Database Info

[APP][4.0+] Root Transmission - Root other devices using your phone!

Root Transmission
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Root Transmission: the ONLY app that allows you to root other phones straight from your own device!
Inspired by Kos's p2p-adb hacking toolkit (http://hak5.org/episodes/hak5-1205), this app is a pleasant, easy way to root other phones while away from your computer! Just two buttons, Root and Unroot! Connect the cable and root away! It couldn't be simpler!
Even has its own terminal window so you can see exactly what's going on while your phone does its thing!
You will need a ROOTED device capable of USB hosting (USB On The Go), a USB OTG cable and one-click root scripts for the devices you wish to root.
Scripts and their associated files should be placed in /sdcard/RootTransmission/*devicename*/*version*/, otherwise it will not be available for use. *devicename* and *version* can be whatever you want.
Note that this is an UNSTABLE version, and you use this app at your own risk. Occasional force closes are to be expected (though they will most likely not break the phone you are trying to root). Incorrectly written scripts can permanently damage or brick both devices involved, so only use trusted 3rd party root scripts and at your own risk.
Click to expand...
Click to collapse
Screenshots
Changelog
1.01unstable
fixed bug that sometimes caused crashing when user closed app
fixed bug that caused app to crash if scripts directory did not exist
Much smaller size (166k)
made it for Android 4.0 and up (accidentally had it for 3.1 and up in Play Store, will re-add Honeycomb support if I find that it works reliably with it)
1.0unstable
initial public release
Click to expand...
Click to collapse
Planned features
Downloading scripts within the app
Nicer GUI
In-app help text
??? Suggest some!
Click to expand...
Click to collapse
(Removed from Play Store because Google said it was "dangerous")
Please do not mirror this apk, it is to be downloaded exclusively from XDA-Developers. Failure to comply will result in the removal of this app from XDA.
I've attached a zip with the files needed to root a Verizon Galaxy S3 (SCH-I535), extract it to /sdcard/RootTransmission/ to use.
Note that since I only have one USB host-capable device (my own S3), no warranty is provided over the functionality of this zip since I am unable to fully test it. (It is a repackaged version of the DebugFS one-click root found at http://forum.xda-developers.com/showthread.php?t=1883984 and thus will only work if the device to be rooted is running ICS, which shouldn't be a problem as of yet.)
Again, this is an unstable test version. It should mostly work, but no guarantees on its functionality.​

Reserved for future use

Reserved for future use.

what device is supported? what device supported that can be rooted?

chev said:
what device is supported? what device supported that can be rooted?
Click to expand...
Click to collapse
In order to run the app, your device (the device that is already rooted) must support USB hosting/USB OTG. Most newer devices have this.
This app uses adb and scripts (which you must provide) to root devices. If there is a root method for the device that uses adb, then it will work.
In the case of the Verizon Galaxy S3 (my primary device), the root method for a stock ROM is to use adb to push an exploit that will allow us to install Superuser and the su binary. I believe the Asus Transformer Prime uses a similar method.
If the only root method available involves using a program such as Odin/Heimdall or a manufacturer's phone flashing utility, or a zip must be flashed in recovery in order to gain root, it will definitely not work. In the case of the HTC Sensation, you must flash a recovery and boot into it, then flash a zip containing the su binary as well as a controller app such as Superuser in order to gain root. So the HTC Sensation could NOT be rooted with this.
In the future I plan on building a compatibility chart within the app to determine which phones can run this app and which phones can be rooted with it, as well as downloads for the rooting process. In the meantime, if there is a phone you are looking to root with this, let me know and if possible, I'll craft a zip to use with this.

Updated Root Transmission to 1.01unstable.
Following changes were made:
-bugfix: app occasionally FC'd when closing app
-bugfix: app crashed if scripts directory did not exist
-smaller size (166k, old version was 1.62mb)
-made it available only for 4.0 and up (had it set to 3.1 and up by accident)
Available in first post or in the Play Store.
Keep sending in those bug reports, it really helps!
Also, if you have any new features you want to suggest, let me know.
I'm considering the following so far:
-Downloading scripts in-app
-Nicer GUI
-Help text

Added script for the Asus Transformer tablets (TF101/TF201/TF300T/TF700T) to the first post. It will only root tablets on 4.0 or below.

This app looks promising, keep it up this great work, :fingers-crossed:

Theoretically could this run any script over adb on another device. not just a root one?

one x
Hey does this work with the one x international version?

I believe that in order for the app to work properly, adb must be running as root, so no. It's not possible to use this with a non rooted phone.
HTC One X should be able to be rooted (as well as other devices relying on fastboot), but I haven't added support for it yet. A fastboot binary for ARM is available, so I'll package that into the app for next release. Stay tuned. However, I don't know about unlocked bootloaders and all that on HTC devices, so beware.
I'm also going to take a look at the Heimdall source code later so that you can perform Odin flashes over USB. This means that basically any Samsung phone should be able to be rooted, even without a one click root script.
All this stuff will take time though, and with school still going on it might take some time. But I'm definitely working on it!
Sent from my SCH-I535 using Tapatalk 2

Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?

root tranmission
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance

Draciel882 said:
Would it be possible to use this app to flash unsecured boot.img and then recoveries? Basically have it set up to download the recoveries and boot.img from a ftp or something? Can we basically just use the host phone as a standard ADB and Fastboot commander? Using regular commands?
Click to expand...
Click to collapse
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
teran220 said:
i download the file, and recive the next error while unstalling:
parse error
there is a problem parsing the package
there´s any fix?
thanks in advance
Click to expand...
Click to collapse
Try installing from Play Store.

