Related
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Mogster2K said:
Zulu99 mentioned something similar - that dm-verity was enabled in darcy's DTB file, preventing any custom firmwares from executing. Foster does not seem to have this problem.
He's provided a patched DTB here - use at your own risk: http://bit.ly/2CxB1hS (WARNING! ONLY FOR 2017 DARCY MODEL!)
Original post here.
Click to expand...
Click to collapse
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
nanerasingh said:
As my test on 2017 16gb 7.2.2 official TWRP patched the boot img i got root access but not fully write.
I used the DTB and flashed from fastboot and reboot without any reset -w command.
No issue of unresponsiveness and boots up normal.I tried edit build.prop in system via ES explorer and reboot the see the persistent and rw works.
So system dm-verity patch by DTB works.
Click to expand...
Click to collapse
Noting this too...
Thanks for the confirmation!
The fastboot -w should only be required if the forced cyption was already in use on the device.
But if I am not mistaken than on the developer version only the data prtition is encrypted, which is no issue.
nadia p. said:
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
Click to expand...
Click to collapse
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
nadia p. said:
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Click to expand...
Click to collapse
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Mogster2K said:
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Click to expand...
Click to collapse
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
nadia p. said:
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
Click to expand...
Click to collapse
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Click to expand...
Click to collapse
Hello Mogster2K, Originally without any modifications the factory installed Nvidia software upgraded itself through on-line updates to 7.2.1 which then broke other 3rd party Apps for me. I then attempted to downgrade to 6.3.0 developer OS, however because it was my first time unlocking the bootloader it wiped everything so once it 6.3.0 was successfully flashed, I had to connect to the internet, sign-in again to Google Play and meanwhile it forced itself to update back to 7.2.1 again. Later by following ACiDxCHRiST's guide HERE, I was able to successfully downgrade to 7.1.0 developer by patching the 7.1.0 boot.img then manually flashed each line item in flash-all.bat.
Later I tried to install TWRP 3.2.3.0 so I could backup the device, however I've not been successful with that since I have a Shield TV 2017 (16GB) remote only model so I must use a USB keyboard and USB mouse to do it. I was reading these other posts here about what the issues might be preventing me from installing TWRP and using it to back everything up. Does this help answer your question?
So I'm currently on 7.1.0 developer OS, patched boot.img using Magisk Manager 6.2.1/Magisk 18.0. So far the Apps that were broken by 7.2.0 "factory" are again working fine in 7.1.0. I don't game, I mainly watch movies and tv series with my device so I don't have many requirements other than I'd like to back everything up so in case it accidentally gets updated somehow I can revert back to a working archive and continue from there.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher.
Click to expand...
Click to collapse
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Does anyone know how to test for certain criteria to help determine if:
A) anything needs to be modified in regards to DTB
B) if their device has been updated in such a way that it currently breaks TWRP (or other things) in such a way there is no fix as of today
This should prove quite useful to help us understand if/anything needs to be done or where the device resides at any given moment.
nadia p. said:
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Click to expand...
Click to collapse
Both. Anyway, I did not realize at the time that darcy could be fully downgraded to 7.1, sorry. It doesn't work on my foster, so I can't use TWRP at all. Also, to the best of my knowledge, TWRP requires at least a USB mouse to function regardless of which ShieldTV model you have. And the modified DTB is just for booting modified images on darcy 7.2+. You're fine without it on 7.1.
Stuck... post backup TWRP 3.2.3.0, now corrupt w/black screen
I'm not sure if this had anything to do with it but I'm suck at a black screen after backing up TWRP.
More information can be found at this POST.
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
7.2 sources still have not been released yet, anyway. I found a reference to a new branch "rel-30-r2-partner-o" but that's all.
Downunder35m said:
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
Click to expand...
Click to collapse
First of all thank you so much for putting all this in layman's terms so someone like me can understand it. Total respect!
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
If you need me to send you my device with remote that you can use to complete these things and get everyone unstuck from this dreadful situation I'm all for that too.
I wish there were a means, like with computers, that we can purchase a band new device, fully back it up before even connecting it to the internet and being forced to sign-in to Google Play before we even have access to the device. We'd also need a way to wipe, format and reinstall this backup without any issues. Is this too much to ask for in an Android world?
EDIT: I have time, access to certain hardware PCs, Macs and Linux, and have some basic skills with computers, phones, etc... If I can assist you or anyone with certain time consuming things let me know. The only Android device I currently own now is the Shield TV.
Would it Work to just flash the system/vendor files without updating the Bootloader?
nadia p. said:
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
Click to expand...
Click to collapse
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Mogster2K said:
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
Click to expand...
Click to collapse
Hello Mogster2K, from the factory install which was updated OTA to 7.2.1 I was able to 1st unlock the bootloader and flash 6.3.0 developer OS to my device successfully, or so I thought so. What I mean by this is based on what Downunder35m said once the device has been updated to 7.2.0 regardless of how when flashing previous versions of OS (developer or recovery) it may not revert the bootloader to 6.3.0. This we still have to see and test to confirm, unfortunately he nor I have any way to test things right now. That being said because I unlocked the bootloader (forced wipe) then flashed 6.3.0 that all went fine accept when booting to the Nvidia home screen it required me to connect to the internet and then sign-in to Google Play. Doing this the OS forces it to update itself again back to 7.2.1 (at that time).
So now that the previous steps were useless I then discovered ACiDxCHRiST's guide HERE and followed that since the bootloader was already unlocked I could modify the boot.img form 7.1.0 then flash that. Well two things happened, it worked perfectly however it's most likely Magisk didn't truly root the device 100%, it only rooted it partially. So now the device worked fine on 7.1.0 and everything was going well UNTIL I decided to install TWRP and backup my device. Doing so totally screwed it, now I have a black screen.... Read THIS.
So one of the reasons I started this thread was to find out more about DTB and how do we start to first test a devices current state, perhaps patch it to what we need to recover from the 7.2.0 changes and restrictions. The benefit of all of this is we should be able, with expertise, be able to climb our way out of this hole and get back to a working device.
whiteak said:
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Click to expand...
Click to collapse
In short the 7.2.1 update broke the factory install by affecting other apps I use and that were working perfectly fine in 7.1.0 before the update occurred. This was the sole reason I attempted to revert back to a previous OS.
Just flashing 6.3.0 didn't work as it updated itself back to 7.2.1 forcibly. I then had to work around that issue and the only way I found was to download 7.1.0, patch it's boot.img file, flash 7.1.0 developer to keep the bootloader uplocked so it wouldn't wipe the system whereby deleting the user info, apps, etc..., make sense? The only issue is that Magisk didn't fully root the device properly and with the new OS verification added to 7.2.0 it created all sorts of other protections where we're not able to fully wipe everything and flash back normally. These protections kick in and prevent it. This is why we're trying to see how to undo the protection settings so we can actually do what we need to do. DTB is part of this.
Any help is greatly appreciated, I have no experience with Google phones, I was years into Sony.
I have just bought a Pixel 2 XL from a local shop in Greece, and of course, I want to root it and be able to install custom roms etc.
I have a few questions that I am searching everywhere recently and I would really appreciate if someone can make it clear to me:
1) I have read that you have to buy your phone from Google so you are able to unlock it? Can someone explain this to me? (My phone is not a specific carrier) How do I know if I am able to unlock my bootloader?
2)I have flashed roms and kernels in the past on my Sony phones, however I haven't really messed with the bootloader other than just unlocking it in the beginning. So now on the Pixel 2 XL I am reading so much about the unlock_critical vs the normal unlock, and I can admit I cannot understand the difference. Why does someone want to flash a bootloader? ( I do not understand what does "flash a bootloader" mean)
What I want to be able to do is flash custom roms, flash factory images to revert back to stock whenever I want, flash custom kernel, flash stock kernel, make a nandroid backup with twrp and restore a nandroid backup with twrp. That is all I want to be able to do without facing any errors with the bootloader,so do I need the unlock_critical ? And why?
3)If I unlock the bootloader with any of the two ways, am I able to re-lock it like nothing has happened? For example if the screen has dead pixels for some reason and I want to send it back for warranty but the bootloader is unlocked, can I lock it without it being logged? Or once unlocked, there is no going back to the warranty by re-locking? On many Sony phones we could do that.
4)If I unlock the bootloader and install TWRP I read that I will not be able to receive official updates from settings any more (OTA):
"NOTE #1: If you have mounted /system as rw at any point (like in TWRP), you must upgrade using the factory image method. OTAs will fail because they cannot verify the integrity of the disk since its verity data has been changed."
My question is, if I flash a stock image, does that get fixed? ( so if I flash 8.1.0 stock manually, will I be able to get an official update e.g. 9.0.0 from settings?)
Or if I just grab the stock boot.img of my current version of android and flash it with fastboot, then will I be able to get official updates from settings normally again?
5)Can I do the following on this order? :
Enable USB Debugging and OEM Unlocking
Unlock the bootloader (either critical or normal, whatever works)
Boot into Fastboot
Boot the twrp image from fastboot to the device
Flash the twrp zip to the phone to install TWRP
Flash the magisk zip so I root the device
Reboot and everything works? (Or do I need a custom kernel for TWRP or Magisk to work?)
Is there any issue you see with the above plan of mine?
