Bypass bootloader guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz.
A little bit of disclaimer......
Appender is for those who are currently using bypass bootloader hack above, so there is no need of manually appending blocks to boot image/recoevry image after every flash. Appender automatically appends the 4k bytes to boot image and recovery image.
NOTE: DO NOT QUOTE WHOLE POST OR I WILL IGNORE
Appender-v4 Download below
Changelog:
Appender-v4
*Fixed Appender on system-as-root boot images (Appender breaks GSI with system-as-root, don't use GSI)
*Improved overall code
Appender-v3
*Initial test version
Recommended twrp: Pitch black recovery
Link
Appender-v4.zip is for boot image
Appender-v4-rec.zip is for recovery image
Appender Usage
1. Flash rom
2. Flash magisk for root (skip if you don't need root)
3. Flash custom kernel (skip if you don't need custom kernel)
4. After that flash Appender-v4.zip
5. Reboot
Appender Recovery Version Usage
1. Flash recovery image
2. Flash Appender-v4-rec.zip
3. Reboot Recovery
CAUTION: Appender must be flashed EVERY time you modify boot image or recovery image.
And don't forget to press thanks if this tool has helped you
Reporting errors.
After flashing appender, send the file /cache/recovery/last_log if Appender didn't worked, and also metion the issue you are facing.
Credits and thanks
@osm0sis for Anykernel3
@xaacnz for bypass bl guide
steeldriver (stackexchange) for helping me with commands
busybox team
Old method
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf 'x30x83x19x89x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf 'x30x83x19x89x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing, use recommend twrp above
If you get error related to ramdisk compression, use Appender-v4 or above
XDA:DevDB Information
Appender for Redmi 5A (bypass bootloader), Tool/Utility for the Xiaomi Redmi 5A
Contributors
saurabh6377
Version Information
Status: Beta
Current Beta Version: 4
Beta Release Date: 2019-09-29
Created 2019-09-28
Last Updated 2019-09-29
Reserved
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor for android/linux/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note3: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
Let me verify this, I will update the guide once this is verified.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
_saurabh__._ said:
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
Click to expand...
Click to collapse
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Sonu1123 said:
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Click to expand...
Click to collapse
Yes you can install xposed. Simple rule of thumb is that you can flash anything that does not touch boot image and xposed doesn't it only writes to /system partition so no issues.
Xposed is not available for pie yet, but the unofficial EdXposed magisk module was tested by me and it works good on pixel experience.
Kindly ask you to upload some zip file to your OP, containing following files:
- tmp\hack_splash.xml
- tmp\prog_emmc_firehose_8917_ddr.mbn
- tmp\recovery.img
- tmp\splash.img
- tmp\twrp.xml
- fh_loader.exe
- QSaharaServer.exe
- a text file containing steps 9-11 and link to xaacnz thread (for credits)
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor(Note2) for android/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Please upload the patched files.
- hack_splash.xml
- recovery.img
- twrp.img
- splash.img
- twrp.xml
It really helps me to know how to append blocks.
Please upload these files for us.
Thanks and regards.
Anshu lakra said:
aIecxs said:
Dude, youre waiting for 2 months, wish i could help you... Maybe here more better luck?
https://forum.xda-developers.com/showthread.php?t=3911660
Click to expand...
Click to collapse
Have you flashed custom ROM ?
---------- Post added at 03:54 AM ---------- Previous post was at 03:52 AM ----------
Nobody is uploading or posting link.
Click to expand...
Click to collapse
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
aIecxs said:
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
Click to expand...
Click to collapse
Thanks sir i am waiting .
saurabh6377 said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
NOTE: YOU NEED TO FOLLOW THE ABOVE GUIDE IF YOU HAVEN'T, THEN COME BACK HERE
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf '\x30\x83\x19\x89\x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
script .you promised script. are looking forward to !!! You are welcome
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
not necessary there is official unlock tool from xiaomi
aIecxs said:
not necessary there is official unlock tool from xiaomi
Click to expand...
