* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* Please do some research if you have any concerns about features included in the products you find here before flashing it!
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.
* Same statement for XDA.
Required Downloads:
Download ADB & Fastboot files.
Motorola USB Drivers
Download the latest Moto G8 Play Stock ROM and move it to the PC
1.- Extract and Patch Boot.image using Magisk
•First of all, download and extract the ROM to your PC.
•Attach your device via USB cable and copy only the boot.img file from the extracted folder to your device storage
•Launch Magisk Manager. When a popup appears asking to install Magisk, select INSTALL and choose install again.
•Tap on “Patch Boot Image File”.
Install patched boot image TWRP
•Navigate to internal storage and select your phone’s boot image that you transferred earlier.
•Wait for a couple of seconds. Magisk will start patching the boot image.
•Once the boot image has been patched, copy the “patched_boot.img” from the internal storage and replace it in the same extracted ROM folder on your PC.
2.- Install the Patched Boot Image on Moto G8 Play
•Now, extract the ADB & Fastboot tool, then move the patched boot image file to the same folder.
•Press and hold down the Shift key + right-mouse-click to open the command window/PowerShell.
•Next, enter the following command in order to flash the “patched_boot.img” to install Magisk and root your Android device:
fastboot flash boot_a patched_boot.img
fastboot flash boot_b patched_boot.img
*Please replace [patched_boot.img] with the name of the boot image file you downloaded followed by the .img extension.
•Wait for the flashing process to complete.
•Finally, type in the command to reboot your device.
fastboot reboot
That’s it.
hey, i tried this but i think i missed something and i ended in a bootloop
tried to flash many of stocks rom and still in bootloop, any help? or any tuto to follow? this site is empty /
first unlock the bootloader, then flash the rom
Unfortunately doesn't work... I have unlocked the bootloader, boot.img is from latest stock rom, Magisk Manager is up to date. Nothing bad happens after I flash and reboot, but Magisk Manager shows that "Magisk is NOT installed". Am I missing something else?
EDIT: I would like to add that while boot.img is 32MB in size, magisk_patched.img is only 15MB... makes me wonder.
didnt work for me, think i killed the phone aahaha
now its say "no bootable a/b slot" sad, and any firmware that i flash its the same, obv the bootloader is unlocked
seumenezes said:
Unfortunately doesn't work... I have unlocked the bootloader, boot.img is from latest stock rom, Magisk Manager is up to date. Nothing bad happens after I flash and reboot, but Magisk Manager shows that "Magisk is NOT installed". Am I missing something else?
EDIT: I would like to add that while boot.img is 32MB in size, magisk_patched.img is only 15MB... makes me wonder.
Click to expand...
Click to collapse
I have the same problem
Anyone ?
I have used this.commands but in the smartphone gives the message "command is not implemented" and the process dont work!
This doesn't work, it only will cause a bootloop on your cellphones, don't try it. If you already did it go to: https://forum.xda-developers.com/moto-g8-play/help/moto-g8-play-boot-loop-t4082055 you can restore to before
This causes bootloop
Who have this problem, contact me at [email protected] that i'll help you.
Como se cual es la ROM que tengo que descargar para mi telefono?
thedarkdestroyer said:
* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* Please do some research if you have any concerns about features included in the products you find here before flashing it!
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.
* Same statement for XDA.
Required Downloads:
Download ADB & Fastboot files.
Motorola USB Drivers
Download the latest Moto G8 Play Stock ROM and move it to the PC
1.- Extract and Patch Boot.image using Magisk
•First of all, download and extract the ROM to your PC.
•Attach your device via USB cable and copy only the boot.img file from the extracted folder to your device storage
•Launch Magisk Manager. When a popup appears asking to install Magisk, select INSTALL and choose install again.
•Tap on “Patch Boot Image File”.
Install patched boot image TWRP
•Navigate to internal storage and select your phone’s boot image that you transferred earlier.
•Wait for a couple of seconds. Magisk will start patching the boot image.
•Once the boot image has been patched, copy the “patched_boot.img” from the internal storage and replace it in the same extracted ROM folder on your PC.
2.- Install the Patched Boot Image on Moto G8 Play
•Now, extract the ADB & Fastboot tool, then move the patched boot image file to the same folder.
•Press and hold down the Shift key + right-mouse-click to open the command window/PowerShell.
•Next, enter the following command in order to flash the “patched_boot.img” to install Magisk and root your Android device:
fastboot flash boot_a patched_boot.img
fastboot flash boot_b patched_boot.img
*Please replace [patched_boot.img] with the name of the boot image file you downloaded followed by the .img extension.
•Wait for the flashing process to complete.
•Finally, type in the command to reboot your device.
fastboot reboot
That’s it.
Click to expand...
Click to collapse
-----------
I tried it and I got a boot freeze after the boot flash.
I followed this tutorial and I could recover my ROM:
https://www.youtube.com/watch?v=54XLyaP4o2g&t=322s
Root Moto G8 Play
Seguir todos os passo do tutorial chegou a dar sucesso na instalação da patched mas ao abrir o magisk ainda não consta instalado ou seja não tá indo
Libni Souza, only English, please.
The same happened with me: the magisk didn't install successfully.
Magisk Not Installed - ERRORS IN GUIDE
1. THIS GUIDE CAUSES THE PHONE TO BOOTLOOP
Magisk Not Installed Error - ERRORS IN GUIDE * used updated magisk and give permissions
Don't use this guide. Not sure why it is still here.
could you send me the most current TWRP for Moto G8 play?
Hello. Sorry for grammar errors but i'm studying english right now.
For who do this tutorial and now have your moto G8 play brick, this can help.
youtube.com/watch?v=svtPdIVoloE
This tutorial works perfectly, you must flash the patched boot in the partition boot a and boot b. in case of bootloop you must flash the original boot from the rom that you downloaded earlier
(sorry i use google translator)
uma dica galera o cel deve está com bateria acima de 60%
I AM NOT RESPONSIBLE FOR ANY ERROR, DAMAGE OR LOST ON YOUR DEVICE!
Hello, I saw in the last posts that person couldn't install root in the Moto G8 Play, but I got it and I'll show how to do it.
First, you need the bootloader unlocked, if you don't know what is it, search in youtube how to do it.
Second, you need the motorola drivers, download here (run and install the file).
Third, you need the platform-tools with adb and fastboot, you can download here to Windows; here to Mac; here to Linux.
Get ready 'cause now it's time to pay attention because if you do something wrong, you'll get a bootloop.
