Related
So, this is it! MICROMAX A45 has been rooted!! :laugh:
Things you would be needing:
1. SP flash tool -> ver 2.1 preffered (google it)
2. Download and extract my attatched .rar file.
3. Unlockroot (get it from www.unlockroot.com).
4. MTK drivers (download the attatchment from this xda post)
5. ADB drivers (No need to worry about, unlockroot will automatically setup the adb driver while rooting)
Ok so let's move on to the steps:
1. This rar file contains my modified boot.img & the A45 scatter file (needed by SP Tools, tells the SP tools which rom addresses to flash).
2. Install the MTK drivers, just run the InstallDriver.exe program inside the MTK folder).
3. Most of you might be experienced with flashing through SP Tools, for those who are using it for the first time read this excellent guide on how to use it -> MTK Flashing Using SP Tools
4. After flashing, reboot your handset by taking out and reinserting the battery.
5. When the phone boots up go to Settings->Applications->Development and tick mark "Enable Debugging".
6. Now attach your phone using the data cable.
7. Open Unlockroot program through windows start menu.
8. Click the big green root button.
9. It will ask for installing drivers, click "yes"...it's now installing the ADB drivers.
10. Finally it will root your phone and will ask you for rebooting the phone, click yes.
11. Let your A45 reboot.
Finally after booting, check the app drawer for an application "Superuser"...Congratulations!! your A45 is successfully rooted!!!...:highfive:
Credits:
Me!
Sahil Deep, gave me a link to an original boot.img of A45
Caution: You can softbrick your device if you play around much on "GOD MODE" (Superuser mode), know what you are doing and accept the consequences if you make your device unusable (although highly rare)..
ANY QUESTIONS?? DONT HESITATE TO ASK ME!! POST IT TO THE FORUM, NO PM!
&..hey press the 'thanks' button if u think i deserve it..:angel:
EDIT: I HAVE ALSO ATTATCHED THE ORIGINAL BOOT.IMG OF THE A45 FOR PEOPLE WHO WANT TO USE THE STOCK BOOT.IMG!
vshlkmr said:
So, this is it! MICROMAX A45 has been rooted!! :laugh:
Things you would be needing:
1. SP flash tool -> ver 2.1 preffered (google it)
2. Download and extract my attatched .rar file.
3. Unlockroot (get it from www.unlockroot.com).
4. MTK drivers (download the attatchment from this xda post)
5. ADB drivers (No need to worry about, unlockroot will automatically setup the adb driver while rooting)
Ok so let's move on to the steps:
1. This rar file contains my modified boot.img & the A45 scatter file (needed by SP Tools, tells the SP tools which rom addresses to flash).
2. Install the MTK drivers, just run the InstallDriver.exe program inside the MTK folder).
3. Most of you might be experienced with flashing through SP Tools, for those who are using it for the first time read this excellent guide on how to use it -> MTK Flashing Using SP Tools
4. After flashing, reboot your handset by taking out and reinserting the battery.
5. When the phone boots up go to Settings->Applications->Development and tick mark "Enable Debugging".
6. Now attach your phone using the data cable.
7. Open Unlockroot program through windows start menu.
8. Click the big green root button.
9. It will ask for installing drivers, click "yes"...it's now installing the ADB drivers.
10. Finally it will root your phone and will ask you for rebooting the phone, click yes.
11. Let your A45 reboot.
Finally after booting, check the app drawer for an application "Superuser"...Congratulations!! your A45 is successfully rooted!!!...:highfive:
Credits:
Me!
Sahil Deep, Indiedevers member, gave me a link to an original boot.img of A45
Caution: You can softbrick your device if you play around much on "GOD MODE" (Superuser mode), know what you are doing and accept the consequences if you make your device unusable (although highly rare)..
ANY QUESTIONS?? DONT HESITATE TO ASK ME!! POST IT TO THE FORUM, NO PM!
&..hey press the 'thanks' button if u think i deserve it..:angel:
Click to expand...
Click to collapse
New around here (xda-dev and Android hacking), so please be gentle if I ask a stupid question. Have read may recommendations that before flashing a new ROM, one should backup their current ROM and user-data, so that one can recover one's phone if it were to be bricked for some reason. However, looks like to be able to do that, you need to Root the device first. And this seems to be a vicious circle.
Wondering if some way of backing up original ROM exists, without needing to Root, and how did Sahil Deep / Indidevers manage to get the original boot.img !!
BTW, I am probably too sleep-deprived, because I cannot seem to find the "Thank" button !! Will definitely click it once I've had a chance to try out your method and succeeded. Until then (and until I find the darn button), please accept my gratitude.
problem
i am having problems in using sp flash;
could you please detail that whole topic plz plz...
i too own micromaxx a45.
Worked!!!
It worked n rooted.. can you plz upload the original boot.img file of a45? and i also need a cwm custom recovery for a45....
plz make a rom
anyone make a rom for Micromax a45
---------- Post added at 12:16 PM ---------- Previous post was at 11:59 AM ----------
any tweak for a45..?
---------- Post added at 12:21 PM ---------- Previous post was at 12:16 PM ----------
how to add thanks button
---------- Post added at 12:44 PM ---------- Previous post was at 12:21 PM ----------
fast
Thanks for original boot.img..... and clicked thanks button too
Recovery console doesn't load
I followed the instructions you've given and have successfully rooted my Micromax A45! now the problem is, i manually flashed the clockworkmod recovery image onto RECOVERY using the SP Flash Tool v2.1 and when i try to boot into recovery mode, it gets stuck at the logo(Superfone PUNK logo) and doesnt go further. Pls suggest a solution. Many thanks!:cyclops:
i have
I have boot.img
---------- Post added at 11:15 AM ---------- Previous post was at 11:11 AM ----------
vshlkmr said:
So, this is it! MICROMAX A45 has been rooted!! :laugh:
Things you would be needing:
1. SP flash tool -> ver 2.1 preffered (google it)
2. Download and extract my attatched .rar file.
3. Unlockroot (get it from www.unlockroot.com).
4. MTK drivers (download the attatchment from this xda post)
5. ADB drivers (No need to worry about, unlockroot will automatically setup the adb driver while rooting)
Ok so let's move on to the steps:
1. This rar file contains my modified boot.img & the A45 scatter file (needed by SP Tools, tells the SP tools which rom addresses to flash).
2. Install the MTK drivers, just run the InstallDriver.exe program inside the MTK folder).
3. Most of you might be experienced with flashing through SP Tools, for those who are using it for the first time read this excellent guide on how to use it -> MTK Flashing Using SP Tools
4. After flashing, reboot your handset by taking out and reinserting the battery.
5. When the phone boots up go to Settings->Applications->Development and tick mark "Enable Debugging".
6. Now attach your phone using the data cable.
7. Open Unlockroot program through windows start menu.
8. Click the big green root button.
9. It will ask for installing drivers, click "yes"...it's now installing the ADB drivers.
10. Finally it will root your phone and will ask you for rebooting the phone, click yes.
11. Let your A45 reboot.
Finally after booting, check the app drawer for an application "Superuser"...Congratulations!! your A45 is successfully rooted!!!...:highfive:
Credits:
Me!
Sahil Deep, Indiedevers member, gave me a link to an original boot.img of A45
Caution: You can softbrick your device if you play around much on "GOD MODE" (Superuser mode), know what you are doing and accept the consequences if you make your device unusable (although highly rare)..
ANY QUESTIONS?? DONT HESITATE TO ASK ME!! POST IT TO THE FORUM, NO PM!
&..hey press the 'thanks' button if u think i deserve it..:angel:
EDIT: I HAVE ALSO ATTATCHED THE ORIGINAL BOOT.IMG OF THE A45 FOR PEOPLE WHO WANT TO USE THE STOCK BOOT.IMG!
Click to expand...
Click to collapse
vishal this my profile sahil deep
CWM recovery for Micromax a45
Hi,
I had earlier posted about a problem i had with clockworkmod on Micromax a45, and i'm really happy to say I have solved it! i edited the recovery.img file and replaced the cwm-kernel with the a45 stock recovery kernel and voila! it works perfectly! I have attached the custom recovery img which can be flashed using the SPF Tool. BTW, can anyone suggest any good custom ROMs for micromax a45? Thank you.:laugh:
How to add a kernal to recovery.img
prashanthca said:
Hi,
I had earlier posted about a problem i had with clockworkmod on Micromax a45, and i'm really happy to say I have solved it! i edited the recovery.img file and replaced the cwm-kernel with the a45 stock recovery kernel and voila! it works perfectly! I have attached the custom recovery img which can be flashed using the SPF Tool. BTW, can anyone suggest any good custom ROMs for micromax a45? Thank you.:laugh:
Click to expand...
Click to collapse
I am new to this thread but I just wanted to know how to edit recovery.img files I could not repack them using perl scripts please help.I have the whole romdump of A45
Repack img file
ayush.gaud said:
I am new to this thread but I just wanted to know how to edit recovery.img files I could not repack them using perl scripts please help.I have the whole romdump of A45
Click to expand...
Click to collapse
[THIS ONLY WORKS IN LINUX]
extract the zip file to the folder where you've unpacked the img file and modified it. open terminal, change the directory to that folder and type in
./mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel name-of-the-kernel --ramdisk name-of-the-ramdisk.gz -o recovery-new.img
how to install clockworkmod on micromax a45
Hi... Iam new to this forum and please tell me how to install clockworlmod recovery on my micromax a45 (rooted). Please Help me.
And thanx for the rooting information.