wchill said:
This is on my to-do list. I might also include a terminal emulator with access to the app's adb/fastboot binaries.
Click to expand...
Click to collapse
That would be awesome, let me know if you need some help testing. I've been wanting to be able to do this for awhile. It would pretty much eliminate the need for a computer when flashing roms on devices that have their bootloader already unlocked.

how to check my device is usb otg/host capable ?

anazhd said:
how to check my device is usb otg/host capable ?
Click to expand...
Click to collapse
Use this app by Chainfire
https://play.google.com/store/apps/details?id=eu.chainfire.usbhostdiagnostics
Sent from my SCH-I535 using Tapatalk 2

Wow, the idea behind your software is brillant!
I yet see a future world in which handset liberation is achieved and spread among users in dark corners of the streets! :silly: :laugh:

Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
EDIT : No offence for calling you a rookie , I may have underestimated you , because your work is amazing , but I was talking the Java side of your knowledge , sorry if I offended you !

seaskyways said:
Hey there wchill , seems like you are an app dev rookie as I seen some stuff , well you aren't so different from me , PM me , I will help you in your project , btw I have seen a small thing , that the Settings button does nothing , to remove it remove in your mainActivity the lines that say onCreateOptionsMenu , as long as you don't need an options menu !
Click to expand...
Click to collapse
I know that the options menu is there, but I'm planning on adding to its functionality so there's no point in removing it yet. Don't worry, I didn't forget about it
Also, I only have one year of experience in Java, so my skills definitely are not the most top notch out there. I'd say not bad for being self taught though.
Anyway, in app downloads should be working by this weekend, depending on how much homework I get this week. Did a lot of it today, just need to make the frontend for it. After that I'll work on improving the GUI, because I really couldn't be bothered to spend more than 5 minutes making it what it looks like right now.
Expect an update in the next few days
Sent from my SCH-I535 using Tapatalk 2

[ROM][Kernel][cm13/lineage14.1]Nethunter fully patched HID and external wireless card

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disclaimer: I'm in now way, shape or form a developer. The following steps are to be used as a guideline for installing nethunter onto your device. If something goes wrong during the install/set up process, I won't be held responsible. By installing the roms/nethunter zips you're voiding your warranty so do so at your own risk.​
Click to expand...
Click to collapse
Nethunter is in short a set of apps for network penetration testing, you should only use these tools for testing your own network security or other networks YOU HAVE PERMISSION FOR! If you get caught using these tools illegally, do not come crying to me, I'll laugh in your face and point you to this thread.... That being said, let's get on with it.
You're going to need a rooted device for this to work, this thread isn't about rooting, if you're not yet rooted check out the other threads on XDA. Great community with plenty of topics showing you how to root. You have the options of:
cm-13.0 running on Marshmallow with kernel 3.4.111
Lineage-14.1 running on Nougat 7.1.2 with kernel 3.4.113
Both have fully patched kernels and whilst they all have a few issues (not related to the kernels or the first rom you install, check known issues below for updates), you should be able to use 99% of the functions. I'll list the issues at the bottom of this post and the steps to try and fix them if any.
Links
Cm-13.0 links:
CM-13.0: https://www.androidfilehost.com/?fid=817550096634766544
Nethunter: https://www.androidfilehost.com/?fid=529152257862723757
Lineage-14.1 7.1.2 links:
Lineage14.1:https://www.androidfilehost.com/?fid=529152257862728021
Nethunter:https://www.androidfilehost.com/?fid=529152257862723623
Install
Download and copy both of the above files to the root of your device along with the Gapps of your choice.
Reboot into recovery and wipe Dalvik, Data and Cache
Install the CM-13.0/Lineage-14.1 rom
Install Gapps
If you're S-off then reboot into your phone.
If you're S-on, extract the boot.img from the CM-13 file and place it in your fastboot folder.
Run the following command and reboot: fastboot flash boot boot.img
After the boot.img has flashed, run the following command: fastboot reboot
After you've allowed your phone to boot fully, reboot back into recovery and install the nethunter file.
Be PATIENT!! The install can take up to half hour! Once the install has finished, reboot system and you should be golden.
If at any point during the install process TWRP asks you if you want it to install root, select the "Do not install" option. Nethunter will handle this for you.
That's it, you should be fully loaded with nethunter.
Features
HID is fully functioning on both versions.
Supported external wireless drivers are fully functioning. Check the useful links below to find supported devices.
Csploit
DroidDrive
Hackers Keyboard (This comes in so handy when using terminal)
Nethunter VNC
Nethunter Terminal
OpenVPN
Shodan
USB Keyboard
Known issues
Unless stated otherwise, any issue related to lineage-14.1 applies to both the android 7.1.1 version and the 7.1.2 version
Csploit on CM-13.: For some reason, nethunter installs an outdated cSploit for the marshmallow build. If you constantly receive an error message saying "No exploits found", uninstall cSploit and install the latest version from here: http://www.csploit.org/downloads/
cSploit arp poisoning on both cm13 and lineages14: Arp poisoning exploits aren't working for any MITM attacks, I've spoke to the devs and they've confirmed it is a bug, as soon as it's fixed, I'll update this thread.
HID Interface on both cm13 and lineage14: If you have no HID interfaces showing in the nethunter home panel. Open an exploit that uses HID (rubberduck will suffice) and launch an attack, don't worry about plugging your phone into your computer. It's sheerly for forcing nethunter to check the relevant directories for HID interfaces. Once you've launched an attack, they should appear.
Terminal crashing on Lineage14: If your terminal keeps crashing when you try to start it, long press your home screen to bring up the active apps tabs. Close the terminal, open the main nethunter app and wait for it to be granted root privileges, now minimize and try opening the terminal again. For some reason, the terminal requires the nethunter app to be open and with root.
Rubberduck HID not launching attacks: Connect to your target computer, change the USB connection to MTP for file transfer and also enable ADB via the developer menu. Try again
Useful links
Official nethuner wiki: https://github.com/offensive-security/kali-nethunter/wiki
There's a link on there titled "known working hardware" that's where you can check if your wireless card is supported.
Official cSploit wiki: https://github.com/cSploit/android/wiki
Again, links on the page full of useful information.
Kernels:
For some reason, trying to just flash the kernel to an already installed rom doesn't work, so if you'd like to try and build the zImage into your boot.img fell free to.
3.4.111: https://www.androidfilehost.com/?fid=457095661767158370
3.4.113: https://www.androidfilehost.com/?fid=529152257862724031
Thanks and credits
@9Lukas5 for letting me use his kernel
@AndroGeek974 both the cm-13 and lineage-14.1 roms are his, with my kernels and nethunters.
@ZpanicZ The cm-13 nethunter build is his.

