Better Mobile App

Help with fixing app force close

I found an app called package signer from https://forum.xda-developers.com/android/software/tool-package-signer-1-0-t3533073 to sign the zip files in android to fix signature verfication error in some recoveries....
Developer stopped development of that app...
and also that thread is closed...
It signs correctly but one issue is, it can't able to sign zips that are greater than 20mb ......
It force closes when working with large zip files...
It is open source is github....
Sir osm0sis i have seen you are helping in zip signers..
Can you please help....
I hope some developer can fix this and post below.....
Please help by fixing that force close error of signing big zip files......
Thanks in advance...!
Edit:- See https://forum.xda-developers.com/t/...-apk-zip-within-android.3835975/post-81324327 for solution.

Nope, you should use zipsigner.jar from my Complete Shell Zip + Signing thread.

osm0sis said:
Nope, you should use zipsigner.jar from my Complete Shell Zip + Signing thread.
Click to expand...
Click to collapse
Since I dont have pc... i am using that sir...

HemanthJabalpuri said:
Since I dont have pc... i am using that sir...
Click to expand...
Click to collapse
It should work on device too if dexed, I'll add it to my thread and post instructions soon.

Reserved this too
DISCLAIMERS (please read !)
The content seen in this thread is targeted at this specific forum's device, the Realme C12, codenamed RMX2189.
Follow the instructions shown in this thread at your own risks, I will not be held responsible for bricking your device, you did this yourself.
That said, the information will be kept up to date relatively frequently, and should you follow the steps and ask questions below when unsure, everything will be fine!
No files will be directly provided. Do not use pre-created/re-uploaded content. Instead I'll teach you to gather the required files from official websites, and create the other ones yourself.​
ROM (GSI) Recommendations:
Ordered by personal preference:
1) CAOS
2) LOSQ (LineageOS GSI)
3) crDroid
I'm more than open to feedback, suggested changes & improvements!
Prerequisites for most manipulations:
Your phone, well charged if possible
The USB cable used to link your phone to your computer (the one on your charger works just fine)
A computer, with recent ADB & Fastboot (Platform Tools)
Some time, patience, and the ability to read and follow instructions!
Unlock your bootloader (otherwise this thread is useless to you as it's required for rooting as well as installing custom ROMs)
Tutorial:
Step 0 - Great! You're ready to go. Make sure to backup your phone's data before continuing on with this tutorial, as unlocking will make it factory reset (wipe)!
Step 1 - Download and Open In Depth Tool ( Attached With the Guide Down)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step 2 - Click “Start applying”.
Step 3 - Please read the disclaimer in detail, select the checkbox, and submit your application
Step 4 - The Application Will be checked by realme Servers..(Wait 10 mins)
Step 5 - The unlock tool apk will show the status of the unlock request- Successful
Step 6 - You can now click “Start the in-depth test” and the device will reboot automatically. The following string will display on the screen: fast boot_unlock_verify ok
Step 7 - Now Download and install the fastboot tool on your PC and ready to unlock it.
Step 8 - Now in Fastboot Mode type this command
Code:
fastboot flashing unlock
and Press enter.
Step 9 - On your phone press the Volume Up key to select "UNLOCK THE BOOTLOADER” (or press the Volume Down key if you have changed your mind to select "DO NOT UNLOCK THE BOOTLOADER”). When you click the Volume Up, your phone will reboot and enter the in-depth test mode - all user data on the phone will be erased - I recommend you perform a data backup prior to applying.
Step 10 - Now type
Code:
fastboot reboot
And there you go! Your phone will reboot and you can set it all up again, with the ability to follow the rooting tutorial below, and you can also install GSIs/custom ROMs/recovery!
Rooting with Magisk
Tutorial:
The procedure is the same whether you're on the stock RealmeUI Rom or on a custom GSI (treble) one.
Step 1 - Download the latest Magisk Manager on your phone.
Go to the link above, click the latest MagiskManager-vX.X.X.apk you see in the list to start the download, open the file and install.​
Step 2 - Download the latest Realme Official Rom from Software Update - realme depending on your region.
Step 3 - Get your ROM you downloaded above, it should be a .ozip archive. Add .zip extension to it. Extract it.
Step 4 - You should now get a folder like shown below, and..
Copy the boot.img to your phone's /sdcard/ folder (where the Android, DCIM, Download, and more are present, just drop it in there).
And here's how it shoud look inside your phone's storage in the end.
Step 5 - On your phone, open up Magisk Manager.
Click the Magisk Install button as shown below.
Then Select and Patch a File.
Go look for your boot.img you previously copied to your phone and pick it.
Click Let's go! and wait for Magisk to complete the process!
Step 6 - Link your phone to your PC, and grab the file the Magisk Manager created. It's located in your downloads folder, called magisk_patched.img.
Step 7 - Paste it where your ADB & Fastboot (Platform Tools) are located, along with the vbmeta.img file located in Stock ROM's images folder from earlier, where you grabbed the original boot.img.
You should now have a folder like this with:
adb(.exe)
fastboot(.exe)
magisk_patched.img
vbmeta.img
Extra files from the platform tools
Step 8 - Alright, we're ready to root! Turn off your phone, and get in fastboot mode like we did during the bootloader unlocking (Power + Volume Down).
Step 9 - Link your phone to your PC with the USB cable if not done already.
Step 10 - Shift + Right click in an empty space inside the folder we prepared in Step 7, and click Open Command window here.
Inside the Command window, input the following commands line by line, in order.
Code:
adb reboot bootloader
fastboot devices
And make sure your device shows up, should be a bunch of numbers and letters, a couple spaces, and fastboot.
If nothing does, go back to Step 8 and try again.
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot flash boot magisk_patched.img
fastboot reboot
You're done! Your phone will reboot, hopefully, without a hitch! Open up Magisk Manager, and check that it's installed.
That said, you will have issues leaving it like this. You need to hide the fact that your phone is rooted, there's no downside to doing it.
Check out the Passing SafetyNet tutorial further down below, it's quick and easy.
Getting EdXposed (Not recommended unless really needed, requires Magisk)
I very much do not recommend to EdXposed your phone unless you have a very good reason for it. It's a pain to pass SafetyNet, doesn't get updated as often as it could/should and has very niche use cases for which it's worth it.
That said, I do include it here for people who know what they're getting into and want the up-to-date instructions on how to do it.
Tutorial:
This procedure requires to be rooted with Magisk. See the tutorial above.
Step 1 - Inside Magisk Manager, go to the Modules tab (4th icon), click the search button (bottom right) and search Riru.
Step 2 - Install the Riru (Riru - Core) module, Activate it and Reboot.
Step 3 - Install the Riru - EdXposed (YAHFA or SandHook, both work fine) module, Activate it and Reboot.
Step 4 - Download and install the latest EdXposed Manager in the exact same way you did with Magisk Manager.
Step 5 - Open it up, it should say EdXposed Framework is active!
You're done! You should now be able to install EdXposed modules.
That said, you will have issues leaving it like this. You need to hide the fact that your phone is EdXposed.
It's a bit more complicated than hiding Magisk, but it's doable! Check out the Passing SafetyNet tutorial further down below, it's quick and easy.
Passing SafetyNet (Only possible with Magisk. Not with SuperSU on GSI's)
Tutorial:
For Magisk Rooted PhonesEnable Magisk Hide inside Magisk Manager's settings.​For EdXposed PhonesAgain, I highly recommend not EdXposing your phone and sticking to just Magisk if you can help it.
You should also know that this method will show you're passing SafetyNet inside Magisk but it's a pain to do and isn't as well hidden as Magisk alone.
Step 1 - Do the step for Rooted phones listed above if not done already.
Step 2 - In EdXposed Manager, get the HiddenCore Module and activate it.
Step 3 - Now, in the side-menu: Compat List > tick HiddenCore Module.
Step 4 - Then, go to Settings > Framework > Enable "App List mode".
Step 5 - Finally, Applications(Black List) and tick: Android Services Library, Chrome, Google Play services, Google Play Store, Google Services Framework​Reboot and enjoy! You're all set and SafetyNet should pass just fine.
Installing GSI's (Custom ROMs)
Tutorial:
Step 1 - Pick your poison in the Treble Forums!
Check the top of this thread if you want to see my recommendations with links to them.
Step 2 - Download the chosen ROM, A/B Arm64 version (usually nicknamed b), with (g) or without GApps (v), rooted (S) or not (N), that's entirely up to you.
It should be an .img.xz file, extract it and you'll get an .img file.​
You're ready to flash. Make sure to backup your phone's data before continuing on with this tutorial, as wiping it is required for installation!
Step 3 - Put your phone into fastboot mode (Power + Volume Up) and link it to your PC.
Step 4 - Move the .img file you downloaded to your ADB & Fastboot (Platform Tools) folder, and rename it to system.img.
Step 5 - Shift + Right click in an empty space inside the folder, and click Open Command window here.
Inside the Command window, input the following commands line by line, in order.​
Code:
fastboot reboot fastboot
fastboot --disable-verification flash vbmeta vbmeta.img
fastboot flash system system.img
fastboot -w
fastboot reboot
Your phone will now reboot on its own, using the new ROM you picked earlier, set it all up and enjoy!
Relock your bootloader
Tutorial:
Step 0 - Back to stock ROM by flashing it in stock recovery.
Step 1 - Download the unlock tool again to apply to exit the in-depth test.
Step 2 - Click “Apply to exit in-depth test”. You should manual operation enter the Fastboot mode(Press both the Volume up button and the Power button when power is off).
Step 3 - In the Fastboot mode, use the engineering command below on your PC to re-lock the bootloader.
- Enter the command: adb reboot bootloader
- Press “Enter” on your keyboard
- Enter the command: fastboot flashing lock
- Press “Enter” on your keyboard​Step 4 - Press the Volume Up button to select the “Lock bootloader” option (or press the Volume Down button to select “Do not lock bootloader" and keep it unlocked).
Step 5 - Then enter command fastboot reboot. The phone will reboot and exit the in-depth test mode. All user data on the phone will be erased - we recommend you perform a data backup prior to applying.
Frequently Asked Questions (FAQ)
Q: Will unlocking my bootloader void my warranty?
A: No, it will not. Unless you brick your device.
Q: Hey, I rooted/edXposed my phone, and now Netflix won't even open, or doesn't work properly, what's up with that?
A: Well, fortunately, there's an easy fix if you have Magisk. Install the liboemcrypto disabler Magisk module, activate it and reboot.​
Q: I tried unlocking my bootloader but, PC doesn't detect my phone, even though it's in fastboot mode and connected. Help?
A: Here are some things you can try:
- Try another USB port.
- Try another USB cable.
- Install the Realme USB Drivers manually from here.​
Q: Alright, I did a bunch of manipulations but something went wrong, or I'm tired of it, how do I reset everything, etc..
A:
Step 1 - Backup all the data you might have on your phone to restore it after the manipulation!
Step 2 - Download the stock ROM corresponding to your region from Software Update - realme.
Step 3 - Put the stock rom in your mobile Internal Storage or in Memory Card.
Step 4 - Put your device into recovery mode (Turn it off, then Power + Volume Down) and flash that in recovery.
Step 5 - Reboot to stock rom, all good and fresh!​

