Full disclosure- many of these steps are just copy/pasted from the Magisk install instructions and other areas online, just thought I'd post a full set of instructions for our device. There might be easier steps or I might have added additional unnecessary steps, please let me know and I can update. I'm just posting what worked for me. I also don't like installing things from sketchy fileshare sites, so I provide the way to get everything from official sources.
This is to get root via Magisk on a stock Moto Z4 (I have the Retail model, don't know anything about Verizon or other models). You will need to have a knowledge of how to do some advanced tasks, such as using ADB/Fastboot, installing APKs from unknown sources, and installing drivers on your computer. Google is your friend (or DuckDuckGo in my opinion) I am not responsible for bricked phones, thermonuclear war, etc. This is just a helpful guide.
You might as well start on the latest OTA since during the unlock process you'll have no choice but to erase all your data, make sure you're fully updated and backup your data.
HOW TO ROOT FROM STOCK:
First, you must unlock your bootloader. WARNING: THE UNLOCK PROCESS WILL ERASE ALL OF YOUR DATA!
Follow the instructions on the Motorola website to check if your bootloader can be unlocked and retrieve the ID codes
One step Motorola doesn't mention is that you must enable OEM unlocking from the Developer Options. If you don't know how to get to Developer Options, you'll need to google it. It's very easy, and I think it's a good "test" to figure out if you should even be trying to root your phone
Once you have your unlock code, unlock your bootloader according to the instructions here. EVERYTHING ON YOUR PHONE WILL BE DELETED AT THIS POINT!
Next, you must patch the stock boot image.
You will need to retrieve the boot image, please follow the instructions at the bottom of this post on how to download the full OTA archives.
Once you have the stock boot image, copy it to your phone's storage
You need to install Magisk Manager on your phone (it doesn't need to be rooted at this point- it's just needed to patch the boot image) Download the latest Magisk Manager from the official Magisk thread here
Tap "Advanced Settings" in Magisk Manager and check "Recovery Mode"
Press Install → Install → Select and Patch a File, and select your stock boot/recovery image file
Magisk Manager will patch the image, and store it in [Internal Storage]/Download/magisk_patched.img
Copy the patched image from your device to your PC. If you can’t find it via MTP, you can pull the file with ADB:
adb pull /sdcard/Download/magisk_patched.img
Now, flash the modified boot image
Plug your phone in, make sure USB debugging is enabled, open a command line in the same folder that your patched image is in (or, you can put in the full path on step 3 rather than just the filename).
Easiest way to get to fastboot mode is the command (you can also use the volume key trick if you'd rather or if you're having trouble with ADB):
Code:
adb reboot bootloader
Then all you have to do is:
Code:
fastboot flash boot magisk_patched.img
To reboot:
Code:
fastboot reboot
You should be done now! You can check the status of root from Magisk Manager and refer to Magisk documentation for any help with that. You may also want to disable Automatic System Updates from Developer options to prevent issues when updates are released.
HOW TO DOWNLOAD STOCK OTA ZIP & RETRIEVE BOOT IMAGE:
First, you need to download LSMA, Moto/Lenovo's software for managing and recovering phones
Once the software is installed, open it and go to the "Flash" tab, hit "Switch to Upgrade", and connect your phone
When you connect, it will check for an update (Sometimes it will not have the latest update even if you are offered an update on your phone. You'll need to wait until it shows up here)
Download the update
LSMA will download a zip file to C:\ProgramData\LMSA\Download\RomFiles, and once completed it will automatically extract the ZIP. (If you want the full ZIP image for any reason, you must copy it to a different location before the extraction completes, LSMA deletes the zip once the extraction finishes. Just have the window open until the download completes, as soon as the ZIP file appears copy it to another folder, it will not interfere with extraction.)
Retrieve the boot.img from the download folder
HOW TO UPGRADE TO NEW OTA, PRESERVING ROOT & DATA:
Now you can try following the Magisk instructions since our device has an A/B partition layout, but I wasn't able to get it to work, usually the upgrade fails validating the current image so I have an alternate set of steps that did work for me. Backup your data just in case though.
First, you need to download LSMA, Moto/Lenovo's software for managing and recovering phones
Once the software is installed, open it and go to the "Flash" tab, hit "Switch to Upgrade", and connect your phone
When you connect, it will check for an update (Sometimes it will not have the latest update even if you are offered an update on your phone. You'll need to wait until it shows up here)
Download the update, but don't install it yet. The program will download a zip file to C:\ProgramData\LMSA\Download\RomFiles, and once completed it will automatically extract the ZIP.
Retrieve the boot.img from the download folder and copy it to your phone
Patch the boot.img in Magisk Manager per the steps above
Now proceed with installing the update in LSMA (It will say it's going to erase your data, but it does not).
Your phone will reboot to the bootloader and LSMA will flash the update
Once the update is finished and your phone reboots for the final time, close LSMA.
Reboot to the bootloader again:
Code:
adb reboot bootloader
Flash boot:
Code:
fastboot flash boot magisk_patched.img
Reboot:
Code:
fastboot reboot
Upon reboot, you're now updated, and root & data is preserved.
hey there i cant download the recovery.img for get mod
when triying to flash and download it said device incompatible
anyone have the moded recovery already patch that can share if can of course
I have Android 10 already
Need some help I conect my phone tomthe app for downloading the full ota file but gives me an error. The recognize the phone but I can't download the img file can some one share me the .img patched.
Can I use a .img that some in this forum did ?
I read Android has new fastbootd and I had to manually install ROM and root using fastbootd on One Hyper
Z4 doesn't need fastbootd, does it?
mingkee said:
I read Android has new fastbootd and I had to manually install ROM and root using fastbootd on One Hyper
Z4 doesn't need fastbootd, does it?
Click to expand...
Click to collapse
No, the Z4 does not use fastbootd.
Running this command with the device connected in fastboot mode will return yes if it uses fastbootd and no if it doesn't
Code:
fastboot getvar is-userspace
https://source.android.com/devices/bootloader/fastbootd
Do I have to download LSMA or can I use the boot.img from the Android 10 firmware I got from lolinet?
G.I. Jew said:
Do I have to download LSMA or can I use the boot.img from the Android 10 firmware I got from lolinet?
Click to expand...
Click to collapse
The firmware packages from lolinet are identical to the ones downloaded by LMSA
Sigh, not possible on verizon due to the locked bootloader
zander21510 said:
Full disclosure- many of these steps are just copy/pasted from the Magisk install instructions and other areas online, just thought I'd post a full set of instructions for our device. There might be easier steps or I might have added additional unnecessary steps, please let me know and I can update. I'm just posting what worked for me. I also don't like installing things from sketchy fileshare sites, so I provide the way to get everything from official sources.