Custom Rom
prashanthca said:
[THIS ONLY WORKS IN LINUX]
extract the zip file to the folder where you've unpacked the img file and modified it. open terminal, change the directory to that folder and type in
./mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel name-of-the-kernel --ramdisk name-of-the-ramdisk.gz -o recovery-new.img
Click to expand...
Click to collapse
thanks for your reply. I would also like to know how we can port any other rom to our device or create update.zip I have tried on many roms but unsuccessful.
Porting
ayush.gaud said:
thanks for your reply. I would also like to know how we can port any other rom to our device or create update.zip I have tried on many roms but unsuccessful.
Click to expand...
Click to collapse
CHeck this out: [GUIDE] How to port Stock/GB/CM7/CM9/ICS/CM10/JB Based ROMs [Update: Sept.25.2012] - xda-developers
Also, can you upload the romdump and post the link?
unpack repack boot.img
prashanthca said:
[THIS ONLY WORKS IN LINUX]
extract the zip file to the folder where you've unpacked the img file and modified it. open terminal, change the directory to that folder and type in
./mkbootimg --cmdline 'no_console_suspend=1 console=null' --kernel name-of-the-kernel --ramdisk name-of-the-ramdisk.gz -o recovery-new.img
Click to expand...
Click to collapse
I have tried this command it says could not load boot.img-kernal I think I need another tool(or script) for unpacking and repacking can you please upload the tool you have used.
I will soon upload romdump link.
---------- Post added at 06:33 PM ---------- Previous post was at 06:27 PM ----------
I am new to this thread so can you please help me how to unpack repack boot.img I am getting error could not load kernel 'boot.img-kernal' I am trying to port custom roms so please help
---------- Post added at 06:41 PM ---------- Previous post was at 06:33 PM ----------
jayachar88 said:
New around here (xda-dev and Android hacking), so please be gentle if I ask a stupid question. Have read may recommendations that before flashing a new ROM, one should backup their current ROM and user-data, so that one can recover one's phone if it were to be bricked for some reason. However, looks like to be able to do that, you need to Root the device first. And this seems to be a vicious circle.
Wondering if some way of backing up original ROM exists, without needing to Root, and how did Sahil Deep / Indidevers manage to get the original boot.img !!
BTW, I am probably too sleep-deprived, because I cannot seem to find the "Thank" button !! Will definitely click it once I've had a chance to try out your method and succeeded. Until then (and until I find the darn button), please accept my gratitude.
Click to expand...
Click to collapse
I have romdump of A45 we can use psneuter and romdump to backup roms without root and same way we can root phone without any unsecure boot.img I did it the same way and succeeded.
prashanthca said:
Hi,
I had earlier posted about a problem i had with clockworkmod on Micromax a45, and i'm really happy to say I have solved it! i edited the recovery.img file and replaced the cwm-kernel with the a45 stock recovery kernel and voila! it works perfectly! I have attached the custom recovery img which can be flashed using the SPF Tool. BTW, can anyone suggest any good custom ROMs for micromax a45? Thank you.:laugh:
Click to expand...
Click to collapse
can u make a cwm recovery for a52 too???
hi i am using micromax a52 can u tell me...how to get clockwork recovery ...i tried to do it with builder colckworkmod.com...i got 4 file and.one named...recovery.img...what can i do now...i try to flash it with...uncle tool but...when i flash it it stuck on superfone aisha logo....plz help thnks in advance
Sent from my A52 using xda app-developers app
port cwm
psychopac said:
can u make a cwm recovery for a52 too???
Click to expand...
Click to collapse
Yes, if you can provide me the stock recovery.img of a52. But i'm not certain it'll work 100%, because a friend of mine tried the same method for micromax a56 and could not get it to work.
ttp://db.tt/s3a5l4dX. here is the drop box link of stock recovery.img
Sent from my A52 using xda app-developers app
prashanthca said:
Yes, if you can provide me the stock recovery.img of a52. But i'm not certain it'll work 100%, because a friend of mine tried the same method for micromax a56 and could not get it to work.
Click to expand...
Click to collapse
plz check thos..i upload it on dropbox...
send from mah rooted a52
Many thanks to my friend rootdefyxt320 who told me:
rootdefyxt320 said:
1. Patch adbd by using adbd insecure. http://forum.xda-developers.com/showthread.php?t=1687590
(ADB will refuse to push things through /system if adbd is secure).
2. Download BootMenu_v2.0.2.zip. http://forum.xda-developers.com/show....php?t=1997638. (Tried the apk, it doesn't work.)
3. Unzip it.
4. Double click on the .bat file and it should install.
5. Reboot and press vol- right after moto logo.
Click to expand...
Click to collapse
Well, ADB insecure is not really needed. If you have init.d support (if not, see http://www.xda-developers.com/android/init-d-support-for-any-rooted-phone/) you just have to :
I ARE DOING THIS AT YOUR OWN RISKS. I AM NOT RESPONSIBLE FOR ANY DAMAGE YOU MAY CAUSE TO YOUR PHONE (but I can help you repair it )
MAKE A FULL BACKUP BEFORE GOING ANY FURTHER
Your phone has to be rooted.
I made a flashable zip
It comes with init.d support.
This one come with this http://forum.xda-developers.com/showthread.php?t=2190758 2ndInit.
For now 2ndInit is for dev only. Don't try anything foolish.
0 - download the attached zip
1 - push the XT320_bootmenu.zip on your sdcard
Code:
> adb push XT320_bootmenu.zip /sdcard/XT320_bootmenu.zip
2 - Reboot with a CWM... (recovery.img attached)
Code:
>adb reboot bootloader
> fastboot boot recovery.img
3 - Flash XT320_bootmenu.zip thorough CWM
4 - Reboot and enjoy !
What I did (if you are interested):
In /system/bootmenu/script/pre_bootmenu.sh, I replace (line 9)
PART_CACHE=/dev/block/mtdblock10 by PART_CACHE=/dev/block/mtdblock9
and (line 64)
button-backlight by keyboard-backlight (this is not a major issue, I think but it is still raising errors)
same in stock.sh (line 24)
button-backlight by keyboard-backlight
and finally in _config.sh (line 6-7-8)
PART_SYSTEM=/dev/block/mtdblock8
PART_CACHE=/dev/block/mtdblock10
PART_DATA=/dev/block/mtdblock11
by
PART_SYSTEM=/dev/block/mtdblock11
PART_CACHE=/dev/block/mtdblock9
PART_DATA=/dev/block/mtdblock12
So what you have to do if it is not working, is to check which block correspond to which partition and then adapt the values.
In shell:
Code:
$mount
Check if init.d support is working:
In shell:[/COLOR][/B]
Code:
$cat /data/Test.log
You should be careful before trying 2ndInit and 2ndBoot functionality of bootmenu. They are NOT viable.
Thanks to aweosomeabhijeet
Code:
CHANGELOG
V2:
If booting on stock, the amber led is lightening up
If booting on 2ndInit, the red led is lightening up
I repack a more recent version of CWM Recovery (V6.0.9)
Clean the /system/bootmenu folder before install
Hey has anyone tried cwm from fire xt? It might work on our phone
http://forum.xda-developers.com/showthread.php?t=1997638
Guitwo2 said:
I'm trying, using : http://forum.xda-developers.com/showthread.php?t=1600805
But with the small /system partition it seems impossible to have a fully deodexed ROM. Maybe a few apps...
---------- Post added at 11:27 AM ---------- Previous post was at 11:20 AM ----------
A few post earlier, we add a similar discussion. There was the final answer :
Click to expand...
Click to collapse
This one doesn't use logwrapper, it uses 97bootmenu to hijack the boot process. The Moto Fire XT 530 has a MSM7227T-1 chipset.
rootdefyxt320 said:
This one doesn't use logwrapper, it uses 97bootmenu to hijack the boot process. The Moto Fire XT 530 has a MSM7227T-1 chipset.
Click to expand...
Click to collapse
Then I am interested ! I will have a closer look. You tried it already ?
---------- Post added at 10:08 AM ---------- Previous post was at 09:29 AM ----------
I just get the apk. Installation seems successful. However, no led is going blue on boot to let me enter bootmenu (V2.3)
I tried V1.4.2, but it was more like if I reset my phone. Still no bootmenu. [EDIT] : I think it just cleared my /etc partition (at least), that's why it messed up. [EDIT2] Or maybe it was working ? I am not sure about how to check if it was.
If the trick were explained somewhere, I could have a closer look...
[EDIT3]
Well I tried http://forum.xda-developers.com/showthread.php?t=1026853 which shall be the same thing as the apk, but no success.
It seems that this method replaces /system/bin/mount_ext3.sh by an other one. But this file does not exist in the in the stock version of my ROM. So I guess the trick cannot work. Or I don't understood how it works.
Guitwo2 said:
Then I am interested ! I will have a closer look. You tried it already ?
---------- Post added at 10:08 AM ---------- Previous post was at 09:29 AM ----------
I just get the apk. Installation seems successful. However, no led is going blue on boot to let me enter bootmenu (V2.3)
I tried V1.4.2, but it was more like if I reset my phone. Still no bootmenu. [EDIT] : I think it just cleared my /etc partition (at least), that's why it messed up. [EDIT2] Or maybe it was working ? I am not sure about how to check if it was.
If the trick were explained somewhere, I could have a closer look...
[EDIT3]
Well I tried http://forum.xda-developers.com/showthread.php?t=1026853 which shall be the same thing as the apk, but no success.
It seems that this method replaces /system/bin/mount_ext3.sh by an other one. But this file does not exist in the in the stock version of my ROM. So I guess the trick cannot work. Or I don't understood how it works.
Click to expand...
Click to collapse
Use adbd insecure.
http://forum.xda-developers.com/showthread.php?t=1687590
Patch adbd to run as root.