Screenshots

Can i use only internal card wireless for airmon-ng start wlan0 ? Or i need external one with otg cable

99% certain the answer will be no if you intend to use it in monitor mode. There's a device that does support monitor mode on the internal card but can't remember what one it was. You can always try it by opening a terminal and typing the following:
Airmon-ng start wlan0
If it works then you'll see a new interface pop up called:
Wlan0mon
I wouldn't hold my breath though, you're better of getting a cheap otg off eBay for a couple of quid and get an external wireless card. There's a link in the first post to the nethunter wiki, they have a list of devices that have been confirmed as working.

Just for your reference. The may unofficial CM14.1 based off 7.1.2 is at https://www.androidfilehost.com/?fid=529152257862723521
Maybe I can dirty flash it?

mobileman88 said:
Just for your reference. The may unofficial CM14.1 based off 7.1.2 is at https://www.androidfilehost.com/?fid=529152257862723521
Maybe I can dirty flash it?
Click to expand...
Click to collapse
Perfect, cheers, downloading it now. May try it out tonight, prob be tomorrow though.

Update
Updated to include the latest lineage-14.1 build running on android 7.1.2, I'm still testing it but the same issues listed in the first post seem to be present with no other issues appearing!

michael8t6 said:
Update
Updated to include the latest lineage-14.1 build running on android 7.1.2, I'm still testing it but the same issues listed in the first post seem to be present with no other issues appearing!
Click to expand...
Click to collapse
Awesome to hear that. Take your time dude. Understand this fixes many rom issues except for Bluetooth which is still funky. Left my m7 at work so can't do anything this weekend. Bummer.
Sent from my Nexus 6P using Tapatalk

mobileman88 said:
Awesome to hear that. Take your time dude. Understand this fixes many rom issues except for Bluetooth which is still funky. Left my m7 at work so can't do anything this weekend. Bummer.
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
haha unlucky!! I'd be tempted to drive back and get it
Yeah the bluetooth doesn't like my headset on this build, doesn't find it in pairing mode at all! The rom does seem a lot more stable for sure though.

michael8t6 said:
haha unlucky!! I'd be tempted to drive back and get it
Yeah the bluetooth doesn't like my headset on this build, doesn't find it in pairing mode at all! The rom does seem a lot more stable for sure though.
Click to expand...
Click to collapse
Haha. Work is too much of a drive for me over the weekend. Should I dirty flash from your earlier release? Or spotless I do a full wipe and start anew?
Sent from my Nexus 6P using Tapatalk

mobileman88 said:
Haha. Work is too much of a drive for me over the weekend. Should I dirty flash from your earlier release? Or spotless I do a full wipe and start anew?
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
One of the perks of working from home, I only have to drive to the storage unit to collect my eBay orders, other than that I get to spend the rest of my time at home.
Think you have to do a clean flash mate, I tried a dirty flash when I was testing the kernels and although it said it went fine with no errors, when I flashed the nethunter build, none of the apps were showing. I then done a clean flash and everything was working fine. Although, if you do try a dirty flash and it works, let me know please :good:

Some one help me step by step .
i have htc s-on hboot 1.61
When i flash rom i reboot full boot phone
And coming back to recouvery and flashing nethunter . but when i run nethunter app terminal cruch .. Please some one telp hiw to make it true step by step and sorry for my bad english

michael8t6 said:
One of the perks of working from home, I only have to drive to the storage unit to collect my eBay orders, other than that I get to spend the rest of my time at home.
Think you have to do a clean flash mate, I tried a dirty flash when I was testing the kernels and although it said it went fine with no errors, when I flashed the nethunter build, none of the apps were showing. I then done a clean flash and everything was working fine. Although, if you do try a dirty flash and it works, let me know please :good:
Click to expand...
Click to collapse
Thanks for trying it out first. I have also tried dirty flash . It's the same, no go. Everything boots up fine but none of the nethunter apps are showing although the kernel is able to show the hidg devices as checked using adb. The apps are all not showing. Bummer. Doing a full flash now. Hopefully we can easily update to the new daily builds so I don't have to do a full wipe of the device each time. Let me know if there's anything else I can help test it with.
Btw how did you modify the 0501 unofficial build to your 0.0.1 file?
---------- Post added at 10:41 AM ---------- Previous post was at 10:39 AM ----------
Tafabil said:
Some one help me step by step .
i have htc s-on hboot 1.61
When i flash rom i reboot full boot phone
And coming back to recouvery and flashing nethunter . but when i run nethunter app terminal cruch .. Please some one telp hiw to make it true step by step and sorry for my bad english
Click to expand...
Click to collapse
There are steps in the OP for S-ON devices . You need to do a few more steps to get it going
-----
If you're S-on, extract the boot.img from the CM-13/14 file and place it in your fastboot folder.
Run the following command and reboot: fastboot flash boot boot.img
After the boot.img has flashed, run the following command: fastboot reboot
After you've allowed your phone to boot fully, reboot back into recovery and install the nethunter file.

