options of what you can block)
Direct link to the hosts file I use. This will block Adware / Malware.
First we have to make the hosts file. The hosts file must use Unix / Linux line endings. If you are using Linux, don't worry about this, just create the file. If you are using Windows, the easiest thing to do is use Notepad++ (Free).
Notepad++ Downloads
Next one other caveat. The hosts file is quite large. I've never had much luck copy and pasting it from any other browser than Firefox (Windows or Linux), but however you get it into Notepad++ is not a big deal.
Once in you have the hosts file into Notepad++ go to Edit, EOL Conversion, and Choose Unix (LF).
Now save the file as "hosts" no ending. This does mean under file type you will need to change it to All File types *.*. Move this hosts file to your phone.
You will need to use a root file explorer to copy this hosts file to /system/etc/ and replace the file that is there. I used Solid Explorer for this.
Updating Lineage​
Updating Lineage is pretty much the same as installing it, just without the reset or wipe. First reboot to Lineage recovery. Doesn't matter how you get there. You can use the advanced reboot menu, or the adb.
Couple things to remember:
You will need a PC for this.
Fastboot / ADB must be updated for this to work, otherwise you will have problems.
Apply Update --> Apply From ADB
- sudo adb sideload lineage-18.1-20210506-nightly-kebab-signed.zip
If you use Gapps or Magisk, you also need to sideload these. Once again you still need to reboot recovery. Hit the back button, choose advanced, and then reboot to recovery.
Apply Update -> Apply from ADB (This must be done between each zip file)
- sudo adb sideload NikGapps-core-arm64-11-20210501-signed.zip
- sudo adb sideload NikGapps-Addon-11-SetupWizard-signed.zip
- sudo adb sideload Magisk-v22.1.zip
If you get a warning about them not being signed, choose flash anyways.
Then reboot to system. If you were using a hosts file for adblocking you will need to put that back as well when it boots. This gets replaced during the update.
Cliff Notes​
Hopefully you've backed up EFS and persist partition.
Fastboot and ADB must be current version. You will have issues if they are old.
If you are using Windows remove "sudo" from the commands. This is for Linux only.
Once you install Gapps you need to continuing installing Gapps. If you want to go without Gapps after installing them, do a clean install.
Installing Lineage​
sudo adb reboot bootloader
sudo fastboot flash recovery lineage-18.1-20210506-recovery-kebab.img
Apply Update --> Apply From ADB
- sudo adb sideload copy-partitions-20210323_1922.zip (assuming this is a new install) (you can skip wiping data if you are updating)
Reboot to Recovery (This option is in the Advanced Menu of LOS Recovery)
Choose factory reset, and format data (assuming this is a new install) (you can skip wiping data if you are updating)
Apply Update --> Apply From ADB
- sudo adb sideload lineage-18.1-20210506-nightly-kebab-signed.zip
If you want to sideload Gapps / Magisk you must reboot recovery now (This option is in the Advanced Menu of LOS Recovery). If you are only installing Lineage, you are ready to reboot to system.
In LOS recovery choose:
- Apply update
- Apply from ADB
Now in the terminal on the PC:
- sudo adb sideload NikGapps-core-arm64-11-20210501-signed.zip
- sudo adb sideload NikGapps-Addon-11-SetupWizard-signed.zip
- sudo adb sideload Magisk-v22.1.zip
If you get a warning about them not being signed, choose flash anyways. We should be ready to reboot to the system now.
Updating Lineage​
Using LOS Recovery:
Apply Update --> Apply From ADB
- sudo adb sideload lineage-18.1-20210506-nightly-kebab-signed.zip
If you use Gapps or Magisk, you also need to sideload these. Once again you still need to reboot recovery. Hit the back button, choose advanced, and then reboot to recovery.
Apply Update -> Apply from ADB (This must be done between each zip file)
- sudo adb sideload NikGapps-core-arm64-11-20210501-signed.zip
- sudo adb sideload NikGapps-Addon-11-SetupWizard-signed.zip
- sudo adb sideload Magisk-v22.1.zip
If you get a warning about them not being signed, choose flash anyways.
Then reboot to system. If you were using a hosts file for adblocking you will need to put that back as well when it boots. This gets replaced during the update.
Woah, this is awesome, moving from my old Note 5 to a OP8T very soon (Currently in shipping, I'll have it in hand in a week or so if all goes well, very excited). This will be my first time poking around with Oneplus, or any new device for that matter (I've never dabbled in the AB system and stuff yet) and a guide like this is exactly what I need. Thank you so much!
Guide is updated, with update instructions, and cliff notes. I updated to the new build today. No issues.
For adblock you should add Adaway in there for an easier/safer option. You also get automatic host file updates then too
Very nice sir, very nice indeed!
Are these commands the same for windows?