6) Before I tweak my device in any way, is it okay if I update the device fully? So can I install any update available (OTA) and then unlock the bootloader and root etc? Or do I have to be on a specific version and not on the latest?
7)I have read something about 2 different slots on some flashing forums here, slot a and slot b, but it is not clear to me what that is. Does anyone know what that is? At which point may I face this?
Thank you very much.
A quick and not complete response to get you going
Plan 5 seems solid, unlock the bootloader to allow custom stuff. At boot you will get a warning screen to let you know.
I forgot if I only unlocked the bootloader or also the critical, try it etc.
Personally I never had to tinker with the A/B slots, within TWRP you can choose which to use.
Before Magisk, I used to flash another recovery like cwm or twrp but it is not required. You must however boot to twrp.img to flash the magisk zip.
As far as I know it is indeed the altering of the /system folder that denies future OTA (when using factory image). A manual flash (of future OTA) is easy but may require altering (removing) a switch command in the install.bat file to remove the -w (wipe).
As to the custom kernels, I never noticed the need and am running the latest v10 image with only Magisk flashed to get root.
My main goal is to get rid of ads. I use AdAway.
To get that to work in v10 you need to enable systemless host module im the Magisk manager app (reboot after).
A final feedback; when you get to sideload and need to get to recovery you may get the screen 'no command' or so; press volume-up and click power or power->click volume.
Let us know if you worked it etc!
arismelachrinos said:
Any help is greatly appreciated, I have no experience with Google phones, I was years into Sony.
I have just bought a Pixel 2 XL from a local shop in Greece, and of course, I want to root it and be able to install custom roms etc.
I have a few questions that I am searching everywhere recently and I would really appreciate if someone can make it clear to me:
1) I have read that you have to buy your phone from Google so you are able to unlock it? Can someone explain this to me? (My phone is not a specific carrier) How do I know if I am able to unlock my bootloader?
2)I have flashed roms and kernels in the past on my Sony phones, however I haven't really messed with the bootloader other than just unlocking it in the beginning. So now on the Pixel 2 XL I am reading so much about the unlock_critical vs the normal unlock, and I can admit I cannot understand the difference. Why does someone want to flash a bootloader? ( I do not understand what does "flash a bootloader" mean)
What I want to be able to do is flash custom roms, flash factory images to revert back to stock whenever I want, flash custom kernel, flash stock kernel, make a nandroid backup with twrp and restore a nandroid backup with twrp. That is all I want to be able to do without facing any errors with the bootloader,so do I need the unlock_critical ? And why?
3)If I unlock the bootloader with any of the two ways, am I able to re-lock it like nothing has happened? For example if the screen has dead pixels for some reason and I want to send it back for warranty but the bootloader is unlocked, can I lock it without it being logged? Or once unlocked, there is no going back to the warranty by re-locking? On many Sony phones we could do that.
4)If I unlock the bootloader and install TWRP I read that I will not be able to receive official updates from settings any more (OTA):
"NOTE #1: If you have mounted /system as rw at any point (like in TWRP), you must upgrade using the factory image method. OTAs will fail because they cannot verify the integrity of the disk since its verity data has been changed."
My question is, if I flash a stock image, does that get fixed? ( so if I flash 8.1.0 stock manually, will I be able to get an official update e.g. 9.0.0 from settings?)
Or if I just grab the stock boot.img of my current version of android and flash it with fastboot, then will I be able to get official updates from settings normally again?
5)Can I do the following on this order? :
Enable USB Debugging and OEM Unlocking
Unlock the bootloader (either critical or normal, whatever works)
Boot into Fastboot
Boot the twrp image from fastboot to the device
Flash the twrp zip to the phone to install TWRP
Flash the magisk zip so I root the device
Reboot and everything works? (Or do I need a custom kernel for TWRP or Magisk to work?)
Is there any issue you see with the above plan of mine?
6) Before I tweak my device in any way, is it okay if I update the device fully? So can I install any update available (OTA) and then unlock the bootloader and root etc? Or do I have to be on a specific version and not on the latest?
7)I have read something about 2 different slots on some flashing forums here, slot a and slot b, but it is not clear to me what that is. Does anyone know what that is? At which point may I face this?
Thank you very much.
Click to expand...
Click to collapse
1) The reason for this is Google had an exclusivity contract to sell through the US cellular company, Verizon; much like the original Apple iPhone did (at first) with AT&T. And, for reasons that are most likely stupid, foolish, and unconvincing in its justifications, Verizon locks their device's bootloaders. So, not that it's "locked" or "unlocked" in terms of carriers, but more-so whether a device is "locked bootloader" or unlockable because it was purchased from Google (or elsewhere, but at least originally Google) and not from Verizon. If you're wondering further, getting it from Verizon would allow Verizon subscribers and customers to be able to "lease" and pay the Pixel off in increments with their usual cell phone bill; but it's not all too exclusive because Google offers to lease if you purchase from them also! The only caveat is you have to pass a credit check when leasing from Google; but, then again, you have to pass a credit check when signing up for a Verizon cell plan as well!
2) So, with my limited understanding between the difference between just a regular "unlock" and an "unlock_critical" is that it might be that a regular unlock allows you to get a R/W access (root access) to the various vital partitions (i.e. system, data [not to be confused with userdata], even boot to a degree) while unlock_critical allows you to straight modify and replace partitions (i.e. what would've been the recovery partition [but now there's no such thing and recovery just resides in the boot partition], the whole system & data partition to have/run custom ROMs, bootloading screen, etc.). But it all is rather convoluted that Google probably agreed and, so you can/should be aware, they updated things within the past few months (I'm guessing June or July) where they rid the need to "unlock_critical" and bootloaders that are newer than a certain point/month no longer needs that fastboot command to unlock the bootloader and everything else in order to flash custom anythings...
3) Okay, so here's a very tricky thing to this.... Technically, yes you can relock the bootloader as well as there have been many who have successfully done so; BUT there are so many more that have COMPLETELY and permanently bricked their device attempting to do so and most (if not all) the experts here would advise anyone to just leave well enough alone. But, if it is insisted and must be, the way to do it is to remove all Magisk modules (because, for whatever reason, these modules can survive a complete flashing of a Full Factory stock image), run a Full Factory image where the flash-all command is left intact (meaning “-w” is unedited; I’ll go more into this later), running it through the initial set up process, then (for good measure, this step might not be at all absolutely necessary) switch slots and run the flash-all command on the other slot, running the initial set up process again, then rebooting to Bootloader Mode and running the fastboot locking command, then unticking (if wished and insisted) unticking the OEM unlocking. Again, a word of warning, that so many have relocked the bootloader and unticked the OEM unlocking which allows the unlocking of the bootloader, then find that their device goes into a bootloop; and since they had just locked the bootloader in 2/all different ways, it leaves rescuing the device with all but the fewest options – usually because it’s forgotten in one way or another returning all of the device back to stock.
If anything, what has been said around these forums is that, if returning to Google, there hasn’t been an (proven) instance that Google refused to repair/replace it because it had its bootloader unlocked. But it’s usually for that fear or re-selling the device in which this is usually sought; but in most (if not all) cases (the experts here figure), having the bootloader unlocked would be refused or looked down upon.
4) So, most of what you assumed here is correct; but may be a bit misguided due to not knowing some things – which, of course, can be expected since you had just said you just moved to this device from a totally different manufacturer (Sony). If you are rooted (Magisk), there is absolutely no way you can update via the regular System Update from an OTA from within the Settings in the OS. And even having just an unlocked bootloader will cause OTAs to not work -- but there are conflicting reports stating differently, but I, personally, am under the understanding that even at that point you cannot.
But here’s the key thing; there really isn’t any reason to install updates by download and using OTAs anyways. Most (if not all) the experts here actually forego the OTAs and merely download the Full Factory stock images from Google’s Developers website and flash those. Here’s the reason; in the “olden days”, flashing a stock Full Factory image would erase absolutely everything and return the device to a complete factory state. But Google, in their “infinite wisdom”, allowed it to be possible to flash this but still withhold and save/keep all of one’s apps, settings, and data – essentially leaving both device data and userdata untouched! This is achieved by simply editing a batch file called “flash-all.bat” (or “flash-all.sh” for Linux and MacOS) and removing the 3 characters “-w” (3rd character would be a space “character”) from within its code. In this manner, OTAs can be considered a “dirty flash” because, while a Full Factory will completely overwrite (I could be wrong, but I believe it erases and formats it) the system, radio, bootloader, boot, etc., which would/should take care of any erroneous bugs or glitches, while OTA’s do not necessarily do this and just “modifies” the existing data; and therefore bugs and glitches may still remain being more on the root of things and/or OTAs would just modify “on top” or elsewhere where those glitches may reside.
And in either/both cases, one would still be required to reflash/reinstall everything root.
But, if insisted, there are multiple methods to achieve a state where you can run an OTA; either downloading an OTA image from Google and manually flashing it (“sideloading”), or unrooting temporarily to be able to use & download the regular System Updater (can be found HERE : https://github.com/topjohnwu/Magisk/blob/master/docs/tutorials.md#ota-installation under the “Devices with A/B Partitions” which is my preferred method if I was to do this sort of thing, but I have never done this so I’m unsure if it even is successful in our device). I even wrote out an in-depth and step-by-step guide, but it is rather convoluted and was written in the beginnings of our taimen and there are most likely more updated methods now; but if you want to check it out, you can HERE.