This is to get root via Magisk on a stock Moto Z4 (I have the Retail model, don't know anything about Verizon or other models). You will need to have a knowledge of how to do some advanced tasks, such as using ADB/Fastboot, installing APKs from unknown sources, and installing drivers on your computer. Google is your friend (or DuckDuckGo in my opinion) I am not responsible for bricked phones, thermonuclear war, etc. This is just a helpful guide.
You might as well start on the latest OTA since during the unlock process you'll have no choice but to erase all your data, make sure you're fully updated and backup your data.
HOW TO ROOT FROM STOCK:
First, you must unlock your bootloader. WARNING: THE UNLOCK PROCESS WILL ERASE ALL OF YOUR DATA!
Follow the instructions on the Motorola website to check if your bootloader can be unlocked and retrieve the ID codes
One step Motorola doesn't mention is that you must enable OEM unlocking from the Developer Options. If you don't know how to get to Developer Options, you'll need to google it. It's very easy, and I think it's a good "test" to figure out if you should even be trying to root your phone
Once you have your unlock code, unlock your bootloader according to the instructions here. EVERYTHING ON YOUR PHONE WILL BE DELETED AT THIS POINT!
Next, you must patch the stock boot image.
You will need to retrieve the boot image, please follow the instructions at the bottom of this post on how to download the full OTA archives.
Once you have the stock boot image, copy it to your phone's storage
You need to install Magisk Manager on your phone (it doesn't need to be rooted at this point- it's just needed to patch the boot image) Download the latest Magisk Manager from the official Magisk thread here
Tap "Advanced Settings" in Magisk Manager and check "Recovery Mode"
Press Install → Install → Select and Patch a File, and select your stock boot/recovery image file
Magisk Manager will patch the image, and store it in [Internal Storage]/Download/magisk_patched.img
Copy the patched image from your device to your PC. If you can’t find it via MTP, you can pull the file with ADB:
adb pull /sdcard/Download/magisk_patched.img
Now, flash the modified boot image
Plug your phone in, make sure USB debugging is enabled, open a command line in the same folder that your patched image is in (or, you can put in the full path on step 3 rather than just the filename).
Easiest way to get to fastboot mode is the command (you can also use the volume key trick if you'd rather or if you're having trouble with ADB):
Code:
adb reboot bootloader
Then all you have to do is:
Code:
fastboot flash boot magisk_patched.img
To reboot:
Code:
fastboot reboot
You should be done now! You can check the status of root from Magisk Manager and refer to Magisk documentation for any help with that. You may also want to disable Automatic System Updates from Developer options to prevent issues when updates are released.
HOW TO DOWNLOAD STOCK OTA ZIP & RETRIEVE BOOT IMAGE:
First, you need to download LSMA, Moto/Lenovo's software for managing and recovering phones
Once the software is installed, open it and go to the "Flash" tab, hit "Switch to Upgrade", and connect your phone
When you connect, it will check for an update (Sometimes it will not have the latest update even if you are offered an update on your phone. You'll need to wait until it shows up here)
Download the update
LSMA will download a zip file to C:\ProgramData\LMSA\Download\RomFiles, and once completed it will automatically extract the ZIP. (If you want the full ZIP image for any reason, you must copy it to a different location before the extraction completes, LSMA deletes the zip once the extraction finishes. Just have the window open until the download completes, as soon as the ZIP file appears copy it to another folder, it will not interfere with extraction.)
Retrieve the boot.img from the download folder
HOW TO UPGRADE TO NEW OTA, PRESERVING ROOT & DATA:
Now you can try following the Magisk instructions since our device has an A/B partition layout, but I wasn't able to get it to work, usually the upgrade fails validating the current image so I have an alternate set of steps that did work for me. Backup your data just in case though.
First, you need to download LSMA, Moto/Lenovo's software for managing and recovering phones
Once the software is installed, open it and go to the "Flash" tab, hit "Switch to Upgrade", and connect your phone
When you connect, it will check for an update (Sometimes it will not have the latest update even if you are offered an update on your phone. You'll need to wait until it shows up here)
Download the update, but don't install it yet. The program will download a zip file to C:\ProgramData\LMSA\Download\RomFiles, and once completed it will automatically extract the ZIP.
Retrieve the boot.img from the download folder and copy it to your phone
Patch the boot.img in Magisk Manager per the steps above
Now proceed with installing the update in LSMA (It will say it's going to erase your data, but it does not).
Your phone will reboot to the bootloader and LSMA will flash the update
Once the update is finished and your phone reboots for the final time, close LSMA.
Reboot to the bootloader again:
Code:
adb reboot bootloader
Flash boot:
Code:
fastboot flash boot magisk_patched.img
Reboot:
Code:
fastboot reboot
Upon reboot, you're now updated, and root & data is preserved.
Click to expand...
Click to collapse
for those who try to install security patch...
I recommend you do the following in case you wish to keep your root and others in the phone.
as usual, back it up in case...
connect to the lenovo software (above) and download the security patch (you can do it thru the rescue step as the program will prompt "no new software" if you try to check "upgrade software".
once the security patch download is complete, keep a copy of the boot.img and load it on the phone to do usual magisk thing.
but be patient...
keep this new magisk edited boot elsewhere and reflash the original boot to your phone so that the error message in making the patch update disappears.
once you reverted to the original boot (it goes without saying the usual fastboot reboot), make the OTA security patch update.
you will find that the root is gone but the phone (everything).
now is the time to flash the magisk edited boot (the new boot from the update patch) to your phone and voilaaaaa!
your root is back + the security patch applied.
beefytr said:
for those who try to install security patch...
I recommend you do the following in case you wish to keep your root and others in the phone.
as usual, back it up in case...
connect to the lenovo software (above) and download the security patch (you can do it thru the rescue step as the program will prompt "no new software" if you try to check "upgrade software".
once the security patch download is complete, keep a copy of the boot.img and load it on the phone to do usual magisk thing.
but be patient...
keep this new magisk edited boot elsewhere and reflash the original boot to your phone so that the error message in making the patch update disappears.
once you reverted to the original boot (it goes without saying the usual fastboot reboot), make the OTA security patch update.
you will find that the root is gone but the phone (everything).
now is the time to flash the magisk edited boot (the new boot from the update patch) to your phone and voilaaaaa!
your root is back + the security patch applied.
Click to expand...
