Related
I just flashed the Factory Image MMB29K (flash-all.bat then reinstalled TWRP and SU manually). Now the camera doesn't work (see attachment below). I did check the MD5 and it matched.
Any help is greatly appreciated.
Very odd. If I do not install TWRP (I have tried both 2.8.7.0 and 2.8.7.2) or SU (Beta 2.52) the camera works fine. Or maybe it's the version of the modified boot image (Chainfire's mdb08i) that's not compatible.
Disregard. Found another thread with a discussion of the same issue. The problem is with the old mdb08i boot image.
In case anyone is experiencing the same issue please see this post:
The way I just rooted 2 5x's was, I unlocked the bootloader, flash-all on the MMB29K update, reinstalled TWRP, and then installed Super SU v2.61. You don't have to use a modified boot, that version of Super SU does the modifying for you. Just make sure to read the directions - I got caught in a boot loop trying to install 2.61 over a modified boot (essentially I did the process backwards the first time.) Recovered, and did both phones just fine. Camera works great.
How is that systemless root - any problems so far? I was feeling lazy so stuck with the old fashioned version - haven't had time to read up on the new method.
The only problem I have had so far (and I had the same problem on system root as systemless) is when I boot into TWRP, it brings up the pattern lock. The problem is, sometimes it doesn't recognise my touch on the pattern, so I can't get it to mount the Data partition. When that happens, I either have to flash whatever I was going to flash using USB-OTG (luckily I bought one of these, and got it the same day the phone arrived) or keep re-booting into system, then back into recovery until I get it to work. Might be able to take the pattern off before I go into recovery, but that'd be a pain - and I think I'd have to re-do fingerprints every time, too.
Danariel - thanks for the reply. I think I'll wait until the next go around of updates before trying out the systemless root. Feeling extremely lazy right now.
Take a backup.
How-to root & disable encrypted /data:
(Fastboot) flash the no-verity kernel
(TWRP) adb shell mount -o,rw /dev/block/platform/soc/7824900.sdhci/by-name/vendor /vendor
(TWRP) adb push fstab.qcom /vendor/etc/fstab.qcom
(TWRP) format data
(TWRP) flash magisk beta
Wifi / Unlimited Tethering
(TWRP) adb shell mount -o,rw /dev/block/platform/soc/7824900.sdhci/by-name/vendor /vendor
(TWRP) adb pull /vendor/default.prop .
Add net.tethering.noprovisioning=true to default.prop
(TWRP) adb push default.prop /vendor/default.prop
TWRP 3.2.1 E5 Play
E5 Play DM-Verity Disabled Kernel
E5 Plus DM-Verity Disabled Kernel
fstab.qcom (no-encrypt)
BAM! ^
I tried flashing it and got an "Image not signed or corrupt" error. How can I get around this?
Can you make a step by step guide, please?
Yo, digging your commitment to moto. I'm still on the E4, been waiting for this device to finally be released. I'm probably gonna wait for a little more development on it till I switch though. Do you like it though?
Icyice said:
I tried flashing it and got an "Image not signed or corrupt" error. How can I get around this?
Can you make a step by step guide, please?
Click to expand...
Click to collapse
Nothing is wrong; recovery will boot fine if you try it.
Thexmastermind said:
Yo, digging your commitment to moto. I'm still on the E4, been waiting for this device to finally be released. I'm probably gonna wait for a little more development on it till I switch though. Do you like it though?
Click to expand...
Click to collapse
I like it; it's nice having a stock Oreo. Hopefully getting LTE to work won't be as much of a pain as the moto E4, although I figure it will be, but know how to fix it. Going to start compiling Lineage soon just getting the vendor repo setup and device trees etc.
CodyF86 said:
I like it; it's nice having a stock Oreo. Hopefully getting LTE to work won't be as much of a pain as the moto E4, although I figure it will be, but know how to fix it. Going to start compiling Lineage soon just getting the vendor repo setup and device trees etc.
Click to expand...
Click to collapse
Yeah I was super bummed with the whole no LTE thing there for a while.
So you've got root, right?
Thexmastermind said:
So you've got root, right?
Click to expand...
Click to collapse
Nope Magisk messes up the boot.img atm, and PHH doesn't actually give root after flashing. I tried to root manually and believe it's getting reverted by DM-verity / verified boot. About to start building lineage to bypass that, but the E5 kernel has no fstab. DM-verity must be disabled in the kernels DTB. (Working on that too)
How's the bloatware out of the box? And depending on how bills are looking this week I might have one to test with.