First you need the ROM Stock (ROM Default), you have two ways to find it, the first is searching in Google "Moto G8 Play Rom Stock", I won't show a download link, 'cause it's variable, if I show a link, these link will be the brazilian ROM 'cause I'm from Brazil, but if you do this search, it'll work, the second option is downloading the Motorola Rescue and Smart Assintant. You just need to conect your cellphone in fastboot mode on your pc and open the Motorola Rescue and Smart Assintant, you select to rescue your device, log in your account and click to download ROM, the rom will be saved in a hide folder in Windows, you'll need to enable the hidden files. Follow those steps:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
After:
Perfect, now you're able to see the hidden folder. After you opened the app, selected the rescue, loged in your account and with your device connected in fastboot mode downloaded the rom (after you download ROM, don't click in rescue device, it'll format your data"), you'll open the file explorer, open the Windows "C:", now open the hidden folder "ProgramData", now the folder "RSA", now "Download" and for last "RomFiles", your rom will be there. Open your rom folder and copy "boot.img" file to your device in a place that you can access because you'll need to use this ".img". An additional: if your Windows is in english, maybe those files will be in the normal folder "ProgamData", I don't know how it works when the windows is in english. I think if Windows is in another language, ir create a hidden folder to install 'cause the default name to install is "ProgamData", but Windows in another languages don't have this folder 'cause the folder is in another language. As I said, I don't know how it works, person with windows in english, tell me how this folder is wrote to me fix this in the future, thank you.
All right, now, paste this file on your device.
Open Magisk and click in install:
Click in "Select and Patch a File":
Choose your "boot.img" file:
For last, wait it appear:
Now, open your cellphone folder on pc, open the "Download" folder, and copy the ".img" that Magisk generated. Extract platform-tools with adb and fastboot that you downloaded here to Windows; here to Mac and here to Linux.
Open platform-tools folder that you extracted
And paste the Magisk ".img" that you copied
Now reboot your cellphone in fastboot mode
In the platform-tool folder type "cmd" in the search bar and press enter, like this:
A window will be open:
Now, type: fastboot devices
It'll show if the device is connected
If the device is connect, start the commands in these order:
fastboot flash boot_a "your magisk.img name"
fastboot flash boot_b "your magisk.img name"
fastboot reboot
Now, if everything worked, the device will reboot
If device rebooted normally, follow those steps:
Open Magisk and click in install again:
Now click in "Direct Install (Reccommended)":
Now click in rebbot at the bottom right of the screen:
All right.
If device rebooted normally again, everything worked again.
Now, you can download a root tester in Play Store or you can download "Termux" (Linux terminal on Android) and type the command "su", if Magisk screen appear asking permission, it means it worked.
If the device enter in a bootloop, use the Rescue and Smart Assistant to rescue your cellphone, enter in the fastboot mode and open the app on pc, how you already had installed the ROM, you just need to click to start rescue, the app will flash the rom and the device will come back to the normal.
If you need some help, I'm here to answer you when you need and when I can.
Good luck, Android lovers!
Worked for me !! Thanks !! Now my Moto G8 Play Android 10 is rooted. I already had known this method by others generics guides and it has never worked before. Your guide differences are
1) partition name is boot_a and not simply boot
2) this device has 2 boot partitions: boot_a and boot_b differently others
.....
......
fastboot flash boot_a patched_boot.img
fastboot flash boot_b patched_boot.img
.....
.....
Best Regards
Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
NFO:
This Method does not need Root or Custom Recovery
You must have a Stock Boot Image Dump and you also have to be able to flash the patched Boot Image via Fastboot Mode
Requirements:
• ADB and Fastboot on your PC (for example Tiny ADB & Fastboot) [Thread]
•.Stock boot.img of your Device (extract File from Factory Image)
• Magisk Manager [Thread]
• Internet connection
• Bootloader unlocked [Thread]
• Developer Options > USB Debugging [Thread]
Patching the Stock boot.img:
1. Copy the Stock boot.img to your Phone's internal Storage
2. Install Magisk Manager
3. Launch Magisk Manager App
4. If prompted to install Magisk select "No Thanks"
5. Press Install > Install > Patch Boot Image File and select your Stock boot.img
6. Magisk Manager should begin downloading the Magisk.zip file used for patching
7. Once download is complete Magisk Manager will automatically patch the Boot File
Flashing the patched boot.img:
1. Install Tiny ADB & Fastboot
2. Connect the Phone to the PC via USB Cord
3. Copy the patched_boot.img from your Phone's internal Storage to C:\Program Files (x86)\Tiny ADB and Fastboot\
4. Unlock the Bootloader
5. Enable USB Debugging
6. Open Tiny ADB and Fastboot
7. Boot into Fastboot Mode, type:
Code:
adb reboot bootloader
8. Flash the patched_boot.img, type:
Code:
fastboot devices
fastboot flash boot patched_boot.img
fastboot reboot
9. Open Magisk Manager and verify Root
10. Enjoy
K3V1991 said:
NFO:
This Method does not need Root or Custom Recovery
You must have a Stock Boot Image Dump and you also have to be able to flash the patched Boot Image via Fastboot Mode
Requirements:
1. ADB and Fastboot on your PC (for example Minimal ADB and Fastboot) [Thread]
2. Stock boot.img of your Device (extract File from Factory Image)
3. Magisk Manager [Thread]
4. Internet connection
5. Bootloader unlocked [Thread]
6. Developer Options > USB Debugging [Thread]
Patching the Stock boot.img:
1. Copy the Stock boot.img to your Phone's internal Storage
2. Install Magisk Manager
3. Launch Magisk Manager App
4. If prompted to install Magisk select "No Thanks"
5. Press Install > Install > Patch Boot Image File and select your Stock boot.img
6. Magisk Manager should begin downloading the Magisk.zip file used for patching
7. Once download is complete Magisk Manager will automatically patch the Boot File
Flashing the patched boot.img:
1. Install Minimal ADB and Fastboot
2. Connect the Phone to the PC via USB Cord
3. Copy the patched_boot.img from your Phone's internal Storage to C:\Program Files (x86)\Minimal ADB and Fastboot\
4. Unlock the Bootloader
5. Enable USB Debugging
6. Open Minimal ADB and Fastboot
7. Boot into Fastboot Mode, type:
Code:
adb reboot bootloader
7. Flash the patched_boot.img
Code:
fastboot devices
fastboot flash boot patched_boot.img
fastboot reboot
8. Open Magisk Manager and verify Root
9. Enjoy
___
Click to expand...
Click to collapse
I know I can try this method and see what happens and then report back if needed, but I don't think that this is a thing safe enough to test, so I'll ask before I try: is this for any LG G6 version? Does it work on the H870S (Dual SIMs version)?
P.S: I don't think that this version even has the possibility to unlock the bootloader
Also, isn't a phone that has an unlockable bootloader also rootable?
Mohammad Jebreeni said:
I know I can try this method and see what happens and then report back if needed, but I don't think that this is a thing safe enough to test, so I'll ask before I try: is this for any LG G6 version? Does it work on the H870S (Dual SIMs version)?
P.S: I don't think that this version even has the possibility to unlock the bootloader
Also, isn't a phone that has an unlockable bootloader also rootable?
