DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
Visit this thread for more information
________________________________________________________
CAVEAT
I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
Updating with OTAs should be the same process as the other guides here.
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)
________________________________________________________
STEPS:
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktopfor Mac, type cd desktop or cd /Users/yourname/Desktop
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/bb. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.b. Use Select and Patch a File on boot_a.img
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
10. Reboot and verify it worked.
Forgot to tag it... if an admin is able to do so I'd appreciate it.
Just applied for a bootloader unlock today. When i get approved ill attempt this guide.
I am currently on T-Mobile 11.0.5.7.KB09CB.
Unlike other methods prvoided here for the 8T I got this method to work. Thank you very much!
clarification update: I own the t-mobile kb2007 model of phone
a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
Some prework I had to do for my OnePlus 8T KB2005
-ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
-ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
-With device in bootloader/fastboot, run: fastboot flashing unlock
-verify with your phone to accept
-phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
-renable OEM lock and USB debug
-restart back into bootloader/fastboot
-now you are ready to root
Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
I'm having the same issue although its more tied in with removing youtube as a system app for vanced
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
Actually Is not possible on devices borned with android 10 or above.
giacomowrc said:
Actually Is not possible on devices borned with android 10 or above.
Click to expand...
Click to collapse
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Mpolo87 said:
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Click to expand...
Click to collapse
Yes of course.
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give temporary su access through adb.
Extract boot_a.img and boot_b.img to your computer.
Reboot into OxygenOS and copy boot_a.img and boot_b.img back to your phone.
Use Magisk to patch both images.
Copy the patched images back to your computer.
Use fastboot to temporarily boot using the patched image, giving you temporary root.
Use Magisk to direct install for permanent root.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
________________________________________________________
STEPS:
1. Get the semi-broken TWRP .img. This won't give you a gui but will give you su access over adb. You DON'T want to flash this, we're just booting with it temporarily.
2. Restart your phone into fastboot mode.
3. On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here). Run the following:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb pull /sdcard/boot_b.img boot_b.img
4. Copy the extracted files to a user accessible area of your phone.
5. Install the latest Magisk Canary release to your phone.
a. Select the Install option.b. Use Select and Patch a File on both boot_a.img and boot_b.imgc. You should rename them or make note of the new names given by Magisk. You'll need to use one or the other depending on which partition is active.
6. Copy the patched .img files back to your computer.
7. Restart your phone back into fastboot mode.
8. On your computer, run:
Code:
fastboot getvar all
9. Find which A/B partition is active on this line: (bootloader) current-slot:a/b
10. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot patched-boot-a/b.img
11. You now have temporary root access, to make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
12. Reboot and verify it worked.
Click to expand...
Click to collapse
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
sameog said:
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
Click to expand...
Click to collapse
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Mpolo87 said:
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Click to expand...
Click to collapse
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Please note: I love this guide. It's cohesive and well-written. I just need pictures to "see" on what and where to do. I'm visual.
UPDATE: I followed the tuturial to the best of my ability and I got nothing. I'm giving up and taking a step back.
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./fastboot boot recovery.img
Sending 'boot.img' (64964 KB) OKAY [ 1.660s]
Booting OKAY [ 0.084s]
Finished. Total time: 1.939s
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
OnePlus8T:/ # dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.194981 s, 492 M/s
OnePlus8T:/ # dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.185497 s, 518 M/s
OnePlus8T:/ # exit
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_a.img boot_a.img
/sdcard/boot_a.img: 1 file pulled, 0 skipped. 27.7 MB/s (100663296 bytes in 3.470s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_b.img boot_b.img
/sdcard/boot_b.img: 1 file pulled, 0 skipped. 32.0 MB/s (100663296 bytes in 2.997s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb reboot
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows>
sameog said:
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Click to expand...
Click to collapse
You're missing the command "cd" before the path to change the directory to the new one. It should be cd C:\Users\Mr. Lew\Desktop\oneplus 8t boot image then press enter. Now you can reference any file in that folder by just the name without its entire path as a prefix being required.
A difficult method
zengin said:
Diğer yöntemden hiç de kolay değil.
Click to expand...
Click to collapse
huh?
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
sameog said:
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
Click to expand...
Click to collapse
While this is a temporary solution, it is also a bad solution because you can land with not being able to boot your phone every time an incremental update comes along.
Related
One thing I've noticed is there isn't a lot of documentation for getting set up and unlocking your bootloader on a Linux OS. Setting up your machine to get adb and fastboot to recognize your device takes a tiny bit of extra work on a Linux operating system, but what exactly needs to be done may not be clear to everyone. Whether it's because you're new to the Android SDK/adb, somewhat new to Linux, or can't simply can't seem to find the Vendor Code for the Nexus S. (For those who are looking specifically for this, it's '18d1', and I assume will be the same on all Nexus devices to come; If this means nothing to you right now, read on.)
Disclaimer: I take no responsibility if something goes wrong (if it does, it should be fixable though), Unlocking your bootloader voids your warranty (but you can lock it back), Unlocking the bootloader will wipe your entire phone, including USB Storage; so make a copy of all those family photos and other files you may have put onto the USB storage if you want to keep them.
For the sake of sanity, this guide assumes you are using Ubuntu. If you're using something else (or different applications), there are terminal commands offered, and you probably have an idea on how to adapt the given instructions to your Linux OS.
Preparation: Installing the Android SDK, ADB, Fastboot & Setting Up Your Nexus S to be Recognized
1. Download the Android SDK for Linux: http://dl.google.com/android/android-sdk_r08-linux_86.tgz
2. Save it in a folder of your choice. I chose to keep it in my Downloads folder, myself. If you'd like, you can rename it to the simpler name of 'AndroidSDK.tgz'. The rest of the guide will assume that you did, because I'm lazy, and it makes things simpler; it will also assume you saved it in Downloads. If you feel that you have the intuition to rename and edit the path names based on your own choices, then fine; but if you're utterly lost here, just stick with what I'm doing; download to 'Downloads', rename to 'AndroidSDK.tgz'.
