Related
I know we don't have a custom recovery yet like most other rooted devices and I know that the devs are working on cracking the bootloader, but my question is do we have a recovery menu at all? I can't seem to find one and on other Android devices this basic menu would at least let you flash an update.zip file (I know this wont work for custom roms yet as the bootloader checks for the RSA sig) but I need this menu to test moving over other recovery loaders and making custom theme installer zips. If anyone could tell me how to load into I would be thankful.
FateZero said:
I know we don't have a custom recovery yet like most other rooted devices and I know that the devs are working on cracking the bootloader, but my question is do we have a recovery menu at all? I can't seem to find one and on other Android devices this basic menu would at least let you flash an update.zip file (I know this wont work for custom roms yet as the bootloader checks for the RSA sig) but I need this menu to test moving over other recovery loaders and making custom theme installer zips. If anyone could tell me how to load into I would be thankful.
Click to expand...
Click to collapse
Nope, seems SE disabled that for X10's bootloader.
Thanks for the info.
Hi guys
Treat it as a small curiosity. Nothing special (I think? )
First custom update.zip done with Sony Tablet S
Its useless for now. We still need a lot of work.
But remember - a small step forward, small progress,
and the target will be achieved
--------------------------
UPDATE
--------------------------
Hi again,
Today I show you capabilities which will be easy to get,
when we will get disable-signature-check in recovery.
We can't do that for now. Method I use is 'little' more
complicated, not easy. Let's wait for ICS release,
then I'm gonna make custom update zip with root incl
Take a look at movie below
br
condi
I LOVE YOU FOR THIS )) Keep up the good work. Fingers crossed.
Trzymam kciuki.
Nicely done!
Was it my PM that motivated you lol. Good stuff Condi!
Nice work!
Well done...
Don't need a complete custom ROM for now, I think that a one line script with set_perm_recursive to 777 on /system should make all the poor #10 kernel build owners very happy!
Keep, the good work thanks
This is incredible news! Bravo!
Hi my friend,
that sounds really good ... what would be the next steps?
Could you explain how you did reach this goal?
It looks very promising ...
Please keep us informed ...
thx condi
Since we now have a SIGNED flashable update.zip, here is a little something I made to install busybox, su, symlinks, etc to root the unrootable kernels. The problem I am running into is signing it so it will pass the signature verification. I attached it for all to use and attempt to get it signed and runable. I only ask that you don't change anything in the flashing script untill you contact me. Thanks...
thomas.raines said:
Since we now have a SIGNED flashable update.zip, here is a little something I made to install busybox, su, symlinks, etc to root the unrootable kernels. The problem I am running into is signing it so it will pass the signature verification. I attached it for all to use and attempt to get it signed and runable. I only ask that you don't change anything in the flashing script untill you contact me. Thanks...
Click to expand...
Click to collapse
We dont have signed update.zip. Who said that its signed zip?
The script is nothing new, i had few updaters with root install,
I've got already my newest ota with root included.
Your script has bad syntax, it will not work.
If i could sign zips with sonys private key, then i would already release root tool,
And also a lot more..
As I wrote in first post, there is a lot of work to do.
Hi Condi,
could you explain a little bit more what and how you did to avoid misunderstandings?
On a first glimpse it looks like a 'faked update.zip' who gives you/us the opportunity to install additional stuff via recovery. If this would be possible, it gives us a lot of possibilities.
obicom said:
Hi Condi,
could you explain a little bit more what and how you did to avoid misunderstandings?
On a first glimpse it looks like a 'faked update.zip' who gives you/us the opportunity to install additional stuff via recovery. If this would be possible, it gives us a lot of possibilities.
Click to expand...
Click to collapse
For now its not useful for 'end-user'. This can't be done without root already.
Everything what can be done via updater-script, can also be done in normal booted device - rooted device.
Until we could manage to modify/decrypt system.img, hidden.img - all the blocks, then its not useful.
I will wait till ICS will be released, this could be our kind of 'OTA-RootKeeper' for ICS
Then I think that I could add this future, as automatic tool in ALLinONE tool.
br
condi
condi said:
We dont have signed update.zip. Who said that its signed zip?