But, to answer your questions directly; No, flashing the stock image will not allow you to user the stock System Updater; although there are conflicting reports, I am under the impression that anything other than a locked bootloader will allow the stock System Updater to work.
5)More correctly, you boot into “Bootloader Mode” to be able to use the “fastboot” commands. And no, you do not need to permanently flash a custom recovery (TWRP), a custom kernel, or anything else to achieve root – although I do highly recommend it – as you can temporarily boot into TWRP (by downloading the TWRP image file (*.img) and install Magisk in that manner – I do not suggest you root/install Magisk using the app. Other people have had success, but many (most?) have issues that you wouldn’t run into if you installed it via TWRP – but here’s a key thing; no matter what you intend to flash and install, unless you need to have root for it to already be installed, you should always flash Magisk last. Moreso, as the great Az Biker of ‘round thes’ parts greatly suggests, you should even reboot to bootloader after each and every flash separately. Explanation is, for whatever reason and even though many claim to be able to “detect” and modify their flash for an already modified boot and dtbo (where modifications must happen for root access), most don’t play well with Magisk and Magisk must modify the boot and dtbo after all other modifications or else problems can arise (or at least it has for me).
Just keep these things in mind, but, for the most part, your “order” of things will do well enough. Again, just keep in mind that if you are going to install a custom recovery or kernel, try to do that before Magisk as well as if you can avoid it, don’t use the Magisk app to install or manually flash any boot.img if you can help it.
6)No, you don’t have to stick to a specific version; it might even be suggested to update it stock before doing anything. BUT (of course there is a caveat), consider this; many things (especially anything root and specifically TWRP) aren’t really “playing nice” with Android Q/10; so, if you update and go to the most up to date, but don’t wish to run into those glitches/bugs and wish to “hold off” (like I am, actually and for the same reasoning), then of course you should only go up to August (I believe that was the last before the upgrade to Q/10) Full Factory.
7) There are many great resources on the information on having the 2 different slots; I apologize if I can’t recall where I even saw them – other members (maybe an RC or Mod even) input a URL to read and I can’t for the life of me recall where it possibly could be. But, for the most part, you would really only run into identifying and manually changing to a specific one if you were attempting to rescue or deeply modify your device; I can say that me and the great @Az Biker have never felt the necessity to manually change or choose a certain, specific slot. And, my guess, is that, because the coding and flashing output when running the Full Factory states something about “system_other” or a “system_b”, but while the main system can be close to 3GB, the system_other is closer to 300MB, and that boot, dtbo, vendor, and something called lafb has a “_b” partition, I’m thinking it’s something as a safety or backup, maybe something like what used to be in old laptops a sort of RAM to help load things up faster. In any case, it seems that going from one to the other, a to b or vice-versa, doesn’t seem to be too key or much of a hassle, so….take that for what you will.
Alright…hopefully I was able to answer all your inquiries. And, if you have any more, please feel free to ask them…that’s what we’re all about here. And I know I can run on and get wordy, so thank you for bearing with me with all of this.
I mean, it’s really good to have a user/member who really does their research, reading, and due diligence before getting into their new device; there are so many instances here and in my own experience where the “…if I only knew that beforehand…” would be supremely helpful, and supremely easier on everyone else! So that’s to be commended and reinforced…!
Hope this helps and welcome to your Pixel and this taimen forum!
I really cannot thank you enough for your time. I truly appreciate it very much.
1) Very clear.
2) Do you happen to have a link or do you know how to check if my phone supports unlock_critical? How can I check if I have that newer bootloader? Or do you remember where did you learn this?
3) Thank you so much about that. Very clear aand you just saved my phone
4) Very clear.
5) Thank you for the info! Interesting, I was searching on how to root the device running Android 10 (I have fully updated and I really am not going back to Android 9 ), and I saw that you have to patch your boot.img with the Magisk app, and then flash it with fastboot. So first you get the factory image from google and you extract the boot.img and insert it to the phone. Then you load it into Magisk app and patch it. Then moving the patched to the PC, booting to bootloader and flash it on boot partition. This is the way I saw on how to get root working fine with Android 10, not sure if it is the best method or the worst.
6) What do you mean with "go up to August"? Do you mean that the "oldest" image I can flash is "9.0.0 (PQ3A.190801.002, Aug 2019)"? So one cannot go back to 8.0.0 and Google has done something to prevent us from doing that? Also, if I wanted to go back to that August image or any "compatible", the procedure is just to run the flash-all.bat file of that image?
I used to experement a lot with custom roms, custom kernels and mods with my Sony devices, but that was mainly because I wanted stock android and some more features. The thing is that I have almost anything I need with this device, with some minor wishes. So I can leave without flashing custom roms and kernels, but I wanted to just root and at least install Adaway(!!!!!! I cannot leave with those ads!!!!!!), Titanium Backup and some other similar root apps that don't really do any harm. Have you tried rooting Android 10 and it was unusable? Do you suggest that it is not really worth it? The thing is that I love Android 10, the gestures and all the features, and I could not go back to Android 9, even though I only used the phone for a week, I am used to it and really like the way it currently is.
7)Hmm okay so I should not really mess with that. Maybe as I saw online, when flashing stock or unrooting, it is best to flash the same thing to both a and b slots, seems a bit complicated but whatever
Thank you for being so helpful!!
arismelachrinos said:
I really cannot thank you enough for your time. I truly appreciate it very much.
1) Very clear.
2) Do you happen to have a link or do you know how to check if my phone supports unlock_critical? How can I check if I have that newer bootloader? Or do you remember where did you learn this?
3) Thank you so much about that. Very clear aand you just saved my phone
4) Very clear.
5) Thank you for the info! Interesting, I was searching on how to root the device running Android 10 (I have fully updated and I really am not going back to Android 9 ), and I saw that you have to patch your boot.img with the Magisk app, and then flash it with fastboot. So first you get the factory image from google and you extract the boot.img and insert it to the phone. Then you load it into Magisk app and patch it. Then moving the patched to the PC, booting to bootloader and flash it on boot partition. This is the way I saw on how to get root working fine with Android 10, not sure if it is the best method or the worst.
6) What do you mean with "go up to August"? Do you mean that the "oldest" image I can flash is "9.0.0 (PQ3A.190801.002, Aug 2019)"? So one cannot go back to 8.0.0 and Google has done something to prevent us from doing that? Also, if I wanted to go back to that August image or any "compatible", the procedure is just to run the flash-all.bat file of that image?
I used to experement a lot with custom roms, custom kernels and mods with my Sony devices, but that was mainly because I wanted stock android and some more features. The thing is that I have almost anything I need with this device, with some minor wishes. So I can leave without flashing custom roms and kernels, but I wanted to just root and at least install Adaway(!!!!!! I cannot leave with those ads!!!!!!), Titanium Backup and some other similar root apps that don't really do any harm. Have you tried rooting Android 10 and it was unusable? Do you suggest that it is not really worth it? The thing is that I love Android 10, the gestures and all the features, and I could not go back to Android 9, even though I only used the phone for a week, I am used to it and really like the way it currently is.
7)Hmm okay so I should not really mess with that. Maybe as I saw online, when flashing stock or unrooting, it is best to flash the same thing to both a and b slots, seems a bit complicated but whatever
Thank you for being so helpful!!
Click to expand...
Click to collapse
It’s really my pleasure! And I’m just as thankful that you/anyone would even go through the trouble of reading all of that…!
1) Thank you for the compliment
2)Usually, if your bootloader version is within a certain version – which you can find when in bootloader mode – then you either do or do not need unlock_critical. I can’t remember how many months prior to Android 10/Q, it was within 6 I believe, so any bootloader version from 5 or 6 months ago to now, and obviously if you’re on 10/Q, you would not need to run the command unlock_critical. But, if anything, you don’t have to have any fear of it, whether you need to or not, or don’t know your bootloader version, running the “fastboot flashing unlock_critical” when you don’t need to will just amount to a simple error and nothing bad will happen. And if it does end up doing something, well, then that’s a good thing. It almost amounts to unlock_critical-ing twice, the second on will just state that it’s already unlocked and that’s it.
If anything, I believe I found the resource here from the great Az Biker: https://forum.xda-developers.com/showpost.php?p=78908055&postcount=2843
If you are very curious, it should address much of what you’re seeking and/or at least point you to where you might find that information.
3) You’re very welcome. It really is a good thing that saves you in the future, and saves those who try to help some grief as well.
4) Thank you for the compliment.
5) I would say that the process you described is certainly doable, but is far from the best/easiest. From my experience helping many here on this forum, many bugs or things go wrong when loading the stock boot.img to the phone, having Magisk modify it, then getting the modified boot.img and successfully flashing it. More often than not, one ends up having a device turn into a boot loop and are usually forced to flash the stock boot.img and have to give it a number of tries.
The best way (subjectively) is to download the Magisk installation .zip. Then boot into TWRP (which doesn’t mean you have to replace the stock recovery since you can temporarily boot into it), and “Install” it using the .zip. Then everything is automated and done for you, if anything goes wrong you have an output log you can use to troubleshoot, but it seems best to leave it to the experts who created all this than us manually attempting to ourselves.