3. Now that you have it, navigate to the folder you downloaded it to, right-click, and click 'Extract' to unzip it. If for some reason you cannot do this, open up a terminal and try this command:
Code:
tar zxvf /home/<your-user-name>/Downloads/AndroidSDK.tgz
You may have to adjust the command if you didn't save it under Downloads or didn't rename the file to AndroidSDK.tgz.
4. Now, we'll install adb and some other software packages by starting up the Android SDK and AVD Manager. Start it either by:
- Navigating to your AndroidSDK folder, going to the 'tools' folder and double-clicking the file called 'android'; if a popup opens asking you what you want to do with it click 'Run'.
- Using this command:
Code:
/home/<your-user-name>/Downloads/AndroidSDK/tools/android
5. In Android SDK and AVD Manager, click on "Available packages". Check the box next to "Android SDK Tools, revision 8" and "Android SDK Platform-tools", and click on "Install Selected" then "Install". When prompted click "Yes" to restart ADB.
6.You should now have a folder in /home/<your-user-name>/Downloads/AndroidSDK/ called "platform-tools".
7. Download fastboot here: http://developer.htc.com/adp.html
- Save it to the aforementioned platform-tools folder.
- Now, navigate to the file, right click it, click 'Properties', go to the 'Permissions' Tab and check 'Allow executing file as program'. Alternatively, run this command:
Code:
chmod +x /home/<your-user-name>/Downloads/AndroidSDK/platform-tools/fastboot
8. Now to set things up so adb and fastboot recognize your Nexus.
- Type this command into a terminal:
Code:
gksudo gedit /etc/udev/rules.d/51-android.rules
- Paste this into the blank file:
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="18d1", MODE="0666"
- Click save and close.
- Then, type the following terminal command:
Code:
sudo restart udev
9. Almost done with preparations! Run this command:
Code:
gedit .bashrc
And add this line to the top of the file:
Code:
#AndroidDev PATH
export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools
Then save the file and close.
10. Download this file and save it to /home/<your-user-name>/Downloads/AndroidSDK/platform-tools: http://www.mediafire.com/?4pe5y906zr67nfh
10.We're ready to go!
Unlocking the Bootloader on your Nexus S and Rooting
Once again, unlocking your bootloader wipes everything on your device, including USB storage. Make a backup of any files you want to keep.
1. On your Nexus S, go to Menu>Settings>Applications. Select "Development" and check the box next to "USB debugging"
2. Power off the phone, and then hold down the Volume Up button and the Power button simultaneously to get into Bootloader/Fastboot mode. Connect your Nexus to the computer via USB.
3. Run this command to unlock your bootloader: (Once again WIPES EVERYTHING!)
Code:
fastboot oem unlock
Hit Enter and on your phone you will be prompted to confirm the action. (Use Volume +/- buttons to choose, power button to confirm choice) Confirm. At this point you will have an unlocked bootloader.
4. Copy/paste the following into the Terminal window:
Code:
fastboot flash recovery /home/<your-user-name>/AndroidSDK/platform-tools/recovery-clockwork-herring.img
5. Use the Volume +/- buttons to choose the Recovery option, then press the power button.
6. In Recovery, go to 'mounts and storage' and choose 'mount USB storage'.
7. Go to this page: http://forum.xda-developers.com/showthread.php?t=682828
About 1/5 of the way down on that page, find the link for "su-2.3.6.1-ef-signed.zip", which is the link for the Froyo version of Superuser. Control-click (right click) on that link and choose "Download Link As..." Save that file to your desktop and then copy it to the main directory of your mounted phone.
8. Click 'Unmount'. Go back to 'mounts and storage' and choose 'mount /system'. Then Go Back and choose 'install zip from sdcard'>'choose zip from sdcard'>su-2.3.6.1-ef-signed.zip
9. When it's finshed installing, reboot. You are now rooted.
Special Thanks
Amin Sabet; I used your Mac guide as a reference and copy/pasted some things for convenience.
Koush; For first posting the unlocking information, developing ClockworkMod Recovery, and ROM Manager. You should probably hook him up with a donation. https://www.paypal.com/us/cgi-bin/w...63663d3faee8d9384d85353843a619606282818e091d0
Michael.B.; for suggesting adding the platform-tools folder to the .bashrc file.
Linus Torvalds; Without which we'd have neither Android nor Ubuntu.
Feel free to leave your comments on the guide below.
Good guide for beginners, I would throw in how to update their path so they can just type adb or fastboot
On Linux, edit your ~/.bash_profile or ~/.bashrc file. Look for a line that sets the PATH environment variable and add the full path to the tools/ and platform-tools directories to it. If you don't see a line setting the path, you can add one:
export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools
Click to expand...
Click to collapse
Be sure to update your username above.
Thanks a lot man, great guide. I didn't get my NS yet but this is gonna be very useful soon
ps: someone please stick this
Michael.B. said:
Good guide for beginners, I would throw in how to update their path so they can just type adb or fastboot
Be sure to update your username above.
Click to expand...
Click to collapse
Thanks for the tip. I added your tip and instructions for marking fastboot as executable.
Stuck due to the thread's usefulness
I forgot to ask: will this work for 64 bit systems?
nicholasbgr said:
I forgot to ask: will this work for 64 bit systems?
Click to expand...
Click to collapse
It should work just fine.
Thanks, got me rooted nice and quickly.
BlackOtaku said:
It should work just fine.
Click to expand...
Click to collapse
Yes but don't forget to install 32 libs.
Thanks for guide
Useful !
I'm waiting for cyanogen ROM so i'll able to install
Cheers
To confirm, yes it works on 64bit. I am running that
Thanks for the confirmation, guys
Good stuff, much appreciated.
I'm working on a simple shell script that should automate some of the more menial tasks while holding the user's hand through the process. I should have it up later today.
UPDATE: It's up! Link on the first page.
Sent from my Nexus S using XDA App
question:
If I use
Code:
fastboot boot recovery.img
instead of
Code:
fastboot flash recovery recovery.img
will i get OTA updates?
confiq said:
question:
If I use
Code:
fastboot boot recovery.img
instead of
Code:
fastboot flash recovery recovery.img
will i get OTA updates?