The script is nothing new, i had few updaters with root install,
I've got already my newest ota with root included.
Your script has bad syntax, it will not work.
If i could sign zips with sonys private key, then i would already release root tool,
And also a lot more..
As I wrote in first post, there is a lot of work to do.
Click to expand...
Click to collapse
The zip you flashed is called update-signed.zip, leaving the illusion it's a custom signed zip...
We need to find a way to modify the recovery to bypass the signature verification. After that, no encryption necessary. As for the
syntax error, i will look at it tonight after work...
Sent from my BAMF SGH-T959V!
thomas.raines said:
The zip you flashed is called update-signed.zip, leaving the illusion it's a custom signed zip...
We need to find a way to modify the recovery to bypass the signature verification. After that, no encryption necessary. As for the
syntax error, i will look at it tonight after work...
Sent from my BAMF SGH-T959V!
Click to expand...
Click to collapse
Nope, zip is called update_condi.zip
thomas.raines said:
The zip you flashed is called update-signed.zip, leaving the illusion it's a custom signed zip...
We need to find a way to modify the recovery to bypass the signature verification. After that, no encryption necessary. As for the
syntax error, i will look at it tonight after work...
Sent from my BAMF SGH-T959V!
Click to expand...
Click to collapse
Nobody - in any forum, in any device I know - has bypassed Recovery Mode signature verification. Devs just made custom recoveries (CWM), but the default recovery needs always signed update.zips
We need a custom kernel to include custom recovery.
But to make a kernel we need SOURCES, which we do not have.
Maybe Sony will release ICS souces.
With Honeycomb there were some restrictions...and even Google haven't released sources for Honeycomb, but I hope it will be different for ICS...
@sebarkh
Some hints.
Here you can see that the stock 3e recovery can be modded to disable the sign check.
http://forum.xda-developers.com/showthread.php?t=1091465
http://forum.xda-developers.com/showthread.php?t=909213
In one of the dev toics was the source link posted. I mean the sony website and kernel sources.
here:
http://forum.xda-developers.com/showpost.php?p=22059498&postcount=7
norberto_ said:
@sebarkh
Some hints.
Here you can see that the stock 3e recovery can be modded to disable the sign check.
http://forum.xda-developers.com/showthread.php?t=1091465
http://forum.xda-developers.com/showthread.php?t=909213
In one of the dev toics was the source link posted. I mean the sony website and kernel sources.
here:
http://forum.xda-developers.com/showpost.php?p=22059498&postcount=7
Click to expand...
Click to collapse
That's exactly it. There have been devices that have bypassed the signature verification using 3e recovery without using cwm... Which was the base for the custom recovery i was working on till i got locked out because of kennel 10. I'm not a noob here guys...
With the sgs4g, we had the same issue with sources, kernel, recovery, signature verification, etc. but we had more dev's which made things move along faster.
We need the recovery binary (which i have), root, and the true location of the stock recovery (tried bypassing and using the typical directory) and it will be done. (Hell, I've already got it somewhat working.) Then we can create a zip based cwm that you keep on your sdcard.
Sent from my BAMF SGH-T959V!
you wrote you have the recovery binary.
have you dumped somehow from the tablet or it is from other device?
norberto_ said:
@sebarkh
Some hints.
Here you can see that the stock 3e recovery can be modded to disable the sign check.
http://forum.xda-developers.com/showthread.php?t=1091465
http://forum.xda-developers.com/showthread.php?t=909213
In one of the dev toics was the source link posted. I mean the sony website and kernel sources.
here:
http://forum.xda-developers.com/showpost.php?p=22059498&postcount=7
Click to expand...
Click to collapse
I meant Original recovery... You are linking to MODIFIED recovery...
With original recovery you will never be able to install anything without a key to sign it.
THX for links!!!
So .. if we have sources maybe somebody who "knows how" could build a kernel? Are there some problems with it? Or maybe nobody knows how
I was thinking.
When ICS is released here in New Zealand....
Would it be possible for someone to change their region to New Zealand (providing it is added to AIO region changer (Great work BTW Condi)) recieve the OTA update and decrypt and add Root etc to it....