YT-X705F - Rooting Guide (Android 10.0)

Solution below.

For those with the same device, I was able to successfully root + pass safetynet, without TWRP or custom recovery. Since this device isn't yet on the forums I thought I should share my findings.
At the time of rooting, I was currently updated to the newest version available (10) and did this through the regular OTA updates.
Preparations
1. Download Magisk Manager Beta from https://magiskmanager.com/magisk-beta/
2. Download the stock firmware for your tablet from https://mirrors.lolinet.com/firmware/lenovo/Yoga_Smart_Tab/YT-X705F/
3. Download kdrag0n's SafetyNet Fix from: https://github.com/kdrag0n/safetynet-fix/releases
Edit: looks like I missed a step, thanks for the feedback! Point 4 has been corrected to include instructions on how to unlock the bootloader specifically.
4. Unlock your bootloader, instructions on how to enable USB debugging which is needed, can be found here: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html, from there you can open your command prompt, navigate to the directory where you have your fastboot and ADB stored, and type "adb devices" to confirm your device is found (a serial number will display on success) - next type "adb reboot bootloader" to force your tablet to restart into it, finally type "fastboot oem unlock-go" to unlock the bootloader. This voids your warranty.
-- end of edit.
5. Enable USB debugging through developer options (go to settings->about->find build # and tap a handful of times until it says you are a developer.
6. Plug the tablet into your PC, and set the default option to Charge only, or go to file transfer mode and enable USB debugging over file transfer.
Steps
1. Unzip the firmware, there should be a folder called Maincode, in it contains "boot.img" as well as adb/fastboot.
2. Copy the boot.img and Magisk apk to the tablet.
3. Install Magisk
4. Tap on "Install" or "Update" beside Magisk in the app and follow the prompts.
5. You will be asked to select a file, select the boot.img you copied earlier.
6. This will generate a file (it will tell you the path) of a patched boot image.
7. Reboot, and copy the patched boot image to the "Maincode" folder from the tablet.
8. In command prompt, type adb devices and make sure your serial number is shown. If not, review the preparations.
9. Type adb reboot bootloader and you'll see a cute little Tux (penguin)
10. Type fastboot devices and ensure your device is shown, if not then it could be bad drivers on your PC or a crappy USB cable. Check device manager on your computer and make sure you see Lenovo ADB. You may have to force it to install it, or you may see a yellow exclaimation mark - right click on the device and force it to install the Lenovo Bootloader option.
11. Next, in the "Maincode" folder where you put the patched image, rename the old "boot.img" to "stock_boot.img" and the patched version to "boot.img"
12. Back in the command prompt, type fastboot flash boot boot.img
13. Reboot by typing fastboot reboot.
Magisk should now be installed, and your tablet should be rooted. Next, you'll want to go into Magisk and do the following:
Steps:
1. Click on the modules button (bottom of the screen, far right option) and at the top you're given an option to install from storage.
2. Navigate to the SafetyNet Fix zip file and select it, then proceed.
3. You will be given the option to reboot - do this. The first time it may go into recovery, but rebooting brings you back to the home screen.
4. Go back to Magisk, click on the gear at the top right - there is an option to hide Magisk from the system, do this and name it whatever you'd like (just not Magisk) - wait a moment, as the app will restart after it installs.
You can check to make sure you pass SafetyNet in the Magisk (now renamed) app, and root status by downloading one of the countless root checking apps on Google Play Store.