Click to collapse
This is for those who weren't successful unlocking via official method.
osm0sis said:
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
Click to expand...
Click to collapse
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
osm0sis said:
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Click to expand...
Click to collapse
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Click to expand...
Click to collapse
Cool. I just worry what that stuff intended for tuna (Galaxy Nexus) could do. If you don't need to touch the ramdisk you could just use split_boot; so it doesn't unpack the ramdisk unnecessarily.
You can use repack_ramdisk; (if unpacked) and flash_boot; instead of write_boot; to get more granular control and be able to act on the final image before flash. :good:
Good luck with your exams! :fingers-crossed:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Click to expand...
Click to collapse
Well that's not necessarily an AnyKernel "thing" because it's a vendor partition modification, but yeah you could do that somewhere in anykernel.sh as part of a flash if you want, just remember to mount vendor rw first and back to ro after. The AK3 patch_fstab function might work for you.
Hey ges any video for this step?
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
Related
I'm trying to root my M5 (SHT-W09, C567). I have unlocked the bootloader and installed Magisk but am having problems extracting and patching the ramdisk.img file. I would appreciate anyone who could double check my steps or see if they spot my error.
Here is what I have done.
1) Using HFF, downloaded, the Update.zip file (full image), size is approximately 4 GB.
2) Copied image over to Windows laptop
3) Downloaded Huwei Image Extractor
4) Set image extractor to unknown profile
5)Under settings, unchecked verify header and file checksum
6) The extractor extracted 33 files
Here is where I need assistance, how do I proceed? Do i need to .zip the ramdisk file and then copy it over to the tablet? I've attached an image of the files that were extracted. Any assistance would be appreciated.
Thanks,
Rick
@C5Longhorn you can now select the RAMDISK.img entry from that bundle and extract it to your PC. Then you copy that file by e.g
adb put RAMDISK.img /sdcard/
onto your device. Then you need to open Magisk-Manager (which you should have already installed on your device) and seldct the RAMDISK.img from /sdcard/ and a patched_boot.img will be created. This is the file which you later on need to flash back onto your device as ramdisk.img
AndDiSa said:
@C5Longhorn you can now select the RAMDISK.img entry from that bundle and extract it to your PC. Then you copy that file by e.g
adb put RAMDISK.img /sdcard/
onto your device. Then you need to open Magisk-Manager (which you should have already installed on your device) and seldct the RAMDISK.img from /sdcard/ and a patched_boot.img will be created. This is the file which you later on need to flash back onto your device as ramdisk.img
Click to expand...
Click to collapse
Ok, i copied the file to my computer desktop, and then attached device to computer and I copied into my SD card download folder but kept getting an error when I would run Magisk that it failed.
Do I need to use adb to push the file or does it not matter how it's copied. Maybe I'm placing in the wrong folder or need to zip file.
I'll try again and screenshot the messages. I really appreciate your help.
Sent from my Pixel 2 using Tapatalk
@C5Longhorn how you copy the file to your device doesn't matter. Do you have Magisk-Manager installed? Did you select the patch option and did you choose patch boot file and did you select the RAMDISK.img as the file to be patched? What is the error message Magisk-Manager is giving you? Did you use MagiskManager-5.7.0.apk?
Yes, to all. I'll capture and post the error I'm receiving when I can get back to the tablet. Thanks again.
Sent from my Pixel 2 using Tapatalk
I finally got it. I zipped the ramdisk file, moved it to Dropbox and then downloaded it locally to the tablet. I then went through the Magisk Manager process and it created the patched file.
I'm rooted now but notice I can't open Magisk without the app closing very quickly afterwards.
Is this normal? Also, I noticed "preserve AVB 2.0/dm-verity is not checked. Should it be?
Sent from my SHT-W09 using Tapatalk
I wiped the Magisk app data and now the app will open.
Sent from my SHT-W09 using Tapatalk
If run MagiskManager - run 1..2 second - self-close : it's a bug.
