Related
EDIT: This root method has been outdated, see the newer guide instead https://forum.xda-developers.com/android/general/tutorial-root-oppo-f1s-flashtool-6-0-t3651220
Why I made this tutorial:
Recently some members claimed that KingRoot is not working for Oppo F1s(A1601) anymore, I assume it's because Kingroot uses cloud based root method, means Kingroot downloads root package and command from cloud and execute on your phone. Maybe the problem was caused by the change of their server, some configuration has been replaced? At this time, I still have a working root method working now, so I would like to share it with everyone Also, you can follow this guide to get rid of the superuser App from those android root exploit app and use SuperSU.
In short, this tutorial tells:
1.How to Root Oppo F1s(A1601) with KingoRoot.(Though cloud based root App Kingroot is not working at this period but KingoRoot the offline one is still working)
2.Though KingoRoot prevent you to switch to other superuser App, we can still replace it with SuperSU with few steps, no custom recovery needed.
****NOTE****
There're various version of KingoRoot apk over the Internet, use the APK version I provided at attachment can guarantee there're no unexpected errors.
The script to replace kingo root was based on the one here but with a little modification, I've added a infinite loop for the script because KingoRoot cause a force reboot(soft reset) right after you delete root from the app, I assume its because KingoRoot want to prevent you to replace it. A infinite loop can make sure the file copying action has been done before your phone reboot.
Steps to Root F1s and Install SuperSU:
1.Install android terminal from Google Play: https://play.google.com/store/apps/details?id=jackpal.androidterm
2.Download the attachment, extract the zip archive, you get an APK "KingoRoot.apk" and a folder "rmkingo", copy the APK and the folder to your Internal storge(Sdcard)
3.Use any file management App to open KingoRoot.apk and install KingoRoot.apk
4.Open KingoRoot and click "one click root" then wait it to obtain root
5.After root succeeded, Open previous installed "Terminal Emulator for Android" and type
Code:
su
. Now KingoRoot's Superuser should pop up and ask you if you want to grant root access, allow it.
6.Now change terminal directory to the script folder, terminal type
Code:
cd /sdcard/rmkingo
7.Now execute the first script, terminal type
Code:
sh step0.sh
8.If there's no error on the previous action, Now proceed to execute the second script which is an infinite loop, you might see infinite error message after you executed it, terminal type
Code:
sh step1.sh
9.Now make sure the Terminal emulator is still open and the script is still running in background, just open SuperUser(installed by KingoRoot), find and click "Remove root" in the option of the App.
10.Your phone should be forced reboot now, after reboot, install SuperSU from google play: https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=zh_TW
11.Open SuperSU and update su binary file with normal mode and wait, it should finish in 2-3 minutes.
12.Hit thanks(My pleasure)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
above method has been confirmed working with the latest rom from my region,(date 2017/02/12 still working)
Rom: A1601_TW_11_A.17_161003
I am on build a1601ex_11_a27_170111
its currently letest update in india
sagargjasani264 said:
I am on build a1601ex_11_a27_170111
its currently letest update in india
Click to expand...
Click to collapse
Wow, Taiwan haven't receive any update since October........Looks like the rom of our region is terribly outdated,lol
A lot of people complaint on oppo forum of our region why there're no updates........
Is it method work for the rom from india?
evilhawk00 said:
wow, taiwan haven't receive any update since october........looks like the rom of our region is terribly outdated,lol
a lot of people complaint on oppo forum of our region why there're no updates........
Is it method work for the rom from india?
Click to expand...
Click to collapse
kingoroot is on 90% since last 20min
---------- Post added at 12:22 PM ---------- Previous post was at 12:10 PM ----------
sorry bro but kingoroot faild...
Sorry kingoroot failed error code : 0x196514
Lyes2 said:
Sorry kingoroot failed error code : 0x196514
Click to expand...
Click to collapse
Hi, I assume you have to downgrade your rom. Find a older version of your rom, flash it via OPPO stock recovery and this method will work.
In my region, Taiwan's newest rom date is 2016 October, so this method work. OPPO might fixed this CVE exploit in their new rom.