Could you let me know a clear way to unlock the bootloader on the Yoga Tab YT-X705F? The instructions you've provided don't point to anything helpful beyond activating USB Debugging.
"4. Unlock your bootloader, instructions: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html - do not proceed beyond where it starts talking about TWRP."
I'm looking to root my tablet but cannot as trying to find info on unlocking the bootloader is proving difficult.
Thanks in advance

Bobmat34 said:
Could you let me know a clear way to unlock the bootloader on the Yoga Tab YT-X705F? The instructions you've provided don't point to anything helpful beyond activating USB Debugging.
"4. Unlock your bootloader, instructions: https://www.shizhub.com/2018/12/how-to-enable-disable-usb-debugging.html - do not proceed beyond where it starts talking about TWRP."
I'm looking to root my tablet but cannot as trying to find info on unlocking the bootloader is proving difficult.
Thanks in advance
Click to expand...
Click to collapse
Thanks for pointing that out! - I've updated my notes above, but if your familiar with fastboot the command is simply "fastboot oem unlock-go", no unlock code needed for these guys. It will wipe your device and void your warranty though, in case you're not already aware.
Cheers!

Thanks for this rooting guide! I was able to root my YT-X705F
Here some comments/hints:
- At first make sure your downloading the right stock firmware. I've tried a different one which results into a boot loop. One way to find out the right version is to start into the recovery mode. In the header you will find the right version. In my case it was YT-X705F_S001130_210508_ROW
- Make sure you have actually unlocked the boot loader. "fastboot flash x y.img" worked, so I didn't recognized that the boot loader was not unlocked. This was reason for "fastboot boot y.img" shows errors "FAILED (status read failed (Too many links))".
- The extracted stock firmware have no "Mainfolder". All files, including boot.img and recovery.img, contained in the root directory of the ZIP file.
- After installing Magisk app (v23.0) it shows me: Installed: N/A, Ramdisk: No, A/B: No, SAR: Yes. According to this Magisk installation guide you have to patch the recovery image instead of the boot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- Patching the recovery image was fine with Magisk. No errors was shown. Please note I used the recovery.img
After this I was able to boot the patched image without flashing it:
After "fastboot boot patched_recovery.img" nothing happens. The tablet keeps showing me the Linux Tux image. I have to disconnect the USB cable and then I booted into system.

*Upd. never mind, I download the official rom file from lenovo\
Crap. I patched the boot image with Magisk, and by the time I flashed it - the system got updated from S001133 to S001135, and I'm getting a bootloop. Can someone maybe upload original boot img from S001135?
Or what else can I do? the update isn't on the mirror server yet https://mirrors.lolinet.com/firmware/lenovo/Yoga_Smart_Tab/YT-X705F/

Rooting was successful! Thanks for the guide. Since I cannot find any section in the forum for the YT-x705 tablet, I thought I can have a follow up question in here. The reason I rooted was because alexa app keeps getting removed after each reboot. I rooted as I wanted to convert it into a system app.
So far, I've been unsuccessful . I have tried with the systemizer module and titanium backup. Anyone have any idea how we can retain alexa app after a reboot? Interestingly enough, titanium backup shows alexa as frozen after I install alexa from playstore, despite it appearing in my app launcher. I am unable to unfreeze it. Alexa is then removed after I reboot.

Quick question: What do i do if i don't have a "MainCode" folder, on the tablet or in the extracted folder.
or is that just the folder with the maincode, in it?
Thanks, looks like a good guide!
Jim

you're just going into the zip file from step 2 where the boot.img file is. I just followed all these instructions and got my yoga rooted.

ugh...I don't have a device that I can root for a couple of years... and it feels like I'm a complete noob, now!
when i try to flash the boot image I'm getting: FAILED (remote: Partition flashing is not allowed)
When i run fastboot oem device-info i get this:
PS C:\Users\Jim\Downloads\YT-X705F_S001135_210909_ROW (1)> ./fastboot oem device-info
(bootloader) Device tampered: false
(bootloader) Device unlocked: false
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.007s]
Finished. Total time: 0.010s
So i don't think i am unlocked. even after following the steps. I've got Developer options, Debugging is obviously working, OEM Unlocking is toggled on.
I feel like on my phones we had to run an adb or fastboot command, and then the device would reboot and reset it and it would then be unlocked.
Am i missing something?
Thanks again!!
Jim
p.s. and once i get it working, what roms can i flash? any of the "yoga" roms? or do i need to look at something specific like the 3 or 4?

answered my own question!
i had to run: fastboot oem unlock-go
the device rebooted and reset
now i get this:
PS C:\Users\Jim\Downloads\YT-X705F_S001135_210909_ROW (1)> ./fastboot oem device-info
(bootloader) Device tampered: false
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.007s]
Now on to the next step!

So anyone know what ROMs i should use and how best to install them, i don't think we have a working TWRP, do we?

... after crash of my booting Android 10 system last stock rom my yt-x705F 210909 can't be rooted anymore!
i use some app and this app ask for busybox .... so crash !!!
i reset tablet by system recovery .
"wipe data/ factory reset"
after restart my tablet is working again.
Bootloader is still open
also develover mode is working USB Debugging etc.
but no rooting alowed by patching root img .. see next
now i try to install stock rom NEW but some error
"apply update from external storage " get error
same is from "Apply update from ADB" abd sideload file.img
are this zip files from this server corrupt? mirros lolinet ?
i use magisk 25.2 i try all option with hook on recovery also vbmeta
patch both boot.img and recovery.img
after patch one of these img device runs into the bootloader , tux start up.
if i patch stock boot.img device booting normal but NO ROOT
also twrp can't no flash only option "fastboot boot twrp.img"
"fastboot boot flash recovery twrp.img" not working
if i use twrp by "fastboot boot twrp.img" zip stockrom makes also error
someone knows about RESCUE and SMART ASSISTENT" LMSA Tool ?
any suggestion

how is this working ?
go on settings > about tablet > push a view times on Hardware-Version

NEW Firmware update YT_X705F_S001137_220721_ROW for yoga
what's new?

looserintheend said:
NEW Firmware update YT_X705F_S001137_220721_ROW for yoga
what's new?
Click to expand...
Click to collapse
Know where can I find this firmware?