After flashing rom 7.1.1 should i go back to fastboot imidiatly and flashing boots.img or let the phone boot fully and then going back to fastboot and flash boot.img ?

mobileman88 said:
Thanks for trying it out first. I have also tried dirty flash . It's the same, no go. Everything boots up fine but none of the nethunter apps are showing although the kernel is able to show the hidg devices as checked using adb. The apps are all not showing. Bummer. Doing a full flash now. Hopefully we can easily update to the new daily builds so I don't have to do a full wipe of the device each time. Let me know if there's anything else I can help test it with.
Btw how did you modify the 0501 unofficial build to your 0.0.1 file?
Click to expand...
Click to collapse
aye, I'm not quite sure why we're not able to dirty flash, I know when the nethunter app updates you'll get a message next time you open the nethunter main app asking if you want to update, it then downloads the latest apk so you're able to update the nethunter apps. But for some reason, you're not able to just flash the boot.img over a existing install or dirty flash! Annoying I know but I'm not a developer so am stuck on that bit.
As for renaming the build, after I built the kernel, I used a program called android kitchen, extracted the boot.img from the build, then extracted the zImage and ramdisk file, replaced the zImage with mine, repacked and rebuilt the rom whilst renaming.
Tafabil said:
After flashing rom 7.1.1 should i go back to fastboot imidiatly and flashing boots.img or let the phone boot fully and then going back to fastboot and flash boot.img ?
Click to expand...
Click to collapse
Go back to fastboot immediately, once the rom and gapps have finished installing, DO NOT BOOT INTO SYSTEM! Boot into bootloader and run the following commands:
fastboot flash boot boot.img
Click to expand...
Click to collapse
Once it's done flashing the boot image, run the next cmd:
fastboot reboot
Click to expand...
Click to collapse
if at any point during the install process, twrp or your other custom recovery asks if you want it to root, select DO NOT INSTALL..
Wait for the phone to have one full boot after issuing the reboot command before install nethunter.

michael8t6 said:
aye, I'm not quite sure why we're not able to dirty flash, I know when the nethunter app updates you'll get a message next time you open the nethunter main app asking if you want to update, it then downloads the latest apk so you're able to update the nethunter apps. But for some reason, you're not able to just flash the boot.img over a existing install or dirty flash! Annoying I know but I'm not a developer so am stuck on that bit.
As for renaming the build, after I built the kernel, I used a program called android kitchen, extracted the boot.img from the build, then extracted the zImage and ramdisk file, replaced the zImage with mine, repacked and rebuilt the rom whilst renaming.
Go back to fastboot immediately, once the rom and gapps have finished installing, DO NOT BOOT INTO SYSTEM! Boot into bootloader and run the following commands:
Once it's done flashing the boot image, run the next cmd:
if at any point during the install process, twrp or your other custom recovery asks if you want it to root, select DO NOT INSTALL..
Wait for the phone to have one full boot after issuing the reboot command before install nethunter.
Click to expand...
Click to collapse
Cool to know that. I am quite familiar with Kali Linux but am not as familiar with the internals of Android. Learning something new everyday. There are tons of Y-cables on Amazon, not sure if they are all the same and I should simply buy the cheapest one. Definitely need one to power mouse/keyboard/hdd

mobileman88 said:
Cool to know that. I am quite familiar with Kali Linux but am not as familiar with the internals of Android. Learning something new everyday. There are tons of Y-cables on Amazon, not sure if they are all the same and I should simply buy the cheapest one. Definitely need one to power mouse/keyboard/hdd
Click to expand...
Click to collapse
I paid £12.99 for mine from maplins just because I wanted it that day haha, my patience is non existent when it comes to waiting on things in the post. To be honest though I suppose as long as it does what it says on the tin then I'd get the cheapest.
I've got kali and windows 7 as a dual boot, bit of a strange one with kali though, when I installed it with my external graphics card, it would crash and kill my session as soon as I tried to do anything graphic intensive! Worked out it was the external graphics card, so removed it, went to download and install the drivers for it, soon as I tried to install it, the GUI said that it couldn't detect a card (obviously it wasn't plugged in). I tried to plug it back in and install the driver again, then it just killed my session and logged me out like it was before so I'm now having to run onboard graphics! No idea why it was doing that but meh, both windows and kali are running fine with onboards so not to bothered!
I was using kali back when it was called backtrack 4!! Great little distro for testing networks, currently studying for the CEH exams, dream job to be a certified pen tester. Suppose that's why it only took the week to learn all about kernel compiling with toolchains and so on, always been a quick learner, especially when it comes to technology! A computer will only do what it's told to do, so if somethings not working then you just have to find out what went wrong, 99% of the time the developers always code in a escape to a debug log so you can find a fix and apply it!!
If you want any help with kernel compiling, feel free to drop me a pm and we can sort out adding each other on Skype or something, make it a bit easier to communicate. Now I've learnt the basics of it, it's a lot lot easier than it sounded!