Oh and AFAIK this method still works on Android 10/Q as it has for Pie and Oreo.
6) I meant that, if you did not wish to update to 10/Q, then you shouldn’t do anything newer than from August’s security update/patch, since all the Full Factory images and updates are of 10/Q. But, if you go to Google’s Developers site, you’ll see that they pretty much list and make available all the Full Factory images ever published; to the point that there are some that go back to Oreo!
And everything you’ve said is understandable. And I kinda feel the same way. For me, in my humble opinion, it is supremely good idea to root and for whatever issues you get doing that, the returns are incalculable. It is most definitely worth it/rooting! The extra options and customizations and modifications all make it worth while and more! And, even if rooting gives the capability of rendering the device rather unusable, take confidence in that Google, in all their “infinite wisdom”, gave us “Bootloader Mode”…and pretty much, as long as you can get into Bootloader Mode and successfully connect to a computer, your phone would never be considered too far lost/gone. I’ve only witnessed that be opposite on less than a handful of cases.
But, most importantly, and if you have been in the rooting and ROMing game, you should well know this, but the most vital part of having root access is the ability to make the best backups! So, as long as you make sure to backup (Nandroid is best) and key times, running into some pitfalls here and there shouldn’t take you all the way out of the game….
7) Yeah…I mean, it is rather fascinating, and when up against an issue and you have an idea that deals with it, that’s when you can read up and learn about it and experiment I imagine. But for me and one of the great ones here in all of XDA, we’ve done all the custom ROM, custom recovery, custom kernel, Full Factory recover, root, Magisk modules, theming, Xposed, and countless other things, and all without the need to ever mess with manually or forcing an assignment between the two.
Again, it’s my pleasure. And if you any further questions or thoughts, bring them on! I’d be happy to address them…
Hope these are helpful….
arismelachrinos said:
I really cannot thank you enough for your time. I truly appreciate it very much.
1) Very clear.
2) Do you happen to have a link or do you know how to check if my phone supports unlock_critical? How can I check if I have that newer bootloader? Or do you remember where did you learn this?
3) Thank you so much about that. Very clear aand you just saved my phone
4) Very clear.
5) Thank you for the info! Interesting, I was searching on how to root the device running Android 10 (I have fully updated and I really am not going back to Android 9 ), and I saw that you have to patch your boot.img with the Magisk app, and then flash it with fastboot. So first you get the factory image from google and you extract the boot.img and insert it to the phone. Then you load it into Magisk app and patch it. Then moving the patched to the PC, booting to bootloader and flash it on boot partition. This is the way I saw on how to get root working fine with Android 10, not sure if it is the best method or the worst.
6) What do you mean with "go up to August"? Do you mean that the "oldest" image I can flash is "9.0.0 (PQ3A.190801.002, Aug 2019)"? So one cannot go back to 8.0.0 and Google has done something to prevent us from doing that? Also, if I wanted to go back to that August image or any "compatible", the procedure is just to run the flash-all.bat file of that image?
I used to experement a lot with custom roms, custom kernels and mods with my Sony devices, but that was mainly because I wanted stock android and some more features. The thing is that I have almost anything I need with this device, with some minor wishes. So I can leave without flashing custom roms and kernels, but I wanted to just root and at least install Adaway(!!!!!! I cannot leave with those ads!!!!!!), Titanium Backup and some other similar root apps that don't really do any harm. Have you tried rooting Android 10 and it was unusable? Do you suggest that it is not really worth it? The thing is that I love Android 10, the gestures and all the features, and I could not go back to Android 9, even though I only used the phone for a week, I am used to it and really like the way it currently is.
7)Hmm okay so I should not really mess with that. Maybe as I saw online, when flashing stock or unrooting, it is best to flash the same thing to both a and b slots, seems a bit complicated but whatever
Thank you for being so helpful!!
Click to expand...
Click to collapse
As @simplepinoi177 said, I'm part of the community that just let's the factory image flash the slot it needs/wants to, and it's never once been an issue.
Look at it like this; some people prefer to simply copy/paste a link or block of text in the PC, some people prefer to CTRL + C then CTRL + V.... BOTH take you to the same end.
Plus, knowing me, the more I manually mess with Slot A vs Slot B, the more chance there is for me to screw something up
Best of luck with your 2 XL, it's a FICKLE device, but it's a really, really great device once you get it as you want it.
Thank you all very much! I am pretty busy these days so once I find some time I will do more research and root it.
@simplepinoi177
I am not sure if your paypal address works, I felt like buying you a coffee earlier, the least I could do with all the time you spent explaining
Oh forgot to ask some minor things,
to make a nandroid backup, I just send twrp.img via fastboot to the phone and boot into it and make it? And if I want to revert back I do the same and restore it?
Also if TWRP asks me the question about if I want to enable modification to the system, what do I answer? Either for the nandroid backup, the restore or for flashing magisk.zip? Do any of those require that enabled?
Lastly, I understood that just unlocking the bootloader alone can result in no OTAs. But, will I keep getting the security updates? I heared something about security updates that are frequently available from the playstore or something like that but I have the phone for less than a week and haven't gotten anything. No OTAs mean no security updates as well? Or they are irrelevant and I will keep getting those security updates once rooted?
arismelachrinos said:
Oh forgot to ask some minor things,
to make a nandroid backup, I just send twrp.img via fastboot to the phone and boot into it and make it? And if I want to revert back I do the same and restore it?
Also if TWRP asks me the question about if I want to enable modification to the system, what do I answer? Either for the nandroid backup, the restore or for flashing magisk.zip? Do any of those require that enabled?
Lastly, I understood that just unlocking the bootloader alone can result in no OTAs. But, will I keep getting the security updates? I heared something about security updates that are frequently available from the playstore or something like that but I have the phone for less than a week and haven't gotten anything. No OTAs mean no security updates as well? Or they are irrelevant and I will keep getting those security updates once rooted?
Click to expand...
Click to collapse
So, about booting TWRP...
You can temporarily boot into TWRP just the one time if you wish. If you are using the newest version of TWRP (for the Pixel 2), they actually give an option to flash and replace the recovery with TWRP from within their recovery environment; I'm guessing they use the temporarily booted twrp.img to install. In any case, you can find the option in the Install section. In any case, it's up to you whether you install it as your custom recovery, but it's easy enough to restore it back to stock recovery either by manually flashing the stock boot.img (and maybe dtbo.img for good measure, as I'm unsure...) and/or if you update your device via a Full Factory (or even a downloaded OTA) image, as that will update and replace the boot partition regardless...
So, about the alert for enabling modification to the system; In the past, I had always enabled it. Of course you would want to have r/w and mounting capabilities towards the device's system and data partitions. But keep this in mind...until the TWRP team updates the latest version, there is no write capabilities/permissions. It will pull up an error that it either can't mount or doesn't write -- For this reason, I'm holding off so I don't have firsthand experience... -- but installing and flashing and backing up from within TWRP does work even if it spits up some errors. What you should be careful about is if/when it asks to install it as a "system service" or something, as general consensus says at no circumstance should you do this as it "forks" up many other things while at it.
But, to answer your question directly, I'm unsure whether you can or cannot install Magisk root or restoring without enabling this "modification" capability, but I say it can't hurt.....
As for your inquiries on OTAs, as I understand it (so anyone please correct me if I'm wrong), but the monthly security updates come with the OTAs (also monthly, so I believe they may be one in the same). I'm unsure about the whole seeing the security updates on the Play Store or something like that, but I highly doubt that is the case. Conventional knowledge says that you can only get these either from the stock System Updater or if you download them yourself and either sideload or "flash-all" it. That's why many (most) experts will download the Full Factory image every month (usually first Monday of the month) and we have this whole step-by-step process in updating platform-tools, unregistering Magisk modules and screenlocks/fingerprints, running the flash-all, temporarily booting TWRP, installing all custom modifications (Magisk last), rebooting after each and every flash/install, then going back into the OS and resetting up the screenlock/fingerprints and Magisk modules. As it would be nice if we could simply and always use the stock System Updater, but in any case, one would need to re-install all the custom modifications anyways. So, it is one of the sacrifices/compromises having a rooted Pixel 2….
But it is peculiar that you haven’t gotten any alert (unless you inadvertently updated to the latest already), for it still should alert you that there is an update available, and usually, if you have unlocked your bootloader, while it’s downloading and attempting to install, it will throw up an error; but everything would look like normal up to that point. But, then again, Google notifying updates on their various devices are intermittent at best. It would be simpler and best if you just keep it in mind that there’s usually the monthly update on/after the first Monday of the month and do what we all do and have to manually install the updates to keep most up to date.
If there’s anything else, you know you can ask…
Good luck and hope this helps…!