Click to expand...
Click to collapse
Only for H870, H872 & US997
Please file Stock boot.img?
My device: G6 H872 _H87220d
K3V1991 said:
Only for H870, H872 & US997
Click to expand...
Click to collapse
By saying H870, that means any H870 (like one from Central America) or just the same EU H870 that is listed on the LG Developers page?
CAlbertSM said:
By saying H870, that means any H870 (like one from Central America) or just the same EU H870 that is listed on the LG Developers page?
Click to expand...
Click to collapse
The unlockable G6's
Does this wipe the phone?
EndlessAbyss said:
Does this wipe the phone?
Click to expand...
Click to collapse
Fastboot OEM Unlock will Factory Reset the Phone
K3V1991 said:
Only for H870, H872 & US997
Click to expand...
Click to collapse
Will this work on T-Mobile version of LG G6(H872 TM)? Are you sure it will not do any damage to the phone like hard brick?
Imran5320xm said:
Will this work on T-Mobile version of LG G6(H872 TM)? Are you sure it will not do any damage to the phone like hard brick?
Click to expand...
Click to collapse
This does not work on H872 period.
You will get
writing 'boot'...
FAILED (remote: unknown command)
Does this work on the H871?
Hi, i did exactly what you explain in your post on my h870 with V30b-EUR and all worked fine. My phone is now rooted an i'm very happy. Thank you very much for your wonderfull work
leonlelion said:
Hi, i did exactly what you explain in your post on my h870 with V30b-EUR and all worked fine. My phone is now rooted an i'm very happy. Thank you very much for your wonderfull work
Click to expand...
Click to collapse
Could you tell me how did you get the boot.img file? @leonlelion
--Edit--
Nevermind I found it and rooted my device (H870-V30B-EUR) succesfully. If anyone needs it it's inside the ZIP file: https://forum.xda-developers.com/lg-g6/development/rom-lg-h870-eu-30b-rom-t4007979
leonlelion said:
Hi, i did exactly what you explain in your post on my h870 with V30b-EUR and all worked fine. My phone is now rooted an i'm very happy. Thank you very much for your wonderfull work
Click to expand...
Click to collapse
Me too !! :good:
The simplest, best method!
The simplest, best method! The boot.img I got it from this archive: https://drive.google.com/file/d/1Xxoa2KdcoPTPriZL1IZh056J9rQ7NFiV/view?usp=sharing . My phone: H870 with V30b.
Does this work with H872?
I am interested if this will work on my h870s since i am one of the lucky ones who got 'official' bootloader unlock key, and my bootloader is unlocked now. And if it does when i flash this will i be able to safely modify system files.
Thanks a lot! root easy and fast, I used the boot.img file above, fortunately I had an unlocked bootloader
Would anyone know where to find the boot.img for the US997?
Do you have a modem i could just flash with this h873?
I am trying to unlock an Android phone that has stopped taking the correct password after a auto-restart. I know the PIN, I have not changed it in a long while. The phone stopped accepting the PIN after the sudden auto-restart so I am just clueless what may work. Hard reset is not an option for this device without backing up the data so willing to try anything that may help.
Additional information:
1. The phone does not have USB debugging enabled.
2. It is recognized by ADB only in sideload mode.
3. When I try to get into Recovery mode pressing volume up and power button, it goes directly to the black screen that shows image of a phone and USB cable.
4. I have not been able to get to the stock recovery screen where different options like mounting can be chosen.
Any suggestion or guidance would be hugely appreciated. Thanks a ton for your time.
Thank you.
first install MediaTek MT67xx USB VCOM Preloader USB Drivers. the preloader is the important mode for flashing via COM port. it works best with battery removed. here is a video how it looks like when preloader is visible in device manager
next download stock ROM and SP Flash Tool. in the firmware folder you will find the scatter file for this ROM. With this do a readback of boot and recovery partition. Do not flash (download) anything, just dump current partitions from phone. now modify boot against dm-verity (magisk manager can do this). if it works, you know the scatter file is matching your device. if it fails, you must create your own scatter file and repeat readback. there is a tutorial for creating scatter file with WwR MTK (skip this)
How to flash custom recovery, by-pass screen lock, root with Magisk (with locked bootloader)
requirements
- adb and fastboot platform-tools
- MediaTek SP Flash Tool
- MediaTek PreLoader USB VCOM driver
- stock ROM
- magisk manager
- TWRP
- MT6797_Android_scatter.txt (specific for ROM)
- MTK_AllInOne_DA.bin
- auth_sv5.auth (optional)
steps
- install MediaTek MT67xx VCOM Preloader USB Drivers
power off phone
open device manager
connect usb cable with PC (preloader appears for ~ 1 second only)
click on the unknown device (be fast)
manually assign the driver usb2ser_Win764.inf
- readback boot and recovery partition
run flash_tool.exe, on the Download tab,
choose Download-Agent "MTK_AllInOne_DA.bin"
choose Scatter-loading File "MT6797_Android_scatter.txt"
on the Readback tab, Add new entry
click on filename "ROM_0" and rename to boot.img
select Region EMMC_USER
Start Address: 0x000000000B800000
Length: 0x0000000001000000
Add new entry
click on filename "ROM_1" and rename to recovery.img
select Region EMMC_USER
Start Address: 0x0000000000008000
Length: 0x0000000001000000
when both entries okay, compare with scatter file
click on "Read back" (readback will start as soon as preloader is detected)
power off phone
connect usb cable with PC (readback start)
when finished you will see green checkmark Ok
- patch boot.img with magisk manager
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
download Latest Magisk Manager to any android device (not rooted)
enable settings - security - unknown sources
open file manager and navigate to Download folder
install MagiskManager.apk
copy boot.img from readback to the android device
open Magisk Manager, tap on Advanced Settings
select Preserve force encryption
tap on Magisk is not installed - INSTALL - INSTALL (2x times)
Select and Patch a File
grant permission to storage
navigate to boot.img from readback
tap on boot.img (patching will start)
Note: the Magisk dialog is misleading. It says Flashing... but nothing is flashed to this android device, this devices remains safe/unrooted
when finished you will see the output file name and text "All done!"