This was a great video that explained kernels in a really good informative way!
[YOUTUBE]
https://www.youtube.com/watch?v=AheWTTFwV6k[/YOUTUBE]

michael8t6 said:
I paid £12.99 for mine from maplins just because I wanted it that day haha, my patience is non existent when it comes to waiting on things in the post. To be honest though I suppose as long as it does what it says on the tin then I'd get the cheapest.
I've got kali and windows 7 as a dual boot, bit of a strange one with kali though, when I installed it with my external graphics card, it would crash and kill my session as soon as I tried to do anything graphic intensive! Worked out it was the external graphics card, so removed it, went to download and install the drivers for it, soon as I tried to install it, the GUI said that it couldn't detect a card (obviously it wasn't plugged in). I tried to plug it back in and install the driver again, then it just killed my session and logged me out like it was before so I'm now having to run onboard graphics! No idea why it was doing that but meh, both windows and kali are running fine with onboards so not to bothered!
I was using kali back when it was called backtrack 4!! Great little distro for testing networks, currently studying for the CEH exams, dream job to be a certified pen tester. Suppose that's why it only took the week to learn all about kernel compiling with toolchains and so on, always been a quick learner, especially when it comes to technology! A computer will only do what it's told to do, so if somethings not working then you just have to find out what went wrong, 99% of the time the developers always code in a escape to a debug log so you can find a fix and apply it!!
If you want any help with kernel compiling, feel free to drop me a pm and we can sort out adding each other on Skype or something, make it a bit easier to communicate. Now I've learnt the basics of it, it's a lot lot easier than it sounded!
Click to expand...
Click to collapse
I have already dropped you a PM about the rom packaging and kernel compiles. No hurry. Let me know when's a good time for us to get something going. Btw a new unofficial build just dropped for 0506 . Seems to have been reported to fix the bluetooth issues we are getting.
https://androidfilehost.com/?fid=457095661767159226
---------- Post added at 10:31 AM ---------- Previous post was at 10:29 AM ----------
michael8t6 said:
This was a great video that explained kernels in a really good informative way!
[YOUTUBE]
https://www.youtube.com/watch?v=AheWTTFwV6k[/YOUTUBE]
Click to expand...
Click to collapse
Can't seem to get the Youtube link working. (Embedded one does not work, but it works using a separate browser tab, so it's ok)

New 0515 unofficial build out. https://www.androidfilehost.com/?fid=745425885120732208

[MASTER THREAD] Fire HD 8 (2017) (7th Generation)

Hi,
This is a list (incomplete) of all the ROMs, mods, hacks, guides, etc. available for the Fire HD 8 (2017).
This was a root progress discussion thread, and I think there's too much valuable information here to just let it get buried. So, following @Rortiz2's suggestion this thread was transformed to a master thread with the aim of providing a complete guide for anyone wanting to mod their tablet.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Device Codename: douglas
Specifications:
SoC: Mediatek MT8163
CPU: Cortex-A53 (Quad Core 4x1.3Ghz)
GPU: Mali 720
RAM: 1.5GB
Android: 5.1 (FireOS 5.x.x.x)
Storage: 16/32GB
Includes a MicroSD slot
Battery: 3210mAh
Display: 8"
Front Camera: 2MP
Rear Camera: 2MP
The italicized text below are my comments/clarifications.
The root method was patched in 5.6.4.0 (some versions of 5.6.4.0 still work so you could try) It is advisable to disable OTA updates or unlock the bootloader immediately. It is still possible to unlock by a different method, check the bootloader unlocking thread.
Bootloader Unlock and TWRP:
[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)
This is an excellent and complete guide which has everything you need for this. Requires Linux, so you'll have to either install it as dual-boot or use a live system if you are not using it already. You don't need to downgrade if you are on 5.6.4.0.
Rooting:
You can flash Magisk using TWRP after bootloader unlock. Using Magisk is recommended because SuperSU is no longer supported, and Magisk has modules, Magisk Hide, and the root prompt is working (In SuperSU it's not working so you have to always grant root permissions which is a major security loophole)
Rapid Temporary Root for HD 8 & HD 10
This is the first software root method discovered for this tablet and is a really easy and quick method of getting a root shell, and the link has a complete guide on it. Refer here for installing SuperSU for permanent root, and here for an automated script for Windows.
[ROOT] Hardmod Root Your Amazon Fire HD 8 (7th Gen)
This is first root method ever discovered for this tablet and is a hardware root. This link has a complete step-by-step guide, assuming you have some soldering experience.
ROMs:
[ROM][unlocked]Lineage-12.1 for Amazon Fire HD8 2017 (douglas)
The first (and currently only) ROM for this device and it works great!
Miscellaneous:
Amazon Fire Toolbox, I have never tried this but it looks awesome!
Without root:
Removing accounts and viewing Usage Access settings which are hidden.
Debloating guide without root
With root:
A debloating guide made for HD 10, but works fine on the HD 8.
You can install apps as system apps just as on any other device, and you can use the app Link2SD for converting user apps to system apps. Refer to this StackExchange post for a guide on how to install apps as system.
Flashing GApps works well with TWRP, but the 16GB version doesn't have enough space in the system for even the pico version. Probably using pm uninstall on some system apps would work.
General Tips:
To return to stock or recover from a soft brick:
(Don't use this if you have already unlocked your bootloader: if you want just stock FireOS flash it through TWRP, and if complete stock follow the guide in the unlock thread)
(This assumes that you have ADB installed, I would not advise you on how here, there are numerous guides waiting for a Google search. This will erase your data.)
Download your current FireOS or a later firmware version. You can find the latest over at Amazon's website.
Boot to the recovery mode of your tablet, and use the volume and power buttons to select "Apply Update via ADB".
Now connect the tablet to a PC with a USB cabke, open a command prompt or shell on the directory where you downloaded the firmware BIN, enter the command adb sideload X.bin (replace X with the name of the BIN) and wait until finished (DON'T disconnect your device from the PC)
Now select "Wipe Data/Factory Reset" and "Yes" to wipe data (you can skip doing this if you want your data, but note that the tablet may bootloop or complain about corrupted data)
Select "Reboot system now"
The firmware BINs are just renamed ZIP files: you can rename it from .bin to .zip and treat it as such.
Amazon employs an anti-rollback mechanism which could permanently brick your device if you flash an older version through adb sideload. If you really want an older FireOS, you can rename .bin to .zip and flash them through TWRP after unlocking.
The stock launcher AppID is com.amazon.firelauncher, the stock keyboard is com.amazon.redstone, and the OTA update apps are com.amazon.device.software.ota and com.amazon.kindle.otter.oobe.forced.ota.
Again, this list is incomplete, so please suggest any additions in the comments! (don't hesitate to suggest your own work-the target of this thread to be a comprehensive and complete guide on everything about this tablet)
Good luck modding this tablet!