The rom I currently use can be downloaded from OPPO Taiwan website, however I'm not sure if it can work on your device, so you might need to find an older version of your region
You can try to get root with older firmware, flash twrp recovery with root app, such as rashr,then once you have twrp recovery, you can flash the new OTA update package, but be sure to modify the update package so you will not loose root after update. However, I think just stick with older firmware will be easier
Failed
Directory not found bro
evilhawk00 said:
Hi, I assume you have to downgrade your rom. Find a older version of your rom, flash it via OPPO stock recovery and this method will work.
In my region, Taiwan's newest rom date is 2016 October, so this method work. OPPO might fixed this CVE exploit in their new rom.
The rom I currently use can be downloaded from OPPO Taiwan website, however I'm not sure if it can work on your device, so you might need to find an older version of your region
You can try to get root with older firmware, flash twrp recovery with root app, such as rashr,then once you have twrp recovery, you can flash the new OTA update package, but be sure to modify the update package so you will not loose root after update. However, I think just stick with older firmware will be easier
Click to expand...
Click to collapse
what kind of modification do you exactly need to do to the update package to not loose root after update?
ngoralph said:
what kind of modification do you exactly need to do to the update package to not loose root after update?
Click to expand...
Click to collapse
I made one and got root with A27 , all you need is a twrp and a twrp flashable firmware zip.
Here's what I did,first I found that the TWRP by @BouyaPK did not have the same device model settings in comparison with the stock recovery, so I made a little modification to his TWRP image, now the offical firmware zip can pass Device detection test.
!!Before doing it , make sure you have flashed the modified recovery(the one from attachment) to your phone, official firmware is only flashable via this modified recovery and stock recovery
Download here
View attachment OPPO_F1s_twrp3.0_modified_devicemodel.zip
this is the example with the ota update package (A19 to A27 upgrade package around 150mb via coloros update manager app)
Now lets start to modify official firmware, follow my steps:
1.extract the newest official firmware zip.
2.now open the extracted folder, navigate to \META-INF\com\google\android\
3.find the file updater-script and open it with text editor( I suggest NotePad++)
4.you'll find a lot of lines start with apply_patch(xxxxx), remove the one with this file "/system/recovery-from-boot.p"
5.(if needed) also remove boot image sha1 check, in my case I have magisk installed, my boot image do not have the same sha1 value with stock boot image, so I found the line that checkes boot.img and remove it
6.done the file edit and save the file
7.repack it back to a zip file and sign the package with test keys
How to sign?
1.Download the sign package from attachment
2.have Java installed on your PC
3.Open a terminal at the same location with the keys and signapk.jar
4.terminal type
Code:
java -jar signapk.jar -w platform.x509.pem platform.pk8 my_modified_firmware.zip my_modified_firmware-signed.zip
8.install with twrp and you still have twrp exist, flash supersu zip or magisk zip
above is the way to modify a PATCH zip ota file, if you are modifying a full package, which may be easier,
the full package's update script write full image to phone instead, so you just need to modify the image in the ota package.
all you just have to make sure the new firmware do not replace twrp with stock recovery, so
1.try to extract the image in the package and modify the image file, remove files such as "recovery-from-boot.p" from the image then rebuild the image and calculate the new sha1 value of the new image(CarlivImageKitchen is a good tool to rebuild image)
2.replace the old sha1 hash in updater-script, repack and sign the zip.
3.flash with twrp
4.flash superSu zip or magisk zip after the firmware flash with twrp can get root.
evilhawk00 said:
I made one and got root with A27 , all you need is a twrp and a twrp flashable firmware zip.
Here's what I did,first I found that the TWRP by @BouyaPK did not have the same device model settings in comparison with the stock recovery, so I made a little modification to his TWRP image, now the offical firmware zip can pass Device detection test.
!!Before doing it , make sure you have flashed the modified recovery(the one from attachment) to your phone, official firmware is only flashable via this modified recovery and stock recovery
Download here
this is the example with the ota update package (A19 to A27 upgrade package around 150mb via coloros update manager app)
Now lets start to modify official firmware, follow my steps:
1.extract the newest official firmware zip.