The new Version is 5.8.0 and i hope it's debuged.
The Bug is a optical Problem, root work.
Can version 5.8 be installed without losing root or do you have to repush the patched file again?
Sent from my Pixel 2 using Tapatalk
I installed 5.8 Magisk Manager and did not have to reload ramdisk image file.
Sent from my SHT-W09 using Tapatalk
2 Way for install Magisk
Way 1 : the device is new and TWRP is not available
download your build, extract "ramdisk.img" and copy on device (example: to "download")
download MagiskManager.App (actual 5.8.0), install, run and let MM modify the boot.img (in OREO is inside ramdisk.img)
fastboot flash ramdisk patched_boot.img
Way 2 : install "twrp_p10_0.1.img"
fastboot flash recovery_ramdisk twrp_p10_0.1.img
boot to recovery (TWRP) and TWRP-Install Magisk-v16.0.zip (actual)
this 2 way work on my device CMR-AL09 8.0.0.161(C432)
i use way 1 if device new on market and twrp not available
if twrp available i use way 2
the core-question is : the build from your device
extract from your-build full-update "ramdisk.img"
All Huawei/Honor with OREO have the same OS, but the build is different
HI,
I would like to update my mediapad to the latest update available.
However, you can't update through the official updater when you're root.
Can i flash back the original ramdisk.img and do the official update, then root it back with the new ramdisk.img patched ?
Tanogeek said:
HI,
I would like to update my mediapad to the latest update available.
However, you can't update through the official updater when you're root.
Can i flash back the original ramdisk.img and do the official update, then root it back with the new ramdisk.img patched ?
Click to expand...
Click to collapse
Normally when there are changes on the ramdisk.img a full update image will be installed by the OTA update process. Your proposed way will be probably sufficient to get only the delta update.
How to flash phh's system arm64-A/B GSI on the Redmi 9's (lancelot) dynamic system partition
All the development credits for this GSI go to @phhusson. For more information head over to his thread.
Bugs:
• Auto brightness (works with an overlay)
• Brightness slider
• Headphone jack
• Offline charging?
• VoLTE?
For bug fixes refer to Post #2 or search for reported bugs on Phh's treble experimentations issues tracker on GitHub.
What is working:
Everything else
WARNING:
Only proceed if you know what you are doing! Be aware of the risks associated to unlocking your bootloader. Ensure to have the MIUI Fastboot ROM downloaded to restore your device in case it soft bricks. All your data will be deleted during the process so a backup is essential. Charge your device to at least 50% before proceeding.
Requirements:
1) Unlocked bootloader here
2) Latest Android platform tools here
3) MIUI stock recovery (maintain it to be able to boot into userspace fastboot)
4) Xiaomi fastbootd drivers here
5) Phh-Treble GSI (Use a system-arm64-ab-gapps) here
6) vbmeta.img here
Steps:
Run the commands below within the platform-tools folder after enabling debugging in Developer settings on your phone.
1) adb devices (to authorize debugging)
2) adb reboot bootloader (to boot into fastboot mode)
3) fastboot reboot fastboot (to boot into userspace fastboot)
4) fastboot flash system system.img
5) fastboot -w
6) fastboot flash vbmeta vbmeta.img (use attached null vbmeta to disable avb)
7) fastboot reboot
Notes:
• First time boot takes 1 minute. phh's GSI has root by default however the logical system partition is read only. Any system mods should be done as Magisk modules systemlessly. A patched boot.img may cause bootlooping on Android 11 GSIs however Magisk now works fine even on R GSIs on MTK devices, thanks to @topjohnwu!
• System can be RW such as to push overlays. Thanks to the great phhusson!
• A better way to disable Android Verified Boot is by running below command using a stock vbmeta image file:
Code:
fastboot --disable-verification flash vbmeta vbmeta.img
Fixes:
I'll post fixes to bugs as suggested by users in this thread here.