Then use the Batch installer. The last time I did it, it installed, but it was about to boot into bootmenu, then it exited. Make use the Fire XT 2nd-Init. Not the Defy One.
rootdefyxt320 said:
Use adbd insecure.
http://forum.xda-developers.com/showthread.php?t=1687590
Patch adbd to run as root.
Then use the Batch installer. The last time I did it, it installed, but it was about to boot into bootmenu, then it exited. Make use the Fire XT 2nd-Init. Not the Defy One.
Click to expand...
Click to collapse
I'll try that !
Guitwo2 confirmed that bootmenu worked. Go to the link to see it.
http://forum.xda-developers.com/showthread.php?t=1997638
Moved to http://forum.xda-developers.com/showpost.php?p=39961127&postcount=1
Here is 2nd-boot for fire xt:
http://forum.xda-developers.com/showthread.php?t=2190758
You must have 2ndinit CWM for it to work.
If FireXT CWM works on our phone then 2nd-Init/2nd-boot should work on our phone.
The one you download doesn't include 2nd-boot
rootdefyxt320 said:
Here is 2nd-boot for fire xt:
http://forum.xda-developers.com/showthread.php?t=2190758
You must have 2ndinit CWM for it to work.
If FireXT CWM works on our phone then 2nd-Init/2nd-boot should work on our phone.
The one you download doesn't include 2nd-boot
Click to expand...
Click to collapse
I tried the 2nd init that were here originally, and it seems tp work. But I donot really know what I should expect.
Sent from my XT320 using xda app-developers app
Guitwo2 said:
I tried the 2nd init that were here originally, and it seems tp work. But I donot really know what I should expect.
Sent from my XT320 using xda app-developers app
Click to expand...
Click to collapse
The bootmenu doesn't seem to work for me. I check the mtdblocks and it matches yours. I have busybox installed, init.d support. The blue led loads up after the bootloader, but when it tries to boot into bootmenu, it exits.
rootdefyxt320 said:
The bootmenu doesn't seem to work for me. I check the mtdblocks and it matches yours. I have busybox installed, init.d support. The blue led loads up after the bootloader, but when it tries to boot into bootmenu, it exits.
Click to expand...
Click to collapse
Try to run in shell
Code:
$su
#sh /etc/init.d/97bootmenu
and see what you get.
Im a noob. Can someone tell me what is bootmenu?
Sent from my XT320
junk031 said:
Im a noob. Can someone tell me what is bootmenu?
Sent from my XT320
Click to expand...
Click to collapse
It's a way to run CWM on locked bootloaders, it is 2nd-Init basically.
---------- Post added at 06:39 PM ---------- Previous post was at 06:35 PM ----------
Guitwo2 said:
Try to run in shell
Code:
$su
#sh /etc/init.d/97bootmenu
and see what you get.
Click to expand...
Click to collapse
It still doesn't boot into bootmenu
rootdefyxt320 said:
It still doesn't boot into bootmenu
Click to expand...
Click to collapse
Nothing prompting ?
Try then (in shell with root) :
Code:
exec /system/bootmenu/binary/bootmenu
How can i change the Permissions ?
Tubii said:
How can i change the Permissions ?
Click to expand...
Click to collapse
Code:
chmod XXX /filepath/filename
http://en.wikipedia.org/wiki/Chmod
What am I doing wrong?
http://www7.pic-upload.de/09.04.13/ogq36obcugkw.jpg
Defy is Rootet.
USB Debugging is enable.
Tubii said:
What am I doing wrong?
http://www7.pic-upload.de/09.04.13/ogq36obcugkw.jpg
Defy is Rootet.
USB Debugging is enable.
Click to expand...
Click to collapse
You forgot to "su" before "exec"
If you are not root when executing 97bootmenu, it will not work.
Guitwo2 said:
You forgot to "su" before "exec"
If you are not root when executing 97bootmenu, it will not work.
Click to expand...
Click to collapse
Ok then my screen darker
http://www7.pic-upload.de/09.04.13/ta1rsvpkl1sk.jpg
Install ClockworkMod Recovery 6.0.3.7 (CWM) or Team Win Recovery Project (TWRP) on Oppo Find 7a FHD (X900x) + Easy ROOT Method
Warning: Note: No one but yourself is responsible for what you do to your device.
X9007 = Chinese TD-LTE support // X9006 = EU FDD-LTE or US FDD-LTE support
Requirements:
Download / unzip the file --> AndroidSDKSlim.zip
Download one of the following two files --> X9007_CWM_recovery.im OR X9007_TWRP_recovery.img
Make sure you have a charged battery (50 % minimum)
How to install:
Connect your phone to your PC. You should see a window with the drivers in an application called 'setup.exe '.
Start the installation process and wait until it ends. then disconnect the phone from the PC.
Extract the contents of the file ' AndroidSDKSlim.zip ' on your desktop. You should have a folder named ' android-sdk-windows ' where there is another folder: 'platform-tools.'
In this folder, move the two .img files you downloaded ( X9007_TWRP_recovery.img X9007_CWM_recovery.img )
Turn off your mobile.
Restart your mobile in fastboot mode by pressing the High Volume + Power buttons until the appearance of the word ' Fastboot ' .
Connect your phone to your PC via the USB cable.
In platform-tools folder 'with your mouse, do' right click 'while holding down the 'Shift ' button, then select ' Open a command window here . '
In this window, type the following code to verify that your device is recognized.
Code:
fastboot devices
Then type the following command to install the TWRP or CWM :
For the TWRP
Code:
fastboot flash recovery X9007_TWRP_recovery.img
For the CWM
Code:
fastboot flash recovery X9007_CWM_recovery.img
Once the process is finished, disconnect your phone from your computer, then simultaneously press the buttons ' power ' and 'volume down ' until you feel a vibration.
Your phone will reboot into your new custom recovery.
Select ' reboot system now ' to reboot your phone !
How to root :
Just download the attached file --> UPDATE-SuperSU-v1.94.zip
Copy/paste it on your memory phone
Reboot into recovery mode
Flash the file & next reboot your phone
Enjoy ! You're root !
Video : Root method & Flashing Custom recovery by C4ETech
Note
If you don't want to root your phone by this way,(With CUSTOM Recovery) you can see this Thread -->> ROOT method with OPPO Recovery Stock
Credits & Thanks
Dees_Troy
jmz
mazwoz
sammycakes
Chainfire
C4ETech
TonyStark
Your feedback is welcome
Stock OPPO recovery
Flashable ZIP file --> oppo_recovery_v1.0.20140421-find7a.zip
Flash the ZIP file using TWRP or CWM recovery
Fastboot method IMG file --> oppo_recovery_v1.0.20140421-find7a.img
Flash the IMG file with this fastboot command :
Code:
fastboot flash recovery oppo_recovery_v1.0.20140421-find7a.img
Does this work for the X9006 international model?
Gesendet von meinem MI 2 mit Tapatalk
MrColdbird said:
Does this work for the X9006 international model?
Gesendet von meinem MI 2 mit Tapatalk
Click to expand...
Click to collapse
Hi,
Yes I think there is not difference betwen the X9007 & X9006. Need confirmation to be sure. Wait for first feedbacks. There is Only frequency bands difference I think...
X9007 = Chinese TD-LTE support
X9006 = EU FDD-LTE or US FDD-LTE support
should do a linux version. I rooted mine once i got it lol
Nice one! Now all I need is for the phone to arrive Was worried about whether there would be any development going on but it seems I was concerned about nothing.
Cheers.
Can anyone post a nandroid backup of the international model
i want to try it on my chineese model in order to get frznch language fully working
Actually i use morelocale 2 but some stuff are still in english
Thanks
Sent from my X9007 using xda app-developers app
houz said:
Can anyone post a nandroid backup of the international model
i want to try it on my chineese model in order to get frznch language fully working
Actually i use morelocale 2 but some stuff are still in english
Thanks
Sent from my X9007 using xda app-developers app
Click to expand...
Click to collapse
How about trying to install the ColorOS 2.0 International Beta? Includes French (as well as Google Play Services and is rooted)
Thank you!
im from Viet Nam.
Can i copy your post to devteam sir?
mrkimi84 said:
Thank you!
im from Viet Nam.
Can i copy your post to devteam sir?
Click to expand...
Click to collapse
Hello
If you give credits yes
Wipe
Is it Wipe ?
Are Oppo's update still available ?
Thanks
Any update on this being safe for the X9006 yet?
Got my phone today!!!
Just wanted to confirm the TRWP push worked great on my X9006 last night. Used included SuperSU to root and I'm all set! Well at least until the custom ROMs start flowing
No change in performance or anything?
Sent from my X9006 using XDA Free mobile app
jgunna405 said:
No change in performance or anything?
Click to expand...
Click to collapse
No change.
If anything a bit faster since I used TiBu to uninstall some stock system junk.
I will warn you though, with TWRP you can't run the stock OS updates (and one was released just this morning).
I'm hoping somebody will be able to find a way around that shortly with a custom zip for TWRP containing the updates though.
Dang, just opened up my phone, came to XDA to root so I can restore my saved apps and delete some system apps but now I can't get the OTA lol. Oh well, only a matter of time until the newest OTA is available via a flashable zip or at the least we can flash the stock recovery so we can OTA.
Yeah, no insult to this work which is great to have but for the moment I figured we were more likely to see a factory bug fix or two like the one that just got pushed before omni hits primetime so I decided to use the kedros method for now.