Thread before changing to a master thread (for historical purposes )
NOW WE HAVE AN UNLOCKING METHOD WITH TWRP! THE CONTENT BELOW IS OUTDATED.
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.3.6.4/Fire OS 5.6.3.4
SECURITY PATCH - ???
KERNEL VERSION - 3.18.19
List of possible software root methods:
1.) eMMC overwriting
Thanks to the hardware root method, we have a full eMMC dump so using the loophole in the flash unlock process which causes overwriting partitions next to it, we could overwrite on all the way, flashing original things, to the system partition and then flash a modified system partition.
Additions to the list are welcome!
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-8890
Status: Confirmed possible.
Description: As I think, this is the most exploitable currently. Running the PoC results in 'somewhat unnatural' Use-After-Free s but the PoC fails to orient them to escalate privileges.
Cons: This exploit is based on obsolete IPv4 sockets, unlike it's cousin CVE-2017-9077, which is based on IPv6, but rather the same exploitation as this. That 'may' make this harder to exploit, but of course there's no evidence.
I, really only added this to cons because you should have a con.
2.)CVE-2017-15868
Status: Unsure
Description: NP Hardass said that this vulnerability is present on the source,I haven't explored it yet.
Cons: ¯\_(ツ)_/¯
If you tried these exploits, please notify me in below and I'll update the status. UPDATE: No point on keeping on trying these kernel exploits as no one (please correct me) who knows to write exploits in C comes here anymore. If someone wants to try though I will start maintaining this list again. Come on, let's collaborate on this!!! :laugh:
Thanks!
Download the eMMC dump from here: https://www.androidfilehost.com/?w=files&flid=282721
PS: You can download original kernel sources from Amazon, just search for it.
Original Thread:
Hi,
Now, I'm sick of Amazon's bloat slowing my tablet, and the frustration of not being able to use root apps. Fire HD 10 got rooted, but HD 8 and HD 7 are still in dark. HD 7 users can at least downgrade their devices and hope for a root exploit, but HD 8 users can't. If anyone else wanting to root this tablet and make it super fast, get rid of Fire Launcher, use Xposed, remove bloat, etc., let's collaborate with this!
LATEST RELEASE - Fire OS 5.6.0.1
SECURITY PATCH - 2017/08/01
KERNEL VERSION - 3.18.19*
*a quite old release it is.
List of possible exploits
Additions to list are welcome!
1.)CVE-2017-12762
Status: Unsure
Description: A super likely-to-work great exploit. If you want you can go look at the kernel source (link included below the thread) 3.18.19 for proof, it starts in line 2640. Looks like a stack buffer overflow.
Cons: ASLR may be an absolute game killer in this case. And some skill is required to exploit, very less-known around the internet. And Amazon may have removed the ISDN support up from the roots of kernel, because it's VERY deprecated.
2.)CVE-2017-16939
Status: Unsure
Description: A nice attack vector. A PoC is available in SecuriTeam blogs, which triggers use-after-free. I tried contacting them for some help, but they almost instantly replied that they don't provide support for their reported vulnerabilities. Sad.
Cons: ¯\_(ツ)_/¯
3.)CVE-2017-15868
Status: Unsure
4.)CVE-2017-10661
Status: Unsure
5.)CVE-2017-7541
Status: Unsure
6.)CVE-2017-6074
Status: Unsure
If you tried these exploits, please notify me in below and I'll update the status. Come on, let's collaborate on this!!! :laugh:
Thanks!

I added the link to the vulnerable code, in case anyone was wondering.

I'm glad to see this thread. Since recently rediscovering the potential of an old Fire 6 and rooting it, removing the bloat and Googlizing it, I wanted to get something a little bigger. I just got my 7th gen HD 8 in the mail yesterday and was devastated to see it was 5.4.0.1. I've blocked OTA, deleted the update it had downloaded, installed Google Play et al., and used NoRoot Data Firewall to block all Amazon apps. Unfortunately, I do not have the expertise to contribute much toward an effort to root this device but would like to help in any way. I appreciate seeing others are out there working on it.

if i knew how to develop the exploits i would honestly try these

Thank you so much for making this thread but I hope I never have to come back here and help, but if i get some extra time in the future I do plan on running all my binaries + servers on the tablet as well. Not to mention just looking at that version number made me want to vomit.

[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?

rawfullz said:
[/COLOR]What steps should I take to increase performance on the hd 8 while we wait for root?
Click to expand...
Click to collapse
Hello rawfullz!
Try Greenify. You can use a workaround to grant it Usage Access.
1) Download Activity Launcher and Greenify from Play Store.
2) Launch Activity Launcher.
3) Notice the "Recent" text in the task-bar, press it, and select "All" from the drop-down list.
4) Scroll all the way below until you find "Settings", and press it.
5) Again, scroll below until you find "Apps with usage access", and press it.
6) The hidden "Apps with usage access" menu will pop up.
7) Grant Greenify usage access there. (You can turn off usage access for all Amazon apps if you want, to increase performance but it's recommended to leave out "Storage Management" intact, just in case.)
8) Launch Greenify, and continue with the setup.
9) :laugh::laugh::laugh::laugh:
If you ever want to grant any other app Usage Access, do this procedure, but, remember that "Activity Launcher" is kind of dangerous, if you just launch random activities. I learned that the hard way.