Thexmastermind said:
How's the bloatware out of the box? And depending on how bills are looking this week I might have one to test with.
Click to expand...
Click to collapse
Almost non-existant / it lets you uninstall everything basically even on stock.
Also was able to patch DM-Verity out of the kernel DTB with help of a hex editor lol. Link in the OP here shortly.
Should be able to run /data unencrypted now.
Corection haha after I blew up /data on my phone. DM-verity is indeed disabled in the kernel now, but the stock rom still encrypts /data regardless, but should be able to root it without /system getting reverted now...time to reinstall everything haha. link in OP to DM-verity disabled kernel.
I have root. Will update OP. Basically flash the no-verity kernel then flash magisk beta onto the no-verity kernel and it boots.
Shipping with Oreo, it should be treble compatible too.
I found the fstab...it's actually in /vendor/etc instead of in the kernel. I'll make a flashable zip, but for now to disable encryption manually just adb pull /vendor/etc/fstab.qcom and change forceencrypt= to encryptable= then push it back to /vendor/etc in recovery...then format data.
edit: Actually it's not quite that simple , have to mount /vendor manually in recovery. I'll write a zip soonish, but
adb shell mount -o,rw /dev/block/platform/soc/7824900.sdhci/by-name/vendor /vendor
OP updated with instruction on how to disable /data encryption.
Cant wait to see custom rom's for this thing. If it don't happen soon I might have to jump in and give it a try. Just picked it up at walmart tonight and its pretty impressive for such a cheap phone. Good job getting root working.
Holy crap it worked. You're awesome
Hi guys
It could be used in a Moto E5 Plus to do it root?
Has the following information:
Hardware : QUALCOMM
SNAPDRAGON 425
Model : E5 plus
Android v : 8.0
Kernel v : 3.18.71-perf-g2d07014
Thanks y regards.
@CodyF86, awesome work on the repack TWRP. Development on this device seems to be in the very early stages indeed. Your TWRP and root method have definitely broke ground. I'm using a Python kitchen to compile an unmodified stock ROM as well as a deodexed, debloated version (both TWRP flashable). I'll have an OP up in a couple days for anybody interested and I will post updates here -- with @CodyF86's approval, of course. Thanks again for your great work in breaking ground on this device.
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Mogster2K said:
Zulu99 mentioned something similar - that dm-verity was enabled in darcy's DTB file, preventing any custom firmwares from executing. Foster does not seem to have this problem.
He's provided a patched DTB here - use at your own risk: http://bit.ly/2CxB1hS (WARNING! ONLY FOR 2017 DARCY MODEL!)
Original post here.
Click to expand...
Click to collapse
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
nanerasingh said:
As my test on 2017 16gb 7.2.2 official TWRP patched the boot img i got root access but not fully write.
I used the DTB and flashed from fastboot and reboot without any reset -w command.
No issue of unresponsiveness and boots up normal.I tried edit build.prop in system via ES explorer and reboot the see the persistent and rw works.
So system dm-verity patch by DTB works.
Click to expand...
Click to collapse
Noting this too...
Thanks for the confirmation!
The fastboot -w should only be required if the forced cyption was already in use on the device.
But if I am not mistaken than on the developer version only the data prtition is encrypted, which is no issue.
nadia p. said:
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
Click to expand...
Click to collapse
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
nadia p. said:
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Click to expand...
Click to collapse
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Mogster2K said:
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Click to expand...
Click to collapse
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
nadia p. said:
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
Click to expand...
Click to collapse
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Click to expand...
Click to collapse
Hello Mogster2K, Originally without any modifications the factory installed Nvidia software upgraded itself through on-line updates to 7.2.1 which then broke other 3rd party Apps for me. I then attempted to downgrade to 6.3.0 developer OS, however because it was my first time unlocking the bootloader it wiped everything so once it 6.3.0 was successfully flashed, I had to connect to the internet, sign-in again to Google Play and meanwhile it forced itself to update back to 7.2.1 again. Later by following ACiDxCHRiST's guide HERE, I was able to successfully downgrade to 7.1.0 developer by patching the 7.1.0 boot.img then manually flashed each line item in flash-all.bat.
Later I tried to install TWRP 3.2.3.0 so I could backup the device, however I've not been successful with that since I have a Shield TV 2017 (16GB) remote only model so I must use a USB keyboard and USB mouse to do it. I was reading these other posts here about what the issues might be preventing me from installing TWRP and using it to back everything up. Does this help answer your question?