Hi eveybody
I Added the link towards second ROOT method on first post
Hope You'll like it
I believe with the OTA that went out since then, this custom recovery method may be invalid. I cannot flash CWM or TWRP using your method described above
(tried to share the image on dropbox, but not letting me for some reason. Here is a copy and paste of what I am getting) -
Directory of C:\TEMP\AndroidSDKSlim\android-sdk-windows\platform-tools
05/07/2014 10:07 AM <DIR> .
05/07/2014 10:07 AM <DIR> ..
05/07/2014 10:03 AM 819,200 adb.exe
05/07/2014 10:03 AM 96,256 AdbWinApi.dll
05/07/2014 10:03 AM 60,928 AdbWinUsbApi.dll
05/07/2014 10:03 AM <DIR> api
05/07/2014 10:03 AM 160,256 fastboot.exe
05/07/2014 10:03 AM 727,881 NOTICE.txt
05/07/2014 10:03 AM 16,654 source.properties
05/07/2014 10:03 AM <DIR> systrace
05/07/2014 10:05 AM 13,877,248 X9007_CWM_recovery.img
05/07/2014 10:07 AM 15,233,024 X9007_TWRP_recovery.img
8 File(s) 30,991,447 bytes
4 Dir(s) 181,535,727,616 bytes free
C:\TEMP\AndroidSDKSlim\android-sdk-windows\platform-tools>fastboot devices
8e72e3fc fastboot
C:\TEMP\AndroidSDKSlim\android-sdk-windows\platform-tools>fastboot flash recover
y x9007_CWM_recovery
error: cannot open 'x9007_CWM_recovery'
C:\TEMP\AndroidSDKSlim\android-sdk-windows\platform-tools>fastboot flash recover
y X9007_CWM_recovery
error: cannot open 'X9007_CWM_recovery'
C:\TEMP\AndroidSDKSlim\android-sdk-windows\platform-tools>fastboot flash recover
y X9007_TWRP_recovery
error: cannot open 'X9007_TWRP_recovery'
Hi
I dont know try with another computer. @seanpr123 has confirmed that the TWRP works
Envoyé de mon GT-I9305 en utilisant Tapatalk
Hey everyone, i saw the new galaxy j6+ an i liked it. It's cheap with good specifications. Just wanna ask if there's a compatible twrp, root and xposed released for this device. If not i guess I'll wait an extra month or buy another device.
I tried to patch the boot image via magisk but it didn't work as well
mhailart said:
I tried to patch the boot image via magisk but it didn't work as well
Click to expand...
Click to collapse
Hey man, i rooted my j6+ with magisk and removed bloatware, working perfectly, i can help if you got any errors
dope77 said:
Hey man, i rooted my j6+ with magisk and removed bloatware, working perfectly, i can help if you got any errors
Click to expand...
Click to collapse
That's a good news, may kindly share your experience, so that we can also root our j6+.
Rooks said:
That's a good news, may kindly share your experience, so that we can also root our j6+.
Click to expand...
Click to collapse
I rooted my j6+ with magisk patched boot.img
Im sure you know the steps but just in case,
1. Do a full backup, cz you'll need to reset your device after rooting
2- go to dev options and turn on oem unlock
3- download magisk manager
4- download the rom of your device, extract it, then open ap with 7zip,extract the boot.img.lz4 with 7 zip standard
5- place the boot.img on your j6+
6- open magisk manager, it'll ask you if you want to install, press no thanks.
7- go to magisk settings, scroll down to patched image output format, select img.tar
8- go back to main menu, select install, then select boot.img file, then select the img you placed on your device.
After it finish patching, go to download mode and flash the patched img through Odin.
This worked for me
dope77 said:
I rooted my j6+ with magisk patched boot.img
Im sure you know the steps but just in case,
1. Do a full backup, cz you'll need to reset your device after rooting
2- go to dev options and turn on oem unlock
3- download magisk manager
4- download the rom of your device, extract it, then open ap with 7zip,extract the boot.img.lz4 with 7 zip standard
5- place the boot.img on your j6+
6- open magisk manager, it'll ask you if you want to install, press no thanks.
7- go to magisk settings, scroll down to patched image output format, select img.tar
8- go back to main menu, select install, then select boot.img file, then select the img you placed on your device.
After it finish patching, go to download mode and flash the patched img through Odin.
This worked for me
Click to expand...
Click to collapse
4- Firstly, downloaded .zip file has many files (AP, CP, BL, HOME_CSC). Which file contains 'boot.img.lz4' file and how to extraxt from .md5 file?
5- How to get boot.img from boot.img.lz4 file? Will renaming the file work?
6- Does magisk work on a no-rooted device?
1.Extract the zip, then open ap as zip, copy boot.img.lz4 to desktop
2.download 7 zip standard, it can extract the lz4 archives.
3. After your extract the image, place it on your device
4. Download magisk manager and launch it
5. When You launch magisk, it will ask if you want to install, press no.
6. go to settings in magisk, scroll down to patch boot.img format, select img.tar
7. Go back to magisk, uncheck preserver force encryption, select install, then choose patch boot.img
8. Magisk will ask to locate your boot img, choose the img you placed on your device.
9. After magisk finish patching, the new img will be placed in downloads folder.
10. Move it to your pc, launch odin and choose ap and choose the patchedboot.img .
11. Go to download mode and flash the img
12. Device will reboot and ask to reset to factory settings. Reset it and after it finish booting, you'll see magisk installed
Some notes :
1.Do full backup bcz you'll have to reset to factory settings your device after rooting
2. Unlock OEM in developer options
3. Magisk doesn't need root, it will root your device.
4. DOWNLOAD 7 ZIP STANDARD, IT CAN EXTRACT LZ4 ARCHIVES
---------- Post added at 02:03 AM ---------- Previous post was at 02:00 AM ----------
Link of 7z standard
https://github.com/mcmilk/7-Zip-zstd/releases/tag/18.05-v1.3.7-R2
Press on assets and select the one compatible with your Windows (64 or 32 bits)
ORRRR METHOD 2 WHICH IS EASIER A LOT
Dial *#1234# and post the screenshot here
I already have j6+ and patchedboot.img, just wanna
Check if we have same device (mine is sm-j610f not sm-j610fn) and I'll upload the img and you'll only have to flash it
dope77 said:
1.Extract the zip, then open ap as zip, copy boot.img.lz4 to desktop
2.download 7 zip standard, it can extract the lz4 archives.
3. After your extract the image, place it on your device
4. Download magisk manager and launch it
5. When You launch magisk, it will ask if you want to install, press no.
6. go to settings in magisk, scroll down to patch boot.img format, select img.tar
7. Go back to magisk, uncheck preserver force encryption, select install, then choose patch boot.img
8. Magisk will ask to locate your boot img, choose the img you placed on your device.
9. After magisk finish patching, the new img will be placed in downloads folder.
10. Move it to your pc, launch odin and choose ap and choose the patchedboot.img .
11. Go to download mode and flash the img
12. Device will reboot and ask to reset to factory settings. Reset it and after it finish booting, you'll see magisk installed
Some notes :
1.Do full backup bcz you'll have to reset to factory settings your device after rooting
2. Unlock OEM in developer options
3. Magisk doesn't need root, it will root your device.
4. DOWNLOAD 7 ZIP STANDARD, IT CAN EXTRACT LZ4 ARCHIVES
---------- Post added at 02:03 AM ---------- Previous post was at 02:00 AM ----------
Link of 7z standard
https://github.com/mcmilk/7-Zip-zstd/releases/tag/18.05-v1.3.7-R2
Press on assets and select the one compatible with your Windows (64 or 32 bits)
ORRRR METHOD 2 WHICH IS EASIER A LOT
Dial *#1234# and post the screenshot here
I already have j6+ and patchedboot.img, just wanna
Check if we have same device (mine is sm-j610f not sm-j610fn) and I'll upload the img and you'll only have to flash it
Click to expand...
Click to collapse
Appreciated, for this detailed info shared with us. 10x on the way.
Amytime man, if you need anything else lemme know
dope77 said:
Amytime man, if you need anything else lemme know
Click to expand...
Click to collapse
Next question, where to find TWRP recovery for SM-J610F?
---------- Post added at 07:39 PM ---------- Previous post was at 07:35 PM ----------
I did not try this method. But, i'm gonna do it soon, because i did it from AndroDef's thread.
He already uploaded for ARJ3, but i had ARIM. But, i'm switching back to ARIM and will surely try this method and will share my experience.
There isn't any custom recovery released for this device yet,but i already submitted a request in TwrpBuilder project a month ago, hope they'll do it soon, you can check it here, it's at the buttom (47,it's the 3rd oldest request)
https://twrpbuilder.github.io/downloads/twrp/#tab=inQueue
Also you can check the completed builds to see if the twrp building for the device is finished.
dope77 said:
There isn't any custom recovery released for this device yet,but i already submitted a request in TwrpBuilder project a month ago, hope they'll do it soon, you can check it here, it's at the buttom (47,it's the 3rd oldest request)
https://twrpbuilder.github.io/downloads/twrp/#tab=inQueue
Also you can check the completed builds to see if the twrp building for the device is finished.
Click to expand...
Click to collapse
So, it's time to wait then.
How do you remove bloatware?
Rooks said:
So, it's time to wait then.
Click to expand...
Click to collapse
If you're interested, could you try this out? Just make sure you have the stock firmware to hand in case of any issues.
https://androidfilehost.com/?fid=11410963190603862888
.
dope77 said:
There isn't any custom recovery released for this device yet,but i already submitted a request in TwrpBuilder project a month ago, hope they'll do it soon, you can check it here, it's at the buttom (47,it's the 3rd oldest request)
https://twrpbuilder.github.io/downloads/twrp/#tab=inQueue
Also you can check the completed builds to see if the twrp building for the device is finished.
Click to expand...