Click to expand...
Click to collapse
Or, I don't get OTA until i change OS with zip file (ex: su app) ?
confiq said:
Or, I don't get OTA until i change OS with zip file (ex: su app) ?
Click to expand...
Click to collapse
You shouldn't flash the recovery in the boot partition, I think that will cause problems with the phone period. :S
If you flash a custom boot.img (which this guide doesn't cover, though the script will flash Superboot) or kernel like Paul's Superboot, Supercurio's Voodoo Kernel, or Koush's insecure boot.img, OTA updates will fail to install. OTA updates will also reflash your recovery back to stock. One of the devs around here will probably start modifying them so they don't check the boot.img or reflash the recovery though.
Thanks for this! Worked perfectly
Hi all,
I have a strange problem. I can install ClockworkMod recovery but, when I reboot the phone, I don't have superuser installed and su doesn't work. If I reboot the phone, I have to install the recovery every time. It seems it isn't permanent.
Thanks
Matroska
matroska said:
Hi all,
I have a strange problem. I can install ClockworkMod recovery but, when I reboot the phone, I don't have superuser installed and su doesn't work. If I reboot the phone, I have to install the recovery every time. It seems it isn't permanent.
Thanks
Matroska
Click to expand...
Click to collapse
To fix the problem, before selecting zip file, you have to select mount /system. Then go to apply update.zip and proceed as usual.
Thanks
ok im stock
with this part fastboot oem unlock ware i put this code in my terminal of my pc ,,i put the cell in fasboot , i intall everiting if i put that code in my terminal
bash: /home/toshiba/.bashrc: line 2: syntax error near unexpected token `('
bash: /home/toshiba/.bashrc: line 2: `export PATH=${PATH}:/home/<your-user-name>/Downloads/AndroidSDK/tools:/home/<your-user-name>/Downloads/AndroidSDK/platform-tools# ~/.bashrc: executed by bash(1) for non-login shells.'
[email protected]:~$ fastboot oem unlock
fastboot: command not found
[email protected]:~$
what can i do or im doing wrong
The purpose of this tutorial is not to teach you everything. It's just to give the less-than-average user (noob) an idea of why certain steps are taken and how to prevent and or troubleshoot problems that most people have when rooting or flashing ROMs on their device. I am also assuming that if you do decide to root your device you have at least a basic working knowledge of a computer. If you don't know what a desktop is or how to find the "any" key, you have no business being anywhere near a computer much less an android device…continue no further. Read my tutorial…If you like it, let me know. If I missed anything or got something wrong, let me know…I'll try to fix it. If you're impartial to it, I couldn't care less. If you hate it, PM me…I have some important information for you about anger management.
ROOTING
While there are different rooting "methods" they all rely on the same basic concept. Get temporary root access to your system in order to use the adb (Android Debug Bridge) to transfer necessary files and change permissions to permanently root (take ownership of) the device.
Before programs like KindleFireUtility and KindleWater, rooting the Kindle Fire was done manually through a command line interface (command prompt). Although those programs still use the same methods, you never see it. But why use command prompt? What do those commands mean anyway? Anyone can point and click but if you don't know what is going on behind the scenes then you are big trouble when things go wrong…and they inevitably will. So, let's get started.
From here on out we will consider this the beginning of the tutorial. Read everything first before doing anything. Pay close attention to what's being said and follow instructions carefully. Now...
Before anything your device needs to be fully charged and have the Android SDK and the Kindle adb drivers installed onto your computer. I'm not going to go into how to install SDK or Kindle adb drivers here because there are millions of pages on the internet that will teach you, and quite frankly that's not the purpose of this tutorial. That being said, lets get down to business and talk about the older (manual) methods of rooting the Kindle Fire.
First, lets start with the device turned on. Now go to your Kindle Fire settings and scroll down and select "Devices". Make sure "Allow Installation of Applications" is set to ON. This allows you to install apps not downloaded from the Amazon App Store. Next we open the App Store and search for and install a file management utility (ES File Explorer is a good one to start with). This will be necessary to temporarily root your device. Exit the App Store.
Now plug your device into the computer. For the purposes of this exercise there are two USB modes you will need to know, USB debugging and USB file transfer. On stock devices when you plug into your computer you will see a black screen that says "You can now transfer files from your computer to Kindle". This we will call USB file transfer mode. You will use this to transfer a program to your device that will give you temporary root permissions. The old program for this was ZergRush, nowadays its BurritoRoot and tomorrow it will probably be something else. Whatever it is, find whichever one works for your device's software version and transfer it to your device using Explorer (Windows) or Finder (Mac). Since you don't have root access yet, everything you put on your device for now will go directly to the SDcard partition, far away from system folders (for all intents and purposes).
Press "disconnect" on your Kindle Fire. Now, and by default, your Kindle is in USB debugging mode. What that means is that when you are not in USB file transfer mode your device is constantly listening for debugging commands coming from the USB port. We will be using this to send adb commands to the device which are necessary for rooting and setting up recovery. Now open the file management app you installed from the App Store, navigate to the temporary root program you transferred from your computer and open it. Install and follow the instructions, if any. Next go to your computer and navigate to your Android SDK folder and look for a folder called "platform-tools" if you don't see it, open the tools folder and double-click the file named "Android". Select "platform-tools" and install.
To make things simple, lets to take the platform-tools folder and place it on your desktop (just be sure to put it back when this is all over).
At this point we need to get Superuser. This is what we will use to give your apps root access. Go to http://www.androidsu.com/superuser and download the one for Gingerbread. Extract the superuser.zip file, open the folder and navigate to the system folder inside. There, inside the "app" and "bin" folders you will see two files called "superuser.apk" and "SU". Place them in the platform-tools folder that is now on your desktop. And now the fun part, it's time to start rooting.
Open your command prompt (or terminal for mac users) and type and enter:
cd Desktop/platform-tools
Here, you are telling the computer to cd (change directory) to the platform-tools folder located inside the Desktop folder. This is going to be your workspace. Everything you do from here on will be done from this folder. If you don't get any errors then you are in good shape. Otherwise you messed up somewhere and probably skipped a step...go back and read from the beginning. Make sure your Kindle Fire is turned on and NOT in USB file transfer mode. If you are not sure what mode you're in, go back to the beginning. If this is your second time around, stop. You need to learn more about how to change directories using command line interface.