disable settings - security - unknown sources
(you can uninstall Magisk Manager from this device now)
copy the file to PC with adb command
Code:
adb pull /storage/emulated/0/Download/magisk_patched.img
- flash patched boot and twrp
run flash_tool.exe, on the Download tab,
choose Download-Agent "MTK_AllInOne_DA.bin"
choose Scatter-loading File "MT6797_Android_scatter.txt"
choose Authentication File "auth_sv5.auth" (optional)
choose Method "Download only"
WARNING: Make sure not to "Format All + Download" (devices with secure boot) or flash using "Firmware Upgrade" option. This will damage/hard brick your device
Important: always de-select the check box "preloader" (EMMC_BOOT)
de-select all check boxes
click on recovery, select cofface_twrp_nikel_recovery1121.img
click on boot, select magisk_patched.img
click on "Download" (flashing will start as soon as preloader is detected)
power off phone
connect usb cable with PC (flashing start)
when finished you will see green checkmark Download Ok
press and hold Volume Up Button
disconnect the usb cable (still holding Volume Up)
reconnect the usb cable (still holding)
Note: you may hear multiple connecting sounds - don't release the Volume Up Button yet
when TWRP Team Win recovery appears, release Volume Up Button
- check if twrp is able to decrypt userdata (without credentials)
- create a backup of data partition, copy to PC
- delete /data/system/locksettings.db* files (only if backup successful)
- reboot device, check if screen lock is removed
- install Magisk Manager
Note: everything untested - may not work! If flashing boot or recovery fails, it is most likely denied by secure boot. In this case it may work only with proper Download-Agent (and auth_sv5.auth file)
So my phone was locked out of the blue and now suddenly my laptop lid is malfunctioning
Give me some time to get back to you with updates, I am so annoyed with state of affairs now
Thank you again @Alecxs I will start working on all the steps in exactly 14 hours
@Alecxs Just got to start working from a desktop. I am doing all you suggested step by step. Will update as I see results
Update one: I could see different driver options while installing manually including-
MediaTek DA USB VCOM Port
MediaTek Preloader USB VCOM port
I installed the Preloader one. Is that ok? "MT65xx" this was not visible anywhere.
I followed the instructions here: https://techprolonged.com/2015/03/i...oquYcROCvEfkBBbeTyyo1BE5NT97sxjNvss3_nMJOFfpU
And downloaded the driver from here: https://www.getdroidtips.com/install-mediatek-mt65xx-usb-vcom-drivers/
I see MediaTek Preloader USB VCOM port (COM4) installed under Ports but there is yellow triangle warning sign
the yellow triangle is not okay
MT65xx is just example.. your chipset is MT6797 you probably need MT67xx (check the download link in requirements if not working)
unfortunately there is no official download source, i don't know which drivers will work... you must try different drivers until it is detected successful
There seems to be different version of Magisk, I downloaded Magisk Manager v7.5.1
for twrp, do I need to download just a 15.9MB image file? Getting this cofface_twrp_nikel_recovery1121.img from here https://androidfilehost.com/?w=file...34b1787be6b45be9e946dafde2bd335ce75d72ca4e9a9
yes this should be the right twrp for nikel, but i haven't had a look inside fstab (maybe it needs some fixes for decryption)
Seeing this as I am trying to get the stock ROM:
"Too many users have viewed or downloaded this file recently. Please try accessing the file again later. If the file you are trying to access is particularly large or is shared with many people, it may take up to 24 hours to be able to view or download the file. If you still can't access a file after 24 hours, contact your domain administrator."
I have everything you asked to download except stock ROM,
it downloaded for a bit then seeing this:
"Access to doc-0c-7g-docs.googleusercontent.com was denied
You don't have authorization to view this page.
HTTP ERROR 403"
Could not download the stock ROM from here: https://firmwarefile.com/xiaomi-redmi-note-4
Getting it from Mirror 1 of this link: https://spflashtools.com/windows/sp-flash-tool-v5-1952
Would this be ok?
Correction: Ok now I got the difference between Stock ROM and flash tool. I have the flash tool but cant download the stock rom. see the above two messages please
you just need the scatter file from stock ROM. can't upload because i am not at home anymore
@Alecxs would getting the "download recovery ROM" from this link be ok? https://www.getdroidtips.com/miui-8-2-10-0-global-stable-rom-redmi-note-4-4x/
I can download it, not sure if this is the same thing as Stock ROM that I could not download earlier.
nope... miui_HMNote4XGlobal_V8.2.10.0.MCFMIDL_ee189ea231_6.0.zip is for qualcomm (mido)
edit: i have uploaded now for MTK (nikel)
- Generic Xiaomi Secure Boot Download Agent, and (hovatek)
- Sec-Auth file from Xiaomi_MTK_DA_Auth.7z
- MT6797_Android_scatter.txt file from (xiaomistockrom)
Xiaomi_Redmi_Note_4_MT6797_V8.0.4.0.MBFMIDG_20160805_Global_6.0.zip
credits to xiaomistockrom and hovatek (i have already posted link on first page). they also say "note that this model requires an authorized account to flash so having DA & auth alone won't help much" - hope this is enough for flashing TWRP
Thanks a lot again @Alecxs I will try again today and follow these steps
aIecxs said:
nope... miui_HMNote4XGlobal_V8.2.10.0.MCFMIDL_ee189ea231_6.0.zip is for qualcomm (mido)
edit: i have uploaded now for MTK (nikel)
- Generic Xiaomi Secure Boot Download Agent, and (hovatek)
- Sec-Auth file from Xiaomi_MTK_DA_Auth.7z
- MT6797_Android_scatter.txt file from (xiaomistockrom)
Xiaomi_Redmi_Note_4_MT6797_V8.0.4.0.MBFMIDG_20160805_Global_6.0.zip
credits to xiaomistockrom and hovatek (i have already posted link on first page). they also say "note that this model requires an authorized account to flash so having DA & auth alone won't help much" - hope this is enough for flashing TWRP
Click to expand...
Click to collapse
@Alecxs, after flashing patched boot and twrp and disconnecting and reconnecting my phone while holding the volume up button, my phone has gone to an error state. I am being shown the message "Red State. Your device has failed verification and may not work properly. Your device will boot in 5 seconds."
The phone is trying to boot again and again, but the same screen is coming up. The problem is persisting even after completely turning off the device and trying to follow the flashing step with a Xiaomi DA and auth_sv5.auth file.
Can I do anything to fix this?