Click to collapse
I don't know, if you check the link above or not, but i do it on regular daily basis.
TODAY, it's gone...........................................
---------- Post added at 11:59 PM ---------- Previous post was at 11:57 PM ----------
ashyx said:
If you're interested, could you try this out? Just make sure you have the stock firmware to hand in case of any issues.
https://androidfilehost.com/?fid=11410963190603862888
.
Click to expand...
Click to collapse
This one seems to be for "J610", not for "J610F".
Will it work............................................................................
I'm eager to try that one................
---------- Post added 1st December 2018 at 12:01 AM ---------- Previous post was 30th November 2018 at 11:59 PM ----------
Rooks said:
So, it's time to wait then.
Click to expand...
Click to collapse
It's rejected..................
# 25 in the list
---------- Post added at 12:16 AM ---------- Previous post was at 12:01 AM ----------
ashyx said:
If you're interested, could you try this out? Just make sure you have the stock firmware to hand in case of any issues.
https://androidfilehost.com/?fid=11410963190603862888
.
Click to expand...
Click to collapse
If it fails (i hope, it won't), it will take me long to setup my device again.
---------- Post added at 12:33 AM ---------- Previous post was at 12:16 AM ----------
ashyx said:
If you're interested, could you try this out? Just make sure you have the stock firmware to hand in case of any issues.
https://androidfilehost.com/?fid=11410963190603862888
.
Click to expand...
Click to collapse
It's a partial success:
SUCCESS
1- Recovery flash is success (odin did not boot into recovery, instead loaded os).
2- After loading android, did a boot into recovery, it loads twrp recovery
FAILURE
3- TWRP recovery does not respond to touch or hardware keys
4- Device keeps booting into twrp recovery
5- Seems to be stuck in recovery mode
Brilliant.................................................................
---------- Post added at 12:39 AM ---------- Previous post was at 12:33 AM ----------
ashyx said:
If you're interested, could you try this out? Just make sure you have the stock firmware to hand in case of any issues.
https://androidfilehost.com/?fid=11410963190603862888
.
Click to expand...
Click to collapse
Reverting to custom recovery, done.
Device is normal again.
A partial success though.
Might be issues with kernel, or something else.....
With your skills and my device, it can be done in a blink of an eye.
Click to expand...
Click to collapse
Rooks said:
I don't know, if you check the link above or not, but i do it on regular daily basis.
TODAY, it's gone...........................................
---------- Post added at 11:59 PM ---------- Previous post was at 11:57 PM ----------
This one seems to be for "J610", not for "J610F".
Will it work............................................................................
I'm eager to try that one................
---------- Post added 1st December 2018 at 12:01 AM ---------- Previous post was 30th November 2018 at 11:59 PM ----------
It's rejected..................
# 25 in the list
---------- Post added at 12:16 AM ---------- Previous post was at 12:01 AM ----------
If it fails (i hope, it won't), it will take me long to setup my device again.
---------- Post added at 12:33 AM ---------- Previous post was at 12:16 AM ----------
It's a partial success:
SUCCESS
1- Recovery flash is success (odin did not boot into recovery, instead loaded os).
2- After loading android, did a boot into recovery, it loads twrp recovery
FAILURE
3- TWRP recovery does not respond to touch or hardware keys
4- Device keeps booting into twrp recovery
5- Seems to be stuck in recovery mode
Brilliant.................................................................
---------- Post added at 12:39 AM ---------- Previous post was at 12:33 AM ----------
Reverting to custom recovery, done.
Device is normal again.
A partial success though.
Might be issues with kernel, or something else.....
Click to expand...
Click to collapse
I'm pretty sure I can fix the touch issues.
Is ADB functional?
ashyx said:
I'm pretty sure I can fix the touch issues.
Is ADB functional?
Click to expand...
Click to collapse
Not sure about adb, did not try it
Rooks said:
Not sure about adb, did not try it
Click to expand...
Click to collapse
If adb works could you do:
adb pull / tmp/recovery.log
Rooks said:
How do you remove bloatware?
Click to expand...
Click to collapse
Well if you need custom recovery for xposed, there's xposed module in magisk that can be installed without twrp. I'm already using it and have multiple modules (gravitybox, xprivacy and greenify), all running without problems. For debloating, after your root the device, go to google play and download an app called system app remover, it'll show you all apps on your j6+. Select the apps you want to remove and press uninstall. After uninstallation is done, reboot your device
ashyx said:
If adb works could you do:
adb pull / tmp/recovery.log
Click to expand...
Click to collapse
Sure, but never worked with samsungs. It's my first regular samsung device. Never liked exynos and cortex combo, but it's different.
Last time tried to push recovery.img via adb and it did not work. I have root and root explorer app installed. Where is that log located in system partition. I'm not an skilled linux coder guy but i have serious history with androids and palms.
---------- Post added at 12:38 AM ---------- Previous post was at 12:36 AM ----------
dope77 said:
Well if you need custom recovery for xposed, there's xposed module in magisk that can be installed without twrp. I'm already using it and have multiple modules (gravitybox, luck patcher, xprivacy and greenify), all running without problems. For debloating, after your root the device, go to google play and download an app called system app remover, it'll show you all apps on your j6+. Select the apps you want to remove and press uninstall. After uninstallation is done, reboot your device
Click to expand...
Click to collapse
Forget debloating, i can deal with it now.
Get back to twrp recovery.
BTW, did you waych 'Venom'or not? Coz i'm watching right now.
---------- Post added at 01:00 AM ---------- Previous post was at 12:38 AM ----------
Could not find /tmp/recovery.
But did find /cache/recovery folder, that contains last_log.1 and last_log.2 files
I started this thread awhile back in hopes to get more testers for the revision 4 bootloader. My other State of Root thread was originally based on BL Revision 3 anyways and just where we've released what root methods there are I'm going to eventually gear that more towards Revision 3 LP & MM status. I'm going to consolidate a bit of the later research in that thread here, specifically for rev4 so we can get a clearer vision of how to finish what we started 3 years ago.
Many Thanks go out to @afaneh92 , @xenomorph318 , @Reverse-anastomosis for helping me jump start this back up. Thanks to @jrkruse , and @elliwigy to giving me more ideas to get this going again. We might just be able to make this happen now.
****
So what I have is:
4APL1 Combo Firmware
1AOGG stock 5.1 fw (stock recovery mode speaks nothing of dm-verity)
2APB2 stock 5.1 fw
Rooted ENG UCE2APB2 boot.img
(looking for/getting) 4CPK1 stock 6.0.1 fw
4CQB2 stock 6.0.1 fw
These are the firmware files I am currently looking at. Before, we were looking primarily at Rev4 MM via dirtyc0w. But we never had safestrap back then. The Revision 4 bootloader supports LP, MM, and Nougat. And safestrap works on LP and Nougat right? So doesn't (can't it?) work on MM too? So couldn't we go from a rooted combo or stock 5.1 system with safestrap and flash over into a 6.0.1 build and retain safestrap? The HOME_CSC comes in handy in 6.0.1 flashing.
++ Now we have the option of potentially using a rom slot to do tests on a mirror dummy of the emmc. Don't be like me and try to mess with the partition table to /sdb with sgdisk, that's what deleted the bootloader on my g925v.
---- After we can get the 5.1 stock system booted for the rev4 combo BL, we can start to find out if we can flash the 2APB2 ENG Kernel through ODIN or if we will have to flash a safestrap package to get the LP Eng Kernel to boot.
=== Having the ENG Kernel Booted, with an sboot console also available, we would have a root shell to the AP & BL. There is a rev4 (combination, unbootable) recovery.img that fixes the DRK, that is supposed to also disable dm-verity. The Things in the system.img firmware are kind of copied into efs and param. As they don't seem to be populated until after first boot. But I see the .x509 FW key, and I also see A LOT of PEM certs on the FW too. Is it really hardware baked? Because it seems more like a lot of software checks in upgrade programs.
****
The end goal right now is to put together a pre-rooted stock 5.1 system.img, that can be flashed via safestrap, that will boot on on the 4APL1 combo bootloader. I'm talking about getting the same result as afaneh92's N920V ROM What has also come up, is the ability to connect directly to the UART Console inside of the sboot.bin. This is great news. If xenomorph318 and Reverse-anastomsis can come into this thread and post their recent findings as well, we can really get this party started.
--- INITIAL CONCEPT ---
The system.img's are sparsed ext4 partitions. They can easily be unsparsed using simg2img, and then mounted on a linux pc. What I am looking to do this week inbetween work, is go back over these init.*.rc files and see how much they actually differ. I'm also going to try to modify enough to boot up a build in qemu if I can. I will then also try to build a safestrap zip for flashing. We've seen that this method is possible on the N920V and the rev5 N950U. It is my thought that the same can be achieved here.
Once we can get a stable driver going, we can begin working on a way to get enough leverage to upgrade our rooted stock ROM. Lucky for us we just might have DC access in the cache on MM. And having access to the cache can mean a lot of things when the system thinks it is updating. But I don't want to get too far ahead yet.
Since the sboot console can get full kernel logs we might be able to leverage that to pull out some full Remote Code Execution inside the sboot to get the eng kernel to work somehow. It's just that, having access to both a root system console and possibly a root sboot console, we can attain data that may just allow safestrap to unlock the bootloader like SS has been able to do in the past. There's always been a bit of speculation here, but so far a lot has panned out in the right directions like I'd hoped, I still need testers to come together on this project so we can leverage all of our knowledge. Lucky for us, 6.0.1 are on rev4 as well. We should be able to get MM installed with safestrap maybe now too. And from their we might really be able to leverage the exploits available to root MM builds as well.