I'm on 10 with an unlocked bootloader, 1st gen Pixel. I still get security updates. Twrp doesn't mount /system or /vendor, so I take system/vendor IMAGE backups with no issue. Not sure if I'll get updates still after unrooting. I've always flashed factory after rooting. Theoretically it should return to stock if you flash the Magisk uninstaller. The boot image (boot + recovery + base system) will be restored. You should then be able to get OTA updates. They will be installed to the OTHER slot, so if the phone fails to boot (3 times?) it will switch back to the first slot. If you have issues and want to go back, you can manually switch slots in fastboot or go into twrp, tap reboot, tap the other slot, then reboot system. It will show a message that the slot has changed. You can of course always check the active slot in fastboot to make sure. If you want to roll back an OTA update, reboot to twrp, change the active slot, then reboot system, and it should boot to the older version. Make sure to turn off automatic updates or else it will redownload the same update again. I believe I've lost twrp by installing an OTA update, which installs to the inactive slot, which overwrites recovery, and then boots to that slot. Meaning if you don't have a pc to switch slots in fastboot, you can't go back to the first slot which still has twrp. The command is fastboot set_active, something like that. Quick google search.. No pc means no restore if something goes wrong while you're away from a computer. The only way I know of to change slots at that point is to hard reset 3 times, which will trigger the phone to switch slots. ALWAYS reboot after flashing bootloader/radio. I'm decently sure that the bootloader has to match the system, so if you install lineage Pie, you need to flash the bootloader/radio from Pie or the phone won't boot. Flash bootloader, reboot, flash radio, reboot, flash matching rom. It is technically possible to have dual boot, where one slot is lineage and the other is stock, as long as they're the same Android versions. Lineage Pie/stock Pie for example, because the bootloader won't match if you flash Lineage Oreo/stock Pie. Keep in mind OTAs will overwrite twrp with stock recovery, so if you reboot, you might lose access to twrp, and I don't know of a way to OTA and reboot on the same slot. I don't know if there is an app or command for this, WHICH WOULD BE REALLY FREAKING NICE. Also, when restoring boot from twrp, I always reflash twrp to make sure. It will install to both slots. You can keep a copy of twrp on your data partition. To reflash twrp from within twrp, Install > Select Image > find twrp.img > flash to RAMDISK. If you flash to boot, it will overwrite system, and leave you with only twrp. When installing in older twrp's, I believe it will install to the same slot. With newer twrp's that specifically support Treble, it will flash to the other slot. Don't quote me on that. Due to the single data partition, there's a chance Lineage will have issues with stock data. I've never seen it though. I've dirty flashed a couple times with few issues. I think I've even dirty flashed different OS versions. If you get app crashes, open that app's info, delete its storage/cache, and reopen the app. Most of the app data is the same across versions anyway. The Pixel is a complete pain in the ass when coming from non Treble phones. Sorry if this is repeated info, the posts above are LONG lol. Hope this helps.
Edit- not sure if relevant to you, but I get bootloops when flashing twrp to the ramdisk. There should be an option in twrp to fix it. I always do this after flashing twrp this way.
Okay, so I'm having a real b**** of a time getting root or even TWRP on my Moto G Fast (Boost mobile) and I really don't understand what it is I'm doing wrong. I've carefully gone through pretty much every thread available on XDA (and basically everywhere else) pertaining to getting root/TWRP on this device and from what I've gathered its been a pretty simple process for most other people with this device but for some reason nothing has worked for me. I should also note that my phone has had the most recent OTA update, which I was led to believe would make things easier but apparently not lol. So far the only thing that's gone off without a single hitch was unlocking the bootloader. Beyond that nothing I've tried has seen much success.
I was able to flash TWRP and get it to boot a couple times, but only from the fastbootd menu and even when I was able to boot TWRP and attempt flashing Magisk it failed every time (far to quickly for me to even read the red text in the log) and would immediately reboot TWRP, taking me back to the recovery lock screen. I'm also not used to having two different bootloaders on a phone so I'm still not quite sure which one I'm supposed to use for flashing (although fastbootd has so far been the only one I've achieved any success with) and the stock recovery has been a dead end at least 50% of the time I was able to get to it (I just get the dead Andy with the "no command" dialog and the hard buttons do nothing) So I eventually gave up flashing the Magisk zip and decided to try patching the boot.img instead. I used fastboot to flash the patched img to both the boot_a and boot_b partition, which seemed to work at first, until I realized I had no mobile signal and my touch screen was unresponsive. I just spent the last hour or so unbricking it with Lenovo's Rescue & Smart Assistant. I've read plenty of threads where these same exact issues happened to others but I've yet to find any kind of effective work-around or an explanation as to why its happening.
Even when I was able to get TWRP to boot it never seemed to survive a reboot. I'd have to flash it again every time in order to get into it. It's also been quite a while since I've rooted a phone so I'm still pretty new to treble enabled devices and their surplus of confusing partitions, a few of which I wasn't even able to mount/unmount in TWRP, which was a bug I thought was fixed a while ago, but to my knowledge I have the most recent version and I'm still getting these same bugs
Basically at this point I'm at a loss for ideas so any and all advice or suggestions would be much appreciated. I apologize if this post just sounds like a long winded complaint or I didn't provide enough info for anyone to work with (I'm running late for work and I'm mentally exhausted lol) but hopefully someone on here can provide me with some answers. I'll try to post more specific info and maybe some logs after work but until then godspeed.
AMShiech said:
Okay, so I'm having a real b**** of a time getting root or even TWRP on my Moto G Fast (Boost mobile) and I really don't understand what it is I'm doing wrong. I've carefully gone through pretty much every thread available on XDA (and basically everywhere else) pertaining to getting root/TWRP on this device and from what I've gathered its been a pretty simple process for most other people with this device but for some reason nothing has worked for me. I should also note that my phone has had the most recent OTA update, which I was led to believe would make things easier but apparently not lol. So far the only thing that's gone off without a single hitch was unlocking the bootloader. Beyond that nothing I've tried has seen much success.
I was able to flash TWRP and get it to boot a couple times, but only from the fastbootd menu and even when I was able to boot TWRP and attempt flashing Magisk it failed every time (far to quickly for me to even read the red text in the log) and would immediately reboot TWRP, taking me back to the recovery lock screen. I'm also not used to having two different bootloaders on a phone so I'm still not quite sure which one I'm supposed to use for flashing (although fastbootd has so far been the only one I've achieved any success with) and the stock recovery has been a dead end at least 50% of the time I was able to get to it (I just get the dead Andy with the "no command" dialog and the hard buttons do nothing) So I eventually gave up flashing the Magisk zip and decided to try patching the boot.img instead. I used fastboot to flash the patched img to both the boot_a and boot_b partition, which seemed to work at first, until I realized I had no mobile signal and my touch screen was unresponsive. I just spent the last hour or so unbricking it with Lenovo's Rescue & Smart Assistant. I've read plenty of threads where these same exact issues happened to others but I've yet to find any kind of effective work-around or an explanation as to why its happening.
Even when I was able to get TWRP to boot it never seemed to survive a reboot. I'd have to flash it again every time in order to get into it. It's also been quite a while since I've rooted a phone so I'm still pretty new to treble enabled devices and their surplus of confusing partitions, a few of which I wasn't even able to mount/unmount in TWRP, which was a bug I thought was fixed a while ago, but to my knowledge I have the most recent version and I'm still getting these same bugs
Basically at this point I'm at a loss for ideas so any and all advice or suggestions would be much appreciated. I apologize if this post just sounds like a long winded complaint or I didn't provide enough info for anyone to work with (I'm running late for work and I'm mentally exhausted lol) but hopefully someone on here can provide me with some answers. I'll try to post more specific info and maybe some logs after work but until then godspeed.
Click to expand...
Click to collapse
You saw my thread
[Guide] Root Motorola with Magisk (UnLocked Bootloader)(Non-TWRP method)
Root Motorola Devices with Magisk Note: This method has been working with most Moto Devices that the Bootloader can be UnLocked. If the Bootloader cannot be Unlocked this method will not work. Please only use this as a reference. If you require...
forum.xda-developers.com
sd_shadow said:
You saw my thread
[Guide] Root Motorola with Magisk (UnLocked Bootloader)(Non-TWRP method)
Root Motorola Devices with Magisk Note: This method has been working with most Moto Devices that the Bootloader can be UnLocked. If the Bootloader cannot be Unlocked this method will not work. Please only use this as a reference. If you require...
forum.xda-developers.com
Click to expand...
Click to collapse
Yeah I tried following exactly that procedure and it bricked.
Dude. I have this phone. Same Carrier.
I know, it can be a pain in the ass. I've been on medical leave for 3 years though and needed a project to work on so I've been coming up with my own methodologies to fix this process...
Like, I've got a script that should de-brick your phone back to stock no matter what, and then we can move forward.
Are you on discord? This is going to be a bit too slow. I can just create us a channel or something though.
Lanlost said:
Dude. I have this phone. Same Carrier.
I know, it can be a pain in the ass. I've been on medical leave for 3 years though and needed a project to work on so I've been coming up with my own methodologies to fix this process...
Like, I've got a script that should de-brick your phone back to stock no matter what, and then we can move forward.
Are you on discord? This is going to be a bit too slow. I can just create us a channel or something though.
Click to expand...
Click to collapse
I appreciate the reply man, and sorry for the late response (I only get one day off a week), but I fortunately got it figured out finally. My main issue was that this is the first A/B treble enabled phone I've ever tinkered with, and most everything I read claimed I had to boot to fastbootd in order to flash twrp but that never seemed to work.
My computer would recognize the phone as a fastboot device while in fastbootd but that's about it. Everytime I tried to flash in fastbootd the output either claimed there was 'no such file' or it appeared to work, but when I tried booting to recovery I still got stock recovery. I was finally able to get TWRP to stick by just booting it initially from the normal bootloader and using TWRP to flash itself to the recovery partition.