Then share that file to me or anyone with NZ region tablet.. and i would be able to gain root from this????
If this is possible we could start a sort of pay-it-forward system. Where someone would do it for me and then I would do it for someone else etc etc.
Just thinking of ways to get around this kernel 10 bastard : ). That some of us are stuck with ATM.
Any ideas if this could work, have been trying to get my head around it all day .
Kernel 10 will resist
Without root, we can only flash official updates signed by Sony... And of course, we don't have Sony's private key to sign any customized / rooted update (well, it's private)
Condi has find a way to flash test-signed updates within his tool but we already need to have root in order to run it.
Our tablet's bootloader is locked, we don't actually know how to run it in fastboot mode so no ClockWorkMod recovery for us.
The only way now is to wait for a kernel exploit like GingerBreak, ZergRush or Mempodroid that will root our tablet or expect another device specific exploit (like Dan Rosenberg's for HoneyComb tablet S not in kernel #10).
So be patient, again and again...
Ok.... Is the root etc added to the tablet before/during the image flashing, or is it added to the zip file???
If it is added to the zip could we not use that zip on other consoles providing the were in the same region i.e nbx03_033 (NZ)?
We (Condi! ) can open an official zip update file and add root in it.
By doing this, we modify the archive's checksums and invalidate the original signature. We can't rebuild it because it needs secrets from Sony. So we sign the zip with a test key, I think taken from the Android Software Development Kit.
This modded zip can be only flashed to a rooted device because root is needed to disable Sony's signature check and temporary replace it by the test signature check in the Android update mechanism.
That's why we can't flash a modded update to our not rooted HoneyComb devices...
Nesquick95 said:
We (Condi! ) can open an official zip update file and add root in it.
By doing this, we modify the archive's checksums and invalidate the original signature. We can't rebuild it because it needs secrets from Sony. So we sign the zip with a test key, I think taken from the Android Software Development Kit.
This modded zip can be only flashed to a rooted device because root is needed to disable Sony's signature check and temporary replace it by the test signature check in the Android update mechanism.
That's why we can't flash a modded update to our not rooted HoneyComb devices...
Click to expand...
Click to collapse
Ahhh gotcha, damn.
So we must find a so called "local root" in order to gain root from the inside :
- Linux kernel exploit, searched by many but very hard to find and immediatly patched (well, our banks have Linux on their backoffice servers too) ;
- Device specific exploit, searched by few but a little easier to find (they have some easy methods on Acer devices, for example) and patched only by the device's provider when he has time for that.
That's what the rooting thing looks like for kernel #10 / not pre-rooted ICS users...
I know that its a stupid idea, but some softwares like quick boot can get you into the bootloader. would that help for checking fastboot? I'm not an expert, just suggesting.
What I know about this :
- no buttons combination (power + volume up/down) to enter fastboot mode ;
- command "adb reboot bootloader" leads to a normal boot.
Some people here have once reported entering a kind of "download" mode by testing things on their tablet but neither know how nor how to go back in it.
Well... Even if someone finds a way, I guess that command "fastboot oem unlock" won't work so we won't be able to flash anything. But as I was saying in another post, Sony techs must have an easy way to flash bricked tablets... Maybe a low-level tool like Samsung's Odin.
Hi All,
I am looking for a tutorial that explains how to root the cellphone build under 32.2.a.0.305 running with Marshmallow. I haven't found any topic that state someone succeeded to root this one. Any chance someone can give me some guidance. On some other website it is mentionned that we cannot root it for the moment. So I was thinking maybe downgrade it and go back to Lollipop? But even for that I need some guidance.
Thanks in advance.
Cheers.
francisci said:
Hi All,
I am looking for a tutorial that explains how to root the cellphone build under 32.2.a.0.305 running with Marshmallow. I haven't found any topic that state someone succeeded to root this one. Any chance someone can give me some guidance. On some other website it is mentionned that we cannot root it for the moment. So I was thinking maybe downgrade it and go back to Lollipop? But even for that I need some guidance.
Thanks in advance.
Cheers.
Click to expand...