/// DOWNLOADS \\\
SM-N920A FILES via GDrive.
About Android Bootloaders
Other documentation
N920A_NobleZero_rev4_ROM_v1.2.zip ( SS Flashable Zip, NEEDS TESTED, Based on 2APB2 FW )
akiraO1 said:
Post#112
But I did want to post my findings so far on my selinux adventures thus far with my note 7....
So I was able to change the root context permanently from ubject_r:rootfs:s0 to u:r:shell:s0.
This by itself isn't all that helpful except that I actually changed it, and it stuck when I rebooted the device.
I achieved this through dirtycow-ing the file_contexts file with my customs file_contexts file and the commmands restorecon -RFv / and chcon -Rhv u:r:shell:s0 / restorecon makes selinux reload the file_contexts file immediately, so it loads all or most of my custom contexts. then I do a chcon command to make sure it writes?
well thats all I have for now but im working vigorously and will keep posting my findings as I find them =)
Click to expand...
Click to collapse
\/\/
droidvoider said:
Post #7
My tool will likely be helpful to you because that sounds good enough as long as you can get to a prompt that is CVE-2016-5195 / SVE-2016-7504 vulnerable. Anyone who isn't patched beyond Sept 2016 on any Android in the last 10 years will be able to use the tool I'm building to do amazing things. I am designing it precisely for people like you and Delgoth who have large investments in phones that could simply be repaired with enough access.
I am thinking now to fork off a child process anytime I can capture root + "any_new_context"... This will be forked into a child process then kept in a loop. If there is a new root + context that happens along through toolbox, we will grab that also.. (but I won't grab two of the same for example root + system_server I just need once)
I am hoping I can control this loop from the command line but since I am not the caller of the process for which I am capturing I am not sure that would work. This is new code to me, not sure of any examples of something like this. If I have to control it through values I set in files it adds a little more time. The great news is I am not having binary size problems so I can add quite a bit of code while still keeping toolbox much less than the currently installed version on my Note 5. File size must match exactly otherwise patching causes seg fault and seg fault ruins the fun (reboot to cure but irritating)
anyway just needed to come up for air I have a ton done, need to get toolbox fired up to test angle.. any c programmers that want to help or anyone with awesome ideas please feel welcome I could use help
Click to expand...
Click to collapse
/\/ Re-Envision with Safestrap available \/\
droidvoider said:
Post #110
Warning: This can lead to a ruined phone that can't be repaired proceed with caution!
Warning: This HOWTO erases your contacts, stored music + photos, apps + data, Internal Storage, all of it GONE. Back it up before continuing!!
Notice: When finished you will remain on Android 6.01 Marshmallow, you will not upgrade to Nougat. But you can get rid of AT&T + Samsung apps and extend battery life by a lot! You can do a lot more than that but it is SELinux Enforcing, so you still have some limits
Introduction
This HOWTO will outline how to gain root on AT&T Note 5 Marshmallow 6.01 through Nougat 7.0 before Feb 2018 update! i.e. basebands beginning in N920AUCS4. Such as N920AUCS4CPK1 through N920AUCS4EQL1
If your baseband is N920AUCS3 or lower you can already root with Wondershare GoMobile (start at step 9)
If your baseband is N920AUCS5 then this method won't work for you.
Please be aware
This is 1 of 2 root methods for binary 4 N920A Note 5 AT&T Phones!! There is also a Lolipop Android 5.11 root method that allows selinux permissive persistent root you can use on Post 51 of this thread!
Gain root to disable any app and do other cool stuff
1. You need the drivers for Note 5 but they are likely already installed test it via. Connect the USB charging cable between your computer<>Note 5 you should see your phone pop up in File Explorer
(if you can't connect to your phone find the Samsung Note 5 drivers first)
2. If you don't have adb installed first install it on your machine (you can test it by opening a cmd prompt and typing adb, you should get instructions for use)
https://www.xda-developers.com/install-adb-windows-macos-linux/
3. Install Wondershare GoMobile, it's a 5 day trial so be ready to do this!!
4. Download and Unzip the Customized PJ1 + PK1 Firmware into a directory
https://drive.google.com/open?id=1qHVndp4wZXeKb5TFZSnsUT-s3EBmkHVW
5. Download Odin and Unzip it to a directory then click the file to start it up.
6. Select Odin Options tab and in Odin check Auto Reboot, F.Reset Time and Nand Erase All
(load the 4 files from the Customized PJ1 + PK1 zip into the respective slots)
7. Place phone in download mode, connect it to your PC then in Odin select Start to flash the firmware, you can unplug cable when phone reboots.
8. During initial phone setup disable Wifi, skip Google Play account, exit or skip everything you can.
9. Disable security updates under SETTINGS|PERSONAL|Lock screen and security|Other security settings|Security policy updates|Automatic updates OFF
10. Enable Developer options under SETTINGS|SYSTEM|About device (tap build numbers 7 times) then push arrow back to SYSTEM and open Developer options.
11. Under Developer options OEM unlock and USB Debugging should both be ON
12. Always allow usb debugging on phone screen when you are asked. Also allow MTP file transfer.
13. If Google asks for feedback data always DECLINE, they don't help us!
14. Connect cable and connect to Wondershare GoMobile then "One Click Root"
15. After success open Windows Command Prompt and type adb shell, then su
16. You can disable any apps now but start with these (copy / paste into cmd windows then hit enter)
pm disable com.ws.dm
pm disable com.sec.android.soagent
pm disable com.policydm
pm disable com.samsung.android.securitylogagent
pm disable com.lookout
17. You can enable Wifi and Sign in the Google Play now.
18. If you reboot your phone you need to use One Click Root again to regain root, but you are free to unplug the cable!
(If you crash your phone enter recovery mode, wipe data/factory reset, wipe cache and then start over from step 8.)
Apps I disable
Here's some apps you may not like. You can copy / paste these into cmd window but only in small batches at a time (hit enter after pasting it in the window)
Code:
[AT&T]
pm disable com.att.android.digitallocker
pm disable com.sec.enterprise.knox.attestation
pm disable com.locationlabs.cni.att
pm disable com.sec.att.usagemanager3
pm disable com.att.myWireless
pm disable com.yahoo.mobile.client.android.mail.att
pm disable com.asurion.android.mobilerecovery.att
pm disable com.synchronoss.dcs.att.r2g
pm disable com.att.android.attsmartwifi
pm disable com.wavemarket.waplauncher
pm disable com.telenav.app.android.cingular
pm disable com.smlds
pm disable com.matchboxmobile.wisp
pm disable net.aetherpal.device
[Odd Apps I disabled]
pm disable com.cequint.ecid
pm disable com.facebook.katana
pm disable com.facebook.system
pm disable com.facebook.appmanager
pm disable com.instagram.android
pm disable com.amazon.mShop.android.install
pm disable com.amazon.mShop.android
pm disable com.google.android.apps.walletnfcrel
pm disable com.americanexpress.plenti
pm disable com.amazon.kindle
pm disable com.hancom.office.editor
pm disable com.google.android.talk
pm disable com.sec.android.app.sbrowser
pm disable com.mobitv.client.tv
pm disable com.sec.android.service.health
pm disable com.sec.android.app.shealth
pm disable com.yellowpages.android.ypmobile
pm disable com.google.android.feedback
[Game related]
pm disable com.enhance.gameservice
pm disable com.wildtangent.android
pm disable com.ampsvc.android
[Sync Adapters]
pm disable com.samsung.svoice.sync
pm disable com.google.android.syncadapters.contacts
pm disable com.google.android.syncadapters.calendar
[Samsung Apps]
pm disable com.sec.android.easyMover.Agent
pm disable com.sec.android.Kies
pm disable com.sec.android.app.billing
pm disable com.sec.android.iap
pm disable com.sec.spp.push
pm disable com.sec.android.app.SecSetupWizard
pm disable com.osp.app.signin
pm disable com.sec.android.app.sns3
pm disable com.sec.android.app.SamsungContentsAgent
pm disable com.samsung.android.provider.filterprovider
pm disable com.samsung.android.writingbuddyservice
pm disable com.sec.android.widgetapp.samsungapps
pm disable com.samsung.android.app.galaxyfinder
pm disable com.samsung.android.themestore
pm disable com.samsung.svoice.sync
pm disable com.samsung.clipboardsaveservice
pm disable com.samsung.android.provider.shootingmodeprovider
pm disable com.samsung.android.app.withtv
pm disable com.samsung.android.hmt.vrshell
pm disable com.samsung.android.easysetup
pm disable com.samsung.android.qconnect
pm disable com.samsung.ucs.agent.boot
pm disable com.samsung.faceservice
pm disable com.samsung.knox.rcp.components
pm disable com.samsung.android.email.provider
pm disable com.samsung.android.intelligenceservice2
pm disable com.samsung.android.MtpApplication
pm disable com.sec.android.app.samsungapps
pm disable com.samsung.android.slinkcloud
pm disable com.samsung.android.SettingsReceiver
pm disable com.samsung.android.securitylogagent
pm disable com.samsung.android.app.watchmanager
pm disable com.samsung.android.app.assistantmenu
pm disable com.samsung.android.communicationservice
pm disable com.samsung.SMT
pm disable com.samsung.aab
pm disable com.samsung.cmh
pm disable com.samsung.dcm
pm disable com.samsung.vvm
pm disable com.samsung.hs20provider
pm disable com.samsung.android.smartface
pm disable com.samsung.klmsagent
pm disable com.samsung.android.providers.context
pm disable com.samsung.android.sdk.professionalaudio.utility.jammonitor
pm disable com.samsung.android.app.colorblind
pm disable com.samsung.android.hmt.vrsvc
pm disable com.samsung.storyservice
pm disable com.sec.app.samsungprintservice
pm disable com.samsung.android.app.talkback
pm disable com.samsung.android.authservice
pm disable com.samsung.app.slowmotion
pm disable com.samsung.android.weather
pm disable com.samsung.android.app.pinboard
pm disable com.samsung.android.personalpage.service
pm disable com.samsung.advp.imssettings
pm disable com.samsung.android.app.advsounddetector