Click to collapse
Hey, I found that using root on the latest security patch makes the WiFi stop working. Like the switch won't even turn on, and it can't scan for new networks. I know that it's not a hardware problem, because I reverted to the March security update and WiFi works. Is anyone else having the no WiFi issue on the latest security patch while using root?
Fazwalrus said:
Hey, I found that using root on the latest security patch makes the WiFi stop working. Like the switch won't even turn on, and it can't scan for new networks. I know that it's not a hardware problem, because I reverted to the March security update and WiFi works. Is anyone else having the no WiFi issue on the latest security patch while using root?
Click to expand...
Click to collapse
Nope!
Related
I tried to update my phone to the latest version. I hit install from the notification, my phone reboots goes into TWRP recovery.... does nothing, then I have to "reboot into system" and then the phone boots up like normal.
Without updating to 6.0.1. Does anyone know why this is happening, or how to fix it?
I think you can't update the phone with official update method (Settings/About/System Updates) when you have unlocked bootloader and root.
READ.
http://forum.xda-developers.com/nexus-6p/general/guides-how-to-guides-beginners-t3206928
xT29c said:
I tried to update my phone to the latest version. I hit install from the notification, my phone reboots goes into TWRP recovery.... does nothing, then I have to "reboot into system" and then the phone boots up like normal.
Without updating to 6.0.1. Does anyone know why this is happening, or how to fix it?
Click to expand...
Click to collapse
You must return to complete stock, including recovery, before attempting an OTA update
Sent from my Nexus 6P using Tapatalk
As mentioned above, you can't use the traditional method of updating if you are are rooted and have TWRP installed. You will need to flash the images manually with your PC in order to update. There are multiple ways of doing this, but the easiest way I've found takes about 5 or 10 minutes and is documented elsewhere on this site, but long story short:
-install and confirm that ADB/Fastboot works on your PC and can see your phone
-download the latest image directly from google
-unzip the downloaded file on your PC and then unzip the file that was just extracted into your ADB folder
-edit the "flash-all.bat" batch file to remove the "-w" toward the end (to prevent wiping your data)
-put all extracted files into your ADB / Fastboot directory.
-connect your phone to your PC, power it on or reboot it into bootloader mode, and run the batch file that you edited (this will put you back to stock / unrooted)
-re-flash the twrp recovery image using fastboot
-re-root (install SU.zip using twrp).
That's my preferred method, and once you have everything setup (ADB / Fastboot working & factory image downloaded) is should only take a couple of minutes to perform.
As mentioned before, this is well documented elsewhere on this site. I may have missed steps or left out information as I am writing fast because I am currently at work.
Good Luck!
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **
The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.
I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the Customized NL ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, follow this guide through to section 5 place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133 (The rootkernel tool has a bug in its built-in SuperSU integration. See: http://forum.xda-developers.com/showpost.php?p=67485478&postcount=838)
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to root
5.1- Place SuperSU 2.71 zip (or higher) on the phone's sdcard. The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
5.2- Reboot to recovery and flash the zip file.
6- How to relock bootloader and return it to original factory state
6.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
6.1- Repeat step 1.1
6.2- Repeat steps 1.3, 1.4, and 1.5
6.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
6.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
najoor said:
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:
Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Click to expand...
Click to collapse
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
arokososoo said:
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
Click to expand...
Click to collapse
Not yet, atleast for my Dual SIM Version.
njaya95 said:
Not yet, atleast for my Dual SIM Version.
Click to expand...
Click to collapse
So you mean there is a way to root single sim version without unlocking BL?
Thanks ú so much! this is well writen, i will try this when i get the time to do a fresh install. Cheers mate
@arokososoo
Please, in the future never quote long OP and any other long posts. This is very annoying for mobile and desktop users to scroll to the next post. Thanks.
Sent from my Sony E6553 using XDA Labs
I wonder if E6533 can use this guide
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Stoneybridge said:
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Click to expand...
Click to collapse
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Trilliard said:
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Click to expand...
Click to collapse
I can't see your picture, but I assume you have that stucking at modem/system ?
If so, downgrade Flashtool to 0.9.19
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Trilliard said:
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Click to expand...
Click to collapse
Did you forget to wipe?
In a thread i opened in Q&A a user said that even though service info reported bl unlock allowed NO, he managed to unlock it anyways using standard procedure, what do you think?
it seems like Sony RIC is not fully disabled with this patch.
Finally ! Works like a charm in my E6533 (Dual sim) !!! Thanks a lot !!!
Hi thiefxhunter,
How you do this? could you explain us step by step. I like to root my dual sim model.
Thanks.
Hi.. I am stuck in 2.5
My device is unlocked, It is connected in fastboot mode (blue led).
error msg
'Fastboot is not recognised as an internal or external command, operable program or batch file'
Please help me in this.
Solved..
Thanks for this post..
Thanks for this guide, it worked like a charm on my E6553 with 32.2.A.0.224
CorzCorry said:
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
Click to expand...
Click to collapse
Can you please explain how did you do that? Thanks
Via Magisk Manager:
This method does not need root, and also does not require a custom recovery.
However, you MUST have a stock boot image dump beforehand, and you also have to be able to flash the patched boot image, either through fastboot mode
REQUIREMENTS -
1 - Setup adb and fastboot on your PC.
2- Stock boot image (boot.img) of your device (extract file from factory image android P)
3 - Last Magisk Manager (v 5.8.3)
4 - Active Internet connection
5 - Active mind and patience.
6 - Devices must is unlock bl.
This Boot-Image is for boot android P PPR1.180610.009:
https://drive.google.com/open?id=166pE9aMk-jqns3JM74enFhsaDY6-c3yJ
Magisk Manager
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
==================================================
Step 1: Patching the stock boot.img
1- Copy the stock boot.img of your device to your phone's internal storage.
2- Install the latest Magisk Manager
3- Launch Magisk Manager app
4- If prompted to install Magisk, select NO THANKS
5- If you're planning to flash the patched boot image,For normal users leave it as the default .img
6-Press Setting>Update Channel>Beta
7- Press Install > Install > Patch Boot Image File, and select your stock boot image file
Navigate to the location of the stock boot.img you copied earlier on, then Select it
8- Magisk Manager should begin downloading the magisk zip file used for patching
9- Once download is complete, MagiskManager will automatically patch the boot file and store it under SDcard/MagiskManager/patched_boot.img
Step 2: Flashing the patched boot.img
1- Copy the patched_boot.img from your phone's internal storage to folder adb or platform-tools on PC (directory>SDcard/MagiskManager/patched_boot.img)
2- You could also use Fastboot to flash the patched_boot.img or boot.img (if you've renamed then the command must reflect the file name) as outlined below
How to Flash patched_boot.img using Fastboot
1- Setup adb and fastboot on your PC.