Tutorial: Unlock and Root BS2 Android 10

I apologize in advance for google translator
I am not responsible for damage to your devices.
Everything that you do, everything is at your own peril and risk!
Spoiler: Unlock
1. Unpack the archive, install QFIL and the Qualcomm driver
2. We turn off the phone. We hold down both volume keys and connect the USB cable
3. We look that in the device manager our phone was identified as QDLoader 9008
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Opening QFIL
5. We select Flat Build and see what the file system is worth UFS
6. Next, we need to open the hose (firehose) for our device
7. Click "Tools" and select "Partition Manager"
8. In this window, we are asked to confirm that we have selected the correct hose. Click "OK"
9. A window with device sections will open
10. Looking for the oeminfo section
11. Click on it with the right mouse button and select "Manage section data"
12. Next, you need to make a Backup copy of the partition. Click "Read data".
After that, in the log we will see "Finish Read Data"
The line above indicates the location where it was saved and also the name of this image.
After reading the section, it is better to immediately open this folder and rename, in our case the file name will be "oeminfo.bin"
13. Then click Load Image and select the file "unlock.img" A new window will open, click "Yes". After that, in the log we will see "Finish Send Image"
14. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release the power menu (the button must be held down).
15. We get into Fastboot and already see the line "unlocked". We go to Recovery and do a complete reset Wipe data / factory reset
16. Then we press Reboot and wait for our phone to turn on.
Spoiler: Root
1. We turn off our phone. We load into Fastboot. In the "adb" folder, run the cmd,exe file
2. Enter the command
Code:
fastboot getvar current-slot
and look in which slot the firmware is installed
3. We see:
Code:
current-slot: a
finished. total time: 0.006s
or
Code:
current-slot: b
finished. total time: 0.006s
4. We remove the USB cable from the phone. In Fastboot, select "Power off"
5. As soon as the phone turns off, we hold down both volume keys and connect the USB cable.
6. Next, we need to do steps 4 to 12 of the Unlock spoiler. Only this time, instead of the "oeminfo" section, we need a "boot_a" or "boot_b" section depending on which slot the firmware is installed in.
7. Open the folder with the just made backup boot
8. Rename it to "boot_a" or "boot_b", depending on your slot
9. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release both buttons
10. We connect the phone to the PC and drop the Magisk-v23.0.apk and "boot_a or boot_b" files into the "Download" folder
11. Open the explorer and install Magisk
12. Opening Magisk
13. Click "Installation", then "Patch boot image".
14. Select our "boot" from the "Download" folder and click install.
15. We drop our patched "magisk_patched-23000 _ ****. Img" into the "adb" folder from the "Download" folder on the PC and rename it to "magisk_patched.img"
16. Restarting our phone to Fastboot
17. Enter the command and once again we look in which slot the firmware is installed
Code:
fastboot getvar current-slot
18. If "current-slot: a", then enter the command:
Code:
fastboot flash boot_a magisk_patched.img
or
If "current-slot: b", then enter the command:
Code:
fastboot flash boot_b magisk_patched.img
19. Reboot the device
Code:
fastboot reboot
20. We open Magisk. There will be a notification that an advanced installation is required. After installation, the phone will reboot itself. And that's it, ROOT is right for you

first of all thank you for this guide
i tried the first method but the device didn't unlock
does it work with a specific version?

MuntherG said:
first of all thank you for this guide
i tried the first method but the device didn't unlock
does it work with a specific version?
Click to expand...
Click to collapse
Only android 10 global. I have not tried it on the CN version

FunkyFunny said:
Only android 10 global. I have not tried it on the CN version
Click to expand...
Click to collapse
thanks and sorry for the late replay
i downgraded through edl and use the first android 10 version and it worked thanks a lot

FunkyFunny said:
Only android 10 global. I have not tried it on the CN version
Click to expand...
Click to collapse
Hi sir, thx for your guide before, but my device can't unlocked, im on Global version too (S00), and i tryin on all build of rom (Q0-Q4), when im finished step after load unlock.img, and go to bootloader it still locked, can u help me, may can u send the unlock.img again but in other version, thx u.. Sorry for my bad english

the file of this methode seems like ubl for bs 3 KLE. you may check the bs3 thread. may it will be simple to flash, if the zip file contains patch0.xml and rawprogram0.xml, like bs3 ubl methode and flashed by miflash..

FunkyFunny said:
I apologize in advance for google translator
I am not responsible for damage to your devices.
Everything that you do, everything is at your own peril and risk!
Spoiler: Unlock
1. Unpack the archive, install QFIL and the Qualcomm driver
2. We turn off the phone. We hold down both volume keys and connect the USB cable
3. We look that in the device manager our phone was identified as QDLoader 9008
View attachment 5468493
4. Opening QFIL
5. We select Flat Build and see what the file system is worth UFS
View attachment 5468515
6. Next, we need to open the hose (firehose) for our device
View attachment 5468513View attachment 5468511
7. Click "Tools" and select "Partition Manager"
View attachment 5468509
8. In this window, we are asked to confirm that we have selected the correct hose. Click "OK"
View attachment 5468507
9. A window with device sections will open
View attachment 5468505
10. Looking for the oeminfo section
View attachment 5468501
11. Click on it with the right mouse button and select "Manage section data"
View attachment 5468499
12. Next, you need to make a Backup copy of the partition. Click "Read data".
View attachment 5468497
After that, in the log we will see "Finish Read Data"
The line above indicates the location where it was saved and also the name of this image.
After reading the section, it is better to immediately open this folder and rename, in our case the file name will be "oeminfo.bin"
13. Then click Load Image and select the file "unlock.img" A new window will open, click "Yes". After that, in the log we will see "Finish Send Image"
View attachment 5468495
14. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release the power menu (the button must be held down).
15. We get into Fastboot and already see the line "unlocked". We go to Recovery and do a complete reset Wipe data / factory reset
16. Then we press Reboot and wait for our phone to turn on.
Spoiler: Root
1. We turn off our phone. We load into Fastboot. In the "adb" folder, run the cmd,exe file
2. Enter the command
Code:
fastboot getvar current-slot
and look in which slot the firmware is installed
3. We see:
Code:
current-slot: a
finished. total time: 0.006s
or
Code:
current-slot: b
finished. total time: 0.006s
4. We remove the USB cable from the phone. In Fastboot, select "Power off"
5. As soon as the phone turns off, we hold down both volume keys and connect the USB cable.
6. Next, we need to do steps 4 to 12 of the Unlock spoiler. Only this time, instead of the "oeminfo" section, we need a "boot_a" or "boot_b" section depending on which slot the firmware is installed in.
7. Open the folder with the just made backup boot
8. Rename it to "boot_a" or "boot_b", depending on your slot
9. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release both buttons
10. We connect the phone to the PC and drop the Magisk-v23.0.apk and "boot_a or boot_b" files into the "Download" folder
11. Open the explorer and install Magisk
12. Opening Magisk
13. Click "Installation", then "Patch boot image".
14. Select our "boot" from the "Download" folder and click install.
15. We drop our patched "magisk_patched-23000 _ ****. Img" into the "adb" folder from the "Download" folder on the PC and rename it to "magisk_patched.img"
16. Restarting our phone to Fastboot
17. Enter the command and once again we look in which slot the firmware is installed
Code:
fastboot getvar current-slot
18. If "current-slot: a", then enter the command:
Code:
fastboot flash boot_a magisk_patched.img
or
If "current-slot: b", then enter the command:
Code:
fastboot flash boot_b magisk_patched.img
19. Reboot the device
Code:
fastboot reboot
20. We open Magisk. There will be a notification that an advanced installation is required. After installation, the phone will reboot itself. And that's it, ROOT is right for you
Click to expand...
Click to collapse
I tried this methode for unlock bootloader and there is some missing step that you dont mention..
after load image unlock.img, phone still lock. you need to go to bootloader mode, then type "fastboot flashing unlock", and
then reboot again to bootloader. you will get your phone unlocked
first boot took some minutes. just patient..
_____------______
the problem is, after ubl n root on android 10, fingerprint need to calibrate.
anybody know how to calibrate bs2 fingerprint ?
*#*#466349#*#*, SPMT,
i just stuck at "calibrate, put the flash chart then click next"
i don't know how to pass it
__________-------______
finally, fingerprint work fine.
I just flash the android 9 rom, then upgrade again to android a10 but still unlocked.

can i used this to backup full rom?