pm disable com.samsung.android.app.mirrorlink
pm disable com.samsung.android.app.vrsetupwizardstub
pm disable com.samsung.android.clipboarduiservice
pm disable com.samsung.android.asksmanager
pm disable com.samsung.android.themecenter
pm disable com.samsung.android.spdfnote
pm disable com.samsung.android.allshare.service.fileshare
pm disable com.samsung.android.universalswitch
pm disable com.samsung.helphub
pm disable com.samsung.android.app.filterinstaller
pm disable com.samsung.imagecompress
pm disable com.samsung.safetyinformation
pm disable com.samsung.app.highlightplayer
pm disable com.samsung.enhanceservice
pm disable com.samsung.android.keyguardwallpaperupdator
pm disable com.samsung.android.app.accesscontrol
pm disable com.samsung.android.beaconmanager
pm disable com.samsung.ucs.ucspinpad
pm disable com.samsung.android.app.FileShareClient
pm disable com.samsung.android.scloud.backup
pm disable com.samsung.android.fmm
pm disable com.samsung.android.mdm
pm disable com.samsung.accessory
pm disable com.samsung.android.app.scrollcapture
pm disable com.samsung.android.app.interactivepanoramaviewer
pm disable com.samsung.android.scloud
pm disable com.samsung.android.app.soundpicker
pm disable com.samsung.android.spayfw
pm disable com.samsung.app.newtrim
pm disable com.samsung.android.spay
pm disable com.samsung.android.intelligenceservice
pm disable com.samsung.android.sm.policy
pm disable com.samsung.android.dlp.service
pm disable com.samsung.android.bbc.bbcagent
pm disable com.samsung.android.voicewakeup
pm disable com.samsung.android.app.watchmanagerstub
pm disable com.samsung.android.app.FileShareServer
pm disable com.samsung.android.sdk.professionalaudio.app.audioconnectionservice
pm disable com.samsung.android.service.aircommand
pm disable com.samsung.dcmservice
pm disable com.samsung.voiceserviceplatform
pm disable com.samsung.aasaservice
pm disable com.samsung.android.allshare.service.mediashare
pm disable com.samsung.android.fingerprint.service
pm disable com.samsung.ipservice
pm disable com.samsung.sec.android.application.csc
pm disable com.samsung.android.sconnect
pm disable com.samsung.android.snote
pm disable com.samsung.android.video
pm disable com.samsung.location
Restore PK1 boot.img and recovery.img to close dirtycow vulnerability (removes ability to gain root)
1. Download this to a directory but don't extract it
https://drive.google.com/open?id=1374IZTBeyNBELdrK1ESdqkUuVGutbpDm
2. Load PK1boot_recovery_img_only.tar.md5 file into the AP slot in Odin
3. Place phone in download mode, connect it to your PC then in Odin select Start to flash the firmware, you can unplug cable when phone reboots.
Please let me know if any steps are unclear. I can reverse the rooting method but there's probably 20 people world wide who will use this method, so if you have security concerns make sure to close dirtycow vulnerability when you're done and just use the one click root method.
Updated notes:
If you get a Screen Overlay Detected error turn OFF overlay for both MobileGo apps!
I added a windows batch script to disable a lot of apps (root first with wondershare gomobile)
If you use the phone it looses root and becomes harder to root. (if it become impossible to root again flash the PJ1 boot and recovery only file but backup before you do it)
Don't create things with Assayed Kitchen then flash them to the phone or mix firmwares it almost refuses to enter download mode again :fingers-crossed:
In case of error
During the learning process to do things like this putting your phone into a bootloop or soft bricking is very common for new comers, but don't panic. After you complete the process I outlined it will take a couple minutes to boot it will have the AT&T logo on a white screen. If it hangs here for a really long time or it gets unusually warm this is a bad sign. Let's get the phone turned off so you can think.
Hard Reset: press Power + Volume Down for 7 seconds
Screen goes black: immediately presss Power + Volume Up + Home
Use Volume down to move to option Power Off then push the Power button to select it.
You can start over / try again by pressing Power + Volume Down + Home buttons again
or
Create a new post here and put my name in your post
Click to expand...
Click to collapse
Standby for more updates and uploads soon.
Hello,
Any news on the testing?
Regards,
abdk80 said:
Hello,
Any news on the testing?
Regards,
Click to expand...
Click to collapse
Yes, I've updated the OP and added more of a road map for current active development.
I have successfully built a UART jig and booted to a s-boot console on the n920v. This has been done on a few different devices, so it isn't exactly a new thing, but as far as I can tell it has never been done on any exynos 7420 devices. I am still exploring what is possible, and if anyone has any additional guidance on what to do with this access I'm all eyes/ears! I'll attach the 2 logs that I have so far that I find the most interesting.
Idea time: could we fry our bootloader somehow and replace it with a more favorable one? Like for the n920g? External SD card boot is possible through the s-boot console I think, but we don't have an external SD.
I have a kindle fire that uses a bootrom exploit to redirect the loading point for the bootloader so that it will load unsigned firmware/recovery/kernel stored elsewhere on eMMC.
Booting unsigned firmware/recovery/kernel might be possible through use of the tflash option in heimdall, however again...no external SD. I have been able to flash a TWRP image in heimdall on my n920v, but couldn't get it to boot.
I am in way over my head, but I have done a lot of reading over the last few weeks. Given the fact that our devices are now no longer being patched, and exploits have continued to be discovered we should be able to figure something out.
Reverse-anastomosis said:
I'll attach the 2 logs that I have so far that I find the most interesting.
Click to expand...
Click to collapse
Forgot to attach them.
One more pretty interesting log that I just grabbed.
Reverse-anastomosis said:
I have successfully built a UART jig and booted to a s-boot console on the n920v. This has been done on a few different devices, so it isn't exactly a new thing, but as far as I can tell it has never been done on any exynos 7420 devices. I am still exploring what is possible, and if anyone has any additional guidance on what to do with this access I'm all eyes/ears! I'll attach the 2 logs that I have so far that I find the most interesting.
Idea time: could we fry our bootloader somehow and replace it with a more favorable one? Like for the n920g? External SD card boot is possible through the s-boot console I think, but we don't have an external SD.
I have a kindle fire that uses a bootrom exploit to redirect the loading point for the bootloader so that it will load unsigned firmware/recovery/kernel stored elsewhere on eMMC.
Booting unsigned firmware/recovery/kernel might be possible through use of the tflash option in heimdall, however again...no external SD. I have been able to flash a TWRP image in heimdall on my n920v, but couldn't get it to boot.
I am in way over my head, but I have done a lot of reading over the last few weeks. Given the fact that our devices are now no longer being patched, and exploits have continued to be discovered we should be able to figure something out.
Click to expand...
Click to collapse
Tflash could possibly be helpful. Fry the BL to much will drop the device basically into edl mode. Which is weird on an Exynos SoC. Have only had two tests there. My g925v is still in 9006 mode now. My tests on 9008 mode dropped it into 9006 mode. Still bricked.
On my g925v the internal sdcard seemed to act as both internal and external SD cards to me a lot of times. We have no slot but the storage permissions still have to work somehow.
On the 4APL1 combo ramdisk I notice there is init.sec_debug.rc that calls the corehelper.sh script from /system/bin as root. Maybe we can modify the system.img and make the corehelper.sh script run our own commands by just setting a prop detail. We can still use /data/local/tmp to execute things.
But it looks from your logs like we could maybe change the kernel command line string from the sboot console. Meaning we might be able to set enforcing to permissive or change the debug level on a stock LP system. Or at least know where things will be loaded so that we can use safe strap to affect those areas as well.
It also seemed to show us the magic number for the Device Tree. I don't have time this morning. But I'll be back.
@Delgoth, I can't find the arguments to add to boot permissive. Do you happen to know the argument?
It will go as an argument on the boot command in the sboot console.
I bet I could force factory download mode on your g925v with my jig.
Reverse-anastomosis said:
@Delgoth, I can't find the arguments to add to boot permissive. Do you happen to know the argument?
It will go as an argument on the boot command in the sboot console.
I bet I could force factory download mode on your g925v with my jig.
Click to expand...
Click to collapse
I don't know it off hand and I'm not at my PC. But I've seen it before here on the forums used. There is a way to set selinux to permissive via the kernel command line.
Our devices should be vulnerable to this exploit.
https://www.google.com/url?q=https:...FjADegQIBxAB&usg=AOvVaw2-cc6gIXIrOjEJzxzd2Ebo
Reverse-anastomosis said:
Our devices should be vulnerable to this exploit.
https://www.google.com/url?q=https:...FjADegQIBxAB&usg=AOvVaw2-cc6gIXIrOjEJzxzd2Ebo
Click to expand...
Click to collapse
I haven't seen that pdf in a long time. And I don't think you're wrong. Going back and looking through the beginning of the State of Root thread, I realize that many of the failed tests were not done in the correct order now. How I would downgrade was by flashing the rev3 combo firmware via ODIN, I would reboot directly back to download mode without ever letting recovery or system ever boot up once. And then I would flash the rev3 actual eng boot, then reboot directly back to download mode, and then flash the the AP and CSC file of the Stock LP firmware I wanted (1AOGG). After I let that boot up I would go back to download mode and flash the 2APB2 root eng kernel. Then everything would work and you just had to setup SuperSu manually via the CLI (Which I probably still can't do....).