When you are in the platform-tools folder, type and enter this command:
adb devices
Mac and Linux users will put ./ before all adb and fastboot commands from here on out. It will look like: ./adb devices
Here you are using the adb program to print a list of connected devices. You should see a bunch of numbers that mean nothing to you at this skill level. Move on. If you don't see any numbers then you either don't have your drivers installed properly or you skipped a step; go back to the beginning.
If you do get a bunch of numbers your device is connected. Now type and enter:
adb root
...gives root permissions to the adb
adb remount
...mounts the system partition to a "read/write" state allowing you to make changes to system files and folders. Consequentially, if you enter adb remount a second time, you will change it back to "read only". Don't do that.
adb push su /system/xbin/su
...will push (transfer) the file named "SU" that is in your workspace (platform-tools folder) to the su folder inside the xbin folder of your device's system folder. The SU binary file is what other apps call to when they need superuser rights.
adb shell chown 0.0 /system/xbin/su
...this is where it gets a little funky. It opens a shell interface within the adb in order to chown (give ownership permissions) to user 0.0 for the su folder. A shell is a piece of software with a particular set of commands built in to act as sort of a go-between between the user, operating system and hardware kernel services. But who is user 0.0? [Edit:] User 0.0 is the root user. Thanks to b63 for that piece of knowledge
adb shell chmod 06755 /system/xbin/su
...opens a shell within the adb to chmod (change mode) of the su folder to 06755. What that basically means is you are changing the folder permissions to rwxr-xr-x or read/write/execute for the owner, and read/execute for the group and others.
adb install superuser.apk
...installs the program superuser.apk located in the platform-tools folder. Superuser.apk maintains a database of what apps you allow to access SU binary file.
That's how the rooting process works. Again if you get any errors, you did something wrong. Go back to the beginning and read it all over again. Attention is key.
Also, I suggest you skip the one-click methods for rooting and get used to using the command line interface so you understand how the process works in order to quickly troubleshoot problems should they arise. Oh and congratulations, you are rooted.
RECOVERY
Now lets install a custom recovery utility and a new boot-loader. For this you will be using the fastboot command. Before we go on, one thing you absolutely must get your head around is the difference between how fastboot interacts with your device versus how adb interacts with your device. fastboot deals with the boot portion of the device whereas adb only deals with the system portion. What that means is adb will only work when the device is completely booted. If for some reason your device doesn't boot properly then you should not be issuing adb commands. It's like trying to light a match in a vacuum. Fastboot works in the same way in that you must be in the fastboot bootmode in order to issue fastboot commands. Unless you have custom recovery installed or a factory programming cable there is only one way to get into fastboot mode. We'll talk about that later.
Installing recovery is a simple process but it is where people tend to have the most problems. Part of the reason is the misunderstanding of the different bootmodes. For now, you only need to be concerned with two of them; normal bootmode (4000) and fastboot bootmode (4002). The main reason people run into trouble is that once you are in a particular bootmode, it doesn't change until you tell it to (with the exception of temporary fastboot which we will get into later).
In normal bootmode your device will boot...normally (imagine that). With the fastboot bootmode the boot-loader will hang at the Kindle Fire splash screen (or yellow triangle if you have recovery installed) to wait for further commands. If this happens to you, chances are your only problem is you are in the wrong bootmode, which is easy to fix. Knowing that, installing a custom recovery should be a breeze.
First find whatever recovery you want to use (unzip it if you have to) and place the .img file into your platform-tools folder that you were using earlier. We're going to use adb to change the bootmode to fastboot in order to install custom recovery. Remember, anything that pertains to the boot-loader, (Kindle Fire logo/yellow triangle) will be done in the fastboot bootmode; that includes custom recovery installation. For more information on Kindle Fire bootmodes, boot-loaders, fastboot and just about everything else, see this post:
http://forum.xda-developers.com/showthread.php?t=1552547
From your command prompt type and enter:
adb shell
su
idme bootmode 4002
reboot
What that does is tells adb to open a shell and su (substitute user) for the root user, change the bootmode from normal (4000) to fastboot (4002) and reboot. The root user has the necessary permissions to change the bootmode from the adb. Your device will reboot then hang at the splash screen because it is in the fastboot bootmode.
Now install your custom recovery (we'll call it customrecovery.img for now)
fastboot -i 0x1949 boot customrecovery.img
again, for Mac and Linux you would type: ./fastboot -i 0x1949 boot customrecovery.img
That tells your computer to, using the fastboot program that is in your platform-tools folder, boot the device with the ID of 0x1949 (your Kindle) with the file named "customrecovery.img"
After installation, reboot, but you will still be in the fastboot bootmode. So type:
fastboot -i 0x1949 oem idme bootmode 4000
fastboot reboot
…tells the device to reset the partition where the recovery(?) is located, change the bootmode to normal (4000) and reboot.
TROUBLESHOOTING
Flashing custom ROMS are another source of frustrations as they add too many variables to the equation. Some ROMS can be very unstable and cause weird things to happen to your device. But just knowing how this stuff works will help you fix 90% of the problems that may come up. If you are having trouble with your device, troubleshoot the problem:
Does the device turn on?
No
Is it fully charged?
No--> Charge it
Is it fully charged?
Yes--> Hold the power button for 30 seconds and restart
Does the device turn on?
No--> Hold the power button for 3 minutes and restart
Does the device turn on?
No--> Google search "Motorola USB factory programming cable"
Does it boot normally?
No
Do you have custom recovery installed
No--> You need to get into fastboot mode to issue fastboot commands. Google search "Motorola USB factory programming cable"
Do you have custom recovery installed?
Yes--> During the first 5 seconds of seeing the boot splash screen (this is temporary fastboot mode that comes with custom recovery) issue fastboot command to change bootmode to 4000. Reboot
Does it boot normally?
No
Can you get into recovery?
