First up, shoutouts to both @phhusson and part of this thread from @YOisuPU for vital guidance throughout my first journey with super-partition devices.
A51 5G runs on Exynos 980 unlike the 4G variant which runs on Exynos 9611. People have been running into trouble rooting the 4G variant and even resorted to GSIs just for rooting, but on the 5G variant all you had to do is to patch boot+vbmeta (don't include recovery) with Magisk. If you just need root, stopping here is enough.
For me, running my LOS GSI is absolutely necessary, but Android 10's super-partition compounded with Samsung not making fastbootd available means an even harder time than what I've had with A60/M40. Below steps apply to this device and might also serve as a general skeleton for other Samsung devices with super-partition.
0) Get Linux - some tools used here just don't have a Windows version
1) On stock firmware, open shell and run
Code:
lpdump
to get some partition info that'll be used next - example output here
2) Get stock firmware
3) Extract super.img.lz4 from AP and then super.img (sparse) from super.img.lz4 with your tool of choice (e.g. 7-Zip ZS)
4) Unsparse super.img:
Code:
./simg2img super.img super.raw.img
5) Extract partitions from super.raw.img:
Code:
./lpunpack --slot=0 super.raw.img <dir>
6) Replace system.img in <dir> with GSI image
7) Repack your own super.img:
Code:
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:7549747200 --group main:7545552896 --partition system:readonly:2147483648:main --image system=./system.img --partition vendor:readonly:729890816:main --image vendor=./vendor.img --partition odm:readonly:4349952:main --image odm=./odm.img --sparse --output ./super.img
Compare the command to the lpdump output obtained earlier - many of the numerical parameters here directly match. For the 3 partition declarations, assign them sizes equal to or larger than (recommended) their byte sizes.
8) Compress your super.img into a tar and flash it via Odin in the AP slot
9) Make sure that the device runs patched vbmeta (but stock boot image - somehow the patched one causes a bootloop on GSIs), do a factory reset in stock recovery, reboot
simg2img, lpunpack and lpmake binaries can be obtained online (e.g. from the aforementioned thread) or built from source.
By the way, I've fixed some sepolicy issues with PHH's Superuser, so in future builds, unlike what was described in the thread, 4G variant users likely won't need a permissive kernel to get root on GSIs (at least it doesn't here).
When i lpmake i get invalid sparse image header
blackbuga said:
When i lpmake i get invalid sparse image header
Click to expand...
Click to collapse
Can be safely ignored.
AndyYan said:
Can be safely ignored.
Click to expand...
Click to collapse
"Patched vbmeta.img " where can I find this or is it patched by magisk im assuming
I'm unsure where you are getting the sizes for the partitions, could you please elaborate on that? The rest is self explanatory.
PizzaG said:
I'm unsure where you are getting the sizes for the partitions, could you please elaborate on that? The rest is self explanatory.
Click to expand...
Click to collapse
Sub-partition sizes are arbitrary, as long as they can contain the respective content (e.g. system has to be larger than your GSI) while still fit inside super.
blackbuga said:
When i lpmake i get invalid sparse image header
Click to expand...
Click to collapse
其他型号的手机修改super.img 最后打包的时候也可以使用么? lpmake 这个文件提取到system.img同目录执行?还是在复制system.img文件到otg\bin文件夹下执行?
并不很明白 ./lpmake ....命令各个参数的意思。
---------- Post added at 02:19 AM ---------- Previous post was at 02:16 AM ----------
lpmake这个文件提取到system.img同目录执行?还是在复制system.img文件到otg \ bin文件夹下执行?
并不很明白。 / lpmake ....命令各个参数的意思。
lpmake文件提取到system.img同目录执行命令后 出现了错误.
AndyYan said:
Sub-partition sizes are arbitrary, as long as they can contain the respective content (e.g. system has to be larger than your GSI) while still fit inside super.
Click to expand...
Click to collapse
-metadata-size 65536 65536 Does the number represent partition size or permissions? Will the numbers never change?
-metadata-slots 2 The slots2 parameter will never change?
-device super:7549747200 Does this number represent the total generation of the super partition?
-group main:7545552896 What does the back number mean? The total size of the other three partitions?
Thank you
lkj00 said:
lpmake文件提取到system.img同目录执行命令后 出现了错误.
Click to expand...
Click to collapse
That's because lpmake has supporting libraries. Call lpmake by its original path.
lkj00 said:
-metadata-size 65536 65536 Does the number represent partition size or permissions? Will the numbers never change?
-metadata-slots 2 The slots2 parameter will never change?
-device super:7549747200 Does this number represent the total generation of the super partition?
-group main:7545552896 What does the back number mean? The total size of the other three partitions?
Click to expand...
Click to collapse
Check your own lpdump result for all these parameters.
AndyYan said:
That's because lpmake has supporting libraries. Call lpmake by its original path.
Check your own lpdump result for all these parameters.
Click to expand...
Click to collapse
通过执行上面命令最后得到这样错误提示 ?
Invalid sparse file format at header magic
lkj00 said:
通过执行上面命令最后得到这样错误提示 ?
Invalid sparse file format at header magic
Click to expand...
Click to collapse
At least read above?
AndyYan said:
Can be safely ignored.
Click to expand...
Click to collapse
AndyYan said:
At least read above?
Click to expand...
Click to collapse
了解 谢谢
Success!
I flashed several GSI roms on A51 4G (exynos) using this method.
Thank you for your good work!
Thanks, flashed lineage on my A71 5g
:good:
I'm very much obliged to you! Test other brands as common! !
lkj00 said:
I'm very much obliged to you! Test other brands as common! !
Click to expand...
Click to collapse
Most if not all other brands leave fastbootd intact, eliminating the need for this set of procedure.
AndyYan said:
Most if not all other brands leave fastbootd intact, eliminating the need for this set of procedure.
Click to expand...
Click to collapse
Hmm! Mainly flexible. For example, my brand division does not have the "odm" division, and replace it with my own division "product". That's it.
@AndyYan thank you so much for writing this detailed guide.
Thanks to your detailed guide I was able to create an automated bash script that performs all of these steps automatically and makes all read only partitions inside super.img (system, vendor , product, etc...) into read write-able partitions again and flash to device as a brand new super.img.
It would be an honor for me if you could please try it and let me know if it works on your device. Thanks.
Here is the link:
https://forum.xda-developers.com/t/script-mount-system-as-read-write-android-10.4240703/
lebigmac said:
It would be an honor for me if you could please try it and let me know if it works on your device. Thanks.
Click to expand...
Click to collapse
Aww, sold my A51 just yesterday...
AndyYan said:
First up, shoutouts to both @phhusson and part of this thread from @YOisuPU for vital guidance throughout my first journey with super-partition devices.
A51 5G runs on Exynos 980 unlike the 4G variant which runs on Exynos 9611. People have been running into trouble rooting the 4G variant and even resorted to GSIs just for rooting, but on the 5G variant all you had to do is to patch boot+vbmeta (don't include recovery) with Magisk. If you just need root, stopping here is enough.