So I'm currently on 7.1.0 developer OS, patched boot.img using Magisk Manager 6.2.1/Magisk 18.0. So far the Apps that were broken by 7.2.0 "factory" are again working fine in 7.1.0. I don't game, I mainly watch movies and tv series with my device so I don't have many requirements other than I'd like to back everything up so in case it accidentally gets updated somehow I can revert back to a working archive and continue from there.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher.
Click to expand...
Click to collapse
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Does anyone know how to test for certain criteria to help determine if:
A) anything needs to be modified in regards to DTB
B) if their device has been updated in such a way that it currently breaks TWRP (or other things) in such a way there is no fix as of today
This should prove quite useful to help us understand if/anything needs to be done or where the device resides at any given moment.
nadia p. said:
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Click to expand...
Click to collapse
Both. Anyway, I did not realize at the time that darcy could be fully downgraded to 7.1, sorry. It doesn't work on my foster, so I can't use TWRP at all. Also, to the best of my knowledge, TWRP requires at least a USB mouse to function regardless of which ShieldTV model you have. And the modified DTB is just for booting modified images on darcy 7.2+. You're fine without it on 7.1.
Stuck... post backup TWRP 3.2.3.0, now corrupt w/black screen
I'm not sure if this had anything to do with it but I'm suck at a black screen after backing up TWRP.
More information can be found at this POST.
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
7.2 sources still have not been released yet, anyway. I found a reference to a new branch "rel-30-r2-partner-o" but that's all.
Downunder35m said:
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
Click to expand...
Click to collapse
First of all thank you so much for putting all this in layman's terms so someone like me can understand it. Total respect!
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
If you need me to send you my device with remote that you can use to complete these things and get everyone unstuck from this dreadful situation I'm all for that too.
I wish there were a means, like with computers, that we can purchase a band new device, fully back it up before even connecting it to the internet and being forced to sign-in to Google Play before we even have access to the device. We'd also need a way to wipe, format and reinstall this backup without any issues. Is this too much to ask for in an Android world?
EDIT: I have time, access to certain hardware PCs, Macs and Linux, and have some basic skills with computers, phones, etc... If I can assist you or anyone with certain time consuming things let me know. The only Android device I currently own now is the Shield TV.
Would it Work to just flash the system/vendor files without updating the Bootloader?
nadia p. said:
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
Click to expand...
Click to collapse
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Mogster2K said:
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
Click to expand...
Click to collapse
Hello Mogster2K, from the factory install which was updated OTA to 7.2.1 I was able to 1st unlock the bootloader and flash 6.3.0 developer OS to my device successfully, or so I thought so. What I mean by this is based on what Downunder35m said once the device has been updated to 7.2.0 regardless of how when flashing previous versions of OS (developer or recovery) it may not revert the bootloader to 6.3.0. This we still have to see and test to confirm, unfortunately he nor I have any way to test things right now. That being said because I unlocked the bootloader (forced wipe) then flashed 6.3.0 that all went fine accept when booting to the Nvidia home screen it required me to connect to the internet and then sign-in to Google Play. Doing this the OS forces it to update itself again back to 7.2.1 (at that time).
So now that the previous steps were useless I then discovered ACiDxCHRiST's guide HERE and followed that since the bootloader was already unlocked I could modify the boot.img form 7.1.0 then flash that. Well two things happened, it worked perfectly however it's most likely Magisk didn't truly root the device 100%, it only rooted it partially. So now the device worked fine on 7.1.0 and everything was going well UNTIL I decided to install TWRP and backup my device. Doing so totally screwed it, now I have a black screen.... Read THIS.
So one of the reasons I started this thread was to find out more about DTB and how do we start to first test a devices current state, perhaps patch it to what we need to recover from the 7.2.0 changes and restrictions. The benefit of all of this is we should be able, with expertise, be able to climb our way out of this hole and get back to a working device.
whiteak said:
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Click to expand...
Click to collapse
In short the 7.2.1 update broke the factory install by affecting other apps I use and that were working perfectly fine in 7.1.0 before the update occurred. This was the sole reason I attempted to revert back to a previous OS.
Just flashing 6.3.0 didn't work as it updated itself back to 7.2.1 forcibly. I then had to work around that issue and the only way I found was to download 7.1.0, patch it's boot.img file, flash 7.1.0 developer to keep the bootloader uplocked so it wouldn't wipe the system whereby deleting the user info, apps, etc..., make sense? The only issue is that Magisk didn't fully root the device properly and with the new OS verification added to 7.2.0 it created all sorts of other protections where we're not able to fully wipe everything and flash back normally. These protections kick in and prevent it. This is why we're trying to see how to undo the protection settings so we can actually do what we need to do. DTB is part of this.