2.now open the extracted folder, navigate to \META-INF\com\google\android\
3.find the file updater-script and open it with text editor( I suggest NotePad++)
4.you'll find a lot of lines start with apply_patch(xxxxx), remove the one with this file "/system/recovery-from-boot.p"
5.(if needed) also remove boot image sha1 check, in my case I have magisk installed, my boot image do not have the same sha1 value with stock boot image, so I found the line that checkes boot.img and remove it
6.done the file edit and save the file
7.repack it back to a zip file and sign the package with test keys
How to sign?
1.Download the sign package from attachment
2.have Java installed on your PC
3.Open a terminal at the same location with the keys and signapk.jar
4.terminal type
8.install with twrp and you still have twrp exist, flash supersu zip or magisk zip
above is the way to modify a PATCH zip ota file, if you are modifying a full package, which may be easier,
the full package's update script write full image to phone instead, so you just need to modify the image in the ota package.
all you just have to make sure the new firmware do not replace twrp with stock recovery, so
1.try to extract the image in the package and modify the image file, remove files such as "recovery-from-boot.p" from the image then rebuild the image and calculate the new sha1 value of the new image(CarlivImageKitchen is a good tool to rebuild image)
2.replace the old sha1 hash in updater-script, repack and sign the zip.
3.flash with twrp
4.flash superSu zip or magisk zip after the firmware flash with twrp can get root.
Click to expand...
Click to collapse
Can you send me a stock recovery for Oppo F1s or Color Os 3.0 version
[email protected]
I want ask to my friend to build the custom rom with latest version of TWRP.
Ananaqil12 said:
Can you send me a stock recovery for Oppo F1s or Color Os 3.0 version
[email protected]
I want ask to my friend to build the custom rom with latest version of TWRP.
Click to expand...
Click to collapse
If you want stock recovery image, check my reply here https://forum.xda-developers.com/showpost.php?p=71006625&postcount=26
evilhawk00 said:
I made one and got root with A27 , all you need is a twrp and a twrp flashable firmware zip.
Here's what I did,first I found that the TWRP by @BouyaPK did not have the same device model settings in comparison with the stock recovery, so I made a little modification to his TWRP image, now the offical firmware zip can pass Device detection test.
!!Before doing it , make sure you have flashed the modified recovery(the one from attachment) to your phone, official firmware is only flashable via this modified recovery and stock recovery
Download here
View attachment 4137856
this is the example with the ota update package (A19 to A27 upgrade package around 150mb via coloros update manager app)
Now lets start to modify official firmware, follow my steps:
1.extract the newest official firmware zip.
2.now open the extracted folder, navigate to \META-INF\com\google\android\
3.find the file updater-script and open it with text editor( I suggest NotePad++)
4.you'll find a lot of lines start with apply_patch(xxxxx), remove the one with this file "/system/recovery-from-boot.p"
5.(if needed) also remove boot image sha1 check, in my case I have magisk installed, my boot image do not have the same sha1 value with stock boot image, so I found the line that checkes boot.img and remove it
6.done the file edit and save the file
7.repack it back to a zip file and sign the package with test keys
How to sign?
1.Download the sign package from attachment
2.have Java installed on your PC
3.Open a terminal at the same location with the keys and signapk.jar
4.terminal type
Code:
java -jar signapk.jar -w platform.x509.pem platform.pk8 my_modified_firmware.zip my_modified_firmware-signed.zip
8.install with twrp and you still have twrp exist, flash supersu zip or magisk zip
View attachment 4137905
above is the way to modify a PATCH zip ota file, if you are modifying a full package, which may be easier,
the full package's update script write full image to phone instead, so you just need to modify the image in the ota package.
all you just have to make sure the new firmware do not replace twrp with stock recovery, so
1.try to extract the image in the package and modify the image file, remove files such as "recovery-from-boot.p" from the image then rebuild the image and calculate the new sha1 value of the new image(CarlivImageKitchen is a good tool to rebuild image)
2.replace the old sha1 hash in updater-script, repack and sign the zip.
3.flash with twrp
4.flash superSu zip or magisk zip after the firmware flash with twrp can get root.
Click to expand...
Click to collapse
There are no lines that say apply patch
diosdetiempo said:
[/HIDE]
There are no lines that say apply patch
Click to expand...
Click to collapse
As I mentioned, only the small OTA Update package(smaller than 300MB) extracted from Built in update manager App has the line apply patch.