aIecxs said:
first install MediaTek MT67xx USB VCOM Preloader USB Drivers. the preloader is the important mode for flashing via COM port. it works best with battery removed. here is a video how it looks like when preloader is visible in device manager
next download stock ROM and SP Flash Tool. in the firmware folder you will find the scatter file for this ROM. With this do a readback of boot and recovery partition. Do not flash (download) anything, just dump current partitions from phone. now modify boot against dm-verity (magisk manager can do this). if it works, you know the scatter file is matching your device. if it fails, you must create your own scatter file and repeat readback. there is a tutorial for creating scatter file with WwR MTK (skip this)
How to flash custom recovery, by-pass screen lock, root with Magisk (with locked bootloader)
requirements
- adb and fastboot platform-tools
- MediaTek SP Flash Tool
- MediaTek PreLoader USB VCOM driver
- stock ROM
- magisk manager
- TWRP
- MT6797_Android_scatter.txt (specific for ROM)
- MTK_AllInOne_DA.bin
- auth_sv5.auth (optional)
steps
- install MediaTek MT67xx VCOM Preloader USB Drivers
power off phone
open device manager
connect usb cable with PC (preloader appears for ~ 1 second only)
click on the unknown device (be fast)
manually assign the driver usb2ser_Win764.inf
- readback boot and recovery partition
run flash_tool.exe, on the Download tab,
choose Download-Agent "MTK_AllInOne_DA.bin"
choose Scatter-loading File "MT6797_Android_scatter.txt"
on the Readback tab, Add new entry
click on filename "ROM_0" and rename to boot.img
select Region EMMC_USER
Start Address: 0x000000000B800000
Length: 0x0000000001000000
Add new entry
click on filename "ROM_1" and rename to recovery.img
select Region EMMC_USER
Start Address: 0x0000000000008000
Length: 0x0000000001000000
when both entries okay, compare with scatter file
click on "Read back" (readback will start as soon as preloader is detected)
power off phone
connect usb cable with PC (readback start)
when finished you will see green checkmark Ok
- patch boot.img with magisk manager
download Latest Magisk Manager to any android device (not rooted)
enable settings - security - unknown sources
open file manager and navigate to Download folder
install MagiskManager.apk
copy boot.img from readback to the android device
open Magisk Manager, tap on Advanced Settings
select Preserve force encryption
tap on Magisk is not installed - INSTALL - INSTALL (2x times)
Select and Patch a File
grant permission to storage
navigate to boot.img from readback
tap on boot.img (patching will start)
Note: the Magisk dialog is misleading. It says Flashing... but nothing is flashed to this android device, this devices remains safe/unrooted
when finished you will see the output file name and text "All done!"
disable settings - security - unknown sources
(you can uninstall Magisk Manager from this device now)
copy the file to PC with adb command
Code:
adb pull /storage/emulated/0/Download/magisk_patched.img
- flash patched boot and twrp
run flash_tool.exe, on the Download tab,
choose Download-Agent "MTK_AllInOne_DA.bin"
choose Scatter-loading File "MT6797_Android_scatter.txt"
choose Authentication File "auth_sv5.auth" (optional)
choose Method "Download only"
WARNING: Make sure not to "Format All + Download" (devices with secure boot) or flash using "Firmware Upgrade" option. This will damage/hard brick your device
Important: always de-select the check box "preloader" (EMMC_BOOT)
de-select all check boxes
click on recovery, select cofface_twrp_nikel_recovery1121.img
click on boot, select magisk_patched.img
click on "Download" (flashing will start as soon as preloader is detected)
power off phone
connect usb cable with PC (flashing start)
when finished you will see green checkmark Download Ok
press and hold Volume Up Button
disconnect the usb cable (still holding Volume Up)
reconnect the usb cable (still holding)
Note: you may hear multiple connecting sounds - don't release the Volume Up Button yet
when TWRP Team Win recovery appears, release Volume Up Button
- check if twrp is able to decrypt userdata (without credentials)
- create a backup of data partition, copy to PC
- delete /data/system/locksettings.db* files (only if backup successful)
- reboot device, check if screen lock is removed
- install Magisk Manager
Note: everything untested - may not work! If flashing boot or recovery fails, it is most likely denied by secure boot. In this case it may work only with proper Download-Agent (and auth_sv5.auth file)
Click to expand...
Click to collapse
red state means the avb protection does not accept unsigned partition images. the Volume Up key is for booting straight into recovery. that sounds like it is not possible to boot into TWRP with locked bootloader. you can fix this by flashing original boot + recovery
you can try combination of original boot + twrp, or magisk_patched.img + original recovery, but i am afraid it is not possible to pass red state
however, magisk has option to keep avb/dm-verity. if (avb signed) magisk_patched.img passes secure boot (with stock recovery), you have following options
a) modify boot with adb enabled
b) sign twrp with avb signature
(i will upload the necessary files later, but i need the original boot + recovery from readback first)
if (avb signed) magisk_patched.img doesn't work (red state) you are left with one last option
c) create a full ROM dump, factory reset, unlock bootloader (official way), flash twrp, restore userdata + metadata and try to decrypt/recover your files
Disclaimer: Im new and i'm not that good at english,im not responsible for bricked devices.
So for the past month i've been through a journey of tryng to break through huawei's draconian security and i can proudly say that i finally did it, i installed a custom rom on my FIG-LX1
I've read a lot of sources and it all seems to be all over the place so i'm going to try and make this as easy as i can for you.
1.First of all ,if you want a custom rom go to OpenKirin ( https://openkirin.net/devices/) and choose your rom and see if you need to upgrade/downgrade your emui and also if your device is supported.
2.For the bootloader you have two options
a) The paid one, use sigma key or dc unlocker
b) The free and geeky one. Attention you'll need to open up your phone, which is honestly not that hard and you can pay a pro to do this for you for like 5 bucks .This method is pretty straight forward:\
1.Go to Potato NV (https://github.com/mashed-potatoes/PotatoNV) , see if your device is supported and download the software
2. Now comes the hard part, you need to take off the back cover of your device. Shut down your phone, then take your phone cover off, then you need to search google for your test point. For example for me it was Fig lx1 test point (device model+ test point)
3. When you located the test point youll need to short it with the motherboard shield. In their tutorial they said that youll need to solder it ,but it can be done easier. You need just a very small piece of wire and someone to plug the device
Here's how the process looks:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4.Open potato nv software. Now you need another person to help you. Hold the phone , touch the test point and the motherboard shield and keep them shorted while the other person plugs the usb cable from pc to phone. U should hear the connection sound from windows and the CHARGING LOGO SHOULDN'T APPEAR.
5. Now you can stop shorting the test point and the shield, but keep the phone connected to PC.
6. In potato Nv choose your cpu and unlock bootloader
7.Now your bootloader is unlocked ,if any problems you still have the bootloader unlock code
Back to roms and twrp .
Now you should see this messagge appear:
This menu is very important for changing the rom ,cause every rom needs emui 9 or 8 to be installed and from here you can reinstall the stock emui after flashing custom rom but we'll talk about it later.
Now for flashing twrp.
Boot the device into bootloader mode(shut down ,then hold power+ volume down until huawei appears on screen or Better and easier and useful for later download android platform tools from SDK Platform Tools release notes | Android Developers (developer.android.com/studio/releases/platform-tools).Plug the device into pc,enable usb debugging . Open a cmd and open the folder location .Example
Code:
cd C:\Users\USerName\Desktop\platform-tools
and type
Code:
adb reboot bootloader
. You should see that your bootloader is unlocked
Download android platform tools (developer.android.com/studio/releases/platform-tools)
Now find your twrp img for your phone , rename it to recovery.img and put it in in the platform-tools folder
Now in terminal open cmd in platform tools folder and type
Code:
fastboot flash recovery_ramdisk recovery.img
Now you have twrp installed
Note that you wont use it neither for rooting with magisk neither with installing custom rom.