kevin mitnick said:
I tried this methode for unlock bootloader and there is some missing step that you dont mention..
after load image unlock.img, phone still lock. you need to go to bootloader mode, then type "fastboot flashing unlock", and
then reboot again to bootloader. you will get your phone unlocked
first boot took some minutes. just patient..
_____------______
the problem is, after ubl n root on android 10, fingerprint need to calibrate.
anybody know how to calibrate bs2 fingerprint ?
*#*#466349#*#*, SPMT,
i just stuck at "calibrate, put the flash chart then click next"
i don't know how to pass it
__________-------______
finally, fingerprint work fine.
I just flash the android 9 rom, then upgrade again to android a10 but still unlocked.
Click to expand...
Click to collapse
but this method should work on android 10? why do you have to downgrade?

osomakohj said:
but this method should work on android 10? why do you have to downgrade?
Click to expand...
Click to collapse
yes, this ubl methode work on a10, but fingerprint didnt work. so that i downgrade to a9, and fingerprint work as well and then i up again to a10 and fingerprint nothing problem

kevin mitnick said:
yes, this ubl methode work on a10, but fingerprint didnt work. so that i downgrade to a9, and fingerprint work as well and then i up again to a10 and fingerprint nothing problem
Click to expand...
Click to collapse
nice.thanks for reporting. by the way have you ever tried to flash gsi on bs2?

FunkyFunny said:
I apologize in advance for google translator
I am not responsible for damage to your devices.
Everything that you do, everything is at your own peril and risk!
Spoiler: Unlock
1. Unpack the archive, install QFIL and the Qualcomm driver
2. We turn off the phone. We hold down both volume keys and connect the USB cable
3. We look that in the device manager our phone was identified as QDLoader 9008
View attachment 5468493
4. Opening QFIL
5. We select Flat Build and see what the file system is worth UFS
View attachment 5468515
6. Next, we need to open the hose (firehose) for our device
View attachment 5468513View attachment 5468511
7. Click "Tools" and select "Partition Manager"
View attachment 5468509
8. In this window, we are asked to confirm that we have selected the correct hose. Click "OK"
View attachment 5468507
9. A window with device sections will open
View attachment 5468505
10. Looking for the oeminfo section
View attachment 5468501
11. Click on it with the right mouse button and select "Manage section data"
View attachment 5468499
12. Next, you need to make a Backup copy of the partition. Click "Read data".
View attachment 5468497
After that, in the log we will see "Finish Read Data"
The line above indicates the location where it was saved and also the name of this image.
After reading the section, it is better to immediately open this folder and rename, in our case the file name will be "oeminfo.bin"
13. Then click Load Image and select the file "unlock.img" A new window will open, click "Yes". After that, in the log we will see "Finish Send Image"
View attachment 5468495
14. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release the power menu (the button must be held down).
15. We get into Fastboot and already see the line "unlocked". We go to Recovery and do a complete reset Wipe data / factory reset
16. Then we press Reboot and wait for our phone to turn on.
Spoiler: Root
1. We turn off our phone. We load into Fastboot. In the "adb" folder, run the cmd,exe file
2. Enter the command
Code:
fastboot getvar current-slot
and look in which slot the firmware is installed
3. We see:
Code:
current-slot: a
finished. total time: 0.006s
or
Code:
current-slot: b
finished. total time: 0.006s
4. We remove the USB cable from the phone. In Fastboot, select "Power off"
5. As soon as the phone turns off, we hold down both volume keys and connect the USB cable.
6. Next, we need to do steps 4 to 12 of the Unlock spoiler. Only this time, instead of the "oeminfo" section, we need a "boot_a" or "boot_b" section depending on which slot the firmware is installed in.
7. Open the folder with the just made backup boot
8. Rename it to "boot_a" or "boot_b", depending on your slot
9. Close QFIL, remove the USB cable. Press the volume down and the power button. Hold for 15 seconds and release both buttons
10. We connect the phone to the PC and drop the Magisk-v23.0.apk and "boot_a or boot_b" files into the "Download" folder
11. Open the explorer and install Magisk
12. Opening Magisk
13. Click "Installation", then "Patch boot image".
14. Select our "boot" from the "Download" folder and click install.
15. We drop our patched "magisk_patched-23000 _ ****. Img" into the "adb" folder from the "Download" folder on the PC and rename it to "magisk_patched.img"
16. Restarting our phone to Fastboot
17. Enter the command and once again we look in which slot the firmware is installed
Code:
fastboot getvar current-slot
18. If "current-slot: a", then enter the command:
Code:
fastboot flash boot_a magisk_patched.img
or
If "current-slot: b", then enter the command:
Code:
fastboot flash boot_b magisk_patched.img
19. Reboot the device
Code:
fastboot reboot
20. We open Magisk. There will be a notification that an advanced installation is required. After installation, the phone will reboot itself. And that's it, ROOT is right for you
Click to expand...
Click to collapse
can i used this method to backup full rom?

osomakohj said:
nice.thanks for reporting. by the way have you ever tried to flash gsi on bs2?
Click to expand...
Click to collapse
ni, i dont. did you ?

I'd love to. but I'm afraid it will hard brick the phone

Development [ROM][12.1][OFFICIAL] ArrowOS 12.1 for OnePlus 9R [OOS12]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ArrowOS for OnePlus 9R (lemonades)​ABOUT​ArrowOS is an AOSP/CAF based project started with the aim of keeping things simple, clean and neat.
Website: https://arrowos.net
Telegram: Channel | TG Portal/Links
Github: https://github.com/ArrowOS
Code Review: review.arrowos.net
E-mail: arrowos.contact
PayPal: Donate to us
Blog: blog.arrowos.net
Checkout more documentation at (maintainership/contributing): Check this out
WHAT WORKS?​Almost everything.
Bugs: You tell me.
DOWNLOADS​Click here to Download
Tip: Select OEM -> Device, choose Arrow version, choose the build type: "GAPPS" or "VANILLA" to download.
INSTALLACTION​- Please note: Be sure that your phone is already OOS12 based !!!
- Download Recovery here
- Download script here
- Download ROM zip file.
- Reboot phone to Fastboot mode
Code: fastboot boot recovery.img
Install in ADB -> copy-partitions-20220613-signed.zip -> Advanced -> reboot to bootloader
fastboot boot recovery.img -> Factery Reset -> Install in ADB -> ROM.zip
- Reboot
INSTRUCTIONS​Read our blog article/post about:
* HOW-TO report a bug
* GAPPS and VANILLA variants
* Checking build integrity
ROM Source: https://github.com/ArrowOS
Kernel Source: https://github.com/ArrowOS-Devices/android_kernel_oneplus_sm8250

The download link seems broken. Also what firmware is ROM based on OOS 11 or 12 ?