You are using a full package which is another situation.
If you have the full ota firmware downloaded from official website, you can try the follow steps
1.first make a nandroid backup of the old 5.1, make sure you can always restore your phone with backup
2.flash the official firmware zip with the twrp I attach( if any error occurred,do not reboot ,restore your phone with nandroid backup, also write down the error, and see which image file does not have the match SHA1, calculate and modify the sha1 of that line)
3.if step 2 succed ,do not reboot flash superSU zip file
4reboot, you may have superSU and your twrp may be replaced by stock recovery, use rashr flash twrp back again since you have root
evilhawk00 said:
As I mentioned, only the small OTA Update package(smaller than 300MB) extracted from Built in update manager App has the line apply patch.
You are using a full package which is another situation.
If you have the full ota firmware downloaded from official website, you can try the follow steps
1.first make a nandroid backup of the old 5.1, make sure you can always restore your phone with backup
2.flash the official firmware zip with the twrp I attach( if any error occurred,do not reboot ,restore your phone with nandroid backup, also write down the error, and see which image file does not have the match SHA1, calculate and modify the sha1 of that line)
3.if step 2 succed ,do not reboot flash superSU zip file
4reboot, you may have superSU and your twrp may be replaced by stock recovery, use rashr flash twrp back again since you have root
Click to expand...
Click to collapse
It worked!
Here's a little guide
1) Put your TWRP, SuperSU and Android 6.0 Oppo F1S ROM onto SD card
2) Use Flashify to flash TWRP
3) Reboot into TWRP recovery
4) Flash Android 6.0 F1S ROM
5) Flash SuperSU
6) Reboot phone and you should be good to go
evilhawk00 said:
As I mentioned, only the small OTA Update package(smaller than 300MB) extracted from Built in update manager App has the line apply patch.
You are using a full package which is another situation.
If you have the full ota firmware downloaded from official website, you can try the follow steps
1.first make a nandroid backup of the old 5.1, make sure you can always restore your phone with backup
2.flash the official firmware zip with the twrp I attach( if any error occurred,do not reboot ,restore your phone with nandroid backup, also write down the error, and see which image file does not have the match SHA1, calculate and modify the sha1 of that line)
3.if step 2 succed ,do not reboot flash superSU zip file
4reboot, you may have superSU and your twrp may be replaced by stock recovery, use rashr flash twrp back again since you have root
Click to expand...
Click to collapse
update: the only issue i find is that SIM card isn't recognized
diosdetiempo said:
update: the only issue i find is that SIM card isn't recognized
Click to expand...
Click to collapse
sim card not recognized!? Sorry I can't really understand the reason of that because I don't have this problem.
Just a thought, maybe you lost baseband? Can you see your phone's IMEI number in settings? If you found null IMEI, that means you have lost your baseband, otherwise that's just something else maybe a small unknown issue, may also be the access point and protocol was not included in the 6.0 rom
If you lost your IMEI, I assume you already did the nandroid backup before, in twrp backup of NVRAM is the IMEI part, you should be able to recover your IMEI with that nvram backup
evilhawk00 said:
sim card not recognized!? Sorry I can't really understand the reason of that because I don't have this problem.
Just a thought, maybe you lost baseband? Can you see your phone's IMEI number in settings? If you found null IMEI, that means you have lost your baseband, otherwise that's just something else maybe a small unknown issue, may also be the access point and protocol was not included in the 6.0 rom
If you lost your IMEI, I assume you already did the nandroid backup before, in twrp backup of NVRAM is the IMEI part, you should be able to recover your IMEI with that nvram backup
Click to expand...
Click to collapse
have you tested with 6.0?
evilhawk00 said:
I made one and got root with A27 , all you need is a twrp and a twrp flashable firmware zip.
Here's what I did,first I found that the TWRP by @BouyaPK did not have the same device model settings in comparison with the stock recovery, so I made a little modification to his TWRP image, now the offical firmware zip can pass Device detection test.
!!Before doing it , make sure you have flashed the modified recovery(the one from attachment) to your phone, official firmware is only flashable via this modified recovery and stock recovery
Download here
View attachment 4137856
this is the example with the ota update package (A19 to A27 upgrade package around 150mb via coloros update manager app)
Now lets start to modify official firmware, follow my steps:
1.extract the newest official firmware zip.