I don't know if anyone actually has tried Flashing the 4APL1 Combo firmware with nand erase all, and then tried to flash an AP file from 1AOGG. I saw people trying to downgrade from stock bootloaders and failing. Which is expected. Generally trying to downgrade param.bin or cm.bin or sboot.bin will result in errors. Can you flash just the AP file from the combo? What about flashing the AP directly after flashing the comfirmware without it booting? Because I guess I still can't be positive it was an eng rev3 sboot or if it were the nand erase all and flash/boot order. Then I typically used the 2APB2 Eng root kernel while using the rev3 combo firmware at the same time through odin. Because the ENG Kernel was an LP Kernel like the combo firmware.
I'm in the process of pulling relevant posts into this thread's OP for consolidation.
@Delgoth O_O Very exciting!! I just got free time and you know what i have to do tomorrow?!? Not 1 thing. I havent read your updated OP yet, I bout came out of my skin when i skimmed over it. Tis where im headed now and will definitely share what crazy stuff i get into.
Update
Hyped!! Ive got safestrap ready togo on rev 4 combo and even made custom rom slots ha, im flashing everything. I actually flashed gapps and doing all this from factory binary lol . I got Csploit running in root but it wont run the Metasploit rpcd server unless u flash gapps. Ofcourse you cant download and install from google play but adb doesnt mind!!! xD
xenomorph318 said:
@Delgoth O_O Very exciting!! I just got free time and you know what i have to do tomorrow?!? Not 1 thing. I havent read your updated OP yet, I bout came out of my skin when i skimmed over it. Tis where im headed now and will definitely share what crazy stuff i get into.
Update
Hyped!! Ive got safestrap ready togo on rev 4 combo and even made custom rom slots ha, im flashing everything. I actually flashed gapps and doing all this from factory binary lol . I got Csploit running in root but it wont run the Metasploit rpcd server unless u flash gapps. Ofcourse you cant download and install from google play but adb doesnt mind!!! xD
Click to expand...
Click to collapse
Cool. I think I found the two libraries we for a stock system image. I will try and make one up this afternoon and posts the steps to do it yourself as well because I might not do it right the first time. If you got all that working can you flash the 2APB2 eng kernel via Odin or use safe strap to flash it and still have the combo firmware boot? I've been able to get bad kernels to flash before on rev3. Once I actually got a boot error that said invalid kernel header but still managed to flash through Odin.
I have the eng 2APB2 tar file in my sm-n920a files link in the OP. If it doesn't flash over the standard 4APL1 combo firmware or boot, maybe we need to use the 1AOGG recovery.img or the special 4CQB2 recovery.img for drk fix.
Delgoth said:
Cool. I think I found the two libraries we for a stock system image. I will try and make one up this afternoon and posts the steps to do it yourself as well because I might not do it right the first time. If you got all that working can you flash the 2APB2 eng kernel via Odin or use safe strap to flash it and still have the combo firmware boot? I've been able to get bad kernels to flash before on rev3. Once I actually got a boot error that said invalid kernel header but still managed to flash through Odin.
I have the eng 2APB2 tar file in my sm-n920a files link in the OP. If it doesn't flash over the standard 4APL1 combo firmware or boot, maybe we need to use the 1AOGG recovery.img or the special 4CQB2 recovery.img for drk fix.
Click to expand...
Click to collapse
Yup yup i have done it before just to see if the root install script and the root boot script method would work for me and it did!
I just tried again to dbl check and yes again. I did it via odin I will try it via safestrap in just a sec to see if it will work that way as well. I have everything staged, i dont have a sd card at the moment
xenomorph318 said:
Yup yup i have done it before just to see if the root install script and the root boot script method would work for me and it did!
I just tried again to dbl check and yes again. I did it via odin I will try it via safestrap in just a sec to see if it will work that way as well. I have everything staged, i dont have a sd card at the moment
Click to expand...
Click to collapse
The metalcated root method is a tethered root method however. The way Wondershare Mobile Go does it must either setup SuperSu correctly. Which I couldn't tell you, or it uses exploits to untethered the root. On my old rev3 device with 1AOGG AP file, eng 2APB2 boot.img, and 3APH1 eng sboot.bin installed the metalcated root would still only give me a tethered root as well.
But are you saying the PB2 eng kernel flashed successfully via ODIN using the 4APL1 combo?
Because while the PB2 Eng Kernel has a root shell by default, it is stuck in SELinux Enforcing mode if I remember correctly. You actually have to setup root to switch to permissive persistently. Where the combo kernel is not rooted but is default set to permissive.
So the rev2 eng kernel still works on the rev4 combo firmware? This makes a difference to me and how we will setup flashing a stock system image over the combo system.
@Reverse-anastomosis which firmware have you been using your jig with? And have you tried using the Eng Kernel to see about different output to your console? Which commands have you tested? I'm looking into the console so I can flesh out its information in the OP. Hopefully we can even get instructions for making one too. We have something going here, we can keep the momentum going.
Right now I only have you two to help explain what I'm talking about and test it specifically. Im working on a test system image right now.
@xenomorph318 once you have the combo firmware installed and then flash the pb2 eng kernel, can you go back to ODIN and flash the stock AP (MINUS boot.img) File from either 1AOGG OR 2APB2? I used to be able to on rev3.
** CAN BOTH OF YOU ZIP UP YOUR /cache/recovery directories SO I CAN LOOK AT YOUR LOGS PLEASE PLEASE PLEASE **
Reverse-anastomosis said:
@Delgoth, I can't find the arguments to add to boot permissive. Do you happen to know the argument?
It will go as an argument on the boot command in the sboot console.
I bet I could force factory download mode on your g925v with my jig.
Click to expand...
Click to collapse
Reverse-anastomosis said:
Our devices should be vulnerable to this exploit.
https://www.google.com/url?q=https:...FjADegQIBxAB&usg=AOvVaw2-cc6gIXIrOjEJzxzd2Ebo
Click to expand...
Click to collapse
androidboot.selinux=permissive
And looking back over that PDF you linked, I feel like that was the R&D done to intially unlock the G925V that was quickly patched up. That was the original root and only BL unlock on the G925V if I recall right. So we might be patched, but it didn't take long to be officially patched and was on the Rev1 BL. But again, you now a whole new level of access.
Here, https://alephsecurity.com/2017/05/23/nexus6-initroot/ , we can find other arguments to test in the sboot console for the kernel. I'd bet some of this works. Seems the eng kernel works, maybe the commandline options there are better utilized. You've got me thinking now. I'm glad you're here right now ready to go. We might not be applicable to this exploit, different OEM, but they don't have a direct console to the bootloader either.
(For a stock bootloader if it loads the console) * buildvariant=userdebug
@Delgoth, I'll try this tonight. Then I'll write up everything that I have tried/know, in detail. I'll post it tonight of tomorrow.
Reverse-anastomosis said:
@Delgoth, I'll try this tonight. Then I'll write up everything that I have tried/know, in detail. I'll post it tonight of tomorrow.
Click to expand...
Click to collapse
Please and thanks. Please if you could also include your recovery logs from /cache/recovery. Either post them here or send them to me privately. But I'm looking for the things I see in my Note8's recovery logs, which we could affect to our great benefit with the eng kernel and sboot console here.
https://developer.android.com/things/sdk/pio/uart
This link could also be applicable to your jig. If we can get an app that will utilize the UART port, then maybe we could have realtime communication with a root system and the sboot. Farfetched and for later of course.
So I was doing some digging, and found this video. Have you seen it?
https://m.youtube.com/watch?v=QpaeneaNEbw
Delgoth said:
The metalcated root method is a tethered root method however. The way Wondershare Mobile Go does it must either setup SuperSu correctly. Which I couldn't tell you, or it uses exploits to untethered the root. On my old rev3 device with 1AOGG AP file, eng 2APB2 boot.img, and 3APH1 eng sboot.bin installed the metalcated root would still only give me a tethered root as well.
But are you saying the PB2 eng kernel flashed successfully via ODIN using the 4APL1 combo?
Because while the PB2 Eng Kernel has a root shell by default, it is stuck in SELinux Enforcing mode if I remember correctly. You actually have to setup root to switch to permissive persistently. Where the combo kernel is not rooted but is default set to permissive.
So the rev2 eng kernel still works on the rev4 combo firmware? This makes a difference to me and how we will setup flashing a stock system image over the combo system.
@Reverse-anastomosis which firmware have you been using your jig with? And have you tried using the Eng Kernel to see about different output to your console? Which commands have you tested? I'm looking into the console so I can flesh out its information in the OP. Hopefully we can even get instructions for making one too. We have something going here, we can keep the momentum going.
Right now I only have you two to help explain what I'm talking about and test it specifically. Im working on a test system image right now.
@xenomorph318 once you have the combo firmware installed and then flash the pb2 eng kernel, can you go back to ODIN and flash the stock AP (MINUS boot.img) File from either 1AOGG OR 2APB2? I used to be able to on rev3.
** CAN BOTH OF YOU ZIP UP YOUR /cache/recovery directories SO I CAN LOOK AT YOUR LOGS PLEASE PLEASE PLEASE **
Click to expand...
Click to collapse
give me 2 hours i'll be home by the pc to flash on odin again
but yes im 100% sure the rev 2 pb2 eng kernel flashed over the top of PL1,
here is the recovery directory u asked for after a fresh flash of the rev 2 LL eng kernel
sorry its taking me so long, i cant find a site that doesnt cap my download speed but i will have the pb2 stock downloaded in like 50 mins