Will someone please help me before i go crazy. I done rooted several phones but i ran into this problem with the G7play. The bootloader is unlocked but Magisk wont install an everytime I modify the system partition (A or B) in TWRP recovery but I boot into Android and nothing changed… I go back to TW RP and it's still showing the files I put are all there but then when I boot back into Android nothing I do affects the actual system partition… why the hell can i modify it in TWRP an it has no effect when booted? is there a 3rd system partition or something's i don't know about??? where is it storing this original copy? someone please help me its drivin me crazy.
I'm having the same problem. I just created a new thread myself on this very issue. It seems some security has been implemented with the most recent stock OTA updates cause on older versions of the stock room, Magisk would flash fine and remain there once the phone started again.
DenhamsOwnSmoky said:
Will someone please help me before i go crazy. I done rooted several phones but i ran into this problem with the G7play. The bootloader is unlocked but Magisk wont install an everytime I modify the system partition (A or B) in TWRP recovery but I boot into Android and nothing changed… I go back to TW RP and it's still showing the files I put are all there but then when I boot back into Android nothing I do affects the actual system partition… why the hell can i modify it in TWRP an it has no effect when booted? is there a 3rd system partition or something's i don't know about??? where is it storing this original copy? someone please help me its drivin me crazy.
Click to expand...
Click to collapse
theburrus1 said:
I'm having the same problem. I just created a new thread myself on this very issue. It seems some security has been implemented with the most recent stock OTA updates cause on older versions of the stock room, Magisk would flash fine and remain there once the phone started again.
Click to expand...
Click to collapse
That is a pain the ass known as FEC hard at work. The only way around it is system root (which magisk doesn't use) or a custom kernel. Twrp is actually using a magisk binary to do root work. Magisk uses mirrors which don't actually change any files. They only simulate changes. So everything you do in twrp will never actually change anything until you root with magisk. If you make changes then root later, they'll show up when you boot the system.
I investigated it a couple months ago. If you want to see the technical side of it, read my posts that start on this page.
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389/page90
FEC is like ECC RAM, but for system files instead.
Spaceminer said:
That is a pain the ass known as FEC hard at work. The only way around it is system root (which magisk doesn't use) or a custom kernel. Twrp is actually using a magisk binary to do root work. Magisk uses mirrors which don't actually change any files. They only simulate changes. So everything you do in twrp will never actually change anything until you root with magisk. If you make changes then root later, they'll show up when you boot the system.
I investigated it a couple months ago. If you want to see the technical side of it, read my posts that start on this page.
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389/page90
FEC is like ECC RAM, but for system files instead.
Click to expand...
Click to collapse
Thanks that makes sense now...I managed to get it where I could modify it by installing AOSP. That's why I don't like Magisk confuses the hell outta me. Only reason I was installing it is cuz SuperSU dont usually work on newer systems no more but I have a trick with Magisk I did on my G6...This might be helpful to anyone who wants a system root with Magisk. Backup your boot an dtbo an system partition. Then install magisk. Then you go in an find all the lil files that magisk added that aren't really there (system-less) an create tarfiles of them. /sbin /data/adb /init /init.rc an there mite be more I don't remember fer sure. After you make the tarfiles you reflash the original magisk-free images you backed up earlier an go into TWRP (assuming youre usin the TWRP version that lets you make permanent changes to the system partition) an extract all the tarfiles into the same locations an then you install the magisk apk an if you did it right it'll act like magisk is installed an it manages root fer you an everything but it dont have all that system-less problems you get with regular magisk.
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*/
This is tested on my SM-T976B, but I think the same should work on other models as well.
1. WARNING AND DISCLAIMER
Just unlocking the bootloader will not trip the warranty bit yet, so you can still go back at this point.
The warranty bit will be tripped (0x1) as soon as you actually try flashing something unofficial via Odin. YOU HAVE BEEN WARNED.
Make sure you back up all the important files in your internal storage, as you need to disable encryption with Multi-Disabler in order to let TWRP access the data partition, which would require you to format the data partition (wiping everything in the process). Additionally, keep a few nandroid backups with you so you can recover yourself in case something goes wrong.
2. Requirements
- Bootloader unlocked
- ianmacd's TWRP
- Neutralized vbmeta*
- (Optional**) vendor.img from Android 10 stock FW (I used ATK3, but any A10 vendor should do)
- Multi-Disabler
* An empty vbmeta is not recommended. You need to patch the vbmeta of the stock FW you're currently on.