No--> During the first 5 seconds of seeing the boot splash screen (temporary fastboot mode) issue fastboot command to install a new customrecovery.img. Reboot.
Can you get into recovery?
Yes--> Re-flash your ROM. Reboot.
Does it boot normally?
No--> Enter recovery, factory reset, wipe cache, wipe dalvik cache, re-flash your ROM. Reboot
Does it boot normally?
No--> Enter recovery, factory reset, wipe cache, wipe dalvik cache, flash a different ROM. Reboot
Does it boot normally?
No--> Post your problem on the XDA forum. Include all pertinent information such as what rom you are using, what the exact problem is, what you were doing before the problem occurred and all the steps you have taken to try and fix the problem.
Does it boot normally?
Yes--> Give yourself a pat on the back, because you rock!
Do you Rock?
No--> Start over from the beginning
nice
--sent from my glacier.
[GUIDE] UNLOCK - ROOT - RETURN TO STOCK and/ or UNBRICK your Nexus 7 3G “Nakasig- Tilapia” v4.2.2
- Disclaimer: I don't take any responsibility for anything you do to your tablet, which is to transform it into brick, break, or transform it into coffee machine -
Requirements:
1. You must have the sdk (ADT Bundle for Win) installed on your Pc and you are able to access, and use adb and fastboot.
NOTE: Notice the install location. This defaults to C:\Users\<user name>\AppData\Local\Android\android-sdk the platform tools (adb, fastboot) and usb drivers will be downloaded to this location. This will be referred to from here on as your sdk directory
But in case you haven't install all SDK, you can use only fastboot by the easy way.(Go here if you want to use the easy way to fastboot)
2. You must have ticked USB Debugging mode in your Nexus 7 3G
3 You must download and install - USB DRIVERS r_06 for Windows 7 & 8
4. Download one of both root-tool
CF- Auto-Root by Chainfire - Download link for Version Tilapia - Nakasig
or the Superboot r4 by Paul O’Brien - Actually I'm not sure if Superboot is functionnal for version 4.2.2 - I tested with my Grouper v4.2.2 and I stayed in Google screen with bootloop.
5. Download your recovery special for your Tilapia - Nakasig
CWM (Touch version or not)
TWRP - latest versions
ClockworkMod - Google Nexus 7 (GSM) - Superuser (fixed) for Android 4.2.
and rename your select with the name of the recovery image you chose to download.
6. The factory image for the Nexus 7 3G => 4.2.2 (JDQ39) - nakasig-jdq39-factory-0798439d.tgz - md5: ee8db1ed6ff1c007fe12136d4bc65cd8- size: 279.9MB - The Version Zip if you prefer
Click to expand...
Click to collapse
AND DON'T FORGET THAN IT'S BETTER FOR YOUR SPECIAL N7 3G+
TO USE THE SPECIAL RECOVERIES "TILAPIA - NAKASIG"
and NOT "GROUPER" WHICH ARE DIFFERENTS
Click to expand...
Click to collapse
**********************************************************************************************************************************************************************
Pre-Steps
To make this easier,
1 - you should put the root-tool.zip selected on the folder “fastboot” (if you use the easy way - Goto post #2)
2 – You should put the recovery.img selected on the folder “fastboot”
UNLOCK YOUR NEXUS 7 3G+
Click to expand...
Click to collapse
To unlock your device, you must go to your bootloader. To do that, you have possibilities;
1. Turn your device on while pressing volume down
or
1. Connect your device and go to cmd terminal
Code:
> cd \Users\<user name>\AppData\Local\Android\android-sdk\platform-tools (it's common localization for an auto install)
> adb devices
# the following output should be returned
List of devices attached
<device serial number> device
2. Boot to the bootloader by use adb
Code:
adb reboot bootloader
or
2 Bis. Boot to the bootloader by use fastboot
Code:
fastboot reboot-bootloader
3. Unlock your device* by
Code:
fastboot oem unlock
*You will have to accept and erase all of your data on the tablet.
You are unlocked :good:
By Fastboot only easy way - Unlock you device
Code:
C:\Users\Username>cd c:\fastboot
Code:
c:\fastboot>fastboot oem unlock
**********************************************************************************************************************************************************************
FLASH THE RECOVERY
Click to expand...
Click to collapse
You can choose one of both recoveries - CWM or TWRP
Flash ClockworkMod Recovery as Permanent recovery
Click to expand...
Click to collapse
(You're still inside the bootloader and connected through the usb cable)
1. Flash CWM especially for your N7 3G
Code:
fastboot flash recovery recovery-name of your recovery.img
To make CWM Permanent recovery
2. Boot into recovery by pressing “volume up” and when the menu says ‘recovery mode’ press the power button
3. Go to “Mounts and Storage” menu
4. select “mount system”
5. Type in cmd terminal
Code:
adb shell
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
exit
If you having trouble gaining shell, try
Code:
adb kill-server
then
Code:
adb start-server
. And restart the lines command above
* For some people, it has been reported that you don't have to replace recovery-from-boot.bak. The flash is enough to make the recovery stick.
**********************************************************************************************************************************************************************
Flash TWRP as Permanent recovery
Click to expand...
Click to collapse
(You're still inside the bootloader and connected through the usb cable)
1. Flash TWRP especially for your N7 3G
Code:
fastboot flash recovery recovery-twrp-tilapia-2.4.4.0.img
To make TWRP Permanent recovery
2. Boot into recovery by pressing “volume up” and when the menu says ‘recovery mode’ press the power button
3. Go to “Mounts and Storage” menu
4. select “mount system”
5. Type in cmd terminal
Code:
adb shell
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
exit
**********************************************************************************************************************************************************************
FOR THE ROOT
Click to expand...
Click to collapse
- [2013.02.20][N7 WiFi | N7 3G] CF-Auto-Root
Click to expand...
Click to collapse
What's installed
- SuperSU binary and APK
- Nothing else, that's it.
Installation and usage
- Download the ZIP file (see post below for link)
- Extract the ZIP file (you will see - 2 folders=> images & tools and 3 files: root-windows // root-mac // root-linux)
- Boot your device in bootloader/fastboot mode. Usually this can be done by turning your device off, then holding VolUp+VolDown+Power to turn it on.