Click to collapse
Theres a perfectly detailed guide in general section , you should downgrade to lolipop so you can use the temp root tool to back up drm keys before unlocking the bootloader , but if you dont care about drm keys , you can in fact just skip to the boorloader unlock part and root. Its so simple , but i would suggest going through the whole proccess and back up your drm keys cuz once lost , forever lost so ... Yah
madshark2009 said:
Theres a perfectly detailed guide in general section , you should downgrade to lolipop so you can use the temp root tool to back up drm keys before unlocking the bootloader , but if you dont care about drm keys , you can in fact just skip to the boorloader unlock part and root. Its so simple , but i would suggest going through the whole proccess and back up your drm keys cuz once lost , forever lost so ... Yah
Click to expand...
Click to collapse
Hi Madshark
Thanks for your prompt reply. Appreciate it.
I'm at rookie level in terms or rooting smartphone, so I don't know even the basics. Can you send me the link of the "detailed guide" and also explain me what does the "drm keys" stand for?
francisci said:
Hi Madshark
Thanks for your prompt reply. Appreciate it.
I'm at rookie level in terms or rooting smartphone, so I don't know even the basics. Can you send me the link of the "detailed guide" and also explain me what does the "drm keys" stand for?
Click to expand...
Click to collapse
this is the link to the post that I used and followed its instructions to root my phone personally.
http://forum.xda-developers.com/z5-compact/general/how-to-backup-restore-ta-partition-root-t3479532
if you lose DRM keys (and that happens when unlocking the bootloader) then some functions in the device will stop working like Bravia engine, Track ID, etc and on our z5 compact some say even stock camera stops from working, and when you lose those keys you can NEVER get them back because each device has its OWN TA partition that includes its OWN DRM keys and no other device has the same so thats why each and every one who owns an Xperia device must perform this TA backup in case they ever wanted to get back to stock (unroot and relock bootloader) they can restore these keys and functions to factory functionality. if you dont back them up and unlocked the boot loader then you will never get some functions to get back to working properly if you ever wanted to get back to stock and relock your boot loader!
However; there is some thing that is called DRM fix in certain roms that when you install these roms, you will not feel like you lost your functions because they already include a fix that behaves like the DRM keys.
still, losing your DRM keys will cause your device to lose its warranty and if you didnt back them up then you will never get it back even if you relocked your bootloader. so I personally backed them up because my device has a 2 year warranty and I dont want to waste them if any thing goes wrong I would restore them and send it to get fixed.
yet the only problem is warranty to me so if you have no warranty or dont care about it you can skip the back up process but yet again I dont like taking chances so just back them up its a 2 minute thing.
and I say again, all stock based roms in this Z5 compact forum have drm fix...
and to give you my personal opinion I dont like the Xperia z5 compact rooted because as I saw, there is so little roms and so little kernel variations and all the stable roms are based on stock MM firmware and CM roms arent fully stable yet , (they are but they have bugs that I hate having) and I only rooted so i can increase the volume of my phone speakers and headset and increase the strength of the torch but it all turns out to be that all sound mods have bugs and torch mod only work properly on any thing but STOCK ftf but any thing besides stock ftf isnt fully stable so I dont see any point in rooting this device I so regret buying it I should have checked how little the modifications are that can be made on it I owned Z2 and HTC devices in the past and boy! if I wanted to try different things every day for the past 2 years I wouldnt have finished by now there is sooo much to test and so much to try and to customize ...
the only rom that can be customized and can be enjoyed as much that we have is Kryptonian - the rom of awesomeness!
I hope I was helpful
madshark2009 said:
this is the link to the post that I used and followed its instructions to root my phone personally.
http://forum.xda-developers.com/z5-compact/general/how-to-backup-restore-ta-partition-root-t3479532
if you lose DRM keys (and that happens when unlocking the bootloader) then some functions in the device will stop working like Bravia engine, Track ID, etc and on our z5 compact some say even stock camera stops from working, and when you lose those keys you can NEVER get them back because each device has its OWN TA partition that includes its OWN DRM keys and no other device has the same so thats why each and every one who owns an Xperia device must perform this TA backup in case they ever wanted to get back to stock (unroot and relock bootloader) they can restore these keys and functions to factory functionality. if you dont back them up and unlocked the boot loader then you will never get some functions to get back to working properly if you ever wanted to get back to stock and relock your boot loader!