2- Unlock the phone's Bootloader (if its not unlocked)
3-Re-enable USB debugging on the phone
4- Connect the phone to the PC via USB cord
5- Boot into fastboot mode.
code
-adb reboot bootloader
6- Flash the patched_boot and reboot by typing in the commands below into adb CMD prompt window and hitting Enter after each line -
Quote:
Code:
fastboot devices
fastboot flash boot patched_boot.img
fastboot reboot
-Verify root using Root Checker
Try at your own Risk
CREDITS
@topjohnwu (Magisk)
Sadly goes into a bootloop for me - no idea why though
This worked for me. I had magisk installed and took the pie update. No more root. D/l the factory image and extracted the boot image to the files folder...pissmeoff they changed the name of the icon... and magisk patched the image and saved it in its folder. Found the file, moved it to the laptop then flashed it.
reawo said:
Sadly goes into a bootloop for me - no idea why though
Click to expand...
Click to collapse
I think you made a mistake.
I always did that method pre Pie and it always worked but now I end up in a bootloop and I did everything according to guide
reawo said:
I always did that method pre Pie and it always worked but now I end up in a bootloop and I did everything according to guide
Click to expand...
Click to collapse
I think you use my file(boot.img) for patch_boot.img from magisk manager.
I think you must check your build number devices.
You must use file boot.img from your factory image for root.
9.0.0 (PPR1.180610.009, Aug 2018) >This is version for my devices
9.0.0 (PPR1.180610.011, Aug 2018, Telstra) >?
hey mate thanks for the input, I got a normal non testra (whatever that is) taimen - tried your boot.img and before that I tried the one from the factory image, both result in a boot loop.
I went through all stages of the Android p beta and in the end, to try solve this, I also non wipe flashed the factory image all to get the same result
could you sent me a drive Link to the patched version of yours or something?
reawo said:
hey mate thanks for the input, I got a normal non testra (whatever that is) taimen - tried your boot.img and before that I tried the one from the factory image, both result in a boot loop.
I went through all stages of the Android p beta and in the end, to try solve this, I also non wipe flashed the factory image all to get the same result
could you sent me a drive Link to the patched version of yours or something?
Click to expand...
Click to collapse
This is file patch_boot.img from my devices.
https://drive.google.com/open?id=1nVEpoGam-VY1YT3GBbG6HNfhnT2NqRin
newyesor said:
This is file patch_boot.img from my devices.
https://drive.google.com/open?id=1nVEpoGam-VY1YT3GBbG6HNfhnT2NqRin
Click to expand...
Click to collapse
Also doesnt work, i thought so - didnt do anything different than when it worked - no idea why it doesn't though
Is there a way to see or read out any protocols regarding this?
I receive also a bootloop and I didnt make any mistake. I also used this method pre Pie, I read that alot of users have problems with rooting Pie atm, even with TWRP
reawo said:
Also doesnt work, i thought so - didnt do anything different than when it worked - no idea why it doesn't though
Is there a way to see or read out any protocols regarding this?
Click to expand...
Click to collapse
You use adb last version for flash patch_boot.img ?
I think you should flash factory image new again and factory reset your devices.
You are use stock kernel or other kernel on your devices.
newyesor said:
You use adb last version for flash patch_boot.img ?
I think you should flash factory image new again and factory reset your devices.
You are use stock kernel or other kernel on your devices.
Click to expand...
Click to collapse
I downloaded all the latest adb and fastboot. Never touched kernel or did custom recovery, always used the magisk method since i am on a pixel device. i also got the issue that my pc doesnt recognize my pixel from time to time, you think i should do a complete wipe?
I don't sure.
You are use platfrom-tool from sdk lastversion?(for flash via fastboot mode)
@reawo
I think you should flash factory image new again and factory reset your devices.
Step 1: Patching the stock boot.img
1- Copy the stock boot.img of your device to your phone's internal storage.
2- Install the latest Magisk Manager
3- Launch Magisk Manager app
4- If prompted to install Magisk, select NO THANKS
5- If you're planning to flash the patched boot image,For normal users leave it as the default .img
6-Press Setting>Update Channel>Beta ,and close this app.****
7- Open app again and Press Install > Install > Patch Boot Image File, and select your stock boot image file
Navigate to the location of the stock boot.img you copied earlier on, then Select it
8- Magisk Manager should begin downloading the magisk zip file used for patching (This process is not failed)***
9- Once download is complete, MagiskManager will automatically patch the boot file and store it under SDcard/MagiskManager/patched_boot.img
Step 2: Flashing the patched boot.img
1- Copy the patched_boot.img from your phone's internal storage to folder adb or platform-tools on PC (directory>SDcard/MagiskManager/patched_boot.img)
2- You could also use Fastboot to flash the patched_boot.img or boot.img (if you've renamed then the command must reflect the file name) as outlined below
How to Flash patched_boot.img using Fastboot
1- Setup adb and fastboot on your PC.
2- Unlock the phone's Bootloader (if its not unlocked)
3-Re-enable USB debugging on the phone
4- Connect the phone to the PC via USB cord
5- Boot into fastboot mode.
code
-adb reboot bootloader
6- Flash the patched_boot and reboot by typing in the commands below into adb CMD prompt window and hitting Enter after each line -
Quote:
Code:
fastboot devices
fastboot flash boot patched_boot.img
fastboot reboot
-Verify root using Root Checker
Try at your own Risk
Will work on the verizon variant (bootloader locked)?
sabi95190 said:
Will work on the verizon variant (bootloader locked)?
Click to expand...
Click to collapse
Nope. If it were that easy for bootloader locked Verizon phones, it would have been done months ago.
What happens if you lock the bootloader after all of this?
DarkSilentSC said:
What happens if you lock the bootloader after all of this?
Click to expand...
Click to collapse
You'll wipe the phone, lose root, and be stock.
DarkSilentSC said:
What happens if you lock the bootloader after all of this?
Click to expand...
Click to collapse
When still rooted and modified? You might very well brick it. Relocking while modified is borderline insanity.
TonikJDK said:
When still rooted and modified? You might very well brick it. Relocking while modified is borderline insanity.
Click to expand...
Click to collapse
"Borderline"???? More like certifiably insane! ?
Hey ! Today i will give you all the different ways/steps for root your Mi A2 easily.
+ How to manually create patched_boot.img for your version (beta...) without extrernal help.
Code:
Your warranty is now void.
We are not responsible for bricked devices, dead
SD cards... Please do some
research if you have any concerns about features
included in this GUIDE before using it! YOU are
choosing to make these modifications.