With the kebab version should also work
ArrowOS - Downloads

Thanks for your work. Also I want to ask, should I use oos11 or oos12 firmware?

exthomeboy said:
With the kebab version should also work
ArrowOS - Downloads
Click to expand...
Click to collapse
I tried it, but it doesn't work.

slatera18 said:
The download link seems broken. Also what firmware is ROM based on OOS 11 or 12 ?
View attachment 5670887
Click to expand...
Click to collapse
Now it's possible, OOS 11

hiper25 said:
Now it's possible, OOS 11
Click to expand...
Click to collapse
Is also a version only for the 9R. Almost every other rom is flashable on the 8T and 9R, but not here

exthomeboy said:
Is also a version only for the 9R. Almost every other rom is flashable on the 8T and 9R, but not here
Click to expand...
Click to collapse
On my test 9R can't flash 8T ROM
They have to have to separate

hiper25 said:
Now it's possible, OOS 11
Click to expand...
Click to collapse
Yes able to download.
But there is an issue with mic volume when talking on calls. The other person hears feeble voice of me on call.

hiper25 said:
fastboot boot recovery.img
Click to expand...
Click to collapse
Isn't it the code supposed to be fastboot flash recovery <recovery_filename>.img

hiper25 said:
Reboot phone to Fastboot mode
Code: fastboot boot recovery.img
Install in ADB -> copy-partitions-20220613-signed.zip -> Advanced -> reboot to bootloader
fastboot boot recovery.img -> Factery Reset -> Install in ADB -> ROM.zip
- Reboot
Click to expand...
Click to collapse
I'm a newbie here, the last time I have installed a custom ROM on Asus phone over five years ago with lineage os.
Will I be successful if I follow below instructions, as your instructions above are short and suited for pros.
search
Install LineageOS on kebab​keyboard_arrow_left Back to the overview
warning
WARNING: These instructions only work if you follow every section and step precisely.
Do not continue after something fails!
Basic requirements​
Read through the instructions at least once before actually following them, so as to avoid any problems due to any missed steps!
Make sure your computer has adb and fastboot. Setup instructions can be found here.
Enable USB debugging on your device.
Make sure that your model is actually listed in the “Supported models” section here (exact match required!)
warning
WARNING: Before following these instructions please ensure that the device is currently using Android 12 firmware.
If the vendor provided multiple updates for that version, e.g. security updates, make sure you are on the latest!
If your current installation is newer or older than Android 12, please upgrade or downgrade to the required version before proceeding (guides can be found on the internet!).
Unlocking the bootloader​info_outline
NOTE: The steps below only need to be run once per device.
warning
WARNING: Unlocking the bootloader will erase all data on your device! Before proceeding, ensure the data you would like to retain is backed up to your PC and/or your Google account, or equivalent. Please note that OEM backup solutions like Samsung and Motorola backup may not be accessible from LineageOS once installed.
Enable OEM unlock in the Developer options under device Settings, if present.
Connect the device to your PC via USB.
On the computer, open a command prompt (on Windows) or terminal (on Linux or macOS) window, and type:
adb reboot bootloader
You can also boot into fastboot mode via a key combination:
With the device powered off, hold Volume Up + Volume Down + Power.
Once the device is in fastboot mode, verify your PC finds it by typing:
fastboot devices
If you don’t get any output or an error:
on Windows: make sure the device appears in the device manager without a triangle. Try other drivers until the command above works!
on Linux or macOS: If you see no permissions fastboot try running fastboot as root. When the output is empty, check your USB cable and port!
Now type the following command to unlock the bootloader:
fastboot oem unlock
info_outline
NOTE: At this point the device may display on-screen prompts which will require interaction to continue the process of unlocking the bootloader. Please take whatever actions the device asks you to to proceed.
If the device doesn’t automatically reboot, reboot it. It should now be unlocked.
Since the device resets completely, you will need to re-enable USB debugging to continue.
Flashing the dtbo partition​warning
WARNING: This platform requires the dtbo partition to be flashed for recovery to work properly, the process to do so is described below.
Download dtbo file from here. Download the file named dtbo.img from the directory named with the latest date.
Power off the device, and boot it into bootloader mode:
With the device powered off, hold Volume Up + Volume Down + Power.
Flash the downloaded image file to your device by typing (replace <dtbo> with the actual filename!):
fastboot flash dtbo <dtbo>.img
Installing a custom recovery using fastboot​
Download Lineage Recovery. Simply download the latest recovery file, named something like lineage-19.1-20220825-recovery-kebab.img.
Connect your device to your PC via USB.
On the computer, open a command prompt (on Windows) or terminal (on Linux or macOS) window, and type:
adb reboot bootloader
You can also boot into fastboot mode via a key combination:
With the device powered off, hold Volume Up + Volume Down + Power.
Once the device is in fastboot mode, verify your PC finds it by typing:
fastboot devices
If you don’t get any output or an error:
on Windows: make sure the device appears in the device manager without a triangle. Try other drivers until the command above works!
on Linux or macOS: If you see no permissions fastboot try running fastboot as root. When the output is empty, check your USB cable and port!
check
TIP: Some devices have buggy USB support while in bootloader mode, if you see fastboot hanging with no output when using commands such as fastboot getvar ..., fastboot boot ..., fastboot flash ... you may want to try a different USB port (preferably a USB Type-A 2.0 one) or a USB hub.
Flash recovery onto your device (replace <recovery_filename> with the actual filename!):
fastboot flash recovery <recovery_filename>.img
Now reboot into recovery to verify the installation.
Use the menu to navigate to and to select the Recovery option.
Ensuring all firmware partitions are consistent​info_outline
NOTE: The steps below only need to be run once per device.
In some cases, the inactive slot can be unpopulated or contain much older firmware than the active slot, leading to various issues including a potential hard-brick. We can ensure none of that will happen by copying the contents of the active slot to the inactive slot.
To do this, sideload the copy-partitions-20220613-signed.zip package by doing the following:
Download the copy-partitions-20220613-signed.zip file from here. It should have a MD5 sum of 79f2f860830f023b7030c29bfbea7737 or a SHA-256 sum of 92f03b54dc029e9ca2d68858c14b649974838d73fdb006f9a07a503f2eddd2cd.
Sideload the copy-partitions-20220613-signed.zip package:
On the device, select “Apply Update”, then “Apply from ADB” to begin sideload.
On the host machine, sideload the package using: adb sideload copy-partitions-20220613-signed.zip
info_outline
NOTE: The copy-partitions script was created by LineageOS developer erfanoabdi and filipepferraz
Now reboot to recovery by tapping “Advanced”, then “Reboot to recovery”.
Installing LineageOS from recovery​
Download the LineageOS installation package that you would like to install or build the package yourself.
(Optionally): If you want to install an application package add-on such as Google Apps (use the arm64 architecture), please read and follow the instructions on Google Apps page
If you are not in recovery, reboot into recovery:
With the device powered off, hold Volume Down + Power.
Now tap Factory Reset, then Format data / factory reset and continue with the formatting process. This will remove encryption and delete all files stored in the internal storage, as well as format your cache partition (if you have one).
Return to the main menu.
Sideload the LineageOS .zip package:
On the device, select “Apply Update”, then “Apply from ADB” to begin sideload.
On the host machine, sideload the package using: adb sideload filename.zip.
check
TIP: Normally, adb will report Total xfer: 1.00x, but in some cases, even if the process succeeds the output will stop at 47% and report adb: failed to read command: Success. In some cases it will report adb: failed to read command: No error or adb: failed to read command: Undefined error: 0 which is also fine.
(Optionally): If you want to install any add-ons, click Advanced, then Reboot to Recovery, then when your device reboots, click Apply Update, then Apply from ADB, then adb sideload filename.zip those packages in sequence.
info_outline
NOTE: Add-ons aren’t signed with LineageOS’s official key, and therefore when they are sideloaded, Lineage Recovery will present a screen that says Signature verification failed, this is expected, please click Continue.
info_outline
NOTE: If you want the Google Apps add-on on your device, you must follow this step before booting into LineageOS for the first time!
Once you have installed everything successfully, click the back arrow in the top left of the screen, then “Reboot system now”.