Then I was able to install magisk in TWRP by formatting data and flashing v21 instead of the latest version (Everytime I tried flashing v22 from TWRP it failed). Then after booting system, going through setup, and installing magisk manager I found Id successfully achieved root and was able to update to magisk v22 via MM without bricking.
After all that trouble I'm a little nervous to try a custom ROM cuz stock with root is basically perfect so far. Now the only thing I'm struggling with is figuring out how to set selinux to permissive so I can install BusyBox to xbin.
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*/
This is tested on my SM-T976B, but I think the same should work on other models as well.
1. WARNING AND DISCLAIMER
Just unlocking the bootloader will not trip the warranty bit yet, so you can still go back at this point.
The warranty bit will be tripped (0x1) as soon as you actually try flashing something unofficial via Odin. YOU HAVE BEEN WARNED.
Make sure you back up all the important files in your internal storage, as you need to disable encryption with Multi-Disabler in order to let TWRP access the data partition, which would require you to format the data partition (wiping everything in the process). Additionally, keep a few nandroid backups with you so you can recover yourself in case something goes wrong.
2. Requirements
- Bootloader unlocked
- ianmacd's TWRP
- Neutralized vbmeta*
- (Optional**) vendor.img from Android 10 stock FW (I used ATK3, but any A10 vendor should do)
- Multi-Disabler
* An empty vbmeta is not recommended. You need to patch the vbmeta of the stock FW you're currently on.
** UPDATE (2022-08-29): It seems Magisk now works with recent A11 GSIs using A11 vendor, so there's no explicit need to flash A10 vendor in the following tutorial steps, unless you run into issues. Thanks to @AnonVendetta for testing and confirming. Using a more recent version of Magisk is recommended.
3. Flashing
Since this device uses dynamic partitions. Flashing system images is not as straightforward as before but not impossible.
azteria2000's GSI Flasher provided a good example on how to use dd/simg2img to flash dynamic partitions using just recovery. This is extremely helpful, as TWRP currently doesn't support fastbootd, which would make flashing even easier.
(1). Extracting Android 10 vendor.img (Optional, unless you have issues with your current vendor)
While you can boot recent GSIs with Android 11 vendor, Magisk currently doesn't work with it. Android 10 vendor is required for Magisk to work properly.
The Android 10 vendor can be extracted from the factory image's super.img. You need to unsparse the image using simg2img then use lpunpack to extract it, and you'll obtain the vendor.img.
(2). Flashing GSI and (Optional) Android 10 vendor.img
The entire flashing process can be done from TWRP.
NOTE 1 (UPDATE 2022-08-29): Flashing A10 vendor is no longer necessary now, unless you have issues.
NOTE 2: At present, Multi-Disabler expects /system_root to be mountable r/w, which cannot be done with a non-vndklite GSI. As such, if you're about to flash /vendor at this step, use a vndklite GSI, or if you're coming from stock, flash Multi-Disabler before actually flashing GSI (a reboot is needed after flashing /vendor to make it accessible).
The corresponding block devices for system and vendor are as follows:
Code:
/dev/block/dm-0 - system
/dev/block/dm-1 - vendor
First set the block devices to r/w so you can flash images.
Code:
# blockdev --setrw /dev/block/dm-0
# blockdev --setrw /dev/block/dm-1
Now actually flash the images with dd. Change the "if" parts to point to where the GSI system image and Android 10 vendor image are.
Code:
# dd if=<GSI image here> of=/dev/block/dm-0 bs=1m
# dd if=<vendor image here> of=/dev/block/dm-1 bs=1m
In rare cases that the GSI image you're about to flash is sparsed, run the following command instead of dd. You need to point to your sparsed GSI image here.
The vendor.img you obtain from super.img is not sparsed and can be flashed directly using the dd command above.
Code:
# simg2img <sparsed GSI image here> /dev/block/dm-0
If nothing goes wrong, you've flashed the GSI as well as Android 10 vendor.
Android 10 vendor flashed this way will work even if you have upgraded past BUC1 (which blocked the downgrade to Android 10).
It's advised to reboot recovery before trying to access system and vendor, to avoid potential issues.
NOTE: If you flashed vendor in this step, DO NOT REBOOT TO SYSTEM JUST YET.
(3). Flashing Multi-Disabler
You need to flash Multi-Disabler to disable encryption of internal storage so TWRP could access it.
If you flashed the vendor.img when flashing GSI, you MUST flash Multi-Disabler again if you have already disabled encryption with it before.
After flashing Multi-Disabler, you can now try booting to see if the GSI of your choice works.
4. Important Notes
(1). Neutralizing Software (Platform) Watchdog
There's a software (platform) watchdog that by default doesn't get fed while running GSI, causing system to reboot about 100 seconds after boot due to "platform watchdog bite". See this issue and this issue for details.
It's possible to disable this watchdog after boot, by executing the following command using a root shell.
Code:
# echo 'V' > /dev/watchdog
You need to look for a way to execute the command above at boot to automatically disable the problematic watchdog so the GSI can function normally. There are several ways to do this, like putting the command into a Magisk module's service.sh so it gets executed when the Magisk module loads.
EDIT: I've filed an issue regarding the matter here. After some testing, it seems /dev/watchdog0 is the real culprit for our device. Disabling either /dev/watchdog or /dev/watchdog0 will work this around.
UPDATE (2021-09-11): I can confirm that DragKernel is not affected by this issue. The offending watchdog is not present and the system won't reboot after 100 seconds.
UPDATE (2022-08-29): The watchdog is mainly an issue if you use A10 vendor. You may not have issues with that watchdog if using A11 vendor but it's still recommended to get it disabled.
(2). Uncertified Device
Since phh-AOSP v303 and onwards, the device is considered uncertified which will prevent you from logging in to your Google account.
Manually registering the device is required for using Google Play Services, but for some reasons that didn't work for me, so I recommend using NanoDroid with microG if applicable (requires Magisk).
(3). Offline Charging Icon
With some GSIs, when powered off, plugging in the charger would make the tablet enter a screen with a white charging battery icon in the middle, that I couldn't easily get out of by pressing POWER button alone. Although I did manage to get out of that screen and boot to the system, I don't really know which button combination is required, and how long I should be holding them. So for now, charging while powered off is not advised...
(4). Potential soft bricks with Securize
UPDATE (2022-08-29): Should have pointed this out earlier that if you attempt to Securize on official phh-AOSP, the device will softbrick. Additionally, merely removing phh-SU is enough to cause the softbrick (thanks to AnonVendetta again for confirming).
While the cause is uncertain, it's quite likely that the tablet cannot work if not using any form of root (be it phh-SU or Magisk) due to Samsung's security mechanisms getting in the way.
5. Working Stuffs
- 120 fps working (by forcing FPS using Phh-Treble Settings).
- Wi-Fi and Bluetooth work fine.
- S-Pen works as a pointer device.
- Alternate Audio Policies (from Phh-Treble Settings) is needed to get audio out through USB Type-C.
- Front and rear camera appears working.
6. Not Working Stuffs
- MTP does not appear to work properly for some reasons. You'll need ADB for transferring files.
- USB Type-C audio adapters may or may not work depending on GSI, Kernel or maybe other aspects.
- Bluetooth audio currently has issues that cause the system to freeze.
7. Untested Stuffs
- Haven't tested telephony-related stuffs as I'm not using a SIM card on the tablet yet.
- Haven't tested fingerprint sensors as I'm not using it.
There are still some functionalities I haven't tested yet, but anyone is free to test if you want to use a GSI.
Special thanks to: ianmacd, phhusson, Bushcat, Vntnox, azteria2000, dron39 and many more...
Original GSI progress issue: here
I finally got this working on my SM-T970. Though I had some troubles getting it working by following your instructions exactly, it would still boot loop even after neutralizing vbmeta.img (perhaps I changed the wrong offset?). Though for some reason flashing magisk made it boot perfectly? I assume Magisk disables AVB entirely or something. Thank you for this guide, may this tablet live a long life thanks to treble!
sambow23 said:
I finally got this working on my SM-T970. Though I had some troubles getting it working by following your instructions exactly, it would still boot loop even after neutralizing vbmeta.img (perhaps I changed the wrong offset?). Though for some reason flashing magisk made it boot perfectly? I assume Magisk disables AVB entirely or something. Thank you for this guide, may this tablet live a long life thanks to treble!
Click to expand...
Click to collapse
i also got SM-T970 please help me to get back to android 10... Most of the game which play crashes in the middle for android 11 ... Can you please help me to do what you did ... i am new to this custom ROMs and flashing so help me..
As I know, you can't. All android 10 bootloaders are XXU1 - if you upgraded to XXU2 then nothing can be done.
ivanox1972 said:
As I know, you can't. All android 10 bootloaders are XXU1 - if you upgraded to XXU2 then nothing can be done.
Click to expand...
Click to collapse
Sorry, didn't notice there were new posts in my actual thread...
While you certainly can't flash XXU1 firmware via Odin once you upgraded to XXU2, you can follow the instructions to use dd in TWRP to flash the logical partitions. This is how I used to flash vendor image extracted from Android 10 FW, as due to SELinux policy issues, Android 11 vendor does not work well with GSIs on Samsung Qualcomm devices in general. Magisk won't work, and the tablet would semi-brick if you attempt to use Securize from Phh-Treble settings.