For me, running my LOS GSI is absolutely necessary, but Android 10's super-partition compounded with Samsung not making fastbootd available means an even harder time than what I've had with A60/M40. Below steps apply to this device and might also serve as a general skeleton for other Samsung devices with super-partition.
0) Get Linux - some tools used here just don't have a Windows version
1) On stock firmware, open shell and run
Code:
lpdump
to get some partition info that'll be used next - example output here
2) Get stock firmware
3) Extract super.img.lz4 from AP and then super.img (sparse) from super.img.lz4 with your tool of choice (e.g. 7-Zip ZS)
4) Unsparse super.img:
Code:
./simg2img super.img super.raw.img
5) Extract partitions from super.raw.img:
Code:
./lpunpack --slot=0 super.raw.img <dir>
6) Replace system.img in <dir> with GSI image
7) Repack your own super.img:
Code:
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:7549747200 --group main:7545552896 --partition system:readonly:2147483648:main --image system=./system.img --partition vendor:readonly:729890816:main --image vendor=./vendor.img --partition odm:readonly:4349952:main --image odm=./odm.img --sparse --output ./super.img
Compare the command to the lpdump output obtained earlier - many of the numerical parameters here directly match. For the 3 partition declarations, assign them sizes equal to or larger than (recommended) their byte sizes.
8) Compress your super.img into a tar and flash it via Odin in the AP slot
9) Make sure that the device runs patched vbmeta (but stock boot image - somehow the patched one causes a bootloop on GSIs), do a factory reset in stock recovery, reboot
simg2img, lpunpack and lpmake binaries can be obtained online (e.g. from the aforementioned thread) or built from source.
By the way, I've fixed some sepolicy issues with PHH's Superuser, so in future builds, unlike what was described in the thread, 4G variant users likely won't need a permissive kernel to get root on GSIs (at least it doesn't here).
Click to expand...
Click to collapse
It may sound stupid, but how do I get the lp command tools?
Related
I've just got a new Samsung Galaxy TAB A 7.0 LTE SM-T285, For some reason I can't seem to find any resources for this hardware yet in this forum, anyone know where I could find one? I'll try to find out if the current methods (custom recovery and root) for other tab versions work on this.
CUSTOM ROMS
============
Android 5.1.1 Lollipop (Stock)
Tinker V5 Edition based on the Samsung Stock Rom SM-T280/T285
Android 6.0 Marshmallow
Cyanogenmod 13 for the SM-T285 Only
OMNIRom for the SM-T285 Only
Android 7.1 Nougat
Cyanogenmod 14.1 for the SM-T285 Only (Experimental, things are broken, depcrated in favor of LOS 14.1)
LineageOS 14.1 for the SM-T285 Only
Other Operating systems
Porting for Sailfish OS is currently in progress for the SM-T285, stay tuned
TWRP RECOVERY AND ROOT
=======================
TWRP is available for both the T280 and T285. You should find the relevant threads in this Galaxy Tab A forum.
If you want to root stock, easiest way is to install TWRP and go for SuperSU. Please see the TWRP threads for SM-T280/T285 on how to root after TWRP is installed.
KERNEL
======
Custom kernel with working sources for the SM-T285 can be found Here
DEVELOPMENT
============
If you want to build LineageOS 14.1 on your SM-T285 LTE device, you can use this manifest, not that this is still a work in progress:
https://github.com/jedld/android.git
UPDATE 10/06/2016
================
After a couple of weeks of trial and error and tinkering, I've been able to compile a kernel for the SM-T285 from source and so far it seems to work flawlessly!
Screenshot here: http://imgur.com/a/HRgsq
link to my kernel sources here: https://github.com/jedld/kernel_samsung_gtexslte.git
You can also thank samsung for giving us a "broken by default" kernel source. I had to mix and match defconfigs from their other kernel releases just to make this thing work. Download modified boot.img here:
http://forum.xda-developers.com/galaxy-tab-a/development/kernel-galaxy-tab-7-0-2016-lte-sm-t285-t3474967
UPDATE 09/20/2016
================
This device is now ROOTED!
http://forum.xda-developers.com/galaxy-tab-a/help/resources-samsung-galaxy-tab-7-0-2016-t3431022/post68777842#post68777842
Download Pre-rooted Tinker Edition V5 in this thread: Tinker Edition Thread
Post Root Post Mortem Analysis for the SM-T285 (09/21/2016)
=========================
Q: How were you able to find root? What did you do?
A: Surprisingly the SM-T285 bootloader isn't actually locked like we thought it was (Once you OEM unlock of course and disable FRP). The bottomline is that
we simply needed patches to mkbootimg to properly package a boot image for this device as there were additional fields and sections not found on a normal boot image. There were even minor breaking difference between the tab 4 and the boot image for this device.
Q: I thought the bootloader was locked?? Why did it take so long?
A: I blame it on the really vague errors the bootloader shows when loading an improperly packaged boot image. What helped was my faith to open up a hex editor when I needed to, and really look at the stock images and the images we were making. What really pushed me to investigate further was the fact that I was able to make a really small modification to the ramdisk and use the abootimg -u update function instead of the create options.
Q: So the bootloader doesn't really check the image?
A: Yup, The bootloader doesn't do any check. I haven't checked if that is the case for the recovery partition though. Even without the SELINUXENFORCE headers at the end it still continues like other samsung devices do.
Q: So the mkbootimg patches are all that we need?
A: Yup, if you have CM, AOSP build env ready you can simply add the modified mkbootimg to system/core:
https://github.com/jedld/degas-mkbootimg/commit/b63ae38e2ab7040cc7ddaef777652a56b2e48322
Sample usage below:
Code:
degas-mkbootimg -o boot.img --base 0 --pagesize 2048 \
--kernel boot.img-zImage --cmdline "console=ttyS1,115200n8" --ramdisk boot_kitchen/boot.img-ramdisk-new.gz --dt boot.img-dt
Next challenge will be getting Cyanogenmod on this device as well as TWRP.
You won't because it has a locked bootloader, therefore not currently rootable and certainly no custom recovery.
jaritico said:
any idea to unlock bootloader?
Click to expand...
Click to collapse
Not unless Samsung provides one.
jaritico said:
any idea to unlock bootloader?
Click to expand...
Click to collapse
Probably no hope for root. the PIT, boot and recovery are basically untouchable, selinux enforcing enabled also does not help. You can still debloat and customize the system partition though:
http://forum.xda-developers.com/android/development/guide-samsung-galaxy-tab-7-0-sm-t285-t3438296
I'm working on getting CM 12.1 to run on this device.
jedld said:
Probably no hope for root. the PIT, boot and recovery are basically untouchable, selinux enforcing enabled also does not help. You can still debloat and customize the system partition though:
http://forum.xda-developers.com/android/development/guide-samsung-galaxy-tab-7-0-sm-t285-t3438296
I'm working on getting CM 12.1 to run on this device.
Click to expand...
Click to collapse
Yes at least the saving grace is that Samsung left Dm-verity off for this device.
If only they'd have left out the root restriction in the kernel too we'd have a rootable device.
I have an idea for this that I haven't tried yet.
Basically Samsung sends out security Policy updates via OTA, they recently released an SEPOLICY update to most devices breaking root. Chainfire patched this.
