Guys, please help. I tried everything with Flash Tools and nothing. There are a few Russian sites that claim to have rooted it, but my Russian is simply zero.
Anyone?
Bootloader is locked too.
Your help will be much appreciated.
Do you still need root ? i kinda find a way how we can root every chinese phone if there is SP_Flash_Tool package for them.
how: ?
download : "HOMTOM-HT20-Pro-Android_6.0-R15-20180302"
unrar, inside are 21 file (atlest for me) , (dont delete original boot.img, make copy somwhere else, then delete it from homtomp package folder)
Then copy boot.img to your phone
download magisk manager, instal it, open magisk manager, press instal, chose Patch Boot Image File.
patched file need to be in downloads as patched_boot.img, copy it to HOMTOM-HT20-Pro-Android_6.0-R15-20180302 folder
rename it to boot.img (original boot.img alredy backuped in different location), replace original boot.img with patched boot.img .
use SP_Flash_Tool , you can flash all, or chose only boot.img (i used firmware upgrade, but if it not work, use download only)
then you shuld be able to instal magisk manager and acces root. Tested mydelf with homtom ht20 pro, all works, can spoof pokemons etc.
I am looking for flash file Homtom HT20 with android 7.0 or higher. Any help?
Bypass bootloader guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz.
A little bit of disclaimer......
Appender is for those who are currently using bypass bootloader hack above, so there is no need of manually appending blocks to boot image/recoevry image after every flash. Appender automatically appends the 4k bytes to boot image and recovery image.
NOTE: DO NOT QUOTE WHOLE POST OR I WILL IGNORE
Appender-v4 Download below
Changelog:
Appender-v4
*Fixed Appender on system-as-root boot images (Appender breaks GSI with system-as-root, don't use GSI)
*Improved overall code
Appender-v3
*Initial test version
Recommended twrp: Pitch black recovery
Link
Appender-v4.zip is for boot image
Appender-v4-rec.zip is for recovery image
Appender Usage
1. Flash rom
2. Flash magisk for root (skip if you don't need root)
3. Flash custom kernel (skip if you don't need custom kernel)
4. After that flash Appender-v4.zip
5. Reboot
Appender Recovery Version Usage
1. Flash recovery image
2. Flash Appender-v4-rec.zip
3. Reboot Recovery
CAUTION: Appender must be flashed EVERY time you modify boot image or recovery image.
And don't forget to press thanks if this tool has helped you
Reporting errors.
After flashing appender, send the file /cache/recovery/last_log if Appender didn't worked, and also metion the issue you are facing.
Credits and thanks
@osm0sis for Anykernel3
@xaacnz for bypass bl guide
steeldriver (stackexchange) for helping me with commands
busybox team
Old method
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf 'x30x83x19x89x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf 'x30x83x19x89x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing, use recommend twrp above
If you get error related to ramdisk compression, use Appender-v4 or above
XDA:DevDB Information
Appender for Redmi 5A (bypass bootloader), Tool/Utility for the Xiaomi Redmi 5A
Contributors
saurabh6377
Version Information
Status: Beta
Current Beta Version: 4
Beta Release Date: 2019-09-29
Created 2019-09-28
Last Updated 2019-09-29
Reserved
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor for android/linux/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note3: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
Let me verify this, I will update the guide once this is verified.
Sonu1123 said:
Thanks it worked but i didn't appended 4k block to patched_boot.img it worked without appending 4k block.
Click to expand...
Click to collapse
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
_saurabh__._ said:
If you didn't append 4k block to patched_boot.img and you have locked bootloader then flashing magisk directly from twrp must work also because both processes are same. And likewise you can also flash custom kernel directly using twrp without extracting boot.img. In my case I have to append 4k block to patched_boot.img for system to boot.
Click to expand...
Click to collapse
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Sonu1123 said:
I don't know how it worked but when i tried it again system crashed then i appended 4k block to patched_boot.img to get magisk intalled.