** UPDATE (2022-08-29): It seems Magisk now works with recent A11 GSIs using A11 vendor, so there's no explicit need to flash A10 vendor in the following tutorial steps, unless you run into issues. Thanks to @AnonVendetta for testing and confirming. Using a more recent version of Magisk is recommended.
3. Flashing
Since this device uses dynamic partitions. Flashing system images is not as straightforward as before but not impossible.
azteria2000's GSI Flasher provided a good example on how to use dd/simg2img to flash dynamic partitions using just recovery. This is extremely helpful, as TWRP currently doesn't support fastbootd, which would make flashing even easier.
(1). Extracting Android 10 vendor.img (Optional, unless you have issues with your current vendor)
While you can boot recent GSIs with Android 11 vendor, Magisk currently doesn't work with it. Android 10 vendor is required for Magisk to work properly.
The Android 10 vendor can be extracted from the factory image's super.img. You need to unsparse the image using simg2img then use lpunpack to extract it, and you'll obtain the vendor.img.
(2). Flashing GSI and (Optional) Android 10 vendor.img
The entire flashing process can be done from TWRP.
NOTE 1 (UPDATE 2022-08-29): Flashing A10 vendor is no longer necessary now, unless you have issues.
NOTE 2: At present, Multi-Disabler expects /system_root to be mountable r/w, which cannot be done with a non-vndklite GSI. As such, if you're about to flash /vendor at this step, use a vndklite GSI, or if you're coming from stock, flash Multi-Disabler before actually flashing GSI (a reboot is needed after flashing /vendor to make it accessible).
The corresponding block devices for system and vendor are as follows:
Code:
/dev/block/dm-0 - system
/dev/block/dm-1 - vendor
First set the block devices to r/w so you can flash images.
Code:
# blockdev --setrw /dev/block/dm-0
# blockdev --setrw /dev/block/dm-1
Now actually flash the images with dd. Change the "if" parts to point to where the GSI system image and Android 10 vendor image are.
Code:
# dd if=<GSI image here> of=/dev/block/dm-0 bs=1m
# dd if=<vendor image here> of=/dev/block/dm-1 bs=1m
In rare cases that the GSI image you're about to flash is sparsed, run the following command instead of dd. You need to point to your sparsed GSI image here.
The vendor.img you obtain from super.img is not sparsed and can be flashed directly using the dd command above.
Code:
# simg2img <sparsed GSI image here> /dev/block/dm-0
If nothing goes wrong, you've flashed the GSI as well as Android 10 vendor.
Android 10 vendor flashed this way will work even if you have upgraded past BUC1 (which blocked the downgrade to Android 10).
It's advised to reboot recovery before trying to access system and vendor, to avoid potential issues.
NOTE: If you flashed vendor in this step, DO NOT REBOOT TO SYSTEM JUST YET.
(3). Flashing Multi-Disabler
You need to flash Multi-Disabler to disable encryption of internal storage so TWRP could access it.
If you flashed the vendor.img when flashing GSI, you MUST flash Multi-Disabler again if you have already disabled encryption with it before.
After flashing Multi-Disabler, you can now try booting to see if the GSI of your choice works.
4. Important Notes
(1). Neutralizing Software (Platform) Watchdog
There's a software (platform) watchdog that by default doesn't get fed while running GSI, causing system to reboot about 100 seconds after boot due to "platform watchdog bite". See this issue and this issue for details.
It's possible to disable this watchdog after boot, by executing the following command using a root shell.
Code:
# echo 'V' > /dev/watchdog
You need to look for a way to execute the command above at boot to automatically disable the problematic watchdog so the GSI can function normally. There are several ways to do this, like putting the command into a Magisk module's service.sh so it gets executed when the Magisk module loads.
EDIT: I've filed an issue regarding the matter here. After some testing, it seems /dev/watchdog0 is the real culprit for our device. Disabling either /dev/watchdog or /dev/watchdog0 will work this around.
UPDATE (2021-09-11): I can confirm that DragKernel is not affected by this issue. The offending watchdog is not present and the system won't reboot after 100 seconds.
UPDATE (2022-08-29): The watchdog is mainly an issue if you use A10 vendor. You may not have issues with that watchdog if using A11 vendor but it's still recommended to get it disabled.
(2). Uncertified Device
Since phh-AOSP v303 and onwards, the device is considered uncertified which will prevent you from logging in to your Google account.
Manually registering the device is required for using Google Play Services, but for some reasons that didn't work for me, so I recommend using NanoDroid with microG if applicable (requires Magisk).