While I mostly use Android 11 GSIs, the same should work with Android 10 GSIs of your choice, but I haven't tested, as most A10 GSIs are no longer maintained. GSI image of your choice (/system) and A10 vendor (/vendor) are all you need, as GSIs do not care about /odm and /product so it's safe to leave them as-is.
A WARNING: I DO NOT recommend flashing A10 stock FW using this method as you're literally violating the rollback protection which has the risk of causing A HARD BRICK!!! Similar cases have happened on other devices of other vendors before.
ONE MORE WARNING: Due to the ongoing case of Samsung disabling cameras on Z Fold 3, I seriously advise against upgrading the device any further, especially in case a XXU3 firmware comes out in the future, as there are potential signs that such crippling behavior might spread to existing devices.
@LSS4181 thanks dor for deep explanation, but I'm afraid my level is not high enough to understand all of this. I am also tempted to try gsi but not want to risk lot...
So, can it be installed over stock android 11, new bootloader XXU2?
Thanks
ivanox1972 said:
@LSS4181 thanks dor for deep explanation, but I'm afraid my level is not high enough to understand all of this. I am also tempted to try gsi but not want to risk lot...
So, can it be installed over stock android 11, new bootloader XXU2?
Thanks
Click to expand...
Click to collapse
I can't guarantee A10 GSI will work on such environment, but GSIs probably won't have issues with rollback protections. It's just stock ROM might have something that would do dirty stuffs in case such violation happens so I personally would not recommend such use case.
However, A11 GSIs will certainly work fine, just that with A10 vendor you need to use DragKernel as the stock one has a watchdog that'll reboot the system after 100 seconds.
@LSS4181 - thank you for the guide, I've had a T970 for nearly 1 year now, always wanted to run a custom rom on it!
I've tried your guide twice now, but it results in failures for me.
I've unlocked the bootloader, flashed TWRP (twrp-gts7xl-3.5.0_10-A11_3_ianmacd.img), running ATK3.
Not sure if TWRP for Android 11 and ATK3 being Android 10 makes a difference?
I extracted a vbmeta.img.lz4 from the ATK3 pack online, decompressed it to get the vbmeta.img, and wrote 0x03 to decimal offset 123.
(Tried to follow the instructions exactly)
I think it's the flashing/dd part.
After I dd the gsi img to dm-0, I can not reflash the multidisabler anymore. It tells me something like:
"Failed to mount '/system_root' (Invalid argument)"
Then, I can't even mount 'system' in TWRP, the checkbox is unselectable.
To get back to a working state, I have reflashed the stock rom (ATK3).
The GSI I tried to use was: system-roar-arm64-ab-vanilla.img.xz - from AOSP 11.0 v313
Is this the correct version to use (A, A/B etc?)
And how can I tell if the image file is sparsed or not?
Any input is appreciated, thank you!
zxczxc4 said:
@LSS4181 - thank you for the guide, I've had a T970 for nearly 1 year now, always wanted to run a custom rom on it!
I've tried your guide twice now, but it results in failures for me.
I've unlocked the bootloader, flashed TWRP (twrp-gts7xl-3.5.0_10-A11_3_ianmacd.img), running ATK3.
Not sure if TWRP for Android 11 and ATK3 being Android 10 makes a difference?
I extracted a vbmeta.img.lz4 from the ATK3 pack online, decompressed it to get the vbmeta.img, and wrote 0x03 to decimal offset 123.
(Tried to follow the instructions exactly)
I think it's the flashing/dd part.
After I dd the gsi img to dm-0, I can not reflash the multidisabler anymore. It tells me something like:
"Failed to mount '/system_root' (Invalid argument)"
Then, I can't even mount 'system' in TWRP, the checkbox is unselectable.
To get back to a working state, I have reflashed the stock rom (ATK3).
The GSI I tried to use was: system-roar-arm64-ab-vanilla.img.xz - from AOSP 11.0 v313
Is this the correct version to use (A, A/B etc?)
And how can I tell if the image file is sparsed or not?
Any input is appreciated, thank you!
Click to expand...
Click to collapse
Uh... I should have mentioned earlier. Multi-Disabler expects /system_root to be mountable r/w, which cannot be done with a non-vndklite GSI.
As such, to disable encryption, you'll initially need to flash a vndklite GSI, or simply just do that before you actually flash the GSI (stock ROM can be mounted r/w). As Multi-Disabler is only needed once per /vendor flash, you'll be able to use non-vndklite GSI afterwards.
EDIT: If you are experienced in modifying recovery zips, you can edit the Multi-Disabler install script and comment out the parts actually involving /system or /system_root.
EDIT 2: I just realized this... I recall that phh AOSP GSI is sparsed. You need to use simg2img command instead of dd to flash it.
@LSS4181 - thank you for the reply.
I am not sure if the images I was trying to us were sparsed or not.
Since you mentioned vndklite images, I tried those - `simg2img` told me that the hash/magic was not valid, so at least these ones are not sparsed.
But good idea to attempt to use `simg2img` if you are not sure about an image, it doesn't hurt to try.
I flashed phh's v313 ab vndklite image, my device was stuck on the samsung boot screen for about 10 minutes (the screen with "your device is unlocked" etc...) I then held some buttons to force reboot/power down. I powered back on and I finally saw the rom booting.
Vanilla AOSP was a bit boring, so flashed LOS 18.x (vndklite again) and that is great. Dark mode can be made BLACK which I really appreciate.
No issues with the watchdog/no reboot after 100 seconds.
I did try to install microg... tried to install (adb push) to /system/priv-data but must have done something wrong.
It gave me bootloops, tried to reflash the gsi twice but didn't seem to change anything...
I ended up reflashing stock again, repeated the whole process (apart from microg!) and my system is up working again.
I should go and ask on the lineage os gsi thread for advice about microg.
Thanks again for the guide.
zxczxc4 said:
@LSS4181 - thank you for the reply.
I am not sure if the images I was trying to us were sparsed or not.
Since you mentioned vndklite images, I tried those - `simg2img` told me that the hash/magic was not valid, so at least these ones are not sparsed.
But good idea to attempt to use `simg2img` if you are not sure about an image, it doesn't hurt to try.
I flashed phh's v313 ab vndklite image, my device was stuck on the samsung boot screen for about 10 minutes (the screen with "your device is unlocked" etc...) I then held some buttons to force reboot/power down. I powered back on and I finally saw the rom booting.
Vanilla AOSP was a bit boring, so flashed LOS 18.x (vndklite again) and that is great. Dark mode can be made BLACK which I really appreciate.
No issues with the watchdog/no reboot after 100 seconds.
I did try to install microg... tried to install (adb push) to /system/priv-data but must have done something wrong.
It gave me bootloops, tried to reflash the gsi twice but didn't seem to change anything...
I ended up reflashing stock again, repeated the whole process (apart from microg!) and my system is up working again.
I should go and ask on the lineage os gsi thread for advice about microg.
Thanks again for the guide.
Click to expand...
Click to collapse
You could always flash magisk and use the microg module, works perfectly for me
sambow23 said:
You could always flash magisk and use the microg module, works perfectly for me
Click to expand...
Click to collapse
That's exactly what I ended up doing.
Originally I wanted to avoid the 'newer' style, using Magisk etc, it seems more complicated than just using a rom that is already rooted. For my use case of this device, I don't care about safetynet etc, don't care about keeping system untouched etc.
BUT! Flashing Magisk was so easy, no need to patch any images... I simply flashed the latest version of the Magisk apk via TWRP.
On restart, Magisk app wanted to finish the install itself... but failed? So I simply installed the same apk myself, and it's been working perfectly
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
TiTiB said:
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
Click to expand...
Click to collapse
XPrivacyLua/LSPosed does work, I'm able to pass safetynet thanks to it
TiTiB said:
Thank you @LSS4181 for the exquisitely detailed instructions! I think have enough experience with this stuff to be succesful, but have not yet bought this tablet to try it (currently using a rooted, debloated S6).
Questions:
Which vendor does it ship with? ATK3? I wouldn't do any upgrades when I got it, but would immediately start flashing.
Has anyone succesfully used XPrivacyLua (XPL) on this? I currently use XPL Pro, and I know that it depends on a working EdXposed (or Lsposed, which I've never used) which requires a working Magisk. From reading this thread, the Magisk part seems Okay, but what about Ed/L Xposed?
Thanks again.
Click to expand...
Click to collapse
I got my tablet early so it was on an earlier version than ATK3.
If your device ships with BUBB or before, you should be able to downgrade directly if you know how to use Odin.
Flashing ATK3 (or earlier) vendor via dd from TWRP is only needed if your device is on BUC1 or later, as from that version onwards SW REV has been incremented so you can't downgrade via Odin anymore.
sambow23 said:
XPrivacyLua/LSPosed does work, I'm able to pass safetynet thanks to it
Click to expand...
Click to collapse
Which Xposed are you using? I'm not very familiar with Lsposed.
Thanks ag
LSS4181 said:
I got my tablet early so it was on an earlier version than ATK3.
If your device ships with BUBB or before, you should be able to downgrade directly if you know how to use Odin.