• Brightness slider and headphone jack [Credit to @M47Z and @Shas45558] — Run code below in root ADB shell or any Terminal app on your phone:
Code:
su
setprop persist.sys.qcom-brightness $(cat /sys/class/leds/lcd-backlight/max_brightness)
setprop persist.sys.overlay.devinputjack true
reboot
• Note that CAOS by @eremitein has the above fixes integrated and is based on phhusson's AOSP.
How is the performance .any lag ?
Once you boot there are no lags. FYI my device is only 3 GB RAM. I just observed that booting is a little faster with the lighter Phh-Treble system installed as compared to Havoc. Maybe that's something for you to consider.
nielsync said:
Once you boot there are no lags. FYI my device is only 3 GB RAM. I just observed that booting is a little faster with the lighter Phh-Treble system installed as compared to Havoc. Maybe that's something for you to consider.
Click to expand...
Click to collapse
Is your headphones work??is brightness work?
Headphones not working but good enough BT audio works with speakers. Haven't tested in call audio on BT earphones though. Also not sure about USB-C audio output. Someone who has tested can share with us. Brightness is also broken.
I need testers
I built the overlay but I need testers to see if the overlay is working
Overlay link : github.com/mehdiFa-web/overlay
Mido2222 said:
I built the overlay but I need testers to see if the overlay is working
Overlay link : github.com/mehdiFa-web/overlay
Click to expand...
Click to collapse
Edit: Not working. Refer to post #18 for info.
Mido2222 said:
I built the overlay but I need testers to see if the overlay is working
Overlay link : github.com/mehdiFa-web/overlay
Click to expand...
Click to collapse
how did you pushed it into /vendor/overlay/ ?
I get the permission denied error everytime with adb and with any root file explorer on the phone too.
kW_ said:
how did you pushed it into /vendor/overlay/ ?
I get the permission denied error everytime with adb and with any root file explorer on the phone too.
Click to expand...
Click to collapse
I didn't test it I just build it . You should have root just copy it into your phone's /system/overlay/, and set permission to rw-r--r-- / 0644. If you can't then maybe we can't edit system partition . You can use root explorer.
Well. I can't change permissions and copy it. I have seen that other roms doesn't have read only on the system partition so i will try it later. Lineageos is one of these roms maybe.
Gsi will not boot with magisk_patch boot.img.....
So no root access......
How you push file into system or vendor??
Shas45558 said:
Gsi will not boot with magisk_patch boot.img.....
So no root access......
How you push file into system or vendor??
Click to expand...
Click to collapse
Phh-Treble has root so you are good to go. On the other hand without flashing a custom recovery I got root on Havoc-OS through flashing the patched boot image and even installed a module in Magisk manager without any issues. Its just that the way the system partition is mounted on these new phones released with Q makes it almost impossible to modify it. Let a genius surprise us.
nielsync said:
Phh-Treble has root so you are good to go. On the other hand without flashing a custom recovery I got root on Havoc-OS through flashing the patched boot image and even installed a module in Magisk manager without any issues. Its just that the way the system partition is mounted on these new phones released with Q makes it almost impossible to modify it. Let a genius surprise us.
Click to expand...
Click to collapse
In my case when I flash patch boot my gsi wili not boot....
What gsi are you use?? Give the link plz
@nielsync
So im a genius nd going to surprise you if anyone wants to modify system partition then custom recovery is must required e.g in Twrp mount /system , /vendor then go to file manager in twrp i forgot the name of tab in which you ll find the filemanager you can find it yourself lmao ,then select the file by finding in ur storage nd then copy and paste it in desired location and then after pasting go to path where you pasted it,Select it and give it 0644 permissions and restart ..Boom.( I think root is necessary because without root the changes revert )
Abdul [email protected] said:
@nielsync
So im a genius nd going to surprise you if anyone wants to modify system partition then custom recovery is must required e.g in Twrp mount /system , /vendor then go to file manager in twrp i forgot the name of tab in which you ll find the filemanager you can find it yourself lmao ,then select the file by finding in ur storage nd then copy and paste it in desired location and then after pasting go to path where you pasted it,Select it and give it 0644 permissions and restart ..Boom.( I think root is necessary because without root the changes revert )
Click to expand...