Installing custom rom:
Open kirin has a very good user guide and i suggest you to follow it: OpenKirin (openkirin.net/user_guide/openkirin-rom-installation-instructions/)
Btw their rom works with twrp
But it doesn't say how to switch your rom or go back to stock for switching you need to be on stock)
1.Go to Android File Host - Free file hosting for Android developers ( androidfilehost.com) and search for your build number (eg: FIG-LX1) and download a firmware emui 8 or 9.
2.Open the zip ,go to software and from here youll see a folder called dload, extract it somewhere
3.Now youll need a sdcard in your phone,plug your phone into pc and put the dload folder on your sdcard (it should bee on the root directory ,basically dont put it in another folder in sdcard)
3.You should've noticed already that every time you restart your phone there is a warning message sayng that your phone is unlocked( image above)
4.Press volume up for 3 seconds and it should take you to huawei recovery ,from here press wipe data and factory reset to kinda reinstall huawei recovery which youll use for dload
5.After wipe restart your phone ,press vol up + vol down + power until huawei logo to enter force update
6.Now wait for it to do its job and install emui.
*If it doesnt do anything , take the sd card out ,put it in another device ,open dload folder,find update.zip and put it on the sdcard instead of dload folder
7. To switch the rom repeat the steps from open kirin,note that if u had twrp youll need to install it again
Now the hardest part ,rooting...NOte that i tested root only on stock so your process can be diffrent but im not sure ,you cand try for other rom this process
For stock and no twrp:
1.Force update emui with dload method , needed for a recovery img.
2.On pc open dload folder ,open update.zip and extract UPDATE.APP
3.Now download huawei app extractor from here [TOOL] Huawei Update Extractor [UPDATED: v0.9.9.5] | OPEN-SOURCE LIBRARY | XDA Developers Forums (xda-developers.com) (forum.xda-developers.com/t/tool-huawei-update-extractor-updated-v0-9-9-5-open-source-library.2433454/)
4.Open the app and go to settings and untick every box you see
5.Now go to extract and extract the UPDATE.APP file
6.Now you should see a lot of nonsense,find recovery_ramdis.img ,left click it once, then right click for options and select extract selected
7. Now u should have a recovery_ramdis.img file.Move this file on your phone and install magisk manager.
8.Open magisk and press install in the tab with the mask(the first install button) tick the box with recovery mode, then select patch a file and select the recovery_ramdis.img file .Now it patches it. Then move the patched file to the pc again, to the platform tools folder
9.Enable usb debugging on the device and plug device to pc
10.Open cmd on pc and type
Code:
adb reboot bootloader
, or simply reboot to bootloader(shut down phone,then hold power + vol down until huawei logo appears)
11. In cmd type
Code:
fastboot flash recovery_ramdisk magisk_patched_yourfile.img
Dont forget to change the yourfile into your file name mine had something like this : jhfdU
12.Reboot your phone and voila u have root, if doesn't work go back to magisk press again install,tick recovery mode, but this time select direct install and this should resolve problems
Magisk official guide(kinda hard to understand) : Installation | Magisk (topjohnwu.github.io) (topjohnwu.github.io/Magisk/install.html#huawei)
Note that by this you'll remove your custom recovery .
IF U WANT TWRP i assume that you patch the twrp img file with magisk and flash i,t you can try it out and post your results or u can try to just flash twrp as is.
Hope i helped you !!
Solution below.
For those with the same device, I was able to successfully root + pass safetynet, without TWRP or custom recovery. Since this device isn't yet on the forums I thought I should share my findings.
At the time of rooting, I was currently updated to the newest version available (10) and did this through the regular OTA updates.
Preparations
1. Download Magisk Manager Beta from https://magiskmanager.com/magisk-beta/
2. Download the stock firmware for your tablet from https://mirrors.lolinet.com/firmware/lenovo/Yoga_Smart_Tab/YT-X705F/
3. Download kdrag0n's SafetyNet Fix from: https://github.com/kdrag0n/safetynet-fix/releases
Edit: looks like I missed a step, thanks for the feedback! Point 4 has been corrected to include instructions on how to unlock the bootloader specifically.
4. Unlock your bootloader, instructions on how to enable USB debugging which is needed, can be found here: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html, from there you can open your command prompt, navigate to the directory where you have your fastboot and ADB stored, and type "adb devices" to confirm your device is found (a serial number will display on success) - next type "adb reboot bootloader" to force your tablet to restart into it, finally type "fastboot oem unlock-go" to unlock the bootloader. This voids your warranty.
-- end of edit.
5. Enable USB debugging through developer options (go to settings->about->find build # and tap a handful of times until it says you are a developer.
6. Plug the tablet into your PC, and set the default option to Charge only, or go to file transfer mode and enable USB debugging over file transfer.
Steps
1. Unzip the firmware, there should be a folder called Maincode, in it contains "boot.img" as well as adb/fastboot.
2. Copy the boot.img and Magisk apk to the tablet.
3. Install Magisk
4. Tap on "Install" or "Update" beside Magisk in the app and follow the prompts.
5. You will be asked to select a file, select the boot.img you copied earlier.
6. This will generate a file (it will tell you the path) of a patched boot image.
7. Reboot, and copy the patched boot image to the "Maincode" folder from the tablet.
8. In command prompt, type adb devices and make sure your serial number is shown. If not, review the preparations.
9. Type adb reboot bootloader and you'll see a cute little Tux (penguin)
10. Type fastboot devices and ensure your device is shown, if not then it could be bad drivers on your PC or a crappy USB cable. Check device manager on your computer and make sure you see Lenovo ADB. You may have to force it to install it, or you may see a yellow exclaimation mark - right click on the device and force it to install the Lenovo Bootloader option.
11. Next, in the "Maincode" folder where you put the patched image, rename the old "boot.img" to "stock_boot.img" and the patched version to "boot.img"
12. Back in the command prompt, type fastboot flash boot boot.img
13. Reboot by typing fastboot reboot.
Magisk should now be installed, and your tablet should be rooted. Next, you'll want to go into Magisk and do the following:
Steps:
1. Click on the modules button (bottom of the screen, far right option) and at the top you're given an option to install from storage.
2. Navigate to the SafetyNet Fix zip file and select it, then proceed.
3. You will be given the option to reboot - do this. The first time it may go into recovery, but rebooting brings you back to the home screen.
4. Go back to Magisk, click on the gear at the top right - there is an option to hide Magisk from the system, do this and name it whatever you'd like (just not Magisk) - wait a moment, as the app will restart after it installs.
You can check to make sure you pass SafetyNet in the Magisk (now renamed) app, and root status by downloading one of the countless root checking apps on Google Play Store.
Could you let me know a clear way to unlock the bootloader on the Yoga Tab YT-X705F? The instructions you've provided don't point to anything helpful beyond activating USB Debugging.
"4. Unlock your bootloader, instructions: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html - do not proceed beyond where it starts talking about TWRP."