(3). Offline Charging Icon
With some GSIs, when powered off, plugging in the charger would make the tablet enter a screen with a white charging battery icon in the middle, that I couldn't easily get out of by pressing POWER button alone. Although I did manage to get out of that screen and boot to the system, I don't really know which button combination is required, and how long I should be holding them. So for now, charging while powered off is not advised...
(4). Potential soft bricks with Securize
UPDATE (2022-08-29): Should have pointed this out earlier that if you attempt to Securize on official phh-AOSP, the device will softbrick. Additionally, merely removing phh-SU is enough to cause the softbrick (thanks to AnonVendetta again for confirming).
While the cause is uncertain, it's quite likely that the tablet cannot work if not using any form of root (be it phh-SU or Magisk) due to Samsung's security mechanisms getting in the way.
5. Working Stuffs
- 120 fps working (by forcing FPS using Phh-Treble Settings).
- Wi-Fi and Bluetooth work fine.
- S-Pen works as a pointer device.
- Alternate Audio Policies (from Phh-Treble Settings) is needed to get audio out through USB Type-C.
- Front and rear camera appears working.
6. Not Working Stuffs
- MTP does not appear to work properly for some reasons. You'll need ADB for transferring files.
- USB Type-C audio adapters may or may not work depending on GSI, Kernel or maybe other aspects.
- Bluetooth audio currently has issues that cause the system to freeze.
7. Untested Stuffs
- Haven't tested telephony-related stuffs as I'm not using a SIM card on the tablet yet.
- Haven't tested fingerprint sensors as I'm not using it.
There are still some functionalities I haven't tested yet, but anyone is free to test if you want to use a GSI.
Special thanks to: ianmacd, phhusson, Bushcat, Vntnox, azteria2000, dron39 and many more...
Original GSI progress issue: here
I finally got this working on my SM-T970. Though I had some troubles getting it working by following your instructions exactly, it would still boot loop even after neutralizing vbmeta.img (perhaps I changed the wrong offset?). Though for some reason flashing magisk made it boot perfectly? I assume Magisk disables AVB entirely or something. Thank you for this guide, may this tablet live a long life thanks to treble!
sambow23 said:
I finally got this working on my SM-T970. Though I had some troubles getting it working by following your instructions exactly, it would still boot loop even after neutralizing vbmeta.img (perhaps I changed the wrong offset?). Though for some reason flashing magisk made it boot perfectly? I assume Magisk disables AVB entirely or something. Thank you for this guide, may this tablet live a long life thanks to treble!
Click to expand...
Click to collapse
i also got SM-T970 please help me to get back to android 10... Most of the game which play crashes in the middle for android 11 ... Can you please help me to do what you did ... i am new to this custom ROMs and flashing so help me..
As I know, you can't. All android 10 bootloaders are XXU1 - if you upgraded to XXU2 then nothing can be done.
ivanox1972 said:
As I know, you can't. All android 10 bootloaders are XXU1 - if you upgraded to XXU2 then nothing can be done.
Click to expand...
Click to collapse
Sorry, didn't notice there were new posts in my actual thread...
While you certainly can't flash XXU1 firmware via Odin once you upgraded to XXU2, you can follow the instructions to use dd in TWRP to flash the logical partitions. This is how I used to flash vendor image extracted from Android 10 FW, as due to SELinux policy issues, Android 11 vendor does not work well with GSIs on Samsung Qualcomm devices in general. Magisk won't work, and the tablet would semi-brick if you attempt to use Securize from Phh-Treble settings.
While I mostly use Android 11 GSIs, the same should work with Android 10 GSIs of your choice, but I haven't tested, as most A10 GSIs are no longer maintained. GSI image of your choice (/system) and A10 vendor (/vendor) are all you need, as GSIs do not care about /odm and /product so it's safe to leave them as-is.
A WARNING: I DO NOT recommend flashing A10 stock FW using this method as you're literally violating the rollback protection which has the risk of causing A HARD BRICK!!! Similar cases have happened on other devices of other vendors before.
ONE MORE WARNING: Due to the ongoing case of Samsung disabling cameras on Z Fold 3, I seriously advise against upgrading the device any further, especially in case a XXU3 firmware comes out in the future, as there are potential signs that such crippling behavior might spread to existing devices.
@LSS4181 thanks dor for deep explanation, but I'm afraid my level is not high enough to understand all of this. I am also tempted to try gsi but not want to risk lot...
So, can it be installed over stock android 11, new bootloader XXU2?
Thanks
ivanox1972 said:
@LSS4181 thanks dor for deep explanation, but I'm afraid my level is not high enough to understand all of this. I am also tempted to try gsi but not want to risk lot...