2.now open the extracted folder, navigate to \META-INF\com\google\android\
3.find the file updater-script and open it with text editor( I suggest NotePad++)
4.you'll find a lot of lines start with apply_patch(xxxxx), remove the one with this file "/system/recovery-from-boot.p"
5.(if needed) also remove boot image sha1 check, in my case I have magisk installed, my boot image do not have the same sha1 value with stock boot image, so I found the line that checkes boot.img and remove it
6.done the file edit and save the file
7.repack it back to a zip file and sign the package with test keys
How to sign?
1.Download the sign package from attachment
2.have Java installed on your PC
3.Open a terminal at the same location with the keys and signapk.jar
4.terminal type
Code:
java -jar signapk.jar -w platform.x509.pem platform.pk8 my_modified_firmware.zip my_modified_firmware-signed.zip
8.install with twrp and you still have twrp exist, flash supersu zip or magisk zip
View attachment 4137905
above is the way to modify a PATCH zip ota file, if you are modifying a full package, which may be easier,
the full package's update script write full image to phone instead, so you just need to modify the image in the ota package.
all you just have to make sure the new firmware do not replace twrp with stock recovery, so
1.try to extract the image in the package and modify the image file, remove files such as "recovery-from-boot.p" from the image then rebuild the image and calculate the new sha1 value of the new image(CarlivImageKitchen is a good tool to rebuild image)
2.replace the old sha1 hash in updater-script, repack and sign the zip.
3.flash with twrp
4.flash superSu zip or magisk zip after the firmware flash with twrp can get root.
Click to expand...
Click to collapse
ok got it to work for a full firmware package here's what i did
1 . downloaded a27 (still 5.1 since 6.0 is not stable according to some)
2. using the twrp above flashed a27
3. flashed magisk
4. flash the twrp image again to make sure that incase it was overwritten by the update
NOTE: i did get an error like unable to mount dev/block/platform/...... it was fine for me
ngoralph said:
ok got it to work for a full firmware package here's what i did
1 . downloaded a27 (still 5.1 since 6.0 is not stable according to some)
2. using the twrp above flashed a27
3. flashed magisk
4. flash the twrp image again to make sure that incase it was overwritten by the update
NOTE: i did get an error like unable to mount dev/block/platform/...... it was fine for me
Click to expand...
Click to collapse
6.0 would work if the sim card issue could be fixed. i can't work it out :/
diosdetiempo said:
6.0 would work if the sim card issue could be fixed. i can't work it out :/
Click to expand...
Click to collapse
did you try restoring the nvram using twrp as stated before?
and did you wipe your data before flashing?? i think the transition from 5.1 to 6.0 may have broke some things read about it somewhere that wiping was necessary for LP to MM
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Important notes
The official Magisk v16.0 zip must be flashed on first install/reinstall in order to properly construct the environment. Flash the boot image attached in the OP immediately after without rebooting in between, or the image Magisk flashed will prevent the kindle from booting normally without advanced intervention.
SafetyNet does NOT pass the basic integrity OR advanced checks. At least, v16 doesn't. Maybe an earlier Magisk build does - feel free to try it once I get the automated patcher zip up and running.
For now, because you're flashing on LineageOS, you may want to flash the LOS 14.1 arm-based su removal zip from Lineage's downloads site. Verify you're downloading arm and not arm64.
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
kn0wbodh1 said:
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
Click to expand...
Click to collapse
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
kn0wbodh1 said:
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
Click to expand...
Click to collapse
The instructions only work against the 2012 fire (HD 8.9", 2nd generation). They will more than likely brick any other device. I don't recommend trying the instructions unless you're 100% sure your device is that specific model.
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
erick_gc said:
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
monster1612 said:
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Click to expand...
Click to collapse
barcia99 said:
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
Click to expand...
Click to collapse
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
thank's much. i'll continue to do some research also. i've had this kindle since it came out and remains stable with root and twrp. runs smooth and just plain like it. only negative is no sd card slot. again thanks for your hard work.