However; there is some thing that is called DRM fix in certain roms that when you install these roms, you will not feel like you lost your functions because they already include a fix that behaves like the DRM keys.
still, losing your DRM keys will cause your device to lose its warranty and if you didnt back them up then you will never get it back even if you relocked your bootloader. so I personally backed them up because my device has a 2 year warranty and I dont want to waste them if any thing goes wrong I would restore them and send it to get fixed.
yet the only problem is warranty to me so if you have no warranty or dont care about it you can skip the back up process but yet again I dont like taking chances so just back them up its a 2 minute thing.
and I say again, all stock based roms in this Z5 compact forum have drm fix...
and to give you my personal opinion I dont like the Xperia z5 compact rooted because as I saw, there is so little roms and so little kernel variations and all the stable roms are based on stock MM firmware and CM roms arent fully stable yet , (they are but they have bugs that I hate having) and I only rooted so i can increase the volume of my phone speakers and headset and increase the strength of the torch but it all turns out to be that all sound mods have bugs and torch mod only work properly on any thing but STOCK ftf but any thing besides stock ftf isnt fully stable so I dont see any point in rooting this device I so regret buying it I should have checked how little the modifications are that can be made on it I owned Z2 and HTC devices in the past and boy! if I wanted to try different things every day for the past 2 years I wouldnt have finished by now there is sooo much to test and so much to try and to customize ...
the only rom that can be customized and can be enjoyed as much that we have is Kryptonian - the rom of awesomeness!
I hope I was helpful
Click to expand...
Click to collapse
Very helpful ! Thanks v much - I'll let you know if I succeed!
Ok, 2 more things.
Probably the most important: warranty has nothing to do with DRM keys, unlocked bootloader or what more. Sony is not/never gonna repair smartphones when there're problems caused by custom ROM or kernel, they're not gonna fix a bootloop caused by a bad flashing procedure and so on. But it's not true that you're automatically losing warranty by unlocking bootloader or getting root access.
Next to that, you don't have to go through that process of backing up your own TA, if you don't want. It's much easier to root and flash a kernel with DRM keys patched. Procedure to root is really simple. Flash new rom, unlock bootloader, fastboot to flash compatible twrp , flash supersu, flash modded kernel, done. There're already quite some tutorials to guide you through this proces.
--jenana-- said:
Ok, 2 more things.
Probably the most important: warranty has nothing to do with DRM keys, unlocked bootloader or what more. Sony is not/never gonna repair smartphones when there're problems caused by custom ROM or kernel, they're not gonna fix a bootloop caused by a bad flashing procedure and so on. But it's not true that you're automatically losing warranty by unlocking bootloader or getting root access.
Next to that, you don't have to go through that process of backing up your own TA, if you don't want. It's much easier to root and flash a kernel with DRM keys patched. Procedure to root is really simple. Flash new rom, unlock bootloader, fastboot to flash compatible twrp , flash supersu, flash modded kernel, done. There're already quite some tutorials to guide you through this proces.
Click to expand...
Click to collapse
Yah well if the bootloader is unlocked and the system has modification on it , they have every right to refuse fixing it for you because its hard to prove that what bricked the device isnt some modification that you made... Unless they have a really good heart , i had a z2 before and it was rooted but the ftf on it was custom but was on it for like 7 months and all the mods were working properly untill all of the sudden it wont turn on so they told me that what i.did caused it but i didnt do anything wrong i know they lying but can u prove it!? No..
Hi guys,
How do I flash the boot.img using cmd and fastboot ?
francisci said:
Hi guys,
How do I flash the boot.img using cmd and fastboot ?
Click to expand...
Click to collapse
first you gotta download ADB folder
you can find it here if im not wrong : http://forum.xda-developers.com/showthread.php?t=2588979
then place the adb folder in C:\
I think it automatically place it there when installing so no need to do that if so
2. go to cmd (start - type in CMD) and once it launches direct it to where the adb folder is "cd c:\adb" without the quotes of course
3. to flash boot type in "fastboot flash boot boot.img" without quotes and one space step between words only.
4. to flash recovert just type is "fastboot flash recovery "recovery name".img wihtout the quotes and copy recovery name exactly the way it is.
that it
keep in mind that any time you want to flash any thing , that thing must be inside the adb folder for example ,boot.img file must be there in the adb folder with all the other files when installing adb, and also recovery and every other thing you want to flash using fastboot.
hope this is helpful.
Hi madshark, thanks again for your help. I have been able to flash the boot img and then rename twrp into recovery and flash it as well.
Now I'm stuck the device cannot reboot so I cannot transfert the SuperSU files in to the device...
And when I type adb devices in cmd, it do not mention the device ! Seems that I'm facing an issue.
francisci said:
Hi madshark, thanks again for your help. I have been able to flash the boot img and then rename twrp into recovery and flash it as well.
Now I'm stuck the device cannot reboot so I cannot transfert the SuperSU files in to the device...
And when I type adb devices in cmd, it do not mention the device ! Seems that I'm facing an issue.
Click to expand...
Click to collapse
well youre new, mistakes like these happen Ive been there, sorry for the late reply XDA isnt giving me notification
any way, make sure after backup TA (which is on lolipop firmware) you gotta get back to original .305 firmware (MM) the process of you getting back to lolipop in the first place is so you can use Ivoyroot tool for temporary root so you can backup your TA partition, once that is done you must get back to .305 because you are flashing a kernel (boot.img) that is for build .305 I guess the guide guy didnt mention this?
second when I said copy recovery name as it is I meant what recovery name you have for example
fastboot flash recovery twrp-3.0.2-0-E5823-20160417.img
thats my recovery name the one that I downloaded, yours might say some thing else its OK I meant copy YOUR recovery name to CMD the way it is exactly in the ADB folder
and now your stuck, if your bootloader is already unlocked, just flash .305 firmware with flashtool the same way you flashed the lolipop firmware, once that is done, do the first boot settings and once device is launched into the software , just flash boot again
make sure you follow instructions to the POINT, so you gotta turn of your phone, press the volume up button keep it pressed while connecting your phone to the PC and flash boot and recovery and thats it
and after youre done with this process , then you turn on your phone connect it to your PC and place the superSU zip file in it and then go to recovery and flash it
adb isnt recognizing your device?
thats weird if you just connect your device nothing will happen, so you turn off your phone and press the volume up button and connect it, (thats how you enter fastboot mode) and if still doesnt recognize then do what I told you to do already and see what happens next
keep me updated and if its urgent just send me a PM because I dont see notification otherwise...
Thanks Madshark for your help, it has finally worked!
I know I need to have an unlocked bootloader to root Huawei phones. But I have found a new solution where there is no need to unlock the bootloader. Now I want to explain it. Huawei has a feature called sdcard update which flashes phone from sdcard. It made me think if I unpacked update.app and patched ramdisk_recovery by magic manager, I also replaced the real img with the patched img. Now I flashed it, result success. I magically checked the app and magically it was successfully installed. I have root access now.
Sorry for my poor English, I used Google translate.
Jonas336ts said:
I know I need to have an unlocked bootloader to root Huawei phones. But I have found a new solution where there is no need to unlock the bootloader. Now I want to explain it. Huawei has a feature called sdcard update which flashes phone from sdcard. It made me think if I unpacked update.app and patched ramdisk_recovery by magic manager, I also replaced the real img with the patched img. Now I flashed it, result success. I magically checked the app and magically it was successfully installed. I have root access now.
Sorry for my poor English, I used Google translate.
Click to expand...
Click to collapse
i would like to hear more about this
Can you make a video?
I too would love to hear more about this and exactly what to do
Yap please tutorial post how to do this
Used that method on p20 pro Indeed...but seemed that it did not work anymore since Android 9.0 or 9.1
deltaman83 said:
Used that method on p20 pro Indeed...but seemed that it did not work anymore since Android 9.0 or 9.1
Click to expand...
Click to collapse
Will Work, if you have a pc and Micro sdcard in phone.
Tabs78 said:
Can you make a video?
Click to expand...
Click to collapse
I make a video. Video will Come on Friday this month. I send link.
Have anybody tried this method? Any success?
Jonas336ts said:
I know I need to have an unlocked bootloader to root Huawei phones. But I have found a new solution where there is no need to unlock the bootloader. Now I want to explain it. Huawei has a feature called sdcard update which flashes phone from sdcard. It made me think if I unpacked update.app and patched ramdisk_recovery by magic manager, I also replaced the real img with the patched img. Now I flashed it, result success. I magically checked the app and magically it was successfully installed. I have root access now.
Sorry for my poor English, I used Google translate.
Click to expand...
Click to collapse
Interesting. I think you should provide more details:
1. Emui Version
2. Apps or tools used to unpacked repacked update app.
3. If there needs sign some files and tools used for that
4. other infos.
Jonas336ts said:
Will Work, if you have a pc and Micro sdcard in phone.
I make a video. Video will Come on Friday this month. I send link.
Click to expand...
Click to collapse
Where is the video link?
Jonas336ts said:
I know I need to have an unlocked bootloader to root Huawei phones. But I have found a new solution where there is no need to unlock the bootloader. Now I want to explain it. Huawei has a feature called sdcard update which flashes phone from sdcard. It made me think if I unpacked update.app and patched ramdisk_recovery by magic manager, I also replaced the real img with the patched img. Now I flashed it, result success. I magically checked the app and magically it was successfully installed. I have root access now.
Sorry for my poor English, I used Google translate.
Click to expand...
Click to collapse
As it successfull rooted as you say that so next we must go to work to cook some custom ROM
Josh said:
As it successfull rooted as you say that so next we must go to work to cook some custom ROM
Click to expand...
Click to collapse
You can't make a custom rom without sources. Besides, we still haven't got any tutorial regarding how to do this method.
Please, can you make a tutorial and show us a video @Jonas336ts
Too many pictures on first post.
Ok so I think I understand how he did it. Magisk has an option to manually patch a file. So basically, we use this guide to patch ramdisk_recovery.img : https://www.ytechb.com/how-to-patch-a-file-in-magisk-manager/
Now here comes another question : How do we get ramdisk_recovery.img? Simple. Find your ROM's update.zip file. Then, open update.app (or whatever it is called) using 7-zip and extract ramdisk_recovery from within. Then patch it with Magisk and then put it inside the update.app. Put update.app in your sdcard/flash drive and flash it using *#*#2846579#*#* method. Does it sound simple? Not really. There are a few issues with this and it sounds pretty strange that it works.
1.You need to sign the update.app file using Huawei keys. How did OP get these keys?
2.You can't simply replace files inside the update.app, unless you unpack and pack it, but again check reason 1 (unless the method has changed/I knew it wrong all this time)
3.It's impossible for the ROM to boot after doing this method. How can you still have root access when your bootloader is locked?
4.Doesn't EMUI know the update.app file was tempered? If it was that simple to flash stuff then we would have had a root guide like this a while ago.
Either way, this is my 2 cents. I am waiting for OP's video. But judging he/she's been inactive for a week, I doubt it.
EDIT
This method is impossible to be done. Reason being : There is absolutely no WAY you can get the update.app file for your rom MANUALLY. Unless you find a way to get Firmware Finder back, don't get your hope so high. I am sorry.
Another update : Ramdisk_recovery is not the type of IMG that Magisk patches. You need ramdisk.img. So basically this seems very fake. Still no tutorial.
AnotyClaws said:
Another update : Ramdisk_recovery is not the type of IMG that Magisk patches. You need ramdisk.img. So basically this seems very fake. Still no tutorial.
Click to expand...
Click to collapse
Try to find his other posts or topics. Pay attention to the date.
badmania98 said:
Try to find his other posts or topics. Pay attention to the date.
Click to expand...
Click to collapse
I did. Still nothing
I am trying my own method of rooting however I might risk bricking my phone. idk how I will sign the update.app or how to flash the img file with a locked bootloader...
In theory you should modify a dload firmware that can be written. But I suggest you to stay away.