So, can it be installed over stock android 11, new bootloader XXU2?
Thanks
Click to expand...
Click to collapse
I can't guarantee A10 GSI will work on such environment, but GSIs probably won't have issues with rollback protections. It's just stock ROM might have something that would do dirty stuffs in case such violation happens so I personally would not recommend such use case.
However, A11 GSIs will certainly work fine, just that with A10 vendor you need to use DragKernel as the stock one has a watchdog that'll reboot the system after 100 seconds.
@LSS4181 - thank you for the guide, I've had a T970 for nearly 1 year now, always wanted to run a custom rom on it!
I've tried your guide twice now, but it results in failures for me.
I've unlocked the bootloader, flashed TWRP (twrp-gts7xl-3.5.0_10-A11_3_ianmacd.img), running ATK3.
Not sure if TWRP for Android 11 and ATK3 being Android 10 makes a difference?
I extracted a vbmeta.img.lz4 from the ATK3 pack online, decompressed it to get the vbmeta.img, and wrote 0x03 to decimal offset 123.
(Tried to follow the instructions exactly)
I think it's the flashing/dd part.
After I dd the gsi img to dm-0, I can not reflash the multidisabler anymore. It tells me something like:
"Failed to mount '/system_root' (Invalid argument)"
Then, I can't even mount 'system' in TWRP, the checkbox is unselectable.
To get back to a working state, I have reflashed the stock rom (ATK3).
The GSI I tried to use was: system-roar-arm64-ab-vanilla.img.xz - from AOSP 11.0 v313
Is this the correct version to use (A, A/B etc?)
And how can I tell if the image file is sparsed or not?
Any input is appreciated, thank you!
zxczxc4 said:
@LSS4181 - thank you for the guide, I've had a T970 for nearly 1 year now, always wanted to run a custom rom on it!
I've tried your guide twice now, but it results in failures for me.
I've unlocked the bootloader, flashed TWRP (twrp-gts7xl-3.5.0_10-A11_3_ianmacd.img), running ATK3.
Not sure if TWRP for Android 11 and ATK3 being Android 10 makes a difference?
I extracted a vbmeta.img.lz4 from the ATK3 pack online, decompressed it to get the vbmeta.img, and wrote 0x03 to decimal offset 123.
(Tried to follow the instructions exactly)
I think it's the flashing/dd part.
After I dd the gsi img to dm-0, I can not reflash the multidisabler anymore. It tells me something like:
"Failed to mount '/system_root' (Invalid argument)"
Then, I can't even mount 'system' in TWRP, the checkbox is unselectable.
To get back to a working state, I have reflashed the stock rom (ATK3).
The GSI I tried to use was: system-roar-arm64-ab-vanilla.img.xz - from AOSP 11.0 v313
Is this the correct version to use (A, A/B etc?)
And how can I tell if the image file is sparsed or not?
Any input is appreciated, thank you!
Click to expand...
Click to collapse
Uh... I should have mentioned earlier. Multi-Disabler expects /system_root to be mountable r/w, which cannot be done with a non-vndklite GSI.
As such, to disable encryption, you'll initially need to flash a vndklite GSI, or simply just do that before you actually flash the GSI (stock ROM can be mounted r/w). As Multi-Disabler is only needed once per /vendor flash, you'll be able to use non-vndklite GSI afterwards.
EDIT: If you are experienced in modifying recovery zips, you can edit the Multi-Disabler install script and comment out the parts actually involving /system or /system_root.
EDIT 2: I just realized this... I recall that phh AOSP GSI is sparsed. You need to use simg2img command instead of dd to flash it.
@LSS4181 - thank you for the reply.
I am not sure if the images I was trying to us were sparsed or not.
Since you mentioned vndklite images, I tried those - `simg2img` told me that the hash/magic was not valid, so at least these ones are not sparsed.
But good idea to attempt to use `simg2img` if you are not sure about an image, it doesn't hurt to try.
I flashed phh's v313 ab vndklite image, my device was stuck on the samsung boot screen for about 10 minutes (the screen with "your device is unlocked" etc...) I then held some buttons to force reboot/power down. I powered back on and I finally saw the rom booting.
Vanilla AOSP was a bit boring, so flashed LOS 18.x (vndklite again) and that is great. Dark mode can be made BLACK which I really appreciate.
No issues with the watchdog/no reboot after 100 seconds.
I did try to install microg... tried to install (adb push) to /system/priv-data but must have done something wrong.
It gave me bootloops, tried to reflash the gsi twice but didn't seem to change anything...