hiper25 said:
INSTALLACTION​- Please note: Be sure that your phone is already OOS12 based !!!
- Download Recovery here
- Download script here
- Download ROM zip file.
- Reboot phone to Fastboot mode
Code: fastboot boot recovery.img
Install in ADB -> copy-partitions-20220613-signed.zip -> Advanced -> reboot to bootloader
fastboot boot recovery.img -> Factery Reset -> Install in ADB -> ROM.zip
- Reboot
Click to expand...
Click to collapse
Newbie here.
Need instructions from unlocking the bootloader.
It took almost four hours to figure out and use MSM tool
Please do give me instructions from unlocking the bootloader

Need help rooting Ulefone Armor 18t (EDIT: managed to get it rooted)

I just received an Ulefone armor 18t and I'm trying to get the phone rooted through a magisk patched boot image. Whenever I attempt to flash the patched image, the phone always ends up bootlooping and gives me the 'android system may be corrupt' message. I've tried flashing an empty vbmeta in order to try to disable secure boot, but it still isn't working.
Does anyone have any other suggestions or have any ideas as to what could be causing my phone to not boot?
Posted this on reddit; just reposting this for more exposure
EDIT: I managed to root my phone by patching my boot.img with an older version of magisk (24.3) and then updating to v25 after.

I used Magisk 24.3 to patch my boot.img per your suggestion, but when I flashed it, something went wrong and now I'm stuck in a boot loop. Factory reset doesn't help, and I can't get into fastboot either. How did you get out of your boot loop?

foamrotreturns said:
I used Magisk 24.3 to patch my boot.img per your suggestion, but when I flashed it, something went wrong and now I'm stuck in a boot loop. Factory reset doesn't help, and I can't get into fastboot either. How did you get out of your boot loop?
Click to expand...
Click to collapse
Are you the guy that replied to me on the reddit thread? Sorry about the slow replies but I put a response in that should help hopefully. I'll repost it here just in case:
Well, to get back into fastboot, I had to hold the power button until it shuts off and spam the volume up button super fast until you see either the recovery or the boot selection options
I should mention that the process is super finicky and you'll most likely fail a couple of times. I don't remember needing a vbmeta to root the device but i did try one here, using this command (in the bootloader, not fastbootd): fastboot flash --disable-verity --disable-verification vbmeta "name of vbmeta"
If that doesn't work, you can try using the stock vbmeta with the command above, or try this command with the stock or null vbmeta: fastboot flash vbmeta "name of stock or empty vbmeta"

Have you tried flashing boot.img in fastboot to sort out bootlooping?

I managed to get it booting again, but I'm now dealing with an entirely different problem. The FLIR camera is highly unstable (it frequently crashes, and sometimes stops working completely until I reboot the phone), and I cannot get the infrared image to line up with the camera image. I've tried the automatic calibration and the image realignment utility. No matter what I do, the infrared image is always way too big to line up with the camera image.
This only started happening after I flashed the phone back to "factory" using the ROM provided by Ulefone on their Google Drive. The ROM that was on the phone when it arrived didn't have any problems, but I don't have a backup of that because I assumed that it would be the same as what I could get from Ulefone. But the ROM that Ulefone provides has a bunch of weird stuff, like a red "未写入google key 和tee key" watermark on the screen that can only be removed by running a command in a root adb shell, as well as this thing with the FLIR camera.
Anyone know where I can get a copy of the ROM that was actually installed on the phone when it shipped, as opposed to the one provided by Ulefone on their Google Drive?
Generic123. said:
Are you the guy that replied to me on the reddit thread? Sorry about the slow replies but I put a response in that should help hopefully. I'll repost it here just in case:
Well, to get back into fastboot, I had to hold the power button until it shuts off and spam the volume up button super fast until you see either the recovery or the boot selection options
I should mention that the process is super finicky and you'll most likely fail a couple of times. I don't remember needing a vbmeta to root the device but i did try one here, using this command (in the bootloader, not fastbootd): fastboot flash --disable-verity --disable-verification vbmeta "name of vbmeta"
If that doesn't work, you can try using the stock vbmeta with the command above, or try this command with the stock or null vbmeta: fastboot flash vbmeta "name of stock or empty vbmeta"
Click to expand...
Click to collapse
Yes, I was the person replying to you on Reddit. Thank you again for the help over there.
wenyendev said:
Have you tried flashing boot.img in fastboot to sort out bootlooping?
Click to expand...
Click to collapse
The problem was that I couldn't even get to fastboot. The device was softbricked. I had to use SP Flash Tool to get it back into a condition where I could even use fastboot at all.

foamrotreturns said:
I managed to get it booting again, but I'm now dealing with an entirely different problem. The FLIR camera is highly unstable (it frequently crashes, and sometimes stops working completely until I reboot the phone), and I cannot get the infrared image to line up with the camera image. I've tried the automatic calibration and the image realignment utility. No matter what I do, the infrared image is always way too big to line up with the camera image.
This only started happening after I flashed the phone back to "factory" using the ROM provided by Ulefone on their Google Drive. The ROM that was on the phone when it arrived didn't have any problems, but I don't have a backup of that because I assumed that it would be the same as what I could get from Ulefone. But the ROM that Ulefone provides has a bunch of weird stuff, like a red "未写入google key 和tee key" watermark on the screen that can only be removed by running a command in a root adb shell, as well as this thing with the FLIR camera.
Anyone know where I can get a copy of the ROM that was actually installed on the phone when it shipped, as opposed to the one provided by Ulefone on their Google Drive?
Yes, I was the person replying to you on Reddit. Thank you again for the help over there.
The problem was that I couldn't even get to fastboot. The device was softbricked. I had to use SP Flash Tool to get it back into a condition where I could even use fastboot at all.
Click to expand...
Click to collapse
I am no specialist in unbricking devices. But you may try as follows
- Download the ROM, GApps (Optional), Magisk (Optional).
- Wipe System, Data, Dalvik, Cache.
- Flash the ROM, GApps (Optional), Magisk (Optional).
- Reboot and Enjoy.

I tried to root mine, but I was unsuccessful.
I used mtkclient to pull out the boot_b.img and vbmeta_b.img from my device. Having these backups were helpful to get me out of bootloops.
I tried 3 different magisk versions: 24.3, 25.2, and a patched version linked in mtkclient's github readme.
I also tried the vbmeta recommendations described by OP in this thread, but I still could not get myself past the 'android system may be corrupt' loop.
I reverted my boot and vbmeta partitions back to the version I backed up via mtkclient, and escaped the bootloop. But no root.
Interestingly, the checksum of the boot_b.img in my phone does not match the checksum of the boot.img provided in Ulefone's official release. I am assuming my phone received an OTA update while the version in the Ulefone official GoogleDrive remained old, but I was not able to track down a changelog for rom updates/release history.
Unsure what to try next, open to ideas.

Hello, try this page i think the firmware is more update (have all models), is also from Ulefone.
454.93 GB folder on MEGA
905 files and 654 subfolders
mega.nz
I have donwload a new firmware to my Armor X7 Pro and is very stable.