Summary
- Part 1 : Install drivers and unlock bootloader. Credit to @balazs312
- Part 2 : Root with 2 ways
- Bonus : Backup boot.img and make patched_boot.img
- Part 3 : OTA
Part 1 :
So, First you need to install drivers and unlock your phone bootloader. Skip to part 2 if already done.
1. Installing drivers & Preparing PC
- Download this and extract it
- Open and install "adb-setup-1.4.3.exe"
- When it is done, go to "Drivers" folder and start "miflash_unlock.exe"
- Click on the gear icon top right corner and click on "Check" next to "Click the button to install the drive"
- Do as the installer says
- Hopefully the drivers has been installed so we're done with it, let's head on the next step.
2. Preparing phone for unlocking
- On your phone navigate to Settings->System->About phone and tap the build number until you see "You are developer"
- Go back once and you'll see a new menu called "Developer options"
- Tap on it and search an option called "OEM Unlocking", enable it
- We're done here. Let's keep going
3. Entering fastboot and unlocking bootloader (MAKE A BACKUP of your data!)
- Hold your power button down, tap on restart and hold your volume DOWN button while it resets until you see the Mi bunny doing its thing
- Now we're in Fastboot mode, hooray
- Download this zip and extract it on your PC
- Open it and type "cmd" (without the quotations) in the file manager header where you see (This computer>somethingsomething>Mi A2 fastboot), don't be afraid just type it in, and hit enter and you'll enter into command prompt
- Now we are ready for action
- Type these commands one by one:
fastboot flashing unlock
fastboot flashing unlock_critical
After this, you will see a warning message that your bootloader is unlocked and your data is not safe, blah blah... Just ignore it everytime you power on your phone.
Part 2 :
So there are currently two ways to root his phone. Let's start with the first.
Methode 1 : We will use the new temp twrp. Method by me.
1. Download files...
- Download this TWRP.
- Place it in your adb folder.
- Download Magisk-v17.2_a and Magisk-v17.2_b.
- Copy these 2 zips in your phone internal storage.
2. Check current-slot...
- Plugin your phone to you pc
- Navigate to your settigs on your phone.
- Open Developer settings
- Enable Usb Debugging
- A pop up should appear on your phone scren, hit and box and autorize the pc.
- on your pc, open fastboot command prompt, and type "adb reboot bootloader" , your device should reboot to fastboot
- type "fastboot getvar current-slot". Remember if the result is a or b.
3. Root using temporally twrp
- Reboot your phone in fastboot.
- On your pc, open fastboot command prompt, and type "fastboot boot twrp-3.2.3-jasmine-20181020.img"
- Your phone now reboot into twrp, it down't flash it, so after a reboot twrp will be gone.
- If twrp ask a password for decrypt data put your phone PIN and validate.
- Click on install and select Magisk-v17.2_a if the result in Step 2. is A, and Magisk-v17.2_b if result is B and swipe to install.
- Then select Reboot.
Now you have Magisk 17.2 installed on your phone, and twrp is gone after reboot. You can select beta in Magisk settings and update to 17.3 if you want.
Methode 2 : We will use patched_boot.img.
1. Where to find patched_boot.img ?
- Go here and check if there is your build version. If yes dowload the patched_boot.img file ( need to be on pc ) and skip to step 2. If not continue.
- If you can't find your correct build patched_boot.img (Because you are on the beta, and nobody share the file or something like that....) you can easily make your own using temp twrp. Go to Bonus part, make your patched_boot.img and continue.
2. Pepare files.
- Copy the patched_boot.img in your adb folder
- Be sure to rename it to "patched_boot.img"
- Download latest Magisk Manager apk here (currently v6.0.1)
- Copy the apk on your phone storage.
3. Install Magisk
- Reboot your phone in fastboot.
- Open a fastboot command prompt on your pc.
- Type "fastboot boot patched_boot.img"
- Your phone will reboot, put your pin....
- Go in your prefer file explorer and Install the magisk apk.
- Now open Magisk Manager app
- Click Install, direct install. Wait for the process
- And click reboot.
Now you have Magisk 17.2 installed on your phone. You can select beta in Magisk settings and update to 17.3 if you want.
Bonus
So, i will show you how to backup your current bot img. And how to make your own patched_boot.img, so people who are on Beta OTA can root there phone without any external help...
1. Backup the boot.img
- Download this TWRP.
- Place it in your adb folder.
- Reboot your phone in fastboot.
- On your pc, open fastboot command prompt, and type "fastboot boot twrp-3.2.3-jasmine-20181020.img"
- Your phone now reboot into twrp, it down't flash it, so after a reboot twrp will be gone.
- If twrp ask a password for decrypt data put your phone PIN and validate.
- In TWRP, click on "Advanced"
- Click "File Manager"
- Navigate to /dev/block/platform/soc/c0c4000.sdhci/by-name
- You will se a lot of files, and if you look you will see 3 important files, boot, boot_a and boot_b.
- Click on the "boot" file
- Click "Copy File"
- Navigate to /sdcard
- Click the blue arrow and swipe to confirm
- Click reboot
- Copy the file on your pc, and rename it to "boot.img" instead of "boot".
Now you have backup your stok boot.img you can use it for stock or whatever you want....
2. Create the patched_boot.img file
- Download latest Magisk Manager apk here (currently v6.0.1)
- Install the apk on your phone
- Open Magisk Manager
- Go to settings , click Update Channel and select Beta
- Return to home of Magisk Manager
- Click Install, then Boot image file patch ( don't know the correct typo because for me the app is in french, champion du monde !! xD ) and wait for the end of the process.
Done you now create your own patched_boot.img ! Enjoy !!
Part 3 :
So, now i will explain you how to install OTA when you have magisk.
- First, disable Automatic system updates in developer options, so it won't install OTAs without your acknowledgement.
- Open Magisk Manager, click Uninstall, then Restore Images. Don't reboot !
- Now Search for update and wait for the process. BUT do not press the "Restart now" or "Reboot" button !
- Open Magisk Manager, hit Install, then Install to inactive slot.
- Reboot when it's done.
If it don't work (strange) and ota failed, you can find your stock boot.img for your build version here, or backup your boot.img using the[ B]1.[/B] of the Bonus part and flash it using the command "fastboot flash boot_( your current slot) boot.img" (you can check your current slot with command "fastboot getvar current-slot).
If you have issues or something like that, here are some telegram group :
MiA2dev
MiA2OffTopic
HexKernel
Work perfect with october update
Thanks 4 your great work
nnexuss said:
Work perfect with october update
Thanks 4 your great work
Click to expand...