Hoping for the automated package
Here's hoping you get time to finish the automated flash package. I am not confident enough to attempt this even with your detailed instructions.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Trey n said:
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Click to expand...
Click to collapse
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
kgiesselman said:
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
Click to expand...
Click to collapse
took me a while but also finally got it all working. Thanks for this guide. It may help us in the 7, 8 and 10 tablets. I also note my Jem is currently on CM13
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
This works on the Kindle Fire HD 7 as well, just use the files from the Tate repository.
Devo7v said:
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
Click to expand...
Click to collapse
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
BrianSamsungTab said:
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
Click to expand...
Click to collapse
I reflashed the freedom-boot and got everything working properly. It's been a few months so I don't remember if i had to continue anything when it finally booted, but I do know that I didn't lose any data. I still don't know if you need to flash freedom-boot, but it works if you do.
a little late to the party but-
i recently made the mistake of installing magisk and it put the kindle in a bootloop. is there a way to push the stock boot.img with this method or is that too quick and dirty
any advice is appreciated. im tempted to just do a full wipe via the stock recovery but if theres a more surgical method id go for it. i also have a linux debian machine available.
so i had an issue installing supersu on my sm-a520 and after searching everywhere for the proper firmware file i could only find firmware files in .lz4 format which odin3 would not flash to the device properly i then found a program that is free called classykitchen which allowed me to decompress the .lz4 files then create a system.new.dat file to flash via recovery so if you have run into this issue i recommend finding classykitchen and installing twrp via odin3 then download the firmware file from updato.com unzip that file then when your starting a new project in classykitchen make sure you put bl ap cp and home_csc all in the new project by highlighting all the files and make sure when its done extracting the lz4 files you select create system.new.dat once thats complete put that file to the sdcard wipe the device for a clean install and flash the file youve just created and bingo your phone will be back to stock other then the twrp recovery which i will say is the best recovery ive used in my mind there is no better.. now that ive explained that i'm gonna try installing supersu again and keep on keepin on have a good one
dirtdirte said:
so i had an issue installing supersu on my sm-a520 and after searching everywhere for the proper firmware file i could only find firmware files in .lz4 format which odin3 would not flash to the device properly i then found a program that is free called classykitchen which allowed me to decompress the .lz4 files then create a system.new.dat file to flash via recovery so if you have run into this issue i recommend finding classykitchen and installing twrp via odin3 then download the firmware file from updato.com unzip that file then when your starting a new project in classykitchen make sure you put bl ap cp and home_csc all in the new project by highlighting all the files and make sure when its done extracting the lz4 files you select create system.new.dat once thats complete put that file to the sdcard wipe the device for a clean install and flash the file youve just created and bingo your phone will be back to stock other then the twrp recovery which i will say is the best recovery ive used in my mind there is no better.. now that ive explained that i'm gonna try installing supersu again and keep on keepin on have a good one
Click to expand...
Click to collapse
You shouldn't be installing SuperSU on newer versions of Android. Use magisk instead. Then you shouldn't have problems.
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
cd993 said:
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
Click to expand...
Click to collapse
With Unsin (on windows at least) you can just drag your file over the cmd without having to mess with command lines
AJHutchinson said:
With Unsin (on windows at least) you can just drag your file over the cmd without having to mess with command lines
Click to expand...
Click to collapse
Yeah that's a handy little feature, makes converting it super simple!
cd993 said:
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
Click to expand...
Click to collapse
Hi there; I was in the same situation, flashing a corrupted magisk boot image from standard firmware for XQ-AT51, provided by same author for simple rooting Xperia 1 II; my phone was without xposed, it was in clean factory state. the magisk boot image was taken from another thread "[ROOT] Magisk patched Boot Images & Instructions" designated for rooting of Xperia 1 II;
unfortunately is the same author who build your ROM, he delivered also corrupted magisk image.
It was not enter in bootloop if you flash only one image on phone, not both; his instructions are wrong. the correct flashing instruction is below, at end of my comment.
I solved in smilar way like you: using flashtool to obtain XQ-AT51 ftf file: XQ-AT51_58.0.A.3.39_1321-7706_R13A.ftf;
Attention: the name of file depends of region firmware you want to flash and type of phone (single or dual sim); the given names are with title of example.