Flashing ATK3 (or earlier) vendor via dd from TWRP is only needed if your device is on BUC1 or later, as from that version onwards SW REV has been incremented so you can't downgrade via Odin anymore.
Click to expand...
Click to collapse
Thanks again for the detailed response. The info you've shared gives me confidence. Now I just need to convince myself that I 'need' to buy it.
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
AnonVendetta said:
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
Click to expand...
Click to collapse
Bluetooth audio works if you disable the a2dp hardware offload in the phh treble app
AnonVendetta said:
@LSS4181: I've been running the stock Android 11 firmware since I bought the Tab S7+ SM-T970, about halfway into this year. Mine shipped with a version 2 bootloader, so there is no possibility of running stock 10 for me.
Then I saw your note about Bluetooth earbuds not working. This would be a big deal for me on a GSI. I don't want to use a USB C headphone jack adapter, since it would prevent charging while using them. And it would wear out the charging port by constantly inserting/removing.
What BT earbuds do you use? Does it happen on all GSIs that you've tried? I saw your recent issue on GitHub, and noticed that no one else has commented.
GApps is another big deal for me, a must have. I used to use MicroG on my daily driver devices, but stopped using it about a year ago due to issues that I was unable to find solutions for.
Can you elaborate a bit more on how to modify vbmeta and what to change? I'm not particularly skilled with the usage of hex editors, so not sure how to proceed here or what to edit.
I know there will probably be issues inherent to running to a GSI, but I'd like to change things up a bit and experiment. If I don't like what I see, I can always return to stock rooted. I'm not a big fan of stock firmwares, but so far it has been very stable for me. However, if I can get a custom ROM like AOSP, RR, LOS, etc running reliably, then I'd definitely switch. There are no features on stock besides Dex and Secure Folder, that are compelling enough to me me stay on it.
Click to expand...
Click to collapse
sambow23 said:
Bluetooth audio works if you disable the a2dp hardware offload in the phh treble app
Click to expand...
Click to collapse
Don't know if audio issues might be caused by using a different kernel (as I've switched to using DragKernel for this tablet). I don't recommend using stock kernel, though, due to a nasty 100-second watchdog that you need to manually disable after system startup (DragKernel has that removed from config).
I recall it's now possible to patch vbmeta using Magisk now. Simply provide the vbmeta of your FW version to Magisk and it'll patch it for you. I haven't tried, though, as I always do this by hand with a hex editor (it's just to change a single byte, which the recent Magisk versions would do).
Back then I couldn't get the device certified so I switched to microG which is working well. I recommend using NanoDroid as it comes with a modded Play Store which allows you to purchase apps as well as IAPs. The modded Play Store still works, despite being quite dated.
I don't really have anything blocking me from using microG now. If you need real GApps and know about the workflow for uncertified devices, you may try flashing a bgN flavor GSI as opposed to bvN (g means the GSI ships with GApps).
Hello to everyone! I own a Nokia 3.2 and the stock rom, though updated quite regularly with more recent security patches, is very slow and I wanted to try @phhusson 's GSI on it. I've already unlocked the bootloader and identified the right rom to download using Treble Info but I'm stuck because of a missing TWRP so I was looking forward to porting one.
I've searched for a guide about TWRP porting but it seems easier to do it with MTK SoCs... Treble roms are a great deal but what if you don't have a recovery available to flash them?
Maybe I could try to flash system.img straight from fastboot: it makes sense too but I'm not that much confident about that approach given that it isn't adviced anywhere, at least according to my findings.
Thanks in advance for your advices and have a nice day!
There are some updates. I've checked and I've been quite puzzled to discover that, at least by what it seems, recovery, recovery_a and recovery_b partitions don't exist (I'd expect recovery_a and recovery_b being the Nokia 3.2 an AB smartphone but I've searched for recovery too after knowing neither of them existed) so I've given up the TWRP way.
I've then tried to flash the system image by fastboot. I've got the "Invalid sparse file format at header magic" error but the flash continued and I let it go as it seemed to go on fine up to a successful flash. I've also deleted userdata still from fastboot then rebooted but nothing: it remained stuck on the "Android One" boot logo.
I could still access bootloader and recovery mode (obviously the stock one as I couldn't successfully flash TWRP) so I've thought to make a factory reset from recovery mode and this was the key. After rebooting, everything has gone fine. Honestly speaking, I don't know why erasing userdata from fastboot wasn't enough...
Overall, the thread remains without a solution given that I haven't still managed to find (or port) a suitable TWRP nor I can think of a way to flash it eventually but at least I've managed to install @phhusson 's GSI and, given that it has already GAPPS (downloading the appropriate version) and root built-in, a custom recovery isn't mandatory, at least for basic usage.
I just need to add that with only 16Gb of ROM only a bit less than 6Gb are left for data but this isn't anyone's mistake but just due to the fact that we're talking about Android 12 on a low specs smartphone. Still a great step forward over the stock firmware which is really sluggish.
-=Guybrush=- said:
There are some updates. I've checked and I've been quite puzzled to discover that, at least by what it seems, recovery, recovery_a and recovery_b partitions don't exist (I'd expect recovery_a and recovery_b being the Nokia 3.2 an AB smartphone but I've searched for recovery too after knowing neither of them existed) so I've given up the TWRP way.
I've then tried to flash the system image by fastboot. I've got the "Invalid sparse file format at header magic" error but the flash continued and I let it go as it seemed to go on fine up to a successful flash. I've also deleted userdata still from fastboot then rebooted but nothing: it remained stuck on the "Android One" boot logo.
I could still access bootloader and recovery mode (obviously the stock one as I couldn't successfully flash TWRP) so I've thought to make a factory reset from recovery mode and this was the key. After rebooting, everything has gone fine. Honestly speaking, I don't know why erasing userdata from fastboot wasn't enough...
Overall, the thread remains without a solution given that I haven't still managed to find (or port) a suitable TWRP nor I can think of a way to flash it eventually but at least I've managed to install @phhusson 's GSI and, given that it has already GAPPS (downloading the appropriate version) and root built-in, a custom recovery isn't mandatory, at least for basic usage.
I just need to add that with only 16Gb of ROM only a bit less than 6Gb are left for data but this isn't anyone's mistake but just due to the fact that we're talking about Android 12 on a low specs smartphone. Still a great step forward over the stock firmware which is really sluggish.
Click to expand...
Click to collapse
I have the same phone, and would like to tell a few things.
The reason you were stuck on the android one logo is because most GSIs (LOS for instance) require DM-Verity (Android Verified Boot - AVB) to be disabled, and to do that, there are a couple of methods, but the only one I've tried working, is to flash your GSI onto rooted stock ROM. Without this, i was unable to get anything to boot
Secondly if you're looking for a fast ROM for this phone, I'd recommend android 12 with MicroG (via MinMicroG) which is slightly problematic (no location, apps dont find GMS) but the combination im using currently is by far the fastest, with lineageOS android 11 with "LiteGAPPS" through Magisk. this is an almost completely working gapps package (one problem: WhatsApp doesnt find google account, which is fixed by flashing from recovery) with better overall speed.
Additionally I've been using the "HEBF" app which might be giving me better performance too.
Still no fixes for storage though . I'm pretty much married to the Storage Space Running Out notification now and we're living a happy life
Thanks for your advices!
Hi there,
I've been using a self booting TWRP on my European Nokia 3.2 several times. It works pretty well except for a couple of minor bugs. Just boot it via Fastboot with "boot selfbootXXX.img". I've been able to flash a handful of IMGs and do the usual stuff.
Did you guys managed to have working jack and Bluetooth ? I'm stuck with an old Andy Yan Rom, on newer ones, either jack is not detected or, when it is, sound is still routed to the phone speakers. I've tried LOS, PHH et Andy Yan's roms. All the tricks I've found and tried gave me absolutely no results.
Sorry my bad English as well as for the thread hijacking.
Gwel said:
Hi there,
I've been using a self booting TWRP on my European Nokia 3.2 several times. It works pretty well except for a couple of minor bugs. Just boot it via Fastboot with "boot selfbootXXX.img". I've been able to flash a handful of IMGs and do the usual stuff.
Did you guys managed to have working jack and Bluetooth ? I'm stuck with an old Andy Yan Rom, on newer ones, either jack is not detected or, when it is, sound is still routed to the phone speakers. I've tried LOS, PHH et Andy Yan's roms. All the tricks I've found and tried gave me absolutely no results.
Sorry my bad English as well as for the thread hijacking.
Click to expand...
Click to collapse
I use PHH's GSIs and you need to change some settings from treble options to get them working.
Gwel said:
Hi there,
I've been using a self booting TWRP on my European Nokia 3.2 several times. It works pretty well except for a couple of minor bugs. Just boot it via Fastboot with "boot selfbootXXX.img". I've been able to flash a handful of IMGs and do the usual stuff.
Did you guys managed to have working jack and Bluetooth ? I'm stuck with an old Andy Yan Rom, on newer ones, either jack is not detected or, when it is, sound is still routed to the phone speakers. I've tried LOS, PHH et Andy Yan's roms. All the tricks I've found and tried gave me absolutely no results.
Sorry my bad English as well as for the thread hijacking.
Click to expand...
Click to collapse
For me, i had to enable "force disable a2dp offload" and "alternate way of detecting headsets" and after that bluetooth and wired headsets worked fine