Click to collapse
Your wellcome, enjoy
Thx for your very, very good work. No Problems at all with October update. :good:
mahalo
yorkberliner said:
Thx for your very, very good work. No Problems at all with October update. :good:
mahalo
Click to expand...
Click to collapse
nice, enjoy
What to do when Magisk prompts that "Stock Image does not exist"?
Couldn't find a folder to put stock image.
0firuz said:
What to do when Magisk prompts that "Stock Image does not exist"?
Couldn't find a folder to put stock image.
Click to expand...
Click to collapse
can you explain which part you try to do, and on which steps you got this error? for more support you can join telegram groups from the bottom of the guide.
*edit* you can flash stock boot.img for future OTA. check the Part 3 : OTA
Hi
Right now im on OPM1.171019.011.V9.6.13.0ODIMIFE (5 sept 2018) rooted with magisk
I just want to update and re-root, the painless style. I dont want to flash a ****load of stuff to have a functionning phone.
Can anyone confirm that step 3 is ok? Thats the same method than for MI A1, and it was only half functionnal, i dont want to play with fire.
After having killed the IMEI numbers and the persist partition of the A1, it took me 2 weeks to repair, I dont want to **** up this one too. Hell no.
kaott said:
Hi
Right now im on OPM1.171019.011.V9.6.13.0ODIMIFE (5 sept 2018) rooted with magisk
I just want to update and re-root, the painless style. I dont want to flash a ****load of stuff to have a functionning phone.
Can anyone confirm that step 3 is ok? Thats the same method than for MI A1, and it was only half functionnal, i dont want to play with fire.
After having killed the IMEI numbers and the persist partition of the A1, it took me 2 weeks to repair, I dont want to **** up this one too. Hell no.
Click to expand...
Click to collapse
this is safe. but if you want to can just use patched boot method.
I used the method described in Step 3 to install the September OTA (V9.6.13.0) and re-install Magisk. It worked like a charm, but I am trying to repeat the method to install the October update without success. The OTA updater downloads the update, and starts installing it, but it fails miserably every time.
I have even completely uninstalled Magisk and flashed the img from here: https://sourceforge.net/projects/others/files/MiA2/
But It does not work, the OTA installer always fails.
I'm clueless, what can I do?
doragasu said:
I used the method described in Step 3 to install the September OTA (V9.6.13.0) and re-install Magisk. It worked like a charm, but I am trying to repeat the method to install the October update without success. The OTA updater downloads the update, and starts installing it, but it fails miserably every time.
I have even completely uninstalled Magisk and flashed the img from here: https://sourceforge.net/projects/others/files/MiA2/
But It does not work, the OTA installer always fails.
I'm clueless, what can I do?
Click to expand...
Click to collapse
it's because during the ota process, the current slot change. but you can back to stock September ROM, then update. and after that root using my second post https://forum.xda-developers.com/mi-a2/how-to/guide-2-minutes-magisk-installation-t3856980/amp/
Thread closed at OP request
Red Magic 5G Bootloader Unlock Guide: OR get ROOT & TWRP without unlocking the BL!!!
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
WARNING: ANY BOOTLOADER UNLOCK METHOD INVOLVES THE RISK OF BRICKING YOUR DEVICE PERMANENTLY. WHILE THERE IS USUALLY A WAY TO RECOVER, DO NOT ATTEMPT THIS PROCEDURE IF YOU DO NOT KNOW WHAT YOU ARE DOING. BAD THINGS CAN HAPPEN. YOU HAVE BEEN WARNED!!! YOU MAY BE LEFT WITH A USELESS BRICK!!! READ ALL FURTHER WARNINGS EXPERIMENTAL METHOD IN ORIGINAL DOWNLOAD FILE WORKS, I'M USING IT
If you want a NOOB guide look at this post: https://forum.xda-developers.com/nu...beginner-tutorial-unlock-bootloader-t4131585/
Also note a user has managed to fix the FP sensor post BL unlock, see this post here: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
Still, I suggest root bypass it's better.
MegaNZ Link for Root without unlocking the Bootloader, and without breaking the FP, also includes instructions for installing BlackMagic5G (explanation below), adding HD VOLTE, how to restore from a brick, and some other cool tricks: https://mega.nz/file/igphSCTD#OybJo9t1zwvJ0bdbAcN2BCqxWXAfHdhk3JFB4_5xkVc
I suggest you flash my BlackMagic5G and don't unlock your bootloader at all - just root. It's CN 2.52 ROM based. You'll get VOLTE, , GApps installed, Rooted with Magisk, TWRP, debloated, YouTube Vanced, AdAway, SmartPack Kernel Manager, etc. - looks like the Global / NA variant of the ROM. Almost perfect except still uses Messages and Phone from Nubia. Plus you will enable Face Unlock not available in the Global or NA versions of the ROM, and FP will still work! Click on the Google Search bar widget and the mic icon takes you to the Google Assistant, the left icon is Google Feed, type in the middle bar for a Google Search. Has 1Weather Free weather widget that looks great, and Google Calendar widget for your whole month of activities. Translate, Lens, Chrome, all the Google Apps are there. And the Chinese Nubia apps are nearly all GONE!
MegaNZ Link for BlackMagic5G Beta - IT'S ONLY THE DATA PARTITION + ROOTED KERNEL + NA SPLASH SCREEN, you NEED to 1) install the Red Magic 2.52 ROM below FIRST 2) Root using the first link posted above 3) Flash restore this from TWRP: https://mega.nz/file/r9hF2BwS#RrAXiFWSBNX8dLqfrH8nNHo_uigPC8uYXonwhALhGbo
MegaNZ Link for the Red Magic 5G CN 2.52 ROM: https://mega.nz/file/aoxBFAqY#EDt2OZBGTME4ZGKnERKpK_t-aJT_rWgD0aqBFkilRcY
*** NOW THE BOOTLOADER UNLOCK INSTRUCTIONS ***
Go to Settings / About phone / Build Number (NX659_J_ENCommon_V3.08 on North American Variant), click 7 times, Now you are a developer message appears, go back a menu to Settings / Other system settings / Developer options.
Enable:
OEM unlocking "Allow the bootloader to be unlocked"
USB debugging "Debug mode when USB is connected"
Install Minimal ADB and Fastboot (Windows 10 in this example): https://www.androidfilehost.com/?fid=746010030569952951
Default install path is:
C:\Program Files (x86)\Minimal ADB and Fastboot\
Go to the Search button on the bottom on Windows 10, type cmd, Command Prompt will appear in the menu. Right click it and Run as Administrator. All commands to be typed will be run in this Command Prompt window (referred to as terminal) unless otherwise stated to run on the phone.