Click to collapse
File manager is in Advanced tab of TWRP. In theory and in devices released with the now old partition structure it was that simple. You have a right to claim anything Mr. Genius You seem to be ahead of even @Dees_Troy and his team over at TWRP despite this wonderful explanation!
Shas45558 said:
In my case when I flash patch boot my gsi wili not boot....
What gsi are you use?? Give the link plz
Click to expand...
Click to collapse
I've used both Phh-Treble and Havoc-OS and can confirm that Magisk works on both without any issues. My boot image was already patched on MIUI so I only installed the manager application each time after flashing the GSI. See screenshots of Magisk Manager on Phh-Treble below.
Mido2222 said:
I built the overlay but I need testers to see if the overlay is working
Overlay link : github.com/mehdiFa-web/overlay
Click to expand...
Click to collapse
no it does not work
i mount the gsi system file on linux via loop disk...
then i place your apk /system/overly/
but the brightness is not work...
you can mount raw img file on linux ......
first creat folder on root via this cmd..
sudo mkdir /mnt/system
mount system.img via this cmd
sudo mount system.img /mnt/system
now you can edit system.img via root permission via this cmd...
sudo nautilus
now a file manager pop up with root
go to /mnt/system
copy your file where you want...and unmount via this cmd...
sudo umount /mnt/system
Thanks @Shas45558 for confirming that, it's still difficult to mod the installed system on the phone itself. I tried and got a 'permission denied' error via terminal in a custom recovery.
nielsync said:
Thanks @Shas45558 for confirming that, it's still difficult to mod the installed system on the phone itself. I tried and got a 'permission denied' error via terminal in a custom recovery.
Click to expand...
Click to collapse
That's why I use pc with Linux and do the above things to puss the file inside system.img....
Hey,
is there a simple way to flash a new kernel / boot.img using TWRP by script / openrecoveryscript? I can select "Install Image" in the UI and flash the boot.img just fine, but I want to script that so I can flash devices easily or even remotely just by uploading the openrecoveryscript and the image to flash.
The documentation at https://twrp.me/faq/openrecoveryscript.html is pretty useless, it doesn't even mention that '/cache/recovery/openrecoveryscript' will be executed by TWRP.
The install command expects a zip file, the restore command a TWRP backup.
Any ideas? Thx
TWRP's OpenRecoveryScript ( read: command line ) support is great.
It's source code here:
Team-Win-Recovery-Project/openrecoveryscript.cpp at android-5.0 · TeamWin/Team-Win-Recovery-Project
Core recovery files for the Team Win Recovery Project (T.W.R.P) - this is not up to date, please see https://github.com/TeamWin/android_bootable_recovery/ - Team-Win-Recovery-Project/openrecoverysc...
github.com
IMO the mentioned TWRP recovery command line guide isn't useless as you claim.
Using a simple text file, saved in the /cache/recovery/ directory with the name openrecoveryscript, the TWRP recovery can be instructed to execute the described set of commands during the startup, e.g. the installation of a ZIP archive such as a ROM, or the deletion of a partition.
@jwoegerbauer I think you want to refer to https://github.com/TeamWin/android_bootable_recovery/blob/android-10.0/openrecoveryscript.cpp instead, as https://github.com/TeamWin/Team-Win-Recovery-Project ist not maintained if I understand it correctly.
However, I don't want to read the source to find out how to (not) flash a boot.img using TWRP without the UI.
If I understand the docs correctly, TWRP does not support flashing images. It supports restoring backups and installing zips.
I've also tried to find out if there is an easy way to convert the boot.img to an installable zip or TWRP recovery, but so far I've not succeeded.
Do you know an answer to this?