I have one more question what about xposed for pixel experience rom for riva and can i flash it directly without modifying it.
Edit:I am on pixel experience latest android pie version.
Click to expand...
Click to collapse
Yes you can install xposed. Simple rule of thumb is that you can flash anything that does not touch boot image and xposed doesn't it only writes to /system partition so no issues.
Xposed is not available for pie yet, but the unofficial EdXposed magisk module was tested by me and it works good on pixel experience.
Kindly ask you to upload some zip file to your OP, containing following files:
- tmp\hack_splash.xml
- tmp\prog_emmc_firehose_8917_ddr.mbn
- tmp\recovery.img
- tmp\splash.img
- tmp\twrp.xml
- fh_loader.exe
- QSaharaServer.exe
- a text file containing steps 9-11 and link to xaacnz thread (for credits)
_saurabh__._ said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Requirements
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Any hex editor(Note2) for android/windows (yes you absolutely dont need a pc)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch Boot Image File, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the patched_boot.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
Please upload the patched files.
- hack_splash.xml
- recovery.img
- twrp.img
- splash.img
- twrp.xml
It really helps me to know how to append blocks.
Please upload these files for us.
Thanks and regards.
Anshu lakra said:
aIecxs said:
Dude, youre waiting for 2 months, wish i could help you... Maybe here more better luck?
https://forum.xda-developers.com/showthread.php?t=3911660
Click to expand...
Click to collapse
Have you flashed custom ROM ?
---------- Post added at 03:54 AM ---------- Previous post was at 03:52 AM ----------
Nobody is uploading or posting link.
Click to expand...
Click to collapse
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
aIecxs said:
Nope. I don't have this phone anymore. Just be patient, _saurabh__._ will upload patched files as soon as he has time, he's busy at moment
Click to expand...
Click to collapse
Thanks sir i am waiting .
saurabh6377 said:
As a followup to this guide https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381 by dev @xaacnz without him this guide might not be here, I am making this guide so you can root your device or flash any custom kernel without unlocking your device.
NOTE: YOU NEED TO FOLLOW THE ABOVE GUIDE IF YOU HAVEN'T, THEN COME BACK HERE
Code:
Your warranty will be void now
I am not responsible for anything wrong happens to your device
Note1: Even though no data is erased in this process it is recommended to take backup.
What this guide covers.
1. Rooting your device
2. Flashing custom kernel
All without need to unlock bootloader
Well there are two ways with which you can do this
Requirements
For PC based method
1. Working twrp recovery (if you dont have twrp installed follow this guide)
2. Pc must have linux installed, if you have windows don't worry install WSL using this link
3. Android image kitchen for your respective OS.
4. Latest magisk zip from here
For Android only
1. Working twrp
2. Any hex editor(Note2) for android/windows (optional)
3. Latest Magisk manager app only (for root only)
4. Android Image kitchen- android, windows/linux (for custom kernel only)
Steps for PC based1. Flash magisk zip or any kernel. Don't reboot system.
2. Go to backup senction in twrp and backup boot.
3. Connect your device to PC and look where you backed up boot and copy boot.emmc.win to Android image kitchen folder and rename to boot.img
4. Run unpackimg.sh or double click on unpackimg.bat. Then run repackimg.sh or double click on repackimg.bat. You will see image-new.img in the same folder
5. On windows hold Shift and right click in file manager with mouse, you will see open linux shell here, click it. OR if you have linux (specifically ubuntu) then right click and select open terminal here in Nautilus.