I'm looking to root my tablet but cannot as trying to find info on unlocking the bootloader is proving difficult.
Thanks in advance
Bobmat34 said:
Could you let me know a clear way to unlock the bootloader on the Yoga Tab YT-X705F? The instructions you've provided don't point to anything helpful beyond activating USB Debugging.
"4. Unlock your bootloader, instructions: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html - do not proceed beyond where it starts talking about TWRP."
I'm looking to root my tablet but cannot as trying to find info on unlocking the bootloader is proving difficult.
Thanks in advance
Click to expand...
Click to collapse
Thanks for pointing that out! - I've updated my notes above, but if your familiar with fastboot the command is simply "fastboot oem unlock-go", no unlock code needed for these guys. It will wipe your device and void your warranty though, in case you're not already aware.
Cheers!
Thanks for this rooting guide! I was able to root my YT-X705F
Here some comments/hints:
- At first make sure your downloading the right stock firmware. I've tried a different one which results into a boot loop. One way to find out the right version is to start into the recovery mode. In the header you will find the right version. In my case it was YT-X705F_S001130_210508_ROW
- Make sure you have actually unlocked the boot loader. "fastboot flash x y.img" worked, so I didn't recognized that the boot loader was not unlocked. This was reason for "fastboot boot y.img" shows errors "FAILED (status read failed (Too many links))".
- The extracted stock firmware have no "Mainfolder". All files, including boot.img and recovery.img, contained in the root directory of the ZIP file.
- After installing Magisk app (v23.0) it shows me: Installed: N/A, Ramdisk: No, A/B: No, SAR: Yes. According to this Magisk installation guide you have to patch the recovery image instead of the boot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- Patching the recovery image was fine with Magisk. No errors was shown. Please note I used the recovery.img
After this I was able to boot the patched image without flashing it:
After "fastboot boot patched_recovery.img" nothing happens. The tablet keeps showing me the Linux Tux image. I have to disconnect the USB cable and then I booted into system.
*Upd. never mind, I download the official rom file from lenovo\
Crap. I patched the boot image with Magisk, and by the time I flashed it - the system got updated from S001133 to S001135, and I'm getting a bootloop. Can someone maybe upload original boot img from S001135?
Or what else can I do? the update isn't on the mirror server yet https://mirrors.lolinet.com/firmware/lenovo/Yoga_Smart_Tab/YT-X705F/
Rooting was successful! Thanks for the guide. Since I cannot find any section in the forum for the YT-x705 tablet, I thought I can have a follow up question in here. The reason I rooted was because alexa app keeps getting removed after each reboot. I rooted as I wanted to convert it into a system app.
So far, I've been unsuccessful . I have tried with the systemizer module and titanium backup. Anyone have any idea how we can retain alexa app after a reboot? Interestingly enough, titanium backup shows alexa as frozen after I install alexa from playstore, despite it appearing in my app launcher. I am unable to unfreeze it. Alexa is then removed after I reboot.
Quick question: What do i do if i don't have a "MainCode" folder, on the tablet or in the extracted folder.
or is that just the folder with the maincode, in it?
Thanks, looks like a good guide!
Jim
you're just going into the zip file from step 2 where the boot.img file is. I just followed all these instructions and got my yoga rooted.
ugh...I don't have a device that I can root for a couple of years... and it feels like I'm a complete noob, now!
when i try to flash the boot image I'm getting: FAILED (remote: Partition flashing is not allowed)
When i run fastboot oem device-info i get this:
PS C:\Users\Jim\Downloads\YT-X705F_S001135_210909_ROW (1)> ./fastboot oem device-info
(bootloader) Device tampered: false
(bootloader) Device unlocked: false
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.007s]
Finished. Total time: 0.010s
So i don't think i am unlocked. even after following the steps. I've got Developer options, Debugging is obviously working, OEM Unlocking is toggled on.
I feel like on my phones we had to run an adb or fastboot command, and then the device would reboot and reset it and it would then be unlocked.
Am i missing something?
Thanks again!!
Jim
p.s. and once i get it working, what roms can i flash? any of the "yoga" roms? or do i need to look at something specific like the 3 or 4?
answered my own question!
i had to run: fastboot oem unlock-go
the device rebooted and reset
now i get this:
PS C:\Users\Jim\Downloads\YT-X705F_S001135_210909_ROW (1)> ./fastboot oem device-info
(bootloader) Device tampered: false
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.007s]
Now on to the next step!
So anyone know what ROMs i should use and how best to install them, i don't think we have a working TWRP, do we?
... after crash of my booting Android 10 system last stock rom my yt-x705F 210909 can't be rooted anymore!
i use some app and this app ask for busybox .... so crash !!!
i reset tablet by system recovery .
"wipe data/ factory reset"
after restart my tablet is working again.
Bootloader is still open
also develover mode is working USB Debugging etc.
but no rooting alowed by patching root img .. see next
now i try to install stock rom NEW but some error
"apply update from external storage " get error
same is from "Apply update from ADB" abd sideload file.img
are this zip files from this server corrupt? mirros lolinet ?
i use magisk 25.2 i try all option with hook on recovery also vbmeta
patch both boot.img and recovery.img
after patch one of these img device runs into the bootloader , tux start up.
if i patch stock boot.img device booting normal but NO ROOT
also twrp can't no flash only option "fastboot boot twrp.img"
"fastboot boot flash recovery twrp.img" not working
if i use twrp by "fastboot boot twrp.img" zip stockrom makes also error
someone knows about RESCUE and SMART ASSISTENT" LMSA Tool ?
any suggestion
how is this working ?
go on settings > about tablet > push a view times on Hardware-Version
NEW Firmware update YT_X705F_S001137_220721_ROW for yoga
what's new?
looserintheend said:
NEW Firmware update YT_X705F_S001137_220721_ROW for yoga
what's new?
Click to expand...
Click to collapse
Know where can I find this firmware?
Hi all,
At my work we are using an android tablet and I need to install root on it. The tablet is a SkyDroid H16. The weird thing is that "adb root" works fine and I can remount /system and add files, but apps cannot see that there is root.
How can I install su and use it.
There is no TWRP for it and the stock image is also not public.
Senna-chan said:
Hi all,
At my work we are using an android tablet and I need to install root on it. The tablet is a SkyDroid H16. The weird thing is that "adb root" works fine and I can remount /system and add files, but apps cannot see that there is root.
How can I install su and use it.
There is no TWRP for it and the stock image is also not public.
Click to expand...
Click to collapse
Root Android Devices without TWRP RecoveryTo root your device without TWRP Recovery, you need to perform two steps. Firstly, the device needs to be booted using the patched boot image file. In the next step, this boot image file will be permanently flashed using the Magisk Manager app. Don’t forget to have a look at the ‘Prerequisites’ section below, before beginning with the process. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.