- Connect your device to your computer using USB
- Windows:
Code:
Run root-windows.bat
- Linux
Code:
chmod +x root-linux.sh
Code:
Run root-linux.sh
- Mac OS X
Code:
chmod +x root-mac.sh
Code:
Run root-mac.sh
- [ROOT] Superboot - Nexus 7 WiFi / 3G root solution
Click to expand...
Click to collapse
How to use Superboot - Windows, Linux and OSX
- Download the Superboot zip file above and extract to a directory
- Put your device in bootloader mode - Turn off the phone then turn on with the 'volume up' and 'volume down' buttons both pressed to enter the bootloader (as pictured below)
- WINDOWS - double click 'superboot-windows.bat'
- MAC - Open a terminal window to the directory containing the files,
and type
Code:
chmod +x superboot-mac.sh
followed by
Code:
./superboot-mac.sh
- LINUX - Open a terminal window to the directory containing the files,
and type
Code:
chmod +x superboot-linux.sh
followed by
Code:
./superboot-linux.sh
**********************************************************************************************************************************************************************
RETURN TO STOCK and/or UNBRICK your N7 3G+
Click to expand...
Click to collapse
Before you begin, please make sure you have ADB and Fastboot drivers installed and working.
1. Download the factory image for the Nexus 7 3G=> 4.2.2 (JDQ39) - nakasig-jdq39-factory-0798439d.tgz - md5: ee8db1ed6ff1c007fe12136d4bc65cd8- size: 279.9MB - The Version Zip if you prefer
2. Extract the factory image into the same directory as your ADB and Fastboot executables (e.g. "\android-sdk\platform-tools")
3. Plug in your device. If you are booted into Android, open a command prompt to your ADB and Fastboot directory, then type:
Code:
adb reboot bootloader
If your device is powered off, press and hold both volume keys and the power button simultaneously. After holding all three buttons for a couple of seconds, your bootloader should launch. This should reboot you into the bootloader.
4. Type:
Code:
fastboot flash bootloader bootloader-tilapia-4.18.img
5. Type:
Code:
fastboot reboot-bootloader
6. Now type:
Code:
fastboot -w update image-nakasig-jdq39.zip
7. Optional: If you would like to relock your bootloader for warranty or security purposes, make sure you are in your bootloader screen again and type:
Code:
fastboot oem lock
8. If your tablet hasn't already rebooted automatically, you can type
Code:
fastboot reboot
Well done. You should now be back on stock Android 4.2.2
**************************************************************************************************************************************************************************************
These root tools are actually the easy way for rooting your device, so you can use them without problems.
IF YOU NEED MORE ABOUT THE NEXUS 7 3G+ "NAKASIG - TILAPIA" YOU MUST GO HERE
=> [Index]- 29 Dec 2012 - All for NEXUS 7 - "Nakasig/Tilapia" - (GSM/HSPA+)
and
=> NEXUS 7 3G-"nakasig"-For all Your Jelly Bean Discussions, Problems and Solutions
Click to expand...
Click to collapse
For my part I’ve used
the easy way by my fastboot guide for unlock my device,
Adb lines command for flash TWRP as permanent recovery,
Thanks for @mateorod, @Chainfire, @paulobrien and all members who helps for the development about the Nexus 7 3G+
The EASY WAY TO USE FASTBOOT LINES COMMAND
HELP FOR FLASH MORE FASTER WHEN YOU USE FASTBOOT LINE COMMAND
If you have got a problem with your adb or fastboot or recovery....it's very simply and faster
use this:
Download this file "fastboot.zip"
Install this file somewhere in one folder which is named "fastboot" on your PC
=> disk C: root
Unzipped this file on the folder "fastboot" and you will find 3 files:
- adb.exe
- AdbWinApi.dll
- fastboot.exe
and when you need to push something by the bootloader, you can use it.
Don't forget to push on this folder the file that you need. For exemple: boot.img or a recovery.img, etc...
The line command is :
Code:
c:\fastboot>
Enter
Code:
c:\fastboot>fastboot flash recovery recovery.img
Enter
If you want to flash the "recovery.img" file
******************************************************************
******************************************************************
If you want to know all lines of command
Code:
c:\fastboot>fastboot
Code:
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default: 2048
Reserved in case
Hello, this is my first post on xda.
When i tried use "adb fastboot bootloader" cmd say to me : no device. Where is problem?
piski93 said:
Hello, this is my first post on xda.
When i tried use "adb fastboot bootloader" cmd say to me : no device. Where is problem?
Click to expand...
Click to collapse
Try the easy way on first
Use the post 2.
You can use it for all the install, except for for the permanent recovery where you will have to use ADB line command.
The best you can do, it's to use fastboot easy way and when you have finished, you learn and install correctly your sdk and check all your parameters. And when you will be ready you will be able to use adb lines command easily to install your recovery in a permanent way.
It's too long for a course about sdk, the best you can do it's to to search and read. Go to my index, and read the General guides
Gonna try this later today. Though something is a bit fishy. When I use adb from the fastboot.zip it can't find my device but from the platform-tools dir it seems to work fine. Are they different versions? How big risk is it to brick the device while unlocking/rooting and installing recovery? Pls tell me its unbrickable. cheers
Skickat från min GT-I9300 via Tapatalk 2
znejk said:
Gonna try this later today. Though something is a bit fishy. When I use adb from the fastboot.zip it can't find my device but from the platform-tools dir it seems to work fine. Are they different versions? How big risk is it to brick the device while unlocking/rooting and installing recovery? Pls tell me its unbrickable. cheers
Click to expand...
Click to collapse
I can't says it's unbrickable !!!
The differences between these versions is:
If you use sdk/platform tools it's the more complete install and the easy way for fastboot, that just if you need to use fastboot line command, but it's not more complete for using with adb lines command.
If you go to the post 2, you will see all the lines command for fastboot.
If your sdk install is correct, you can use it without problems.
The easy way by fastboot is just a shotcut
philos64 said:
I can't says it's unbrickable !!!