6. Run (to append 4k block, note that you can append block to any file specified by "of" parameter like of=twrp.img, of=boot.img etc)
Code:
printf '\x30\x83\x19\x89\x64' | dd of=image-new.img ibs=4096 conv=sync,notrunc oflag=append
7. Copy the image-new.img to your phone anywhere you prefer.
8. Flash image-new.img using twrp to boot partition.
9. Reboot
Steps for non-PC based (*outdated and some kernels won't work fully)[/CENTER]
1. Extract boot.img from your currently installed rom and put it in internal storage of your phone (if you do not want to flash custom kernel skip to step 4)
*2. Download custom kernel you want to flash, extract zImage from the flashable kernel zip
*3. Unpack boot image using android image kitchen, in the split_img folder delete "boot.img-zImage" and put zImage you extracted in split_img folder and rename it to "boot.img-zImage"
*For custom kernel only
4. Install magisk manager apk on your phone
5. open magisk manager, you will see magisk is not installed select install (first one), a popup will appear telling to install magisk, select install, then select Patch a file, select the boot.img file that you extracted, then let magisk manager do the rest, after finishing the magisk-patched.img file will be stored in Downloads folder of your internal storage
6. Open the patched_boot.img in hex editor
7. To make the patched_boot.img to boot append(Note2) a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file
8. Boot into twrp and flash patched_boot.img
9. Done, reboot
Note2: On Linux you can use dd command to append
Code:
printf '\x30\x83\x19\x89\x64' | dd of=testfile ibs=4096 conv=sync,notrunc oflag=append
Note3: If you get error cannot mount twrp while flashing the image, use vendor twrp
Note4: If I get time I will later make a script that automates the process.
Click to expand...
Click to collapse
script .you promised script. are looking forward to !!! You are welcome
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
not necessary there is official unlock tool from xiaomi
aIecxs said:
not necessary there is official unlock tool from xiaomi
Click to expand...
Click to collapse
This is for those who weren't successful unlocking via official method.
osm0sis said:
Edit: Also @saurabh6377 isn't using AK3 correctly.. he left in all the stuff from the example and edited the Backend to add the printf (which it clearly says not to do) instead of putting it in anykernel.sh.
Click to expand...
Click to collapse
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
osm0sis said:
If this is like an LG Bump situation you should just make a Pull Request to Magisk to add detection of the magic and to re-add it after automatically. I'll see about adding support for it to my Android Image Kitchen as well.
Click to expand...
Click to collapse
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
Yeah, that is why I said experimental, I have my exams coming and I am just starting to learn all the stuff. It takes a lot of time figuring out everything (for beginner).
That is why I modified anykernel methods of flashing boot image.
EDIT: After my exams will be over, I will try to make another version of appender using anykernel correctly.
@osm0sis Also, the bytes must be appended to final boot.img before flashing, but ak3 builds and flashes boot image in same method (write_boot), so I have to modify that method. Correct me if I am wrong.
Not really needed, people can just unlock, it is for those who are using bypass bootloader exploit because they cannot unlock (most likely in case if someone have bought from untrusted source). And append doesn't work always.
Click to expand...
Click to collapse
Cool. I just worry what that stuff intended for tuna (Galaxy Nexus) could do. If you don't need to touch the ramdisk you could just use split_boot; so it doesn't unpack the ramdisk unnecessarily.
You can use repack_ramdisk; (if unpacked) and flash_boot; instead of write_boot; to get more granular control and be able to act on the final image before flash. :good:
Good luck with your exams! :fingers-crossed:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Sent from my Redmi Note 7 using XDA Labs
saurabh6377 said:
@osm0sis thanks, I will make another version of appender soon.
I have one question though
I want to edit /vendor/etc/fstab.qcom to enable forceencrypt using anykernel
In fstab.qcom I have this
/dev/block/bootdevice/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,noauto_da_alloc wait,formattable,check,encryptable=footer,quota
I want to change "encryptable" to "forceencrypt" using anykernel.
What is proper way?
Click to expand...
Click to collapse
Well that's not necessarily an AnyKernel "thing" because it's a vendor partition modification, but yeah you could do that somewhere in anykernel.sh as part of a flash if you want, just remember to mount vendor rw first and back to ro after. The AK3 patch_fstab function might work for you.
Hey ges any video for this step?
7. To make the patched_boot.img to boot append a 4k block which begins with 0x30, 0x83, 0x19, 0x89, 0x64 to patched_boot.img, and save the file