REMOVED

Thank you for making this thread, im looking forward to this become real.

What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?

derwoodbones said:
What I dont get is you can download the firmware.bin as well as the source code from amazon, Whats the problem devs should be able to root ?
Click to expand...
Click to collapse
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:

Hey, what about the Janus vulnerability? If some dev is reading this, please help us, because it doesn't require the device.

Supersonic27543 said:
Hello!
Yes, we definitely can get the firmware. But there are some troubles,
1. Amazon devices are not very well known among the community.
2. Devs don't want to spend their time on our devices, even if we root this thing, no custom ROMs because of the locked bootloader.
3. Amazon didn't leave any loopholes on their OS, they are too clever.
And, I don't think that Amazon will open source their firmware until they checked throughly for any exploits.
We'll have to find exploits the rough way. :crying:
Click to expand...
Click to collapse
You don't need an unlocked bootloader to flash a ROM.

Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk

Supersonic27543 said:
Now, I'm sick of Amazon's bloat slowing my tablet
Click to expand...
Click to collapse
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"

Great to see this thread. Hope some devs collaborate and find a way. Can't wait.
Meanwhile, do you guys have any cool mod to try in the tab.
I have installed playstore and adfree iytb YouTube and bunch of usual apps.

Hello!
DragonFire1024 said:
You don't need an unlocked bootloader to flash a ROM.
Click to expand...
Click to collapse
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
sensboston said:
You forgot to add: "and I wanna to fill my tablet by the Google's bloatware (2 times slower than Amazon's), and also add some rootkits and spyware masked as "super-duper tools for young hackars"
Click to expand...
Click to collapse
Hah. :laugh::laugh::laugh:
Robius said:
Take a look at the BT stack with BlueBorne.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/

Someone got a bluetooth adapter handy?

Supersonic27543 said:
Hello!
Yes, you don't need an unlocked bootloader to flash a ROM, theoretically, if the ROM is signed by Amazon. But considering custom ROMs, Lineage, Resurrection Remix, Stock Android, is it possible to compile and flash them without an unlocked bootloader? I thought that you need a custom recovery = unlocked bootloader. Thanks!
Hah. :laugh::laugh::laugh:
Great idea, gotta try this! Thanks!
EDIT: Not very confident though. Anyway, likely to work because the security patch of HD 8 is in August.
http://www.androidpolice.com/2017/0...atch-fixes-blueborne-bluetooth-vulnerability/
Click to expand...
Click to collapse
Ask @ggow how he does it. But you don't need a unlocked bootloader. With root, FlashFire helps to get by the bootloader.

[AQT80] Sprint Slate 8 (Quanta ANS_NKS AQT80) Development Thread (Root, Recovery, etc...)

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sprint Slate 8 (ANS_NKS AQT80) 8 Inch Tablet
Files: Google Drive
<Includes dumps of stock boot, recovery, splash. Attempted TWRP 3.6.0 build>
​I recently had one of these ancient tablets come into my possession, and like any good nerd, I set out to hack it as much as possible. Admittedly, I knew that this would be an uphill battle, given the relative unpopularity of this particular slate, limited resources, and nonexistent documentation. However, I have made some progress, which I'll share here for the benefit of the community. Some of the information here was collected from other threads that I found scattered about via Google. <This thread also serves as a subtle "call-to-arms" for anyone who happens to have access to this device and has the ability to assist in testing recoveries and ROMs for this device in the future. I have access to one, currently, and know where I can locate another. My Android development skills are moderate, but limited, as I have next to no experience with custom ROM creation, or low-level Android systems. Mentor-ship would also be appreciated.>
Rooting
Rooting this device can be accomplished with Kingo Root (I downloaded the APK from the offical website, be sure to enable Unknown Sources for APK installation). Once rooted, you can remove Kingo Root and update SuperSU to 2.49. This should give you root access to install EX File Explorer/Root Uninstaller to debloat Gapps/Facebook/Sprint carrier apps, which speeds up the device nicely.
Recovery
I've been attempting to make a working TWRP for this device using this guide and while I have an image that flashes and boots, it has notable issues with touch input that make it unusable for anything important. I've included a link to Google Drive where I've backed-up the most recent bootable image. Once you have root, you can install the Official TWRP app to flash IMG files to recovery. Always be sure to back-up stock recovery before flashing anything. My stock recovery dump has worked for me, but might not work for you. </Disclaimer>
Custom ROMs
<None currently exist. Future plans include a Marshmallow or Nougat-based build that has better app support than Lollipop. Interestingly, the stock app payload includes both Trebuchet Launcher and CyanogenMod File Browser. Perhaps this tablet shipped with an OEM variant of CM12? More investigation is needed.>
Other Info
Other users have reported that running this device as WiFi-only (no SIM card inserted) leaves a constantly-visible NO SIM notification. I was able to remove this by uninstalling the Sprint-provided apps and phone dialer. Also, enabling Airplane Mode and then re-enabling WiFi and Bluetooth will improve performance and battery life noticably.
I've been unable to replace the boot splash, as this device apparently uses a splash partition and I'm not sure what format the image that I dumped might have and how I could replace it. This dump is also included in the Drive link.
Notably, I have had some issue with getting fastboot commands to work properly on this device. Some commands work while others fail at the remote end. I've tried to track down the issue, trying different versions of platform-tools as well as ADB driver packages. In the event that I accidentally break recovery or system, having fastboot working as a failsafe is a key priority.
I've also managed to locate the website for Quanta which lists a slightly-updated variant of this specific device. I have attempted to reach out to them via their contact email to see if they might provide a copy of the stock firmware at release. This might help with porting a newer version of AOSP.
Future Posts will include more details about installed apps and other information, as uncovered.