Use Fastboot to flash boot.img
I can't use fastboot as the device (Samsung) does not support it and it would also require physical access.
So far my workflow is to flash the image to a device I have by hand (manually), create a backup of the boot partition with TWRP (manually), download it and then deploy the backup to remote devices via adb and restore them on reboot via the openrecoveryscript.
My workflow would be simplified if could remove the need for the manual process that creates an image/backup that can be flashed remotely.
Well, I found a simpler way to flash the kernel / boot.img directly within the os. I can simply overwrite the partition:
adb push boot.img /sdcard/boot.img
adb shell su -c "dd if=/sdcard/boot.img of=/dev/block/mmcblk0p14"
Don't even have to reboot the device...
For those wondering from where to get the block-device... See ls -l /dev/block/platform/msm_sdcc.1/by-name/ ("msm_sdcc.1" part may be different)
this is a guide for some user running stock Realme UI 2 on rooted device. while stock recovery wont work after unlocking bootloader and magisk installed (UPDATE: apparently stock recovery are working but you have to wait around 30minutes in order to boot into it). the only option for us is using custom recovery. but custom recovery wont recognize the updates because it's unusual format and its unusual location. Be careful!! I'm not responsible for any damage you may encounter doing this guide. I will try to help as far as I could do
(this guide are documentation from rui2.0 c.09 to c.15 update. where rui1.0 to rui2.0 upgrade im using stock recovery )
first of all, we need to download updates from ota server. simply enter Settings app, scroll down and select Software update. wait untill finished, you'll be prompted to install when it's done. but don't have to do that, it only reboot to recovery doing nothing.
now preparing the updates.
the downloaded files are located inside
Code:
/data/ota_package/OTA/.otaPackage
there are 6 files (may vary) and all of them are flashable zips except system_vendor that needs slight modification. copy or move those files to internal or external storage (i personally put those files on /sdcard/updates/). then add .zip extension by renaming (put ".zip" in the end of file name).
modifying system_vendor.zip
extract system_vendor into separate folder. after that, navigate to META-INF/com/google/android/ now edit updater-script replace RMX2151L1 (or similar) with RMX2151 to avoid installation errors. on TWRP, this phone is only recognized as RMX2151 regardless it's actual phone model ( it needs confirmation from other realme 7 users ).
now back to system_vendor folder and replace vbmeta.img file with vbmeta from attachment. after doing all steps simply repack all files and folder into zip with normal compression parameter. (you don't have to replace vbmeta file, but you have to flash modified vbmeta after that to avoid bootloop)
all files are ready to flash using TWRP (or your own preferred custom recovery). flashing this zip might replace bootloader with stock so flashing Magisk are preferred or you'll lose root access.
the intention of making this thread are opening discussion about realme updates. maybe someone out there could make all those steps simpler and easy enough
hi all,
I have a Xiaomi 12T not 12T Pro and I want to root it .
Unpack boot.img patch it with magisk app then flash it through adb
Same problem here...
TUFF8GONG said:
Unpack boot.img patch it with magisk app then flash it through adb
Click to expand...
Click to collapse
Could you please explain in a basic way how to do it?
Unfortunately, it is frustrating that there is no TWRP for the (very good) MediaTek 8100 processor...
After several unsuccessful attempts, this worked for me:
1. unlock the bootloader
2. install the system that we are going to root
3. install the Magisk app (apk)
4. in the computer, "extract" the boot.img from the firmware that we have installed
Attention: boot.img for modification in the magisk app is downloaded from the correct (installed) firmware
5. copy this boot.img to the smartphone
4. in the Magisk application, we point to the copied boot.img file. The magisk application will modify this file and rename it (we look for the image in the download folder, rename it to boot.img, copy the file to the PC)
Attention: Install the adb drivers - there will be an adb folder on the c: drive, put the patched boot.img file there.
5. put the smartphone in fastboot mode
6. run the command line on the PC and enter the command:
fastboot flash boot boot.img
We have root access in Xiaomi 12T!