The differences between these versions is:
If you use sdk/platform tools it's the more complete install and the easy way for fastboot, that just if you need to use fastboot line command, but it's not more complete for using with adb lines command.
If you go to the post 2, you will see all the lines command for fastboot.
If your sdk install is correct, you can use it without problems.
The easy way by fastboot is just a shotcut
Click to expand...
Click to collapse
I tried and everything seemed to work fine ... i Unlocked/flashed twrp then "mv recovery-from-boot.p recovery-from-boot.bak" didnt work cause it couldnt find the file... :/ i continued and flashed superboot and it seemed to work fine. Downloaded latest cm and gapps rebooted inte recovery and flashed them. Now I only have bootloop with cm10.1...
I know it aint bricked cause I think I can get into bootloader.
Edit: After a factory reset it worked! :>
znejk said:
How big risk is it to brick the device while unlocking/rooting and installing recovery? Pls tell me its unbrickable. cheers
Click to expand...
Click to collapse
The Nexus7 is very difficult to brick. It still is possible, but as far as I know there is only one way to do it - remove or destroy the bootloader.
Under normal circumstances, the only time you do anything with the bootloader is unlocking/locking it, which simply does a minor modification. That's perfectly fine. And the normal custom-recovery/root process doesn't touch it, so that's fine too. Doing system updates (even legit OTA ones) might upgrade the bootloader, as might flashing custom roms. But as long as you don't interrupt the process during that critical step, it should be OK.
So outside of erasing the bootloader or flashing a completely incompatible bootloader and rebooting, your N7 should be safe.
adb command line Linux support
Hi All,
Am new to this forum and also to my newly bought N73G. So I am unsure about the complete process though explained step by step. One thing that i wanted to confirm was Does ADT Bundle for linux work the same as that of windows? Cause I run the same on my PC; these command line instructions would they work the same way on Linux terminal?
It's not the same as Windows. You can download the ADT Bundle for Linux.
Sent from my N7 3G between sky and earth
Is there any solution for unlock and root Nexus 7 3G only with Apple Mac assistance? Thank you in advance!!!
foxstam said:
Is there any solution for unlock and root Nexus 7 3G only with Apple Mac assistance? Thank you in advance!!!
Click to expand...
Click to collapse
Can you explain what do you think by Apple Mac Assistance ?
If it's for SDK Tools, you will find here the Apple version => DOWNLOAD FOR OTHER PLATFORMS
I'm not sure which recovery images should be downloaded.
Is this one correct? - recovery-twrp-tilapia-2.3.2.1.img
what does this mean? "rename your select with the name of the recovery image you chose to download."
quote:
Requirements:
...
4. Download:
CWM (Touch version or not) or TWRP and rename your select with the name of the recovery image you chose to download.
thanks
elelab said:
I'm not sure which recovery images should be downloaded.
Is this one correct? - recovery-twrp-tilapia-2.3.2.1.img
what does this mean? "rename your select with the name of the recovery image you chose to download."
Requirements:
4. Download:
CWM (Touch version or not) or TWRP and rename your select with the name of the recovery image you chose to download.
Click to expand...
Click to collapse
Yes, you can use the recovery-twrp-tilapia-2.3.2.1.img without problem
and when I writes "rename your select with the name of the recovery image you chose to download", I mean that you can rename the IMG file by "recovery" simply. It's more faster.
minimum steps to root Nexus7(3G) - for beginners
confused by too much info. on how to root Nexus 7
can this be as simple as:
1 unlock
2 root
question:
1. unlock step - erase all of your data on the tablet
If I don't care my data (I just bought it), after unlocking, can Nexus start as normal?
2. Why do we need flash the recovery?
"Pre-Steps
To make this easier,
1 - ...
2 – You should put the recovery.img selected on the folder “fastboot” (if you use the easy way - Goto post #2)
" fastboot flash recovery recovery-twrp-tilapia-2.3.2.1.img"
does "recovery-twrp-tilapia-2.3.2.1.img" mean the "recovery.img"?
thanks
elelab said:
confused by too much info. on how to root Nexus 7
can this be as simple as:
1 unlock
2 root
question:
1. unlock step - erase all of your data on the tablet
If I don't care my data (I just bought it), after unlocking, can Nexus start as normal?
2. Why do we need flash the recovery?
Click to expand...
Click to collapse
Answers:
1 - Yes, the advert is clear, all of your data will be erased !
2 - If you want to flash a rom custom, you need a recovery
elelab said:
"Pre-Steps
To make this easier,
1 - ...
2 – You should put the recovery.img selected on the folder “fastboot” (if you use the easy way - Goto post #2)
" fastboot flash recovery recovery-twrp-tilapia-2.3.2.1.img"
does "recovery-twrp-tilapia-2.3.2.1.img" mean the "recovery.img"?
Click to expand...
Click to collapse
Yes, it's correct. it's more faster to write: "recovery.img" than "recovery-twrp-tilapia-2.3.2.1.img".
It's the same file, just rename.
This has no effect on the recovery flash
Can I root my device (4.2.2) using Superboot yet ?
Re: [GUIDE] - Updated 08 Feb - Unlock and Root a Nexus7 3G “Nakasig- Tilapia”
I received 4.2.2 update today. I haven't installed it for fear of losing root. Should i repeat the procedure to root again after updating my n7. Will i again loose my data? Or the bootloader will remain unlocked? Please help
Sent from my Nexus 7 using xda app-developers app
sukhjit_bhullar said:
I received 4.2.2 update today. I haven't installed it for fear of losing root. Should i repeat the procedure to root again after updating my n7. Will i again loose my data? Or the bootloader will remain unlocked? Please help
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
I can flash UPDATE-SuperSU-v1.04.zip in CWM/TWRP recovery to get root after update from 4.2.1
You will not loose any data.
Your bootloader will upgrade to 4.18 and still unlocked.
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
TempezT said:
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
Click to expand...
Click to collapse
if you're rooted, go to /cache and rename update.zip to something else. then create a zero length file using the name update.zip. lastly set the permissions on that file to read only
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Damn I dont have a computer in hand. Guess i have to wait until im back home in October. Cross fingers this thing don't restart cause that freaking patch is already scheduled.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Click to expand...