CAN someone Please Give Me A Good Link or description on how to Get past the FBR on My Slate AQT80 I got it from a homeless guy Audcart Figuei out

I have one of these with Android 5.1.1. It will not update anything using Wi-Fi.
It won't show up in Windows Explorer when USB is set to MTP.
It's currently sitting stuck on the powered by Android screen after I turned it on while holding volume down. Should have used volume up. Will try that after it runs down overnight and I recharge it.
Got it free with a slightly swelled battery. Spent $25 on a new battery so $^&"it I want the damn thing to work. The display is quite nice so it should be good for ebooks at least.

redrew89 said:
View attachment 5499981
Sprint Slate 8 (ANS_NKS AQT80) 8 Inch Tablet
Files: Google Drive
<Includes dumps of stock boot, recovery, splash. Attempted TWRP 3.6.0 build>
​I recently had one of these ancient tablets come into my possession, and like any good nerd, I set out to hack it as much as possible. Admittedly, I knew that this would be an uphill battle, given the relative unpopularity of this particular slate, limited resources, and nonexistent documentation. However, I have made some progress, which I'll share here for the benefit of the community. Some of the information here was collected from other threads that I found scattered about via Google. <This thread also serves as a subtle "call-to-arms" for anyone who happens to have access to this device and has the ability to assist in testing recoveries and ROMs for this device in the future. I have access to one, currently, and know where I can locate another. My Android development skills are moderate, but limited, as I have next to no experience with custom ROM creation, or low-level Android systems. Mentor-ship would also be appreciated.>
Rooting
Rooting this device can be accomplished with Kingo Root (I downloaded the APK from the offical website, be sure to enable Unknown Sources for APK installation). Once rooted, you can remove Kingo Root and update SuperSU to 2.49. This should give you root access to install EX File Explorer/Root Uninstaller to debloat Gapps/Facebook/Sprint carrier apps, which speeds up the device nicely.
Recovery
I've been attempting to make a working TWRP for this device using this guide and while I have an image that flashes and boots, it has notable issues with touch input that make it unusable for anything important. I've included a link to Google Drive where I've backed-up the most recent bootable image. Once you have root, you can install the Official TWRP app to flash IMG files to recovery. Always be sure to back-up stock recovery before flashing anything. My stock recovery dump has worked for me, but might not work for you. </Disclaimer>
Custom ROMs
<None currently exist. Future plans include a Marshmallow or Nougat-based build that has better app support than Lollipop. Interestingly, the stock app payload includes both Trebuchet Launcher and CyanogenMod File Browser. Perhaps this tablet shipped with an OEM variant of CM12? More investigation is needed.>
Other Info
Other users have reported that running this device as WiFi-only (no SIM card inserted) leaves a constantly-visible NO SIM notification. I was able to remove this by uninstalling the Sprint-provided apps and phone dialer. Also, enabling Airplane Mode and then re-enabling WiFi and Bluetooth will improve performance and battery life noticably.
I've been unable to replace the boot splash, as this device apparently uses a splash partition and I'm not sure what format the image that I dumped might have and how I could replace it. This dump is also included in the Drive link.
Notably, I have had some issue with getting fastboot commands to work properly on this device. Some commands work while others fail at the remote end. I've tried to track down the issue, trying different versions of platform-tools as well as ADB driver packages. In the event that I accidentally break recovery or system, having fastboot working as a failsafe is a key priority.
I've also managed to locate the website for Quanta which lists a slightly-updated variant of this specific device. I have attempted to reach out to them via their contact email to see if they might provide a copy of the stock firmware at release. This might help with porting a newer version of AOSP.
Future Posts will include more details about installed apps and other information, as uncovered. canc
redrew89 said:
View attachment 5499981
Sprint Slate 8 (ANS_NKS AQT80) 8 Inch Tablet
Files: Google Drive
<Includes dumps of stock boot, recovery, splash. Attempted TWRP 3.6.0 build>
​I recently had one of these ancient tablets come into my possession, and like any good nerd, I set out to hack it as much as possible. Admittedly, I knew that this would be an uphill battle, given the relative unpopularity of this particular slate, limited resources, and nonexistent documentation. However, I have made some progress, which I'll share here for the benefit of the community. Some of the information here was collected from other threads that I found scattered about via Google. <This thread also serves as a subtle "call-to-arms" for anyone who happens to have access to this device and has the ability to assist in testing recoveries and ROMs for this device in the future. I have access to one, currently, and know where I can locate another. My Android development skills are moderate, but limited, as I have next to no experience with custom ROM creation, or low-level Android systems. Mentor-ship would also be appreciated.>
Rooting
Rooting this device can be accomplished with Kingo Root (I downloaded the APK from the offical website, be sure to enable Unknown Sources for APK installation). Once rooted, you can remove Kingo Root and update SuperSU to 2.49. This should give you root access to install EX File Explorer/Root Uninstaller to debloat Gapps/Facebook/Sprint carrier apps, which speeds up the device nicely.
Recovery
I've been attempting to make a working TWRP for this device using this guide and while I have an image that flashes and boots, it has notable issues with touch input that make it unusable for anything important. I've included a link to Google Drive where I've backed-up the most recent bootable image. Once you have root, you can install the Official TWRP app to flash IMG files to recovery. Always be sure to back-up stock recovery before flashing anything. My stock recovery dump has worked for me, but might not work for you. </Disclaimer>
Custom ROMs
<None currently exist. Future plans include a Marshmallow or Nougat-based build that has better app support than Lollipop. Interestingly, the stock app payload includes both Trebuchet Launcher and CyanogenMod File Browser. