Related
Warning:
I will not be responsible for damage to your device(s) by using this exploit. Antivirus software and Play services will likely detect this as potentially malicious. It is an exploit, deal with it or don't use it. Do not mirror these applications without my permission!
PwnMyMoto is a replacement for my previously released MotoRoot. PwnMyMoto exploits three vulnerabilities, to gain root access, then to gain write to system. This is a traditional root, and doesn't use any 'hackery' to maintain su access unlike MotoRoot.
First we use bug 9695860 (aka second masterkey) to gain system user, then it uses a symlink attack to gain root access. After gaining root we exploit a flaw in the bootloader, allowing us to bypass the write protection applied to system. In the process we remove stock recovery, so OTAs will not be a worry.
Install PwnMyMoto by running:
adb install -r PwnMyMoto-<version and model go here>.apk
Click to expand...
Click to collapse
Then run PwnMyMoto, depending on the current root status of your phone it will reboot 2 or 3 times, after the last reboot it will uninstall it self and su will be installed on the actual system partition. Please install SuperSu from the market after this step is done.
We have two (ok more but were not going into that) boot modes. First is normal, which boots regular Android, and in this case boots with system write protected. Second is recovery mode, normally it boots recovery without write protection. Our exploit will hijack recovery bootmode and boot Android without write protection.
After running this exploit, if you boot normally /system will be write protected. If you boot to "recovery", Android will boot without write protection. If you wish to edit system, you must boot into "recovery" to do so, any changes made will stick and will work in either bootmode. My suggestion is to make your changes in "recovery" and run the device day to day in normal mode, until we are certain "recovery" mode will be 100% stable for day to day use.
The exploit will uninstall itself after successful exploitation.
To see if write protection is applied, you can run:
adb shell getprop ro.boot.write_protect
Click to expand...
Click to collapse
If it returns '1' then write protection is applied to /system, if it returns '0' then no write protection has been applied.
In the future we will have a replacement recovery, but at this time it is still in development. Enjoy.
Change Log:
1.4.3 allows detection of failed su installation (0 size su) and reinstallation)
1.4.1 adds reliability, and fixes issues for users when improper permissions are applied to su (Preventing updates).
1.2 - Bug fix for devices which had recieved OTAs.
If you used 1.1 and have a problem with recovery coming back, run the following command:
adb shell su -c "dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/dev/block/platform/msm_sdcc.1/by-name/recovery"
Click to expand...
Click to collapse
1.1 - initial release
Thanks!
Figure I should add that this does not allow usage of custom kernels at this time because everything is still signature checked.
Is there an unroot process?
alee said:
Is there an unroot process?
Click to expand...
Click to collapse
I'd assume you could boot into the recovery mode and just delete superuser, su, and busybox, but someone more knowledgeable should confirm.
Sent from my Nexus 7
Just an FYI, since I panicked a little, when the little Andy is shown lying on his back and it says "No command", just wait it out
Dr. Carpenter said:
Just an FYI, since I panicked a little, when the little Andy is shown lying on his back and it says "No command", just wait it out
Click to expand...
Click to collapse
It probably didn't work for you then. I was having the same problem earlier and again now.
I still have root. It did the same thing when booting to recovery. Guess I'll reinstall and give it another go.
Sent from my XT1080 using Tapatalk 4
Dr. Carpenter said:
I still have root. It did the same thing when booting to recovery. Guess I'll reinstall and give it another go.
Sent from my XT1080 using Tapatalk 4
Click to expand...
Click to collapse
It shouldn't boot to recovery since it is being replaced.
Sorry, meant when booting to "recovery". It went to the no command screen for a minute then rebooted to Android.
Sent from my XT1080 using Tapatalk 4
If you are running into an issue where it is booting into normal recovery, come find me on IRC. I think 1.1 fixed the bug but if it didn't i need to release 1.2/
OK, not sure what's going on now... The first time I ran it, the button said something like Click to root, now this time it said Boot into WP bypass. Hit it and same thing, back to the no command screen for a while and then a reboot. I was previously rooted, but based on the OP, that shouldn't make a difference. Back up now, and the app is still installed (it uninstalled the first time), still says the same thing.
Worked for me... Rooted w.o wp when booting to recovery
jcase said:
If you are running into an issue where it is booting into normal recovery, come find me on IRC. I think 1.1 fixed the bug but if it didn't i need to release 1.2/
Click to expand...
Click to collapse
first of all, thanks so much, and i apologize for the noob questions below, but i'd like some clarification if possible (perhaps a video would be helpful like on your previous releases).
1) does it matter which version of your moto root app and SU we are currently using?
2) what do you mean in the OP by normal mode and recovery mode? I mean i've used custom recovery and normal (adb) mode, but when you say "recovery mode" will have write access, does that mean you will have write access only while you are in recovery? I think it means that you get into regular android operating system (that is adb), but through some extra boot/recovery step. This is confusing.
3) which custom recovery is the stock recovery being replaced with?
4) how do we tell it to boot in "recovery mode" or "normal mode"?
5) which version of supersu should we use? is the regular one OK?
6) which IRC are you referring to in the above quote?
Version 1.2 should work on devices that had taken the OTA, 1.1 didn't reflash the recovery partition with boot for them.
a manual fix for those that used 1.1 is a single command
adb shell su -c "dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/dev/block/platform/msm_sdcc.1/by-name/recovery"
Click to expand...
Click to collapse
So am I to understand that in order to install this apk you have to use adb. Because it doesn't install like a normal apk it says that a signed version is already installed. Which is the other apk 1.1 if so this sucks I nuked my computer last night no adb. Will the 1.2 version allow me to install the apk normally over the 1.1
Never mind I see that its 1.2 now and it did install no problem and deleted itself and I have root. However like mistermojo I am confused as to how to get r/w I know how to get into recovery but once there do you just reboot and then you have r/w a little clarification would be appreciated. Thank you for the exploit and especially it being an apk since my computer took a **** last night.
bigv5150 said:
So am I to understand that in order to install this apk you have to use adb. Because it doesn't install like a normal apk it says that a signed version is already installed. Which is the other apk 1.1 if so this sucks I nuked my computer last night no adb. Will the 1.2 version allow me to install the apk normally over the 1.1
Never mind I see that its 1.2 now and it did install no problem and deleted itself and I have root. However like mistermojo I am confused as to how to get r/w I know how to get into recovery but once there do you just reboot and then you have r/w a little clarification would be appreciated. Thank you for the exploit and especially it being an apk since my computer took a **** last night.
Ok I can't get into stock recovery when I get into fastboot and choose recovery it goes to a black screen and like it is off I can get back into fast boot or just boot the phone normal but no recovery.
Click to expand...
Click to collapse
recovery is over written with this method. simply use an app that reboots to recovery and the phone will boot normally only write protection will be disabled.
Bigv
power off your phone
Press vol - and power key at the same time for 3 secs and release
You should be in the fastboot. Press vol - until you highlight recovery.
Press vol + to select and boot to android with write protect turned off
asuhoops8628 said:
Bigv
power off your phone
Press vol - and power key at the same time for 3 secs and release
You should be in the fastboot. Press vol - until you highlight recovery.
Press vol + to select and boot to android with write protect turned off
Click to expand...
Click to collapse
Got it my dumbas was pushing power not + and I was just turning the screen off not rebooting into recovery or normal power up thanks for the help. It sucks not being to run adb to check for write permission. But I was able to modify the media file in the ui and change the effect tick so I know it works.
mistermojorizin said:
first of all, thanks so much, and i apologize for the noob questions below, but i'd like some clarification if possible (perhaps a video would be helpful like on your previous releases).
1) does it matter which version of your moto root app and SU we are currently using?
2) what do you mean in the OP by normal mode and recovery mode? I mean i've used custom recovery and normal (adb) mode, but when you say "recovery mode" will have write access, does that mean you will have write access only while you are in recovery? I think it means that you get into regular android operating system (that is adb), but through some extra boot/recovery step. This is confusing.
3) which custom recovery is the stock recovery being replaced with?
4) how do we tell it to boot in "recovery mode" or "normal mode"?
5) which version of supersu should we use? is the regular one OK?
6) which IRC are you referring to in the above quote?
Click to expand...
Click to collapse
Basically what is going on is if you go to fastboot mode vol - and power at the same time you have the option to boot into recovery, however it isn't actually booting into a normal or custom recovery where you can flash it boots normally but has no write protection so that you can write to the system. Then once you write you can reboot normally. Is that correct jcase?
I was just been going through different forum threads and found that most people find it difficult to root there device,
So I decided to write a easy tutorial to do that(not ment for Android 5.0 Lolipop, yet)
things you should know before following this:
a. it MIGHT(not necessarily)trigger KNOX(on samsung some devices)
b. you need unlocked bootloader in case you have a sony device.
Click to expand...
Click to collapse
these are the steps you need to follow to root your device, it is a general method and SHOULD work on almost all devices(might not work for few):
1. First of all you are supposed to know what device you are using, and if you know what device you are using, you are ready to proceed
2. Next thing you would need to find is the process needed to flash image/md5 to the device you want to root(might trigger KNOX)(unlocked bootloader needed)
3. So if you don't know how to flash image/md5 to your device, just search here, on XDA for how to install cwm recovery(for example) on *your device*(might trigger KNOX, google it to know if your device have it or not, will void your warranty)(unlocked bootloader needed)
4. Cwm recovery is a custom recovery(few more are there too) for almost every device (you can make one if its not available yet, just search XDA)(if not, this is probably not a process you can follow, find some other)
5. When you have successfully installed the cwm recovery to your device, then you would need to know how to enter recovery mode on your device, generally, holding power+volume up keys for few seconds when the device is off will get you to recovery mode, and on Samsung devices, it's power+home+volume up keys that are supposed to be kept pressed to get to recovery mode, and if any of these don't works, just google "how to enter recovery mode on *your device*"
6. Now you need to download a supersu update zip from: HERE.
7. Place it anywhere on your phone and now turn off your device and boot to recovery mode (by process explained above)
8(a). When you enter recovery (any custom recovery you can find), there's an option to install zip from SD card (external or internal)
8(b). Select it and find out the supersu zip you downloaded above and then select it and confirm to install it
When it's done(installing that zip), you are done, you had rooted your device successfully and now you can enjoy the root access!
Just reboot your device normally and you can find SuperSU icon in the app drawer(if you don't, just install it from play store), open it and it will simply open with an option to follow them
If for some reason, supersu says super user binary is not installed and supersu can't install it, then it's not rooted, and you can retry the process of installing supersu update zip by booting to recovery and installing it from there (explained above)
It is not supposed to happen (the problem stated above) as you are not doing any wrong thing during the process (if you followed my steps)
So, that's it if you have any problem during doing this, just reply and I will try to solve it for you
tell me if it didnt worked for you, i will make a list of devices that are not able to be rooted by this( i guess there wont be any.)
Hit thanks of I helped you
Sent from my SM-T211 using XDA Free mobile app
Ok I did this and it triggered KNOX... I let SU try and Disable it, but it's been trying for over 30min.
Edit: Re-booted and let SU try again. It disabled KNOX it said.
Many devices are not able to root via this method, especially those with locked bootloaders. There is no generic root all method as there are too many variations on software, hardware, and everything in between.
run2jeepn said:
Ok I did this and it triggered KNOX... I let SU try and Disable it, but it's been trying for over 30min.
Edit: Re-booted and let SU try again. It disabled KNOX it said.
Click to expand...
Click to collapse
well, you should know that flashing anything will trigger knox, its not stated in this post because when i created it, i didnt knew about KNOX, i will add it now.
es0tericcha0s said:
Many devices are not able to root via this method, especially those with locked bootloaders. There is no generic root all method as there are too many variations on software, hardware, and everything in between.
Click to expand...
Click to collapse
ok thanks
i changed the post and stated that this process need unlocked bootloader thanks again
I have the LG Power (aka LG Leon) from Tracfone, which has a protected bootloader. KingRoot roots it, but its su binary is not fully compatible with all root apps. Fooling around with KingRoot, I found a way to ultimately root the phone with SuperSU, using KingRoot as a "mule" app to do it.
Warning: As always, you can make your device unusable by attempting to root it. You follow these instructions at your own risk.
Download KingRoot from kingroot.net, install it, and let it do its thing. You may have to try a couple or three times before it gains root.
Install SuperSU from Google Play. Open it and "Cancel" the prompt to update the su binary (it won't work, yet). Configure SuperSU to your preferences, and grant it root permission when KingUser asks.
Install a root browser such as ES File Explorer from Google Play, open it, and enable root access. KingUser should prompt to allow it root.
You will need a copy of the SuperSU su binary. It is not yet in the /system/xbin folder, as KingRoot has control over that. You can get it through ChainFire's site, or from the "root.zip" file attached to this thread: http://forum.xda-developers.com/fir...ne-supersu-t3105546/post60669196#post60669196
Load the mule with the payload. Browse to /data/data/com.kingroot.kinguser using the root browser and REPLACE all instances of "su" with the SuperSU version of the su binary. You will find at least two deeply embedded in the directory tree.
Now wait, possibly for several minutes. KingRoot will eventually check its integrity and find that the installed su binary is different than the one it its data directory. It will reinstall automatically and test its access. If successful, you will see a SuperSU prompt to grant KingRoot superuser access! :victory: Deny it.
Now open SuperSU again and allow it to upgrade the su binary through the "Normal" method. It should succeed.
Restart the device.
Open SuperSU again to test root access. Open a few root apps such as the root explorer. SuperSU should prompt to grant root access.
You can uninstall KingRoot (and Purify, if you want).
Some issues that I ran into that may or may not be of concern to you:
After rooting, my device became unstable and would freeze a few minutes after restarting. I had to take out the battery to restart it. I was messing around a lot with it, so most likely it's something else I did. However, if this happens to you, go into "Safe Mode" by powering it on, waiting for the LG Logo to appear, then holding the "volume down" button until you see the default launcher screen with "Safe Mode" in the lower left corner. Give it many minutes to settle in, then restart normally. This restores a few things to default (such as your widgets, which you will have to re-configure).
SuperSU asked me a second time to update the su binary. I allowed it, and it never asked me again.
If all else fails and you can't get a stable root, install KingRoot again and have it re-root the phone.
FlashFire works on this phone after rooting as above. I was able to successfully flash Xposed to the device.
Don't try to flash TWRP, however. The bootloader is locked and you will lose recovery if you do this. (Yes, I did it.)
this not work on H340n with android 6.0
gsearle5 said:
FlashFire works on this phone after rooting as above. I was able to successfully flash Xposed to the device.
Don't try to flash TWRP, however. The bootloader is locked and you will lose recovery if you do this. (Yes, I did it.)
Click to expand...
Click to collapse
Hey, quick question because I'm still not getting the framework to successfully flash. Which version of the framework did you use specifically?
Corbow6 said:
Hey, quick question because I'm still not getting the framework to successfully flash. Which version of the framework did you use specifically?
Click to expand...
Click to collapse
I flashed version 81. It's working great, so I haven't attempted to upgrade yet.
gsearle5 said:
FlashFire works on this phone after rooting as above. I was able to successfully flash Xposed to the device.
Don't try to flash TWRP, however. The bootloader is locked and you will lose recovery if you do this. (Yes, I did it.)
Click to expand...
Click to collapse
I had the same issue... So after lots of searching I found a stock 5.0.1 recovery for a LG G3 that works. The zip file is NOT flashable but just unzip the recovery.img and flash that with FlashFire. You can then turn off the phone, press & hold vol- & power till the phone vibrates the continue to hold vol- and release then press and hold power again to enter stock recovery.
voluptuary said:
I had the same issue... So after lots of searching I found a stock 5.0.1 recovery for a LG G3 that works. The zip file is NOT flashable but just unzip the recovery.img and flash that with FlashFire. You can then turn off the phone, press & hold vol- & power till the phone vibrates the continue to hold vol- and release then press and hold power again to enter stock recovery.
Click to expand...
Click to collapse
Thank you! I'll try it out. What do I have to lose, recovery?
gsearle5 said:
I flashed version 81. It's working great, so I haven't attempted to upgrade yet.
Click to expand...
Click to collapse
I just updated to version 86 without a hitch.
Looks like I celebrated too soon, while you can enter recovery with the IMG I posted above it won't actually do anything... except make you have to pull the battery out. Least you don't get an error in the top left corner anymore so there's that.
Just installed the new Xposed Framework self-installer for Lollipop on this device (LG Power). It worked flawlessly.
http://forum.xda-developers.com/showthread.php?t=3034811
I realize that there's no howto guide yet on this forum. To a new Xiaomi device user, this can be daunting.
This is my guide on how I flashed my China Redmi K20 Pro and fixed Google Pay.
I am NOT responsible for whatever happens to your device as a result of following the below instructions.
At all times remember to download only the ones applicable for the China version i.e. recovery, ROM.
EXTRA:: New phone out of the box and waiting for bootloader unlock?
Install Google Play. Some of the download links in the thread are outdated so it is best to go to apkmirror.com to search, download and install them.
1) In order to flash any custom ROM, the bootloader must be unlocked
Xiaomi locks this by default on all devices. You must unlock it before proceeding to next steps, or you will brick your device. If it's bricked, try this or read the last section of this post.
i. Check Mi lock status from Developer Options. To enable Developer Options, go to Settings -> My Device -> All Specs -> tap on MIUI version. The Developer Options will appear in Settings -> Additional Settings eventually after about 7 taps.
The unlock time can take anywhere from 2 days to 30 days. You can check the timer in step 1vi. You no longer need to apply to Xiaomi to unlock the bootloader.
ii. Download the miflash_unlock_en_3.3.827.31. Extract the zip and run miflash_unlock.exe
iii. On the computer, sign in to the same mi account that's being bound to your phone.
iv. Send the phone to fastboot mode (power down, then power button + volume down button at the same time until the android picture appears).
v. Connect the phone to the computer by USB.
vi. On the computer, attempt to proceed to unlock. It will show you the number of hours left that you need to wait before the phone can be unlocked. Try again after that.
2) Bootloader unlocked
When you try to unlock the phone now (step 1iii - vi), the phone's screen will suddenly change while your mi unlock tool is "verifying" the phone. The tool will say error unlocking. This is normal. On the phone's screen, after progressing about 10% it will appear to reset. Your phone is now unlocked. You can verify the lock status by repeating step 1.
3) Install TWRP custom recovery
You need an Intel (AMD Ryzen seems to be an issue) Windows PC and ADB/fastboot installed. If you don't already, download from here.
There are several recoveries out there, but this one works for me. Download your choice into your PC. When you are done:
i. Open PowerShell (in File Explorer, shift + left click on an empty space) in that folder you downloaded into. If it's a zip, extract to get the .img file.
ii. Send phone into fastboot mode (power down, then vol down button + power button together).
iii. Connect phone to computer.
iv. Type
Code:
fastboot devices
into the PowerShell window. On your computer, you will be able to see that the phone is now in fastboot mode.
v. Type
Code:
fastboot flash recovery TWRP-3.3.1-0529-REDMI_K20PRO-CN-wzsx150.img
vi. When done, send your phone into TWRP recovery (vol up button + power button together).
Note: You must complete step vi or you will lose TWRP recovery because official ROMs restore to official recovery. If you missed this step, you must repeat from steps 3ii to go into TWRP.
4) Send ROM to your phone. If you have the ROM downloaded into your phone already, you may skip this step
Choose a ROM from the ROM section. For me, I use xiaomi.eu 9.8.22. Direct download link for the lazy.
Continuing in the same PowerShell window, type:
Code:
adb devices
adb push "D:\xiaomi.eu_multi_HMK20ProMI9TPro_9.8.22_v10-10.zip" /sdcard/
Replace D:\...... with the full path to the downloaded ROM. The file transfer may take some time. Wait for the PowerShell window to finish the executing command. It took 320 seconds for me.
5) Flash the ROM
For a clean ROM install, be sure to wipe the data, Dalvik and cache partitions. It is called a dirty flash if you wipe only Dalvik and cache.
i. On your phone while still in TWRP, go to Wipe -> Advanced Wipe -> select Dalvik / ART Cache and Data partitions. DON'T choose the FORMAT DATA or wipe any other partition.
ii. Select Install, then choose the ROM and swipe to start the flash. Alternatively, you can also run the same by continuing in the PowerShell window:
Code:
adb shell twrp install /sdcard/xiaomi.eu_multi_MI9_9.8.22_v10-10.zip
iii. When done, select "Reboot System". The first startup will take some time (maybe 3 minutes). You may disconnect the cable from the computer now.
6) Congrats! You are now using a custom ROM!
7) Set up Google Pay
Last tested and still working on 29 August 2019.
There's still one last obstacle. It seems that even though we can pass SafetyNet, Google Pay still doesn't want to work.
a) Make sure Google Pay app has already been installed and run once.
b) Install Magisk Manager
i. Open the App and then download the Magisk zip file.
ii. Send the phone into recovery. Power down the phone, then power button + vol up button at the same time.
iii. Select the Install menu, then select the Magisk zip file and slide to confirm flash. When done, select "Reboot to system".
c) Open Magisk App, then under Downloads, find and install Busybox for Android NDK and SQLite3 for ARM aarch64. Reboot phone.
d) Download the GPay SQLite Fix (more reading here)
Which version to use? It depends on how you want the fix:
Fix stays even if Magisk is uninstalled - use v1.5
To uninstall later, use Termux, type in the following:
Code:
su
chattr -i /data/data/com.google.android.gms/databases/dg.db
Grant superuser to the App when prompted.
Fix is uninstalled together when Magisk is uninstalled - use v1.7
e) Open Magisk app, go to Modules, press on the + button to custom select a module. Select file manager, then browse to the downloaded zip file. When done flashing, reboot phone. You can begin to setup contactless payment next.
If you used v1.5, you may uninstall Magisk now.
TIP: You need to change the NFC method if you want to use Google Pay.
Under Settings, go to Wireless & Networks -> More -> Secure element position -> Use HCE Wallet.
Help! It keeps rebooting into TWRP and never into my ROM!
I hope you never end up needing this. But if it did happen:
a) Download and install MIUI ROM Flashing Tool from MIUI.com. Guide is also available in the page.
b) Download a fastboot ROM from here example: China V10.3.8.0PFKCNXM Fastboot.
c) Unzip into a directory with no space in between:
Code:
D:\Redmi K20 Pro\fastboot - NOT OK
D:\Redmi_K20_Pro\fastboot - OK
d) Send phone to fastboot mode (power down, then vol down button + power button together).
e) Connect phone to computer
f) Open the MIUI ROM Flashing Tool. Browse to the directory where you had extracted the file e.g. D:\Redmi_K20_Pro\fastboot\raphael_images_V10.3.8.0.PFKCNXM_20190601.0000.00_9.0_cn
The program always defaults to "clean all and lock". This option will install the official ROM and lock the bootloader.
Make sure to change to "clean all" to keep the bootloader unlocked.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
g) Press "refresh" to confirm your phone is listed and then press "flash" when you are ready.
The flashing process will take several minutes. Do not disconnect the cable.
The program will show "success" under result.
Your phone will automatically boot into the official ROM.
You may then repeat step 3 Install TWRP custom recovery.
im having issue with twrp, i flashed it successfully and boot to the system(rom) but when i try to boot to recovery the stock recovery overwrites twrp, flashed 4x same result, how to fix this?
karltabby said:
im having issue with twrp, i flashed it successfully and boot to the system(rom) but when i try to boot to recovery the stock recovery overwrites twrp, flashed 4x same result, how to fix this?
Click to expand...
Click to collapse
Same here and flipping bought my phone from Ebay and its now locked to Mi account
Gooners4life said:
Same here and flipping bought my phone from Ebay and its now locked to Mi account
Click to expand...
Click to collapse
your have mi accnt of the previous owner
ionflux said:
I realize that there's no howto guide yet on this forum. To a new xiaomi device user this can be daunting.
This is my guide on how I flashed my Redmi K20 Pro and fixed gpay.
I am NOT responsible for whatever happens to your device as a result of following the below instructions.
EXTRA:: New phone out of the box and waiting for bootloader unlock?
Install Google Play. Some of the download links in the thread are outdated so it is best to go to apkmirror.com to search, download and install them.
1) In order to flash any custom ROM, the bootloader must be unlocked. Xiaomi locks this by default on all devices. You must unlock it before proceeding to next steps, or you will brick your device.
i. Check Mi lock status from Developer Options
To enable Developer Options, go to Settings -> My Device -> All Specs -> tap on MIUI version. The Developer Options will appear in Settings -> Additional Settings eventually after about 7 taps.
If this is locked, you will need to apply to Xiaomi to unlock. This can take anywhere from 2d to 30d. I think it is a random countdown timer set by Xiaomi. Mine took 7 days.
ii. You will be able to download their unlock tool (miflash_unlock_en_3.3.827.31) after applying. Extract the zip and run this tool (miflash_unlock.exe).
iii. On the computer, sign in to the same mi account that's used on your phone.
iv. Send the phone to fastboot mode (power down. then power button + volume down button at the same time until android picture appears)
v. Connect the phone to the computer by USB
vi. On the computer, attempt to proceed to unlock. It will show you the number of hours left you need to wait before the phone can be unlocked. Try again after that
2) Bootloader unlocked
When you try to unlock the phone now (step 1iii - vi), the phone's screen will suddenly change when your mi software is "verifying" the phone. The software will say error unlocking. This is normal. On the phone's screen, after progressing about 10% it will appear to reset. Your phone is now unlocked. You can verify by trying step 1.
3) Install TWRP custom recovery
There is a thread here that links to the custom TWRP made for Redmi K20 Pro. The last time I tried the download link had expired, so I used the archived one linked by the thread poster.
After extracting the zip, you will find a few important files:
These are essentially all you need to flash the custom recovery.
i. Open PowerShell in that folder you unzipped into. (In File Explorer, shift + left click on an empty space)
ii. Send phone into fastboot mode (power down, then power button + vol down button together)
iii. Connect phone to computer
iv. Type into the PowerShell window. You will be able to see that the phone is now in fastboot on your computer.
v. Type
vi. Type
vii. Your phone should boot into TWRP now.
4) Send ROM to your phone. If you have the ROM downloaded into your phone already, you may skip this step.
I downloaded the stable ROM 10.3.12.0. Direct link for the lazy
Continuing in the same PowerShell window, type
Replace D:\...... with the full path to the downloaded ROM. The file transfer may take some time. It took 454 seconds for me.
5) Flash the ROM.
Before flashing the ROM, clean the data and Dalvik cache partitions.
i. On your phone while it's still in TWRP, go to Wipe -> Advanced Wipe -> select Dalvik Cache and Data partitions. DON'T wipe any other partitions.
ii. Go back to home screen. Now go to Install menu, then select the ROM.zip in your /sdcard/ directory. Slide to confirm flash. When done, select "Reboot to system". The first startup will take some time (maybe 3 minutes).
6) You are using xiaomi.eu ROM (yay!)
Congrats! You are now using xiaomi.eu ROM!
7) Set up Google Pay
There's still one last obstacle. It seems that even though we can pass SafetyNet, Google Pay still doesn't want to work.
As of this post, I have tried this fix and it works.
Make sure Google Pay app has already been installed and run once.
a) Install Magisk Manager
i. Open the App and then download the Magisk zip file.
ii. Send the phone into recovery. Power down the phone, then power button + vol up button at the same time.
iii. Select Install menu, then select the Magisk zip file and slide to confirm flash. When done, select "Reboot to system".
b) Open Magisk app, then under Downloads, find and install busybox. Reboot phone.
c) Download the gpay sqlite fix (more reading here)
d) Open Magisk app, go to Modules, press on the + button to custom select a module. Select file manager, then browse to the downloaded zip file. When done flashing, reboot phone.
OPTIONAL: If you don't want Magisk, you can uninstall it now. After the phone reboots, you can begin to setup contactless payment.
If you want to keep Magisk, then you should hide Magisk Manager and all other apps that check for rooting i.e. Google Pay and other banking apps.
TIP: You need to change the NFC method if you want to use Google Pay
Under Settings, go to Wireless & Networks -> More -> Secure element position -> Use HCE Wallet.
Click to expand...
Click to collapse
You no longer need to apply for unlock permissions. This has been the case for a few months. I've no idea why Xiaomi don't take down the unlock request page.
---------- Post added at 03:04 PM ---------- Previous post was at 03:02 PM ----------
karltabby said:
im having issue with twrp, i flashed it successfully and boot to the system(rom) but when i try to boot to recovery the stock recovery overwrites twrp, flashed 4x same result, how to fix this?
Click to expand...
Click to collapse
MIUI will restore stock recovery on reboot. After flashing TWRP immediately boot into TWRP and install Magisk. This will prevent stock MIUI from restoring stock recovery.
karltabby said:
your have mi accnt of the previous owner
Click to expand...
Click to collapse
The phone was sealed when I got it and boot loader was unlocked. On a Paypal dispute.
Robbo.5000 said:
You no longer need to apply for unlock permissions. This has been the case for a few months. I've no idea why Xiaomi don't take down the unlock request page.
Click to expand...
Click to collapse
can you share the link to this? i wouldn't dare to try flashing a custom ROM without unlocking
karltabby said:
im having issue with twrp, i flashed it successfully and boot to the system(rom) but when i try to boot to recovery the stock recovery overwrites twrp, flashed 4x same result, how to fix this?
Click to expand...
Click to collapse
you cannot boot into system after flashing twrp. on the official ROM they will restore to the official recovery. you need to flash a custom ROM like xiaomi.eu while in TWRP, then boot into system.
Gooners4life said:
Same here and flipping bought my phone from Ebay and its now locked to Mi account
Click to expand...
Click to collapse
same how? could you get into TWRP? you need to sign out of the mi account
ionflux said:
you cannot boot into system after flashing twrp. on the official ROM they will restore to the official recovery. you need to flash a custom ROM like xiaomi.eu while in TWRP, then boot into system.
Click to expand...
Click to collapse
If i flash eu rom while on twrp after reboot twrp will stay as default recovery? Someone tol me to flash "descript" i have no idea what it is
ionflux said:
can you share the link to this? i wouldn't dare to try flashing a custom ROM without unlocking
Click to expand...
Click to collapse
You still need to unlock the bootloader and you will most likely need to wait to unlock it, probably 7 days. But you no longer need to apply for unlock permissions for your Mi account.
There are still a lot of Xiaomi bootloader unlock How-to articles being written that tell you to go to the Xiaomi bootloader unlock permission webpage and apply for unlock permissions for your Mi account. This is not necessary anymore.
---------- Post added at 06:06 PM ---------- Previous post was at 06:01 PM ----------
ionflux said:
you cannot boot into system after flashing twrp. on the official ROM they will restore to the official recovery. you need to flash a custom ROM like xiaomi.eu while in TWRP, then boot into system.
Click to expand...
Click to collapse
If you want to keep an official ROM, then you need to install Magisk.
Though if you are not installing a custom ROM or you're not installing Magisk, then I'm not sure why you'd be installing TWRP.
I am having this slight issue of restarting my device of freezing at the redmi logo for awhile and the phone just shuts down, if i try to power the phone for a couple of times then it will bbot up, can you help me out how to solve this? Im still on stock rom/recovery
---------- Post added at 11:53 PM ---------- Previous post was at 11:28 PM ----------
am having this slight issue of restarting my device of freezing at the redmi logo for awhile and the phone just shuts down, if i try to power the phone for a couple of times then it will bbot up, can you help me out how to solve this? Im still on stock rom/recovery, this problem started after i flashe twrp a couple of times i am unlocked btw
Robbo.5000 said:
You still need to unlock the bootloader and you will most likely need to wait to unlock it, probably 7 days. But you no longer need to apply for unlock permissions for your Mi account.
There are still a lot of Xiaomi bootloader unlock How-to articles being written that tell you to go to the Xiaomi bootloader unlock permission webpage and apply for unlock permissions for your Mi account. This is not necessary anymore.
Click to expand...
Click to collapse
How do you find the official link to download the unlock tool or trigger the countdown if you don't do the apply?
Robbo.5000 said:
If you want to keep an official ROM, then you need to install Magisk.
Though if you are not installing a custom ROM or you're not installing Magisk, then I'm not sure why you'd be installing TWRP.
Click to expand...
Click to collapse
I'm quite certain this thread is about how to flash a custom ROM and I was explaining why the user was having trouble entering TWRP and kept returning to the official recovery. Perhaps you want to clarify why you're talking about magisk on an official ROM?
karltabby said:
If i flash eu rom while on twrp after reboot twrp will stay as default recovery? Someone tol me to flash "descript" i have no idea what it is
Click to expand...
Click to collapse
Yes, that's how it worked for me. I am not aware of a "descript".
karltabby said:
I am having this slight issue of restarting my device of freezing at the redmi logo for awhile and the phone just shuts down, if i try to power the phone for a couple of times then it will bbot up, can you help me out how to solve this? Im still on stock rom/recovery
---------- Post added at 11:53 PM ---------- Previous post was at 11:28 PM ----------
am having this slight issue of restarting my device of freezing at the redmi logo for awhile and the phone just shuts down, if i try to power the phone for a couple of times then it will bbot up, can you help me out how to solve this? Im still on stock rom/recovery, this problem started after i flashe twrp a couple of times i am unlocked btw
Click to expand...
Click to collapse
After you flash TWRP and the phone enters into TWRP, can you install a custom ROM?
I thinki can i just did not flash any custom rom atm, im scared that i might brick my device since im experiencing this freezing at the redmi logo
ionflux said:
How do you find the official link to download the unlock tool or trigger the countdown if you don't do the apply?
I'm quite certain this thread is about how to flash a custom ROM and I was explaining why the user was having trouble entering TWRP and kept returning to the official recovery. Perhaps you want to explain clearer why you're talking about magisk on an official ROM?
Click to expand...
Click to collapse
If you want to be safe and download the unlock tool from the Xiaomi site, then yes you are forced to fill the request for unlock permissions before you can access the download. But there are plenty of reliable sources where you can download the unlock tool.
When you create a Mi account it now has unlock permissions automatically.
The countdown will start when you 'Add Device' in the Mi Unlock Status screen within the Developer Options settings. In the last 3 months I've unlocked 2 Xiaomi phones and I've never applied for unlock permissions.
The user with the problem of losing TWRP did not mention whether they want to install a custom ROM or stay on stock. They may have been using your guide only for the TWRP installation. I was giving the information, should they wish to stay on stock.
Hi @ionflux. I tried this and still got an error from gpay saying device has been rooted or altered in some way. I am on stable china rom with magisk and unlocked bootloader. When installing the sqlite fix I get a message in magisk saying sqlite3 binary is not found
karltabby said:
I thinki can i just did not flash any custom rom atm, im scared that i might brick my device since im experiencing this freezing at the redmi logo
Click to expand...
Click to collapse
If you get in to trouble with your phone, then you can restore your phone by installing an official fastboot ROM. If you have bricked your phone, but can boot to the fastboot screen and have a unlocked bootloader, then you can restore the phone this way.
Download the latest official fastboot ROM from here.
https://forum.xda-developers.com/k2...irmware-10-3-8-0-9-6-13-t3939647/post79726515
Then follow this guide to flash the ROM via fastboot.
http://en.miui.com/a-234.html
In step 5 you need to make sure the option at the bottom is 'Clean All', otherwise you will lock the bootloader again.
Is there a situation that flashing twrp acouple times will mess up the device? Ive just experience this freezing after i flash twrp like 7x,do you think i can just dive in and flash eu rom? My bl is unlocked so that makes my devices restorable?
karltabby said:
Is there a situation that flashing twrp acouple times will mess up the device? Ive just experience this freezing after i flash twrp like 7x,do you think i can just dive in and flash eu rom? My bl is unlocked so that makes my devices restorable?
Click to expand...
Click to collapse
Normally, installing TWRP shouldn't cause issues, it's irrelevant how many times you try and install TWRP. I would say go ahead and flash an eu ROM. If you still have freezing issues when booting, then restore the phone and see if that fixes it. If so then start again with the TWRP and eu ROM install.
Ah, So You've rooted your 6.1 Plus/X6 but don't know how to Install stock or having troubles with it? I'm here to help!
*All of the instructions and procedures below requires an unlocked bootloader. If you do not have an unlocked bootloader, Please refrain from asking about it here.
*Not having an unlocked bootloader and following this will definitely brick your phone. You have been warned.
Installing Stock ROM - Method 1A(Nost) --
1. Get NOST from here - NOST
2. NOST ONLY SUPPORT OREO FIRMWARE, USE OST LA FOR PIE(Not sharing cause its a patched app, Search on Google and get it from TechMesto)
3. Download unpacked oreo firmware, You can get it from - Here
4. Extract the zip on your PC
5. Put your phone in bootloader mode, Power off - Press Volume Down+Power Button.
6. Now connect it to your PC
7. Open NOST, Select the .mlf file from the folder where you extracted the Firmware
8. Now select, Normal download and Erase User data option.
9. Now click on next and wait for NOST to flash the phone. (It takes 258 seconds or 2.3 - 2.5 minutes on my laptop)
Installing Stock ROM - Method 1B(OST LA) --
Same as NOST, It has the same UI.
Except You might have to change some values in the .mlf file.
An appropriate guide for the same - Here
Installing Stock ROM - Method 2(Hikary's Generic Flashing Script) --
I recommend this method more than NOST and OST LA.
1. Get Hikary's script from - Here
2. Get unpacked Firmware from - Here
3. Extract the Firmware
4. Put the .exe file you got from Github into the folder where you Extracted the firmware
5. Run the script
6. Follow instructions on screen
7. Profit!
Thanks alot to member - Hikary for this easy to use scipt!
You've installed Stock, Now let's add some magisk to it !
*Please disable Automatic System Updates through developer options to make taking OTA .zips easier.
Installing Magisk - Method 1A(Fastboot method) -
You will need Google's ADB drivers, Which you can get - Here/
1. Extract ADB to a Folder
2. Get Magisk patched boot images from - Here Don't worry, Boot images for Nokia 7 Plus will work on DRG(6.1 Plus/X6) and PL2(6.1)
3. Open adb(Type cmd in the address bar of the folder where you extracted adb)
4. Put your device on Download mode
5. type the command
Code:
fastboot boot 'nameofbootimage'.img
6. Now your phone will boot
7. Install Latest Magisk Manger from - [https://www.github.com/topjohnwu/magisk/releases]Here[/url]
8. Open Magisk Manger, You will see Magisk is installed, But there will also be an Install Button next to it. Tap on Install.
9. Let Magisk Install and re-boot the phone
10. Viola Magisk is now permenantly available
Installing Magisk - Method 1B(TWRP method) -
You will need Google's ADB drivers, Which you can get - Here/
1. Get the latest TWRP for 6.1 Plus
2. Get the Latest Magisk Installer from - [https://www.github.com/topjohnwu/magisk/releases]Here[/url]
3. Put the .zip file to your Internal Storage/SD Card
4. Open adb and pass the command
Code:
fastboot boot "nameofrecoveryfile.img"
5. Now TWRP will open on your phone
6. Install Magisk through TWRP
7. Wipe Dalvik
8. Reboot
9. Profit
Now you've got magisk. Follow the next post to see how to take an OTA update with Magisk Installed.
Nokia 6.1 Plus is an Android One certified device. Nokia is no slouch either when it comes to issuing updates. Learn how to take OTA without losing root.
1. Turn of Auto System updates through Developer options
2. Open Magisk Manager
3. Restore Stock Images but don't reboot.
4. Download and install, Let both the steps finish i.e applying update and apps, but don't reboot.
5. Go to magisk manager and select install to inactive slot option
6. Re-boot device.
7. You've not lost root, But have root access.
Done
CarbonGTR said:
Nokia 6.1 Plus is an Android One certified device. Nokia is no slouch either when it comes to issuing updates. Learn how to take OTA without losing root.
1. Turn of Auto System updates through Developer options
2. Open Magisk Manager
3. Restore Stock Images but don't reboot.
4. Download and install, Let both the steps finish i.e applying update and apps, but don't reboot.
5. Go to magisk manager and select install to inactive slot option
6. Re-boot device.
7. You've not lost root, But have root access.
Done
Click to expand...
Click to collapse
I don't see any option to restore stock images or install to inactive slot in Magisk. Am I missing something?
Hymix said:
I don't see any option to restore stock images or install to inactive slot in Magisk. Am I missing something?
Click to expand...
Click to collapse
Open Magisk Manager, Tap on Uninstall. You will see 2 options, Complete Uninstall and restore stock images.
*Nevar tap on the complete uninstall option, It will throw your phone into bootloop
To install to inactive slot, Tap on install, You will get 2 options, Release Notes and Install. Tap on Install again and select install to inactive slot, Reboot from within Magisk Manager.
The simplest way I've found to install Stock Rom is just using adb sideload.
Boot into TWRP and wipe as you would with any custom rom.
Go to advanced and adb sideload.
Send the adb sideload command from your computer with the relevant zip file.
Doesn't require any additional softward like NOST or OST....
Hymix said:
The simplest way I've found to install Stock Rom is just using adb sideload.
Boot into TWRP and wipe as you would with any custom rom.
Go to advanced and adb sideload.
Send the adb sideload command from your computer with the relevant zip file.
Doesn't require any additional softward like NOST or OST....
Click to expand...
Click to collapse
But does it also install the bootloader and stock recovery back? If yes then I'll add it to the post above.
CarbonGTR said:
But does it also install the bootloader and stock recovery back? If yes then I'll add it to the post above.
Click to expand...
Click to collapse
That's a good question. I've just been using stock and hadn't considered it. How would one check that?
Sent from my Nokia 6.1 Plus using Tapatalk
Bluebriz said:
That's a good question. I've just been using stock and hadn't considered it. How would one check that?
Sent from my Nokia 6.1 Plus using Tapatalk
Click to expand...
Click to collapse
It's easy. Get an OTA .zip file, Re-Boot to recovery and flash it. Or Use the ADB Sideload method.
Most likely installing the OTA would fail if the device is rooted because, Magisk will patch the boot.img.
Then I'll need to wait for another update, the September one, right? Because I installed it with ADB and have Magisk installed so I don't really want to mess with it until I have to.
Sent from my Nokia 6.1 Plus using Tapatalk
Bluebriz said:
Then I'll need to wait for another update, the September one, right? Because I installed it with ADB and have Magisk installed so I don't really want to mess with it until I have to.
Click to expand...
Click to collapse
I just took an OTA with Magisk installed it went fine. (September patch)
OK, then it doesn't seem to work. Trying to follow the steps, the system update gives an installation error. I'm guessing that somewhere along the road I've messed something up, so it seems stock rom and Magisk isn't an option for me.
Hymix said:
OK, then it doesn't seem to work. Trying to follow the steps, the system update gives an installation error. I'm guessing that somewhere along the road I've messed something up, so it seems stock rom and Magisk isn't an option for me.
Click to expand...
Click to collapse
Restore images before you do anything, If installation fails keep trying again. It happens to me to.
CarbonGTR said:
Restore images before you do anything, If installation fails keep trying again. It happens to me to.
Click to expand...
Click to collapse
Really? I did the restore via Magisk and that seemed fine, but then the update part didn't work. It downloaded then gave the error so I quit and started again with a fresh installation, minus Magisk.
Sent from my Nokia 6.1 Plus using Tapatalk
Have you guys modified the system/vendor partition in any way? If you did, Then it will obviously fail.
@Bluebriz and @Hymix I agree. It's the september security patch causing the installation issue.
It fails for me no matter what, Unless I completely un-root. But this method works perfectly fine on the August update.
Lets see for the October patch.
Okay, I can specifically narrow this down to way the September patch. The september patch requires the August security patch as a precondition to install. And that's where something funky is happening.
Guys a quick update. October update has been released but it also fails to install. This time I've managed to find the cause, Apparently some service that needs to be used for the update is being blocked/used by Magisk. (I could be wrong here)
The error code according to the recovery is 20(kDownloadStateInitializationError)
Is there any update to this issue?
Tried removing Magisk, didn't help.
Yesterday I got November security update ..iam using magisk...so it is showing installation problem...I tried in recovery and ADB method both didn't work.. finally I ended in bootloop ...so I again installed stock ROM...any solution is there without resetting each time how to install security updates..coz each time my data balance was wasted??