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
I think it would be difficult to get CM running as the kernel may need some patches and as we know that can't be touched.
ashyx said:
Yes at least the saving grace is that Samsung left Dm-verity off for this device.
If only they'd have left out the root restriction in the kernel too we'd have a rootable device.
I have an idea for this that I haven't tried yet.
Basically Samsung sends out security Policy updates via OTA, they recently released an SEPOLICY update to most devices breaking root. Chainfire patched this.
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
I think it would be difficult to get CM running as the kernel may need some patches and as we know that can't be touched.
Click to expand...
Click to collapse
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
Click to expand...
Click to collapse
Would probably need to brush up on se policies in linux. If there are already files available that I just need to flash over to /data I can try it out and also a means to test it if it works.
I've created a petition here:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_show_components_action_panel_wrapper&utm_medium=copylink&recuruit_context=copylink_long
Not sure if samsung is the type that listens to this sort of thing though.
ashyx said:
As this policy is stored in DATA and over rides the one in the boot.img it may be possible to use a patched SEPOLICY by creating a flashable DATA image with the patched SEPOLICY thereby removing the SElinux root restriction.
I ran it by Chainfire and he said in theory it should work except for that fact that the SEPOLICY in DATA is signed.
I have yet to try this out.
Click to expand...
Click to collapse
I made an attempt to patch sepolicy using data however all I got in the logs was
Code:
E/SELinux ( 733): Function: fileToArray, File Open Unsuccessful:
E/SELinux ( 733): Function: getVersionhash, signature is NULL
I/SELinux ( 733): Function: selinux_init_verify_sepolicy, getVersionhash return false
E/SELinux ( 733): Function: VerifyPolicy , selinux_init_verify_sepolicy is failed
So far I have no indication that my patch worked
Code:
sepolicy-inject -s shell -t system -c file -p read -P sepolicy -o sepolicy
The error above only comes up if I place sepolicy in /data/security and sepolicy_version in /data/security/spota
sha256 hashes were also updated in the version file so I'm not sure what I'm missing.
If I could have a copy of a samsung ota that actually updates the policies I can probably have better direction
jedld said:
I made an attempt to patch sepolicy using data however all I got in the logs was
Code:
E/SELinux ( 733): Function: fileToArray, File Open Unsuccessful:
E/SELinux ( 733): Function: getVersionhash, signature is NULL
I/SELinux ( 733): Function: selinux_init_verify_sepolicy, getVersionhash return false
E/SELinux ( 733): Function: VerifyPolicy , selinux_init_verify_sepolicy is failed
So far I have no indication that my patch worked
Code:
sepolicy-inject -s shell -t system -c file -p read -P sepolicy -o sepolicy
The error above only comes up if I place sepolicy in /data/security and sepolicy_version in /data/security/spota
sha256 hashes were also updated in the version file so I'm not sure what I'm missing.
If I could have a copy of a samsung ota that actually updates the policies I can probably have better direction
Click to expand...
Click to collapse
Finally found a way to patch the kernel on this device. Stay tuned...
jedld said:
Finally found a way to patch the kernel on this device. Stay tuned...
Click to expand...
Click to collapse
Turns out I was just able to modify files in the boot.img, though when I try to update the sepolicy itself, it won't boot.
jedld said:
Turns out I was just able to modify files in the boot.img, though when I try to update the sepolicy itself, it won't boot.
Click to expand...
Click to collapse
Can you at least explain a bit further?
What modifications allow you to create a boot able image?
How have you overcome image signing?
Only way I can think of is hex editing the signature, however I was under the impression this was crc based.
ashyx said:
Can you at least explain a bit further?
What modifications allow you to create a boot able image?
How have you overcome image signing?
Only way I can think of is hex editing the signature, however I was under the impression this was crc based.
Click to expand...
Click to collapse
Yeah I was able to flash a modified boot.img using heimdall, turns out that you just need to use abootimg -u boot.img -r yourmodifiedramdisk so that you don't overwrite the SELINUXENFORCE headers appended at the end of the boot.img file, it appears the bootloader only checks for the presence of those headers but does not actually compute the sig.
Modifying ramdisk works, haven't tried modifying the kernel itself.
I tried to modify the sepolicy files after using sepolicy-inject but it throws a KERNEL not SEnforced error. I am not certain if this is just a blanket error if the kernel doesn't boot due to modifying the policy files incorrectly or if there is legit checking going on. Nevertheless I am able to modify the init.rc files now.
jedld said:
I tried to modify the sepolicy files after using sepolicy-inject but it throws a KERNEL not SEnforced error. I am not certain if this is just a blanket error if the kernel doesn't boot due to modifying the policy files incorrectly or if there is legit checking going on. Nevertheless I am able to modify the init.rc files now.
Click to expand...
Click to collapse
Continued checking it out. So even though I can modify the ramdisk, I am unable to add more than 1000 - 2000 bytes before setting off the SEAndroid enforce error on bootup. Might be some headers on the boot.img that I fail to update when the ramdisk size gets bigger. Trying to modify the sepolicy in any way even if there is minimal change in size prevents it from booting. I have no idea what is checking it, I'll try to hexedit and see what happens.
jedld said:
Continued checking it out. So even though I can modify the ramdisk, I am unable to add more than 1000 - 2000 bytes before setting off the SEAndroid enforce error on bootup. Might be some headers on the boot.img that I fail to update when the ramdisk size gets bigger. Trying to modify the sepolicy in any way even if there is minimal change in size prevents it from booting. I have no idea what is checking it, I'll try to hexedit and see what happens.
Click to expand...
Click to collapse
So I used a hexedit on the sepolicy file and was able to modify one byte of it effectively changing its sha256sum... and it worked. So the sepolicy file CAN be changed, however current sepolicy-inject and supolicy tools does something to it that trips it, looks like samsung has again added a proprietary modification sepolicy format.
I've never known a kernel not boot due to the kernel not SEANDROID enforcing warning.
It's a meaningless warning and easily bypassed.
However this is on bootloader unlocked devices.
So just let me get this straight, you have been able to repack the boot.img with modifications to the ramdisk then force flash it via Heimdall and it still boots?
ashyx said:
I've never known a kernel not boot due to the kernel not SEANDROID enforcing warning.
It's a meaningless warning and easily bypassed.
However this is on bootloader unlocked devices.
So just let me get this straight, you have been able to repack the boot.img with modifications to the ramdisk then force flash it via Heimdall and it still boots?
Click to expand...
Click to collapse
yup. that's correct. I'll post my modified boot.img in a while
jedld said:
yup. that's correct. I'll post my modified boot.img in a while
Click to expand...
Click to collapse
note that using the update only method of abootimg "abootimg -u boot.img -r xxxxxx " is the only one that works for repacking the ramdisk. Trying to build the boot.img from scratch using any other method has so far failed for me.
Here is a flashable boot.img for the SM-T285.
It contains the following modifications to the ramdisk:
a file at /this_device_is_owned
and a modified init.rc that creates a /tmp folder
jedld said:
Here is a flashable boot.img for the SM-T285.