Click to collapse
Okay someone in my base lend his laptop but its low end(sony viao core2 duo) dunno how well this work for flashing purposes, also I wanted to point before doing the process that my phone was unlocked permanently by tmobile unlock app and wanted to know if this can affect the unlocking or any other function of my v20.
Following those instructions to root will not gid rid of your carrier unlock.
You might be able to go to Settings>>Storage and delete Cached data.
Zacharee1 said:
You might be able to go to Settings>>Storage and delete Cached data.
Click to expand...
Click to collapse
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
TempezT said:
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
Click to expand...
Click to collapse
You can always restore to stock with the H918. Backup and root.
Zacharee1 said:
You can always restore to stock with the H918. Backup and root.
Click to expand...
Click to collapse
Thanks!
The issue Im having now is that I cant find how to root H91810k which is the current version my phone has besides the schedule update. Any info on that?
You have to find the KDZ for 10d and flash it with LGUP. Then you can use EasyRecowvery to root.
Flashing KDZs will wipe your data, so use LG Bridge to make a backup.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on.......
Click to expand...
Click to collapse
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
wewantutopia said:
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
Click to expand...
Click to collapse
No problem! Glad it helped, I will probably update the post a bit, and then I'll re-post it to its own thread in a few days. As I noticed this section is a bit disorganized...
MDMAchine said:
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Click to expand...
Click to collapse
just wanted to add that SOMETIMES the update.zip is not in /cache. had this happen to me when I had the LGV10 and it just happened to me now. I had recently wiped my device to start from scratch and after initially setting up my device I got the update icon and indeed /cache/update.zip existed. a few reboots later for various reasons the update icon/notification disappeared, as did /cache/update.zip. I thought I was in the clear until last night when I got the update icon/notification again, but this time it was not in /cache. it somehow changed to /data/data/com.google.android.gms/app_download. so if you can't find it in /cache, look there!
So i've been having a hell of a time getting the latest image working on my phone... For a bit, I was soft bricked, even after running deuces and formatting user data and what not. For a while had to go back to android 8.1 (kinda nice having PIP/split screen mode!!). Finally figured it all out today... Download: The latest Magisk, the latest TWRP both .img and installer .zip. Then latest factory image, extract with winrar, go to extracted folder and extract the big .zip again with winrar, load deuces into that folder, put phone in fastboot (hold vol - and power or adb reboot bootloader).
Open an admin command prompt (admin maybe not necessary) and here we go: fastboot --set-active=a
Run Deuces, once finished go to admin command prompt and: fastboot boot twrp-3.3.0-0-taimen.img adb push twrp-pixel2-installer-taimen-3.3.0-0.zip /sdcard adb push Magisk-v19.4.zip /sdcard
Reboot, took a while to start, open magisk, says not installed, so click install, download zip only or patch boot? I just went to the factory image folder, pushed "boot.img" to phone, and selected that.
Read a bunch of threads saying like, find/extract your own boot image (which i don't think was necessary) but if you did want to do that, the location for pixel 2 xl is: /dev/block/sde8
Hopefully that makes sense, let me know if you have comments/questions/smart remarks
noob
Zooandbio4me said:
So i've been having a hell of a time getting the latest image working on my phone... For a bit, I was soft bricked, even after running deuces and formatting user data and what not. For a while had to go back to android 8.1 (kinda nice having PIP/split screen mode!!). Finally figured it all out today... Download: The latest Magisk, the latest TWRP both .img and installer .zip. Then latest factory image, extract with winrar, go to extracted folder and extract the big .zip again with winrar, load deuces into that folder, put phone in fastboot (hold vol - and power or adb reboot bootloader).
Open an admin command prompt (admin maybe not necessary) and here we go: fastboot --set-active=a
Run Deuces, once finished go to admin command prompt and: fastboot boot twrp-3.3.0-0-taimen.img adb push twrp-pixel2-installer-taimen-3.3.0-0.zip /sdcard adb push Magisk-v19.4.zip /sdcard
Reboot, took a while to start, open magisk, says not installed, so click install, download zip only or patch boot? I just went to the factory image folder, pushed "boot.img" to phone, and selected that.
Read a bunch of threads saying like, find/extract your own boot image (which i don't think was necessary) but if you did want to do that, the location for pixel 2 xl is: /dev/block/sde8
Hopefully that makes sense, let me know if you have comments/questions/smart remarks
Click to expand...
Click to collapse
I have just bought my pixel2xl, and recieved it the DAY 10 came out.
I have not had an a/b device, my last phone was the note 4 verizon, and the tabs2 i currently have.
could you perhaps make a simple list, of what this has ?
Currently i can adb devices with linux in my phone, and fastboot reboot bootloader ?
what is "run Deuces"
i presume fastboot --set-active=a means you are setting to write to the a partition ?
the first part,is where do i download the factory image ? google ? then unzip and sideload " push boot.img ?" the file to the /sdcard folder with the other files for twrp and magisk ?
thanks a lot for the announcment. i seriously just got my usb cable attached and ran fastboot, when i searched in xda and found your post. thanks alot
Ok.
I got it kinda figured out.
Gonna make a how 2 for noobs
Step 1. Download magisk and Google image for your device to your favorite machine.
Step 2. Dow load the newest adb tools from Google to your machine. Install and make sure your adb tools are in your $PATH
On my Linux machine, I unzipped the files and copied them to my local binary folder in ~/bin
3. Extract the Google image for your device, the extract the partitions zip file.
4. Go-to the folder and Sidleload the image to your phone
Code:
adb push *.img /sdcard/
5 . GOTO where you downloaded your magisk*.apk
And install with adb
adb install *.apk
6. Open your phone, and open magisk.
Patch the boot.img file you placed in /sdcard/
7. Pull the new patched file from your phone to your computer.
adb pull /sdcard/Download/*.img
That's as far as I got this morning.
Will update you all with the finished commands then copy it over to a how-to guide for noobs.
Yayy
Everytime uninstall magisk and get it working reboots bootloop, and or I try to install a module it boot loops