I have been out of development for a long time. Last roms I built was Windows mobile 5. Probably around 2009. I must admit I'm a little lost in all the new terminology.
I have a T-mobile 8T+5G and SIM is unlocked and waiting on Boot loader unlock token to arrive tomorrow.
If anyone is interested in helping hold my hand through install, root etc I will gladly give a tip for your time. I have windows and and fastboot working. PM me for contact information.
bobsbbq said:
Are these commands the same for windows?
I have been out of development for a long time. Last roms I built was Windows mobile 5. Probably around 2009. I must admit I'm a little lost in all the new terminology.
I have a T-mobile 8T+5G and SIM is unlocked and waiting on Boot loader unlock token to arrive tomorrow.
If anyone is interested in helping hold my hand through install, root etc I will gladly give a tip for your time. I have windows and and fastboot working. PM me for contact information.
Click to expand...
Click to collapse
It is the same commands for windows. Just need to install the proper fastboot and adb binaries and drivers for windows (can easily be found by searching).
bobsbbq said:
Are these commands the same for windows
Click to expand...
Click to collapse
Just remove "sudo" from them. The distro I'm using requires fastboot / ADB to be run as root. Sudo obviously won't work and isn't needed in Windows. Everything else is the same.
Could you add "Revert Back to OOS from Lineage Guide" too ? Just in case people want to restore OOS !
rohanhole said:
Could you add "Revert Back to OOS from Lineage Guide" too ? Just in case people want to restore OOS !
Click to expand...
Click to collapse
This I should probably mention as this device doesn't really have an easy way to return back to stock at the moment. At least without using the MSM Tool, that I know of? At the moment you will need to use the MSM tool.
MSM / Unbrick Tool Thread <-- Instructions / Guide Included in that thread. * Remember using this tool will wipe your data, and it will relock your bootloader.
Also that is the regular 8T thread, TMobile users wanting the TMobile version would use the TMobile Thread.
jwarrior319 said:
For adblock you should add Adaway in there for an easier/safer option. You also get automatic host file updates then too
Click to expand...
Click to collapse
I'm not sure about safer? Again I'm making some assumptions I guess... I've never used Adaway, always used a hosts file. For what it's worth there is an adway add on in the NikGapps addon folder. At some point maybe I'll try and test this.
OhioYJ said:
This I should probably mention as this device doesn't really have an easy way to return back to stock at the moment. At least without using the MSM Tool, that I know of? At the moment you will need to use the MSM tool.
MSM / Unbrick Tool Thread <-- Instructions / Guide Included in that thread. * Remember using this tool will wipe your data, and it will relock your bootloader.
Also that is the regular 8T thread, TMobile users wanting the TMobile version would use the TMobile Thread.
I'm not sure about safer? Again I'm making some assumptions I guess... I've never used Adaway, always used a hosts file. For what it's worth there is an adway add on in the NikGapps addon folder. At some point maybe I'll try and test this.
Click to expand...
Click to collapse
Another way to revert back to OOS is to use the payload dumpster tool with a full ota zip and flash all the images. There's a thread already with instructions on that.
Edit: https://forum.xda-developers.com/t/guide-convert-tmo-to-global-eu-or-other-variant.4188491/
Under manually in post 1
jwarrior319 said:
Another way to revert back to OOS is to use the payload dumpster tool with a full ota zip and flash all the images. There's a thread already with instructions on that.
Edit: https://forum.xda-developers.com/t/guide-convert-tmo-to-global-eu-or-other-variant.4188491/
Under manually in post 1
Click to expand...
Click to collapse
I figured this might be possible, but I hadn't tried yet. Very helpful. MSM should always be a last resort.
I had already rooted and flashed the LOS ROM. I forgot to come back to this guide. I did not back up the persist and modem files. Is it too late for that now?
bobsbbq said:
I had already rooted and flashed the LOS ROM. I forgot to come back to this guide. I did not back up the persist and modem files. Is it too late for that now?
Click to expand...
Click to collapse
I don't think linage touch these paritions (at least not the persist one), but I might be wrong. In either case I would take a back up of persist and the modems now, as a backup from now is probably better than no backup if you get any problems later on.
Is there supposed to be F-Droid and Micro-G in the base LOS Rom? I don't have either. Sorry still trying to get use to this.
bobsbbq said:
Is there supposed to be F-Droid and Micro-G in the base LOS Rom? I don't have either. Sorry still trying to get use to this.
Click to expand...
Click to collapse
No it is not.
Got LOS installed, still does fastboot loop. Sideloaded Magisk 21.4, failed. Can't get past fastboot....hasn't booted to LOS even once
.
Anyone? No sense in trying it again until there's some feedback.
Device is NOT bricked. Can still reinstall the ROM, just will not boot to LOS...
Success!
You have to use r31.0.0 platform-tools
Linux users run commands as ROOT & add ./ before fastboot (./fastboot)

Resources