I ended up reflashing stock again, repeated the whole process (apart from microg!) and my system is up working again.
I should go and ask on the lineage os gsi thread for advice about microg.
Thanks again for the guide.
zxczxc4 said:
@LSS4181 - thank you for the reply.
I am not sure if the images I was trying to us were sparsed or not.
Since you mentioned vndklite images, I tried those - `simg2img` told me that the hash/magic was not valid, so at least these ones are not sparsed.
But good idea to attempt to use `simg2img` if you are not sure about an image, it doesn't hurt to try.
I flashed phh's v313 ab vndklite image, my device was stuck on the samsung boot screen for about 10 minutes (the screen with "your device is unlocked" etc...) I then held some buttons to force reboot/power down. I powered back on and I finally saw the rom booting.
Vanilla AOSP was a bit boring, so flashed LOS 18.x (vndklite again) and that is great. Dark mode can be made BLACK which I really appreciate.
No issues with the watchdog/no reboot after 100 seconds.
I did try to install microg... tried to install (adb push) to /system/priv-data but must have done something wrong.
It gave me bootloops, tried to reflash the gsi twice but didn't seem to change anything...
I ended up reflashing stock again, repeated the whole process (apart from microg!) and my system is up working again.
I should go and ask on the lineage os gsi thread for advice about microg.
Thanks again for the guide.
Click to expand...
Click to collapse
You could always flash magisk and use the microg module, works perfectly for me
sambow23 said:
You could always flash magisk and use the microg module, works perfectly for me
Click to expand...
Click to collapse
That's exactly what I ended up doing.
Originally I wanted to avoid the 'newer' style, using Magisk etc, it seems more complicated than just using a rom that is already rooted. For my use case of this device, I don't care about safetynet etc, don't care about keeping system untouched etc.
BUT! Flashing Magisk was so easy, no need to patch any images... I simply flashed the latest version of the Magisk apk via TWRP.
On restart, Magisk app wanted to finish the install itself... but failed? So I simply installed the same apk myself, and it's been working perfectly
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
TiTiB said:
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
Click to expand...
Click to collapse
XPrivacyLua/LSPosed does work, I'm able to pass safetynet thanks to it
TiTiB said:
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
Click to expand...
Click to collapse
I got my tablet early so it was on an earlier version than ATK3.
If your device ships with BUBB or before, you should be able to downgrade directly if you know how to use Odin.
Flashing ATK3 (or earlier) vendor via dd from TWRP is only needed if your device is on BUC1 or later, as from that version onwards SW REV has been incremented so you can't downgrade via Odin anymore.
sambow23 said:
XPrivacyLua/LSPosed does work, I'm able to pass safetynet thanks to it
Click to expand...
Click to collapse
Which Xposed are you using? I'm not very familiar with Lsposed.
Thanks ag
LSS4181 said:
I got my tablet early so it was on an earlier version than ATK3.
If your device ships with BUBB or before, you should be able to downgrade directly if you know how to use Odin.
Flashing ATK3 (or earlier) vendor via dd from TWRP is only needed if your device is on BUC1 or later, as from that version onwards SW REV has been incremented so you can't downgrade via Odin anymore.
Click to expand...
Click to collapse
Thanks again for the detailed response. The info you've shared gives me confidence. Now I just need to convince myself that I 'need' to buy it.
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
AnonVendetta said:
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
Click to expand...
Click to collapse
Bluetooth audio works if you disable the a2dp hardware offload in the phh treble app
AnonVendetta said:
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
Click to expand...
Click to collapse
sambow23 said:
Bluetooth audio works if you disable the a2dp hardware offload in the phh treble app
Click to expand...
Click to collapse
Don't know if audio issues might be caused by using a different kernel (as I've switched to using DragKernel for this tablet). I don't recommend using stock kernel, though, due to a nasty 100-second watchdog that you need to manually disable after system startup (DragKernel has that removed from config).
I recall it's now possible to patch vbmeta using Magisk now. Simply provide the vbmeta of your FW version to Magisk and it'll patch it for you. I haven't tried, though, as I always do this by hand with a hex editor (it's just to change a single byte, which the recent Magisk versions would do).
Back then I couldn't get the device certified so I switched to microG which is working well. I recommend using NanoDroid as it comes with a modded Play Store which allows you to purchase apps as well as IAPs. The modded Play Store still works, despite being quite dated.
I don't really have anything blocking me from using microG now. If you need real GApps and know about the workflow for uncertified devices, you may try flashing a bgN flavor GSI as opposed to bvN (g means the GSI ships with GApps).