Now Terminal window appears (it says Administrator: Command Prompt in the heading):
Text displayed is:
Microsoft Windows
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>
Typed in terminal:
cd "c:\Program Files (x86)\Minimal ADB and Fastboot"
I now connected the phone to a USB port on the PC.
On the phone, a Window appeared:
"Allow USB debugging?"
The computer's RSA key fingerprint is:
[36 digit code] Example:
C8:A17:E2:01:F6:A1
:368:10:E8:33:20:FB:
93:7D
Always allow from this computer (it's my computer so I clicked it since I trust the computer)
CANCEL / ALLOW (I clicked ALLOW)
Typed in terminal:
adb reboot bootloader
The phone reboots. Once the phone screen boots, in the center it says: Now you are in fastboot mode.
From the terminal I typed:
fastboot oem nubia_unlock NUBIA_NX659J
The terminal now displayed:
...
(bootloader) START update nubia fastboot unlock flag!!!
(bootloader) START set state to 1 ok!!!
In the terminal I typed:
fastboot flashing unlock *** DO NOT TYPE THIS IF YOU WANT TO KEEP A WORKING FP!!! READ TOP OF POST!!! AVOID THIS WITH THE EXPERIMENTAL METHOD OF ROOT WITH NO BL UNLOCK ***
Now a screen appeared on the phone with a big <!> red icon in the left corner. The rest in white text is a warning message. "By unlocking the bootloader, you will be able to install custom operating system on this phone. A custom OS is not subject to the same level of testing as the original OS, and can cause your phone and installed applications to stop working properly-
Software integrity cannot be guaranteed with a custom OS, so any data stored on the phone while the bootloader is unlocked may be at risk.
To prevent unauthorized access to your personal data, unlocking the bootloader will also delete all personal data on your phone.
Press the Volume keys to select whether to unlock the bootloader, then the Power Button to continue."
I selected UNLOCK BOOTLOADER and my device was completely erased. The factory OS loaded then. This process takes some time to complete.
Now the device rebooted with a warning message, and a big <!> yellow icon in the left corner.
"The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.
Visit this link on another device:
g.co/ABH"
Now the device reloads the firmware apparently and wipes all user data. Upon setting up the phone, the fingerprint display registration comes up and asked to place my finger on the back of the phone. There is no fingerprint sensor on the back of the Redmagic 5G! It is under the screen! So this step must be skipped. The ROM setup is corrupt or incomplete, a beta possibly. I setup the phone then went into Settings / Security to try to add a fingerprint. The button to add fingerprint then appears. Once I click the button, I get this error:
Loss of fingerprint calibration data
Loss of fingerprint calibration data was detected.
Currently unable to complete fingerprint entry,
please contact Nuia after-sales service via
4007006600
See the XDA post for recalibrating the FP: https://forum.xda-developers.com/nu.../guide-calibration-finger-print-loss-t4132961
ROOT FOR ALL DEVICES:
(These files are included in the tools download zip, Magisk 20.4 and MagiskManager-v7.5.1.apk, but this is the official source as updates post): Go to XDA and Download Magisk Manager and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power, release the power button once the screen shows it loading, hold the volume up down until you see TWRP pop up). Flash Magisk from TWRP Install / Zip / sdcard / Magisk.zip reboot and you'll have root.
BL unlock first method was tested on North American variant and it works. But it breaks your FP sensor and gives you an annoying boot prompt.
If at any time you want to remove the OEM Bootloader unlock, you plug into the PC, go to the terminal for Minimal ADB and Fastboot, type:
adb reboot fastboot
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing lock (screen will prompt to relock BL, choose to Relock)
The phone should reboot and install the original software. BUT...
If it says you are corrupted well, you have more issues.
You'll have to reflash the stock recovery.img, reboot to stock recovery, wipe data, wipe cache, and flash the CN update.zip rom to a flash drive FORMATTED TO FAT32 (annoying as hell) But you NEED a USB-C to OTG Adapter to attach a Flash Drive / SDCARD this way). If you don't have one, you better reflash TWRP using the prior instructions and flash the update.zip from there. Install, select the update.zip, flash. Wipe Data, Cache, ART/Dalvik. Reboot.
Now it should WIPE the entire phone and be back to normal Android 10 setup non rooted, no unlocked bootloader. Always beware of data loss doing root functions!!! Always be prepared to setup your phone entirely over again. Google Backup is very good to turn on before you do any of this stuff if you have already installed apps.
*** WARNING - THIS BYPASS METHOD COULD GO AWAY AT ANYTIME. IT SHOULD EVENTUALLY BE FIXED BY NUBIA ***
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
You were able to actually install TWRP? Not just boot it? I thought A10 devices cant have twrp permanently installed?
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
mslezak said:
That is a very good question my friend. I had to reflash it several times while rooting so it appears you are correct.
Now a window when I FIRST installed popped up and said make Recovery read only so a system update. can't overwrite it, to this I didn't even pay attention. So assuming that question does lock down recovery, it should stick.
Click to expand...
Click to collapse
So its not permanent? Thats what I thought.
Well it could be permanent...
VZTech said:
So its not permanent? Thats what I thought.
Click to expand...
Click to collapse
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
mslezak said:
What I was trying to say is that I've never had a phone where I had to select "prevent recovery from being overwritten" so I just clicked off the message. Had I selected "keep TWRP from being overwritten" then possibly it sticks. It's just a matter of making the recovery partition READ ONLY.
Click to expand...
Click to collapse
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Can anyone send me backup of the super partition?
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Future updates...
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
Yes what I've been told by prior Redmagic Users 3 and 3S is the ROM is released, as long as your boot.img is not patched with Magisk, it can be installed through the menus in Settings / About Phone / Update or someplace like that. You just download the ROM to the appropriate folder on the phone.
So far I have 1 link to a China ROM update here: https://ui.nubia.cn/rom/detail/65
Now on how to install the ROM, I use the Chrome browser set to autotranslate webpages. Most of the Chinese will be translated from here: https://bbs.nubia.com//thread-1136030-1-1.html
Basically it's going to wipe your device clean, and you can use a Nubia backup tool which will save all your items to a folder. Which then you should copy to your PC before installing the new ROM. Then it gives you instructions to get that data back onto your updated device.
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
VZTech said:
Your probably screwed. I had this issue on a rm3s. You will need an unbrick tool. It was released for the rm3s about 4 mos after release. NUBIA should have true fastboot images available for download, but they dont.