Then from download folder of flashtool form your disk C:\Users\username\.flashTool\firmwares\Downloads (username is your username on pc); check for file: boot_X-FLASH-ALL-2389.sin ( applicable for XQ-AT51) and convert the file to .img using unsin; check on xda for unsin, extract unsin archive in exe file and then drag & drop over unsin.exe the file boot_X-FLASH-ALL-2389.sin; will be generated boot_X-FLASH-ALL-2389.img file.
This name file can be other, is just an example, if you have another phone with firmware for other region, pay attention to this!
This can be flashed then back to phone using adb comands; fastboot flash boot boot_X-FLASH-ALL-2389.img;
The same image can be transfered to phone and used later to generate correct magisk image and root the phone.
Best to you all!
daphix said:
Hi there; I was in the same situation, flashing a corrupted magisk boot image from standard firmware for XQ-AT51, provided by same author for simple rooting Xperia 1 II; my phone was without xposed, it was in clean factory state. the magisk boot image was taken from another thread "[ROOT] Magisk patched Boot Images & Instructions" designated for rooting of Xperia 1 II;
unfortunately is the same author who build your ROM, he delivered also corrupted magisk image.
It was not enter in bootloop if you flash only one image on phone, not both; his instructions are wrong. the correct flashing instruction is below, at end of my comment.
I solved in smilar way like you: using flashtool to obtain XQ-AT51 ftf file: XQ-AT51_58.0.A.3.39_1321-7706_R13A.ftf;
Attention: the name of file depends of region firmware you want to flash and type of phone (single or dual sim); the given names are with title of example.
Then from download folder of flashtool form your disk C:\Users\username\.flashTool\firmwares\Downloads (username is your username on pc); check for file: boot_X-FLASH-ALL-2389.sin ( applicable for XQ-AT51) and convert the file to .img using unsin; check on xda for unsin, extract unsin archive in exe file and then drag & drop over unsin.exe the file boot_X-FLASH-ALL-2389.sin; will be generated boot_X-FLASH-ALL-2389.img file.
This name file can be other, is just an example, if you have another phone with firmware for other region, pay attention to this!
This can be flashed then back to phone using adb comands; fastboot flash boot boot_X-FLASH-ALL-2389.img;
The same image can be transfered to phone and used later to generate correct magisk image and root the phone.
Best to you all!
Click to expand...
Click to collapse
Thanks for that, glad you managed to fix your situation too!
cd993 said:
Thanks for that, glad you managed to fix your situation too!
Click to expand...
Click to collapse
What to posted you is very very usefull; it helps you to fix after flashing wrong magisk module.
:good:
I'm new to rooting and I'm trying to root a Pixel 3a XL I've just inherited. Following steps from a tutorial, I've unlocked the bootloader and installed Magisk v23.0 on the phone, and I copied on the internal storage all the files from the zip file I downloaded from Google that are supposed to be the stock ROM for my build #. There are 2 .img files in there: bootloader-bonito-b4s4-0.3-7062600.img and radio-bonito-g670-00105-210113-b-7078968.img (there are a few scripts and another zip file in there too). The first one seems to be the boot file (Ramdisk is YES in Magisk), but when I try patching it (Magisk Install > Select and Patch a File > I choose the file via my file manager), I get the following error messages: 'Unsupported/Unknown image format' 'Installation failed'. The same thing happens if I try the other image file.
I obviously don't want to trial and error too much patching a rom that I'm going to flash my phone with. Any idea what I'm doing wrong there? Thank you!
EDIT: I had also done a checksum of the archive I downloaded from Google and it all lined up, so that shouldn't be the issue.
you need to patch the kernel. inside the zip is a second zip. in there is a file boot.img. that is the kernel. extract and copy it to your phone, then you can patch it, copy it back to your fastboot capable machine, and flash
ei: boot.img within a .zip within a .zip
hp420 said:
you need to patch the kernel. inside the zip is a second zip. in there is a file boot.img. that is the kernel. extract and copy it to your phone, then you can patch it, copy it back to your fastboot capable machine, and flash
ei: boot.img within a .zip within a .zip
Click to expand...
Click to collapse
It worked, thank you so much!