914mrx said:
Hello, try this page i think the firmware is more update (have all models), is also from Ulefone.
454.93 GB folder on MEGA
905 files and 654 subfolders
mega.nz
I have donwload a new firmware to my Armor X7 Pro and is very stable.
Click to expand...
Click to collapse
I checked the Mega link you provided, and the latest version for the Power Armor 18T is the same as in the Ulefone Google Drive location. I did not compare checksums though, so I cannot confirm the content is identical.
Where did you find this mega folder link? Any chance Ulefone also publishes a changelog or provides older firmware releases in the same location you found the Mega link?

Hello, found this link on 4PDA a long time ago, about the others questions i don´t know. Sorry.

I spent whole night doing everything but all failed. Unlocked OEM and Usb debugging enabled, tried kingroot, vroot, supersu, downloaded drivers and everything...but somehow I couldn't get through any of it.
Any idea anyone how to do this?

Here's why the phone is not being rooted as per the customer service.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

914mrx said:
Hello, try this page i think the firmware is more update (have all models), is also from Ulefone.
454.93 GB folder on MEGA
905 files and 654 subfolders
mega.nz
I have donwload a new firmware to my Armor X7 Pro and is very stable.
Click to expand...
Click to collapse
hello,
i download ROM file from mega. I have SPMDT tool. Scatter files can be to set. DA files is not correct to select. What is wrong?

Hello, i don´t know, there is also a video and a instruction sheet, as I said on Armor 7 Pro everything went well 100%.

914mrx said:
Hello, i don´t know, there is also a video and a instruction sheet, as I said on Armor 7 Pro everything went well 100%.
Click to expand...
Click to collapse
Hello,
I am solved problem with upgrade. Now have problem with FLIR kamera. No have icon for start IR camera. I can't start it.I think that new upgrade no made for all ulefone model.
How is Foamrotreturns solved problem with FLIR camera?

Samo-z said:
Hello,
I am solved problem with upgrade. Now have problem with FLIR kamera. No have icon for start IR camera. I can't start it.I think that new upgrade no made for all ulefone model.
How is Foamrotreturns solved problem with FLIR camera?
Click to expand...
Click to collapse
Were you able to root the phone and flash custom ROM?

I am trying to rot my mediatek device following the instruction on this page:-
Unlock Bootloader on MediaTek Devices using MTKClient
In this comprehensive tutorial, we will show you detailed steps to unlock the bootloader on your MediaTek device using MTKClient.
Everything has went smooth but I am getting I/O error and I am not sure how do i unlock bootloader, and hnce install TWRP to install a better ROM.
Here is the log:-
Port – Device detected
Preloader – CPU: MT6877(Dimensity 900)
Preloader – HW version: 0x0
Preloader – WDT: 0x10007000
Preloader – Uart: 0x11002000
Preloader – Brom payload addr: 0x100a00
Preloader – DA payload addr: 0x201000
Preloader – CQ_DMA addr: 0x10212000
Preloader – Var1: 0xa
Preloader – Disabling Watchdog…
Preloader – HW code: 0x959
Preloader – Target config: 0xe0
Preloader – SBC enabled: False
Preloader – SLA enabled: False
Preloader – DAA enabled: False
Preloader – SWJTAG enabled: False
Preloader – EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader – Root cert required: False
Preloader – Mem read auth: True
Preloader – Mem write auth: True
Preloader – Cmd 0xC8 blocked: True
Preloader – Get Target info
Preloader – BROM mode detected.
Preloader – HW subcode: 0x8a00
Preloader – HW Ver: 0xca00
Preloader – SW Ver: 0x0
Preloader – ME_ID: 32993668EB4B4D231D8C1EBAAE7B7B58
Preloader – SOC_ID: 70D2AEEC41FAFC8277AC77DAC843F110913450DFDAC62279F70FD82135670657
DA_handler – Device is unprotected.
DA_handler – Device is in BROM-Mode. Bypassing security.
PLTools – Loading payload from mt6877_payload.bin, 0x264 bytes
PLTools – Kamakiri / DA Run
Kamakiri – Trying kamakiri2..
DeviceClass – USBError(5, ‘Input/Output Error’)
Traceback (most recent call last):
File “C:\Python 3.10.9\mtk”, line 814, in
mtk = Main(args).run(parser)
File “C:\Python 3.10.9\mtkclient\Library\mtk_main.py”, line 615, in run
mtk = da_handler.configure_da(mtk, preloader)
File “C:\Python 3.10.9\mtkclient\Library\mtk_da_cmd.py”, line 101, in configure_da
mtk = mtk.bypass_security() # Needed for dumping preloader
File “C:\Python 3.10.9\mtkclient\Library\mtk_class.py”, line 155, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File “C:\Python 3.10.9\mtkclient\Library\pltools.py”, line 102, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File “C:\Python 3.10.9\mtkclient\Library\kamakiri.py”, line 139, in payload
if self.exploit2(payload, addr):
File “C:\Python 3.10.9\mtkclient\Library\kamakiri.py”, line 117, in exploit2
ptr_send = unpack(“<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: a bytes-like object is required, not 'NoneType'
What do i do now? I've followed all the steps, not sure why is it giving I/O error. I tried with second usb on other port but got the same message.
Kindly suggest how to rectify this.
My device is Ulefone Armour 18t, Processor: MediaTek Dimensity 900
Phone tech specs:-
Ulefone Power Armor 18T
Please help.. :-(
Kind Regards
Hitanshu Gaur

Generic123. said:
I just received an Ulefone armor 18t and I'm trying to get the phone rooted through a magisk patched boot image. Whenever I attempt to flash the patched image, the phone always ends up bootlooping and gives me the 'android system may be corrupt' message. I've tried flashing an empty vbmeta in order to try to disable secure boot, but it still isn't working.
Does anyone have any other suggestions or have any ideas as to what could be causing my phone to not boot?
Posted this on reddit; just reposting this for more exposure
EDIT: I managed to root my phone by patching my boot.img with an older version of magisk (24.3) and then updating to v25 after.
Click to expand...
Click to collapse
Hi mate, I patched the boot.img of the official ROM with Magisk after installing it on the phone and then selecting 'install' button and selecting boot.ing file of the official ROM and it was successful. But what do I do next? How do I root the phone after this?

hitanshugaur said:
Hi mate, I patched the boot.img of the official ROM with Magisk after installing it on the phone and then selecting 'install' button and selecting boot.ing file of the official ROM and it was successful. But what do I do next? How do I root the phone after this?
Click to expand...
Click to collapse
Here a complete how to https://www.droidwin.com/patch-stock-boot-image-flash-magisk/

joke19 said:
Here a complete how to https://www.droidwin.com/patch-stock-boot-image-flash-magisk/
Click to expand...
Click to collapse
I have been able to do everything, now the instructions in the last one are confusing.
Step 2A and 2B are causing confusion and hence a bootloop error.
In 2A he is asking to 'copy' the patched file to the platform-tools folder and the file as per him is stored by the name of magisk_patched.img whereas in reality when I did it was saved as magisk_patched._1vjUh.img. I have copied this to the platform-tools folder as directed
In 2B he is asking to patch again with a newer version and yet again as per him that file will be saved as magisk_patched.img too. Now how can one folder have two files with the exact same name?
Now the confusion is: Does he want us to 'cut paste' the patched image from the older version to the platform-tools folder and rename it to magisk_patched.img ; and leave the new version's patched file in the phone's internal memory and rename that one too magisk_patched.img as well?
If this is done then won't there be a conflict while rooting? because two patched .img are from different versions of a software?