Click to expand...
Click to collapse
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
apersomany said:
I accidentally flashed an image to the super partition with twrp thinking it was the system partition (it technically is tho) and it bricked my phone and messed up twrp.
Only stock recovery works but the stock recovery cannot fix it by installing a full ota from a otg drive.
I do have a backup on my phone but it is inaccessable.
Could anyone please send me a backup of the super partition or have any idea on how to fix this?
(I tried to use edl and backup my data to recover my backup of the super partition but it seemed like it needed a programmer binary from qualcomm)
Click to expand...
Click to collapse
You should be able to flash the latest ROM via EDL mode if you've ever used EDL mode before, it usually requires shorting pins together in the device, although some recoveries will let you just boot into EDL mode if the phone still boots. It will be detected. Although on this device with the dynamic partition, I don't know how you would flash these in EDL mode... dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm that do not look like fastboot flashable parts. Possibly the unbrick tool for Redmagic 3/3S could be modified to do this for you.
mslezak said:
That's because of the super (dynamic) partition, see from the latest (and only) ROM:
Excerpt of the ROM installation script where it delineates the dynamic vs non dynamic partitions - you have product w/ a file transfer list, then vendor, system, and odm, The other files (boot.img, dtbo.img, splash.img, etc. and other various files) should be flashable with fastboot.
# Update dynamic partition metadata
assert(update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list")));
unmap_partition("product");
block_image_update(map_partition("product"), package_extract_file("product.transfer.list"), "product.new.dat.br", "product.patch.dat");
unmap_partition("vendor");
block_image_update(map_partition("vendor"), package_extract_file("vendor.transfer.list"), "vendor.new.dat.br", "vendor.patch.dat");
unmap_partition("system");
block_image_update(map_partition("system"), package_extract_file("system.transfer.list"), "system.new.dat.br", "system.patch.dat");
unmap_partition("odm");
block_image_update(map_partition("odm"), package_extract_file("odm.transfer.list"), "odm.new.dat.br", "odm.patch.dat");
# --- End patching dynamic partitions ---
Click to expand...
Click to collapse
Yes those .img files can easily be fastboot flashed. Unfortunately it wont solve his problem. He needs the nubia unbrick tool, which is tough to get. I dont understand why Nubia makes things difficult. They should provide proper Fastboot files.
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
apersomany said:
I already tried edl (not to flash, but to recover my backup of the super partition) but it seems like it needed a firehose binary. I still can use bootloader, fastbootd, recovery. It's just that the recovery fails at assert dynamic partition update thing with a error 7 (probably because my super partition turned into a normal partiton). I tried to flash a super empty image made with lpmake and try flashing the ota but that didn't work. I think if someone gives me a backup of the super partition I could flash that and that could work. I also had an idea of flashing a super partition of another devices factory image to make my super partition a dynamic partition, but I couldn't find any online.
Click to expand...
Click to collapse
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
mslezak said:
I get a Global Device on Monday. I'll try to use Qualcomm tools to make a brick restore image of Global. If I get one made I'll post all the tools to restore the device on Mega.nz. Because of the super partition it has to be done this way. Not via TWRP as you know. I'm working on Dev tools for this device as fast as possible.
Click to expand...
Click to collapse
Thank you so much!
Okay I can't add anything special but daaamn this community is amazing. So much help I love you all
To relock BL repeat the instructions with 1 different command
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
mslezak said:
{Mod edit}
***Bootloader Unlock Instructions for the Nubia Redmagic 5G + installing TWRP:***
Settings / About phone / Build # click 7 times, now your a dev message appears, good back a menu, go to Additional Settings / Developer Options
Enable:
ADB debugging, + OEM unlock
Connect phone to PC, approve device on phone RSA key for USB debugging
From Minimal ADB and Fastboot:
adb reboot bootlader
fastboot oem nubia_unlock NUBIA_NX659J
fastboot flashing unlock
(approve on phone with volume keys to unlock and hit the power button, now you'll get an annoyng mesage on boot as insecure unlocked BL) *ALL YOUR DATA WILL BE WIPED*
Next:
fastboot flash recovery recovery-TWRP-3.4.1B-0324-NUBIA_REDMAGIC_5G-CN-wzsx150.img
fastboot reboot recovery
Enter TWRP, set to not be removed by updates if prompted.
Boot up the device, setup as a new device. You're on stock ROM / kernel now unlocked.
Once you get up and running you'll want APK Mirror app to install stuff on the China Variant it's in the Nubia Playstore. Gboard download as well and set as default it's a lot easier than the Chinese keyboard that swaps between Chinese and English. Set size extra tall for this huge phone (I prefer anyhow). Chrome go download it from APK Mirror app as well. Then go to XDA and Download Magisk Manager and download it and install the APK. Download the latest Magisk as well from the Manager. You can then reboot to Recovery (volume up + power). Flash Magisk from TWRP reboot and you'll have root.
Note on my testing the fingerprint did not work after unlocking the bootloader. It says to contact Nubia support at some odd number. Hopefully they fix this.
Click to expand...
Click to collapse
Just in case if somebody need a Chinese version of official ROM v2.46 for RedMagic 5G.
Code:
https://mega.nz/file/vc0DiabR#npahTop-JXZ9Mwv-lA7G6DxTG2qqOOAf6AwW8NdEEKw
mslezak said:
Just replace
fastboot flashing unlock
with
fastboot flashing lock
Again you approve to lock on the phone prompt with the volume keys and your phone will be wiped and all will be back to normal, you'll be locked. And back to phone setup.
I'd edit the original post but the moderators took away my rights!!! Because I posted a Telegram link WHY - how do you expect development to get better???
BTW anyone with a NEW phone arriving that can record the FP failures and all errors please contact me so I can send to Nubia. They are waiting for me to reproduce the error but I already setup my new phone... Thinking I wouldn't be the ONLY ONE to contact [email protected] ... Guys you want developer support on this phone or not. Contribute please.
Click to expand...
Click to collapse
we found out that using the cn rom it all works without even unlocking the bootloader, even while oem unlock was disabled in dev options but there is some kind of vbmeta img required. a full guide is incoming.
VZTech said:
The issue with that could be any future updates though. Rm uses there own recovery for that. They don't provide fastboot images either I believe
Click to expand...
Click to collapse
You can flash their NX659J-update.zip files directly from TWRP that's how we restored our bricked devices already. So OTA updates no, but you can download them anyway and flash from TWRP directly. Yes we have to figure out a concrete restore method which isn't 100% working yet. I.e. all your data is lost this way apparently AT THIS MOMENT... MORE TO COME.