It contains the following modifications to the ramdisk:
a file at /this_device_is_owned
and a modified init.rc that creates a /tmp folder
Click to expand...
Click to collapse
now managed to patch sepolicy using chainfire's supolicy tool. needed to use a customized mkbootimg due to changes in the Tab A image format for this. now attempting to root the device... wish me luck
THIS IS NOT A "HOW TO BUILD A KERNEL" POST
The Pixel 2, unlike other phones I've worked with, requires two extra tools: dtc (Device Tree Compiler) and mkdtimg.
Yes, dtc is available in the main repos for most linux distros, but the Pixel 2 kernel requires the AOSP modified version of dtc.
First, grab the Pixel 2 + XL Unified kernel source (wahoo) from https://android.googlesource.com/kernel/msm/+/android-msm-wahoo-4.4-oreo-dr1
Then download wahoo-kernel-tools.zip file attatched to this post and unzip it. Make sure that the 2 files in the bin folder are available in your path (possibly by moving them to ~/bin) and symlink or move the libc++.so into an included library directory, such as /lib, /usr/lib, or /usr/local/lib.
These specific binaries were compiled on Arch Linux by me, so they may not work on every system. To build binaries compatible with your system, sync any android oreo source (AOSP, Lineage, Carbon, etc.) and run "make dtc mkdtimage -jX" instead of "make bacon" or your normal command. The binaries will be located in out/host/linux-x86/.
This is tested and working with the stock google 4.9 toolchain and the initial source as of Oct 23rd, 2017.
frap129 said:
THIS IS NOT A "HOW TO BUILD A KERNEL" POST
The Pixel 2, unlike other phones I've worked with, requires two extra tools: dtc (Device Tree Compiler) and mkdtimg.
Yes, dtc is available in the main repos for most linux distros, but the Pixel 2 kernel requires the AOSP modified version of dtc.
First, grab the Pixel 2 + XL Unified kernel source (wahoo) from https://android.googlesource.com/kernel/msm/+/android-msm-wahoo-4.4-oreo-dr1
Then download wahoo-kernel-tools.zip file attatched to this post and unzip it. Make sure that the 2 files in the bin folder are available in your path (possibly by moving them to ~/bin) and symlink or move the libc++.so into an included library directory, such as /lib, /usr/lib, or /usr/local/lib.
These specific binaries were compiled on Arch Linux by me, so they may not work on every system. To build binaries compatible with your system, sync any android oreo source (AOSP, Lineage, Carbon, etc.) and run "make dtc mkdtimage -jX" instead of "make bacon" or your normal command. The binaries will be located in out/host/linux-x86/.
This is tested and working with the stock google 4.9 toolchain and the initial source as of Oct 23rd, 2017.
Click to expand...
Click to collapse
Thanks for the files dude, you saved me some serious time since I don't need to sync AOSP
DespairFactor said:
Thanks for the files dude, you saved me some serious time since I don't need to sync AOSP
Click to expand...
Click to collapse
No problemo, I figured I'd post this since my fastboot is being retarded and I can't do much else
Forgive me for being a noob, but would these new requirements for the Pixel 2 cause existing tools used to pack/unpack the boot image fail or at least partially fail? I'm wondering if this is why we can't get Magisk to work
edit: to be clear, when I unpack the boot.img file all I see are kernel and ramdisk. When I unpack the boot.img from the Pixel 1 XL, I see those same 2 files along with devicetree.dtb and kernelimage
skaforey said:
Forgive me for being a noob, but would these new requirements for the Pixel 2 cause existing tools used to pack/unpack the boot image fail or at least partially fail? I'm wondering if this is why we can't get Magisk to work
edit: to be clear, when I unpack the boot.img file all I see are kernel and ramdisk. When I unpack the boot.img from the Pixel 1 XL, I see those same 2 files along with devicetree.dtb and kernelimage
Click to expand...
Click to collapse
Maybe? It doesn't seem like how the boot image is packed has been changed, just how the actual kernel image is put together.
nathanchance said:
Maybe? It doesn't seem like how the boot image is packed has been changed, just how the actual kernel image is put together.
Click to expand...
Click to collapse
Strange. Thanks for the response though. In the Magisk thread here, someone has posted a boot image that was simply unpacked/repacked (no changes) and we can't get it to boot. I don't want to derail this thread any further though.
skaforey said:
Forgive me for being a noob, but would these new requirements for the Pixel 2 cause existing tools used to pack/unpack the boot image fail or at least partially fail? I'm wondering if this is why we can't get Magisk to work
edit: to be clear, when I unpack the boot.img file all I see are kernel and ramdisk. When I unpack the boot.img from the Pixel 1 XL, I see those same 2 files along with devicetree.dtb and kernelimage
Click to expand...
Click to collapse
skaforey said:
Strange. Thanks for the response though. In the Magisk thread here, someone has posted a boot image that was simply unpacked/repacked (no changes) and we can't get it to boot. I don't want to derail this thread any further though.
Click to expand...
Click to collapse
No they don't, these just build the dtb/dtbo. The magisk issue is with patching sepolicy likely.
frap129 said:
No problemo, I figured I'd post this since my fastboot is being retarded and I can't do much else
Click to expand...
Click to collapse
Did you try to flash a factory image and get stuck in the bootloader? If so, extract 'image-walleye-[build number].zip' and flash each image manually. fastboot -w update doesn't work for some reason. After you flash all the images, do fastboot format userdata, and you should be back to normal. Took me a couple hours to figure this out.
ryanbg said:
Did you try to flash a factory image and get stuck in the bootloader? If so, extract 'image-walleye-[build number].zip' and flash each image manually. fastboot -w update doesn't work for some reason. After you flash each image, do fastboot format userdata, and you should be back to normal. Took me a couple hours to figure this out.
Click to expand...
Click to collapse
Thanks! I don't get stuck in the bootloader, but it won't let me flash boot images. Fastboot either hangs or spits out "remote: error: max size not reported"
Greetings,
I'm new to these forums, but have been into the Android development/customization scene since the original Motorola Droid. I recently purchased one of the (in)famous Chinese 8227L head units and have started doing some things to it. I was surprised to find that there are a lot more people out there with questions than answers when it comes to these things. So I figured I'd introduce myself with a quick tutorial, a small utility release for now. I have work in progress on a ROM release for these things. There are quite a few issues to get past as well as different boards to account for, so stay tuned for that sometime in the coming weeks. For now, let's get started with customizing the boot screen.
One of the simplest, yet most satisfying modifications one can do to any Android device is changing logo image that is displayed when the unit boots. For units like ours, running MediaTek hardware there are a couple of extra steps involved, but the process is still very simple. I was able to find a few different utilities that could be downloaded online to do this, but none of them seemed to work for these head units. I suspect our units use a slightly different header than the MediaTek phones those utilities are designed for, but that is a technical issue beyond the scope of this tutorial.
Disclaimer: These steps have been tested repeatedly on my device, and it's my assumption that they will work on any head unit based on the ac8227l, but I have obviously not tested every single one of them. There is always an inherent risk when you modify the software on any device that you own. This risk is your own, and I am not responsible for any damage you do to your device by following this tutorial!
Your unit does not need to be rooted to do this mod, but you will need to have the bootloader unlocked.
Pre-requisites:
logo.bin file from your ROM backup (You DO have a backup, don't you?)
Ability to read and follow directions
Access to a Linux command line OR the ability to run python applications on your system
SP Flash Tool or one of its equivalents, or a custom recovery installed, such as TWRP.
The boot logo is contained in the logo.bin file from your ROM. More accurately, the logo.bin file IS the boot logo for your ROM, with a 512 byte header attached to it. We need to separate the two in order to change the image that gets displayed.
This can be done very simply from the linux command line via the following command:
Code:
dd if=logo.bin of=logo.bmp skip=1
This command simply reads in the logo.bin file and writes it back out after skipping the first 512 bytes. dd has an optional argument bs= which stands for block size. It defaults to 512 bytes. So the skip=1 is simply
telling dd to skip the first 512 bytes when it writes the file back out. The result is a 1024x600 pixel bitmap image. However, we're going to need that header in a later step, so write it out to its own file using:
Code:
dd if=logo.bin of=header.bin count=1
This command simply writes the first block (remember block size is 512 bytes by default) out to a file and then stops, so we have our 512 byte header saved for later.
Now, you can either edit the logo.bmp file or replace it with your own image file. However you do it, just ensure that you end up with a 1024x600 pixel bitmap image in 8-bit RGB color. The following steps assume we have generated such an image in the same directory we were just working in, and named it newlogo.bmp. To join the header file to your new image, use the following command:
Code:
cat header.bin newlogo.bmp > newlogo.bin
This command concatenates (puts together) the two files back into one file. The order is important. The header needs to be at the start of the resulting file, so it must be the first argument you pass to cat! The resulting newlogo.bin is ready to be flashed to your head unit. Congratulations, enjoy your new boot screen! If you save the header.bin file, you can always use it to make more boot logos later.
Alternative method for Windows users or Linux users who would prefer to have a utility:
I have written a simple command line utility in python to do this process for you. You will need to have python installed to utilize it. It's written in python 3.8 but will work on some earlier versions, I think. You can get it from my github repository at https://github.com/threadreaper/logobin.git or from your command prompt using the PyPi repository through pip3. pip3 should be installed automatically when you install python 3. Use this command to fetch the utility:
Code:
pip3 install logobin
If you've elected to clone the git repository instead of using PyPi, you need to cd to the directory you downloaded it to (this should be the directory with the setup.py file) and install using:
Code:
pip3 install .
Whichever method you used, if everything went correctly, the "logobin" utility should now be available to you from your command line. To unpack an existing logo.bin image:
Code:
logobin -u logo.bin
And to pack an image with a header file back into a flashable bin file:
Code:
logobin -p header.bin logo.bmp (filename)
The filename argument above is optional and defaults to logo.bin if you don't select one. The utility can also be used to check a file for the presence of a valid header, using the -c switch:
Code:
logobin -c logo.bin
In this manner, you can check your stock logo.bin file to make sure it will work with this method before you start. You can also use it to check an extracted header to make sure it's correct, and you may also want to use it to verify that your logo.bin file has been packed correctly before you flash it to your phone.
I have attempted to make both the utility and this tutorial as simple to follow as possible, but if you have any questions, feel free to ask.
Excellent tutorial? I have a non rooted Enon 8227 unit and I’m having problem with it, could you be so kind to point me to a tutorial to make a rom backup please? all the stuff in my unit are blocked and I can t almost change anything.
Thank you.
Sent from my iPhone using Tapatalk Pro
Good day sir.
Could you guide me as to how to extract the logo.bin file please? I couldn't really find it.
I have a PX6 STM32 device.
Thanks!
arturojgt said:
Excellent tutorial? I have a non rooted Enon 8227 unit and I’m having problem with it, could you be so kind to point me to a tutorial to make a rom backup please? all the stuff in my unit are blocked and I can t almost change anything.
Thank you.
Sent from my iPhone using Tapatalk Pro
Click to expand...
Click to collapse
I'm planning to do a full tutorial on this too, but the short version is as follows:
Get SP Flashtool, and find a scatter file that will work for your device. That can be difficult sometimes, as there is a quite a bit of variance between units. Fortunately, to make your initial backup the only info you need in your scatter file is for the preloader, and as far as I know that is always the same. So if you don't already have a scatter file copy this:
Code:
#########################################__WwR_MTK_2.50__###################################################
#
# General Setting
#
#########################################__WwR_MTK_2.50__###################################################
- general: MTK_PLATFORM_CFG
info:
- config_version: V1.1.2
platform: MT3367
project: 8227l_demo
storage: EMMC
boot_channel: MSDC_0
block_size: 0x20000
############################################################################################################
#
# Layout Setting
#
############################################################################################################
- partition_index: SYS0
partition_name: preloader
file_name: preloader_8227l_demo.bin
is_download: true
type: SV5_BL_BIN
linear_start_addr: 0x0
physical_start_addr: 0x0
partition_size: 0x40000
region: EMMC_BOOT_1
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: BOOTLOADERS
is_upgradable: true
empty_boot_needed: false
reserve: 0x00
And save it as scatter.txt
Select this file as your scatter file in SP Flashtool, and click on the memory test tab. Uncheck all the options under memory test except for RAM test. Remove external power from the unit entirely, click start on the memory test, and then connect the 4 pin usb to your PC. It should sync up and do the memory test. Once the memory test is complete you will have the sizes of BOOT_1, BOOT_2 and EMMC_USER. Use these values with the readback option to make your backup. Use 0x0 as the start address each time, and the size value you got from the memory test. Back up BOOT_1, BOOT_2 and EMMC_USER and save them somewhere. This is the most basic backup that you can always use to go back to stock. Using tools like MTK Droid Tools and WWR MTK it is possible to split EMMC_USER backup into all of your separate partition backups.
Good luck, and keep an eye out for a more detailed walkthrough coming up soon!
kingdew11 said:
Good day sir.
Could you guide me as to how to extract the logo.bin file please? I couldn't really find it.
I have a PX6 STM32 device.
Thanks!
Click to expand...
Click to collapse
See my reply above about making a backup of your device. You get your logo.bin file from the extracted backup.
Please add your PayPal account to your xda so we can buy you some beer for the amazing work you're doing
Sent from my MI 9 using Tapatalk
zetlaw01 said:
Please add your PayPal account to your xda so we can buy you some beer for the amazing work you're doing
Sent from my MI 9 using Tapatalk
Click to expand...
Click to collapse
I don't drink beer, but you can always buy me a coffee
Thanks for information.
I want to backup with Flastool or similar program, is that possible?
and how do I root.
thank you
bicer79 said:
Thanks for information.
I want to backup with Flastool or similar program, is that possible?
and how do I root.
thank you
Click to expand...
Click to collapse
I posted instructions on backing up a unit two posts above your reply ^^. To root, find a compatible twrp image and flash it, then install magisk from twrp. I will be doing more detailed tutorials on these steps in the near future, but as I mentioned there is a crash course on SP-flashtool backup in this very thread, and the root process is pretty much the same for these units as it is for many others, assuming you find a working twrp image for your particular device, so you shouldn't have too much trouble finding a walkthrough if you need one.
threadreaper said:
Greetings,
I'm new to these forums, but have been into the Android development/customization scene since the original Motorola Droid. I recently purchased one of the (in)famous Chinese 8227L head units and have started doing some things to it. I was surprised to find that there are a lot more people out there with questions than answers when it comes to these things. So I figured I'd introduce myself with a quick tutorial, a small utility release for now. I have work in progress on a ROM release for these things. There are quite a few issues to get past as well as different boards to account for, so stay tuned for that sometime in the coming weeks. For now, let's get started with customizing the boot screen.
One of the simplest, yet most satisfying modifications one can do to any Android device is changing logo image that is displayed when the unit boots. For units like ours, running MediaTek hardware there are a couple of extra steps involved, but the process is still very simple. I was able to find a few different utilities that could be downloaded online to do this, but none of them seemed to work for these head units. I suspect our units use a slightly different header than the MediaTek phones those utilities are designed for, but that is a technical issue beyond the scope of this tutorial.
Disclaimer: These steps have been tested repeatedly on my device, and it's my assumption that they will work on any head unit based on the ac8227l, but I have obviously not tested every single one of them. There is always an inherent risk when you modify the software on any device that you own. This risk is your own, and I am not responsible for any damage you do to your device by following this tutorial!
Your unit does not need to be rooted to do this mod, but you will need to have the bootloader unlocked.
Pre-requisites:
logo.bin file from your ROM backup (You DO have a backup, don't you?)
Ability to read and follow directions
Access to a Linux command line OR the ability to run python applications on your system
SP Flash Tool or one of its equivalents, or a custom recovery installed, such as TWRP.
The boot logo is contained in the logo.bin file from your ROM. More accurately, the logo.bin file IS the boot logo for your ROM, with a 512 byte header attached to it. We need to separate the two in order to change the image that gets displayed.
This can be done very simply from the linux command line via the following command:
Code:
dd if=logo.bin of=logo.bmp skip=1
This command simply reads in the logo.bin file and writes it back out after skipping the first 512 bytes. dd has an optional argument bs= which stands for block size. It defaults to 512 bytes. So the skip=1 is simply
telling dd to skip the first 512 bytes when it writes the file back out. The result is a 1024x600 pixel bitmap image. However, we're going to need that header in a later step, so write it out to its own file using:
Code:
dd if=logo.bin of=header.bin count=1
This command simply writes the first block (remember block size is 512 bytes by default) out to a file and then stops, so we have our 512 byte header saved for later.
Now, you can either edit the logo.bmp file or replace it with your own image file. However you do it, just ensure that you end up with a 1024x600 pixel bitmap image in 8-bit RGB color. The following steps assume we have generated such an image in the same directory we were just working in, and named it newlogo.bmp. To join the header file to your new image, use the following command:
Code:
cat header.bin newlogo.bmp > newlogo.bin
This command concatenates (puts together) the two files back into one file. The order is important. The header needs to be at the start of the resulting file, so it must be the first argument you pass to cat! The resulting newlogo.bin is ready to be flashed to your head unit. Congratulations, enjoy your new boot screen! If you save the header.bin file, you can always use it to make more boot logos later.
Alternative method for Windows users or Linux users who would prefer to have a utility:
I have written a simple command line utility in python to do this process for you. You will need to have python installed to utilize it. It's written in python 3.8 but will work on some earlier versions, I think. You can get it from my github repository at or from your command prompt using the PyPi repository through pip3. pip3 should be installed automatically when you install python 3. Use this command to fetch the utility:
Code:
pip3 install logobin
If you've elected to clone the git repository instead of using PyPi, you need to cd to the directory you downloaded it to (this should be the directory with the setup.py file) and install using:
Code:
pip3 install .
Whichever method you used, if everything went correctly, the "logobin" utility should now be available to you from your command line. To unpack an existing logo.bin image:
Code:
logobin -u logo.bin
And to pack an image with a header file back into a flashable bin file:
Code:
logobin -p header.bin logo.bmp (filename)
The filename argument above is optional and defaults to logo.bin if you don't select one. The utility can also be used to check a file for the presence of a valid header, using the -c switch:
Code:
logobin -c logo.bin
In this manner, you can check your stock logo.bin file to make sure it will work with this method before you start. You can also use it to check an extracted header to make sure it's correct, and you may also want to use it to verify that your logo.bin file has been packed correctly before you flash it to your phone.
I have attempted to make both the utility and this tutorial as simple to follow as possible, but if you have any questions, feel free to ask.
Click to expand...
Click to collapse
did you build twrp from source or port it for your device?
I was able to build TWRP from source, but I haven't released it due to some rather annoying bugs I haven't had time to sort out with it just yet.
threadreaper said:
I was able to build TWRP from source, but I haven't released it due to some rather annoying bugs I haven't had time to sort out with it just yet.
Click to expand...
Click to collapse
which bugs?
I am so delighted to see someone hitting on the hot iron. Looking forward to the detailed tutorial to take backup, unlock bootloader, customize my radio.
Multi Image Kitchen - Repack Android partitions from Windows
Possibilities:
Unpacking and packing partitions: System, Vendor, Product, ODM, SOCKO, ELABLE (RAW, SPARSE)
Unpacking and packing partitions with extension: * .img; * .fex; * .Partition; * .new.dat; * .new.dat.br; * .lz4; * .exT4; * .tar; * .md5
Unpacking and packaging logo partition: logo.img, logo.partition
Unpacking and Packaging: _aml_dtb.partition (Single, Multi, Multi / Gzipped)
Extract from the PAYLOAD.BIN file sections file
Removing from the Super.img file partitions
Unpacking and packaging of resource partition: resource.img
Unpacking and packaging SOC Amlogic firmware, Rockchip and Allwinner
Unpacking and assembling Service Package: * .zip (Update.zip)
Decompiling and compile applications (* .apk)
Github: https://github.com/CryptoNickSoft/MIK
Reserved
Reserved 2
Download link not working for me
Scramble said:
Download link not working for me
Click to expand...
Click to collapse
Update
Mine's in Russian
Edit: Nevermind, I've managed to change the language
RichardHer said:
Mine's in Russian
Edit: Nevermind, I've managed to change the language
Click to expand...
Click to collapse
So do something wrong.
omg, thanks you,this tool is useful!
@CryptoNick
Amazing, I was finally able to extract the system.fex. Originally I have a super.fex, which contained 3 other files: product.fex, system.fex and vendor.fex
Out of the 3 fex-files only 2 were automatically extracted after the initial split: system.fex and vendor.fex. The 3rd file product.fex could be manually extracted with your tool.
System.fex etc. can be created after modification, but how do I re-pack the 3 sub-files into the single super.fex again?
Packaging in super.fex has not yet been implemented. If there is a desire, help the project is financially and I will have more motivation to develop it.
Scramble said:
Download link not working for me
Click to expand...
Click to collapse
yes , not working
Zhao li said:
yes , not working
Click to expand...
Click to collapse
Everything is excellent friend
下载链接对我缠绕
just a readme
GitHub - CryptoNickSoft/MIK: Repack Android partitions from Windows
Repack Android partitions from Windows. Contribute to CryptoNickSoft/MIK development by creating an account on GitHub.
github.com
GitHub - CryptoNickSoft/MIK: Repack Android partitions from Windows
Repack Android partitions from Windows. Contribute to CryptoNickSoft/MIK development by creating an account on GitHub.
github.com
thanks
CryptoNick said:
GitHub - CryptoNickSoft/MIK: Repack Android partitions from Windows
Repack Android partitions from Windows. Contribute to CryptoNickSoft/MIK development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
CryptoNick said:
GitHub - CryptoNickSoft/MIK: Repack Android partitions from Windows
Repack Android partitions from Windows. Contribute to CryptoNickSoft/MIK development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
Thanks
Halo sir,can this tool solve Samsung devices that fail to flash with odin in the system.img section, after editing system.img with the other tool ?
Droid Maps said:
Halo sir,can this tool solve Samsung devices that fail to flash with odin in the system.img section, after editing system.img with the other tool ?
Click to expand...
Click to collapse
Hey! Try. I did not test, since this functionality is not interesting to me.
After hours and hours of googling I finally found something that can unlock logo.img files on Windows. However, it doesn't seem to work for me. I got the following error:
[7920] Failed to execute script 'imgextractor' due to unhandled exception!
Traceback (most recent call last):
File "imgextractor.py", line 374, in <module>
File "imgextractor.py", line 368, in main
File "imgextractor.py", line 261, in __ext4extractor
File "ext4.py", line 484, in __init__
ext4.MagicError: Invalid magic value in superblock: 0x0000 (expected 0xEF53)
I would really appreciate help as I'm really desperate by now.
This can:
Bypass TMO flash lock as it uses 9008 EDL.
Remove TMO sim lock and oem lock as you will be using global rom.
Convert your KB2007 (KB09CB) to KB2005 (KB05AA) as much as possible. (Although you're using the latest KB2005 firmware, any LineageOS stuff, such as LOS system,LOS recovery and LOS fastbootd, will still recognize it as KB2007. This is the same in OOS 11. But in OOS 12 system, it shows and acts like a KB2005.)
Should enables dsds (dual sim dual standby) in OOS 12. (Not tested. But status bar shows two empty sim slots in KB2005 OOS 12. After I flash LOS 19.1, slot 2 won't act unless boot with "persist.radio.multisim.config=dsds" prop.)
Give you access to Global OxygenOS firmware. (Bye slow TMO~)
Probably give you better overall condition (e.g. partition) than some fastboot scripts, as it's done directly by 9008 EDL.
AND THIS WILL DELETE ALL YOUR DATA ON DEVICE!!!
Actually, you should be able to change any brand device to any version you like by this method, but take your own risk as nothing is solid tested.
This can't:
Give you a second IMEI. (In OOS IMEI2 is "null". I guess it's hard baked somewhere.)
Remove TMO flash lock or unlock a locked bootloader. (You still need unlock token for that.)
You tell me please. I don't have enough time to test everything.
Please:
BE AWARE THAT YOU ARE RESPONSIBLE FOR WHAT YOU DO TO YOUR HARDWARE, NOT ME.
MY SUCCESS DOESN'T MEAN IT MAST HAPPENS TO YOU.
YOU ARE THE ONE WHO TAKE ALL THE RISKS. (And your phone, too.)
Be kind to other readers and help them, I can't stay online all day, sorry.
Why:
I own a fully unlocked KebabT running LineageOS 18.1, and I decided to try LOS 19.1 out.
But OOS 12 firmware is so buggy that it even broke my LOS instance, and the fastboot (not fastbootD, for hell reasons I can't enter LOS recovery AFTER ALL firmware upgrade) is also too buggy to fix my issue.
I unbricked my phone using this " https://forum.xda-developers.com/t/...l-to-restore-your-device-to-oxygenos.4180981/ " (Thanks for sharing!!!), but only to find that TMO firmware is so old, buggy and limited.
Then I googled and found this "https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/" and this "https://github.com/bkerler/oppo_decrypt" ,but they are slightly outdated and doesn't fit kebab.
I fetched global firmware from here "https://forum.xda-developers.com/t/oneplus-8t-rom-ota-oxygen-os-repo-of-oxygen-os-builds.4193183/" (Thanks for sharing!!!) and started trying.
After a few tries I succeed and decided to share what I found.
How:
Firstly, know your hardware. Especially your ram type (ddr4 or ddr5) !
Then follow what this "https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/" said, BUT WITH EXTRA MODIFICATION on your "settings.xml":
1. Overwrite "BasicInfo Project", "Version", "ModelVerifyPrjName", "ModelVerifyRandom" and "ModelVerifyHashToken", these makes you pass MsmDownloadTool's pre-check.
2. Scroll to the end of file and overwrite [Target ID="1" Desc="O2"] with [Target ID="101" Desc="TMO"], otherwise your flash won't begin as the tool can't find right hardware to flash.
3. Search for "Image ID=" and modify the results. For me, I have a DDR4 device, so I go with "xbl.img" and "xbl_config.img", so FOR ME I change "Image ID="1"" to "Image ID="101"", and change "Image ID="65537"" to "Image ID="65637"". Otherwise MsmDownloadTool won't be able to locate the right xbl img file to flash.
4. Follow the rest of that great guide and have a few tries, you won't lose more as you're already under EDL mode. Wish you success!
And:
Sorry in advance for any possible confusion as I'm not a native English speaker. You can ask in replies!
Please let me know if I'm wrong, I'll try to correct.
If this is already shared by other great guys, please forgive me as I really didn't find any related post in this forum.
I doubt this "https://forum.xda-developers.com/t/...m-unlock-or-bootloader-unlock-needed.4188491/" (Thanks for sharing!!!) is done in the same way but no one mentioned about it.
Special thanks to bkerler for creating this awesome "https://github.com/bkerler/oppo_decrypt" project!
Special thanks to LuK1337 for maintain LineageOS for OnePlus 8T!! You're great!!
Question:
It it possible to remove flash lock in this way?
I've tried several times to flash with kebab not kebabT MsmTool. But I can't make it work.
I can fix in os12 but need rw or unpack repack rom
Mr Hassan said:
I can fix in os12 but need rw or unpack repack rom
Click to expand...
Click to collapse
I don't understand.
Fix what or unpack what?
Is this what you need? "https://github.com/bkerler/oppo_decrypt"
I'm kind of curious to know what your model number would show up as in the About Phone screen. Being able to incorporate the SIM fix into the ROM would be a good thing. There was a link in the OP to a took that could unpack and repack the OPS file. My concern is, at least with the bastardized Color/Oxygen OS stock hybrid, that it will still see the device as a KB2007 and not an actual KB2005 outside of just the firmware version.
jcsww said:
I'm kind of curious to know what your model number would show up as in the About Phone screen.
Click to expand...
Click to collapse
For LOS and OOS 11, KB2007. (But for OOS 11 software update page, it shows as KB2005. You're able to get KB2005 OTA updates without any problem.)
For OOS 12, KB2005 everywhere.
You can try to spoof device model by using magisk_hide_props_config module, but it's another story.
jcsww said:
Being able to incorporate the SIM fix into the ROM would be a good thing.
Click to expand...
Click to collapse
If you use global version OOS or flash LOS, sim lock no longer exists.
IAAxl said:
I don't understand.
Fix what or unpack what?
Is this what you need? "https://github.com/bkerler/oppo_decrypt"
Click to expand...
Click to collapse
Unpack whole rom system vendor product odm
Its all in super.img
Mr Hassan said:
Unpack whole rom system vendor product odm
Its all in super.img
Click to expand...
Click to collapse
You can get super.img using oppo_decrypt.
But, I thought that's an unencrypted raw disk image, am I wrong?
And by the way, I flashed KB2005 super.img into my KB2007, but fastboot flash lock is still there, have to use unlock code bin file to disable it.
I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?
raven911 said:
I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?
Click to expand...
Click to collapse
In os12 ofcourse your 2nd sim will disable by bootloader partitions and some other as i mention in another post
But good news is i can fix
But bad news no way yo unpack repack or rw after root
raven911 said:
I apologize, as I don't quite understand the original post. This seems to be trying to specify a way to get dual-sim on KB2007 with A12? Apologies for the dumb questions, 1) How do I found out if my KB2007 has DDR4 or DDR5? 2) The instruction link https://www.droidwin.com/convert-oneplus-t-mobile-metro-to-global-on-locked-bootloader/ , following these steps seems to still leave the device on Android 11 (because that is the rom that comes with the MSM tools). If we then update to Android 12, won't that disable the dual-sim again?
Click to expand...
Click to collapse
To answer your questions:
1) Check here: https://wiki.lineageos.org/devices/kebab/fw_update
By the way, 8T hardware has two major variables: UFS 3.0 / 3.1 storage, and lpddr 4 / 5 memory. Storage type doesn't matter to rom flash, but memory type does.
2) Yes! You're still on OOS 11 after change-brand flash, but then you can OTA to KB2005 OOS 12 directly.
And, because my final goal is to run LOS, I didn't put my sim in while my phone is on OOS, so I can't really answer if dual sim is available in OOS 11 or 12.
In LOS, I use magisk_hide_props_config module to add "persist.radio.multisim.config=dsds" into system prop to enable dual sim. You can also try this "https://forum.xda-developers.com/t/...bile-8t-kb2007-with-lineage-aosp-rom.4262669/", same stuff.
If your KB2007 is flash locked, you can try the following steps and see if it will work:
A. Use oppo_decrypt to get elf files from msm rom;
B. Use QPST (and the elf file) to flash magisk patched boot.img into your device under 9008.
C. Install magisk model and get dsds.
∆ The risk is in step B.
I'm not familiar enough with QPST and never succeed to get QPST work to do anything.
Mr Hassan said:
Unpack whole rom system vendor product odm
Its all in super.img
Click to expand...
Click to collapse
Err… Try use MsmTool readback?
Oppo_decrypt offers an option to enable readback. I haven't used it though.
Or can you change what you have to, directly on a rooted device, and check if it works?
I'm still confused. Aren't those img file raw disk images? Can't you mount and read them on any Unix-alike device? How do you usually do this with other devices?
IAAxl said:
Err… Try use MsmTool readback?
Oppo_decrypt offers an option to enable readback. I haven't used it though.
Or can you change what you have to, directly on a rooted device, and check if it works?
I'm still confused. Aren't those img file raw disk images? Can't you mount and read them on any Unix-alike device? How do you usually do this with other devices?
Click to expand...
Click to collapse
let me tell you msm have rb option
but you still not got my pov there,s no rw option in rooted device even after root
so how can i make dump or backup or for which purpose i need backup if i dont even modded something in rooted device
another option which left is unpack system.img vendor.img odm.img etc and modify then repack it
but there,s not way to even convert it to raw i try simg2img but not support by this
even if i able to convert it to raw i can do something
and no its not raw format men. its payload and super
Mr Hassan said:
let me tell you msm have rb option
but you still not got my pov there,s no rw option in rooted device even after root
so how can i make dump or backup or for which purpose i need backup if i dont even modded something in rooted device
another option which left is unpack system.img vendor.img odm.img etc and modify then repack it
but there,s not way to even convert it to raw i try simg2img but not support by this
even if i able to convert it to raw i can do something
and no its not raw format men. its payload and super
Click to expand...
Click to collapse
Okay I understand now..
The goal is to change sth inside vendor and other partition, but they can't be remounted read-write inside system.
And the img file can't be exacted or repacked.
Will you try to remount those partition in recovery ADB maybe?
IAAxl said:
Okay I understand now..
The goal is to change sth inside vendor and other partition, but they can't be remounted read-write inside system.
And the img file can't be exacted or repacked.
Will you try to remount those partition in recovery ADB maybe?
Click to expand...
Click to collapse
Yes now you fully understand
Yes i tried many thing
And yes in twrp also tried remount etc
I also pull files and edit but when i push
Its said device not have enough space
Its maybe need resize etc
Mr Hassan said:
Yes now you fully understand
Yes i tried many thing
And yes in twrp also tried remount etc
I also pull files and edit but when i push
Its said device not have enough space
Its maybe need resize etc
Click to expand...
Click to collapse
I don't know if this helps or not.
But there are some scripts to exctract partitions from SUPER, flash them and make -rw.
[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition
Disclaimer: Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything...
forum.xda-developers.com
[Closed] Universal SystemRW / SuperRW feat. MakeRW / ro2rw (read-only-2-read/write super partition converter)
Welcome to the one and only, the original, universal, System-RW / Super-RW feat. Make-RW / ro2rw (read-only-2-read/write super partition converter) by lebigmac Also known as: THE-REAL-RW, FULL-RW, EXT4-RW, EROFS-RW, EROFS-2-RW, F2FS-RW...
forum.xda-developers.com
Rootk1t said:
I don't know if this helps or not.
But there are some scripts to exctract partitions from SUPER, flash them and make -rw.
[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition
Disclaimer: Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything...
forum.xda-developers.com
[Closed] Universal SystemRW / SuperRW feat. MakeRW / ro2rw (read-only-2-read/write super partition converter)
Welcome to the one and only, the original, universal, System-RW / Super-RW feat. Make-RW / ro2rw (read-only-2-read/write super partition converter) by lebigmac Also known as: THE-REAL-RW, FULL-RW, EXT4-RW, EROFS-RW, EROFS-2-RW, F2FS-RW...
forum.xda-developers.com
Click to expand...
Click to collapse
I done manything even convert to ext4
In shel its showing rw
And also in root explorer get rw but still not edit anything
I also try similar approach using qpst. I can read/save qpst and qcn but i can't write back.
vortex91 said:
I also try similar approach using qpst. I can read/save qpst and qcn but i can't write back.
Click to expand...
Click to collapse
Could you please share what you find?
I'm really unfamiliar with QPST, any info could help.
So, I'm not need T-Mobile help to sim unlock my phone?
Just convert it to global, and it will be carrier unlocked?
Are I read this right?
Deleted.