Prerequisites
Download and install the Magisk Manager APK file on your device: Magisk App [from version 22 onwards, it is known as Magisk App and has both the Magisk ZIP and Manager APK file bundled together].
Next up, check if your device has ramdisk or not. For that, launch the Magisk app and refer to the section under Magisk, if it says YES, then you are good to proceed ahead (see below image). On the other hand, if it says NO, then you will have to head over to our alternative guide: Install Magisk in Recovery and Root Android [No Ramdisk].
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The bootloader of your device should be unlocked. Have a look at our guide on how to do so.
Enable the ‘USB Debugging’ option. Go to ‘Settings’ -> ‘About Phone -> Tap on Build Number 7 times -> Go back to Settings -> Developer Options -> Toggle on the USB Debugging’ switch.
Although rooting is going to wipe your data, still, it is recommended to make a complete backup of all your data.
Keep your device appropriately charged, at least to a minimum recommended level of 50%
Install ADB and Fastboot Tool for entering Fastboot commands.
Also, download and install the USB Drivers for your device. This helps in successfully connecting your device to the PC.
STEP 1: Get Stock Boot.img File from Stock ROM
To begin with, you will have to extract the stock boot.img file. And as opposed to earlier times, the process is a little bit more complicated nowadays. You cannot simply extract the firmware and get the required partition files (such as vbmeta.img, system.img, boot.img, etc). The reason is that many OEMs packs the ROM’s IMG files inside an encrypted package. For example, OnePlus has these files inside payload.bin, Realme, and Oppo have their files inside the OZIP format, and so on. In that case, you may refer to our below guides to get the stock boot.img file:
Now that you have got hold of the stock boot image file, it’s time to patch it via Magisk and flash it via Fastboot Commands. We have listed the steps for both the older as well as the newer build of Magisk Manager. As far as the difference between them goes, it’s just some UI tweaks here and there, the underlying functionality remains the same. The below update is only for devices running Android 11. If your device isn’t running that version, then you may directly head on to STEP 2A/2B.
UPDATE 1 [FOR ANDROID 11 USERS ONLY]: Quite a few Android 11 users are facing issues while patching the stock boot.img file via Magisk manager. Well, I have found the fix to this issue, please refer to our detailed guide on the same: Fix Magisk patched boot.img issue while Rooting Android 11. If you wish to save a click, then here’s the explanation in short:
You have to install the Magisk Canary build instead of the stable and then change the update channel to Canary from within the app itself. Once you have done the said change, you may then proceed with the below steps to patch the stock boot image file using Magisk and flash it via Fastboot commands. [END OF UPDATE 1]
STEP 2A- Patch the Stock Boot Image File using Older Magisk
Download the stock firmware for your device.
Extract the boot.img file from it.
Transfer it to the device’s internal storage.
Install the Magisk Manager App on your device.
Open it. Tap on the first ‘Install‘ button, next to Magisk status.
In the next menu, again chose ‘Install‘.
Now select ‘Select and Patch a File‘.
Navigate to internal storage and select the stock boot.img file that you extracted earlier.
Let Magisk do the patching process. When it’s done, copy this patched boot.img file, named as magisk_patched.img, from your device (will be present under Internal Storage > Downloads) to PC where you have installed the ADB and Fastboot Tools (inside the platform-tools folder).
How to Update Magisk ZIP and Magisk Manager (without TWRP)
Disable DM-Verity or Android Verified Boot without TWRP
Fix Magisk Module Bootloop without TWRP Recovery
How to Root Android Devices Without TWRP Recovery
STEP 2B: Patch Stock Boot Image File using Newer Magisk
Launch the Magisk Manager app on your Pixel device.
Then tap on the Install button situated next to Magisk.
From the Method section, choose Select and Patch a file.
Browse to the extracted boot.img file and select it.
Then tap on the Let’s Go option situated at the top right.
Magisk will now load the boot.img file and will patch it accordingly. Once that is done, you would get the Download Complete message.
The patched boot image file will be saved in Internal Storage > Downloads. The name of the file will be magisk_patched.img.
Now that you have patched the stock boot.img file, it’s time to flash it onto your device and hence obtain root without TWRP. There are two different methods through which you could do this. This patched boot.img file could either be flashed via Fastboot or through Magisk. It is highly recommended that you proceed with the Fastboot Method. Only in case, if you face any issues, then you should proceed with the Magisk Method. The reason being the fact via the Magisk method, we will be using the DIrect Install feature, which seems to be absent in most devices. Hence to avoid any confusion, you should try the Fastboot Method. If you face any error, then only proceed with the Magisk method to root your Android device without TWRP.
STEP 3A- Install the Patched Boot Image using Fastboot
Connect the device to the PC via USB Cable.
Now transfer the patched boot file from your device to the platform-tools folder on your PC.
Inside the same folder, right-click on an empty area while pressing the ‘Shift’ key.
Select the option ‘Open PowerShell window here’.
Or you could also head over to the platform-tools folder on your PC, type in CMD in the address bar, and hit Enter. This will launch the Command Prompt.
Type in the below code to make sure the device is successfully connected (an alpha-numeric code suggests successful connection):adb devices
Now type in the below code to boot your device to fastboot/bootloader mode:adb reboot bootloader
Next, type the below code to flash the patched boot image file:fastboot flash boot magisk_patched.img
If you get the fastboot: error: Couldn’t parse partition size ‘0x’ issue, as some users have mentioned in the comments, then please refer to our detailed guide: How to Fix fastboot: error: Couldn’t parse partition size ‘0x’.
For devices with an A/B partition, you need to flash the patched boot file to both partitions. Type the below code for the same:fastboot flash boot_a magisk_patched.img
fastboot flash boot_b magisk_patched.img
Now you may Reboot the device by typing the below code:fastboot reboot
If your device is rooted, then you should stop here only. However, if the Fastboot Command method didn’t work out in your case, then only proceed with the next method to install patched boot.img.
If this post is good please thumbs up.
@Senna-chan
Because adb root & adb remount works here is a code example that adds su
Code:
adb root & adb remount & adb disable-verify & adb shell "setenforce 0"
adb push su /system/bin/
adb push superuser.apk /system/app/
adb reboot
jwoegerbauer said:
@Senna-chan
Because adb root & adb remount works here is a code example that adds su
Code:
adb root & adb remount & adb disable-verify & adb shell "setenforce 0"
adb push su /system/bin/
adb push superuser.apk /system/app/
adb reboot
Click to expand...
Click to collapse
So I tried this with a few version of supersu but it didn't work. I tried version 2.76 2.82 and 2.79 and it didn't work. Everytime I get the error no su binary found. The version I uploaded was the arm64 version since I have a ARMv8.
What could be wrong?
Thats great in all but after I flash the boot.img from any version of magisk from v22 onward and the latest canary, it doesn't give me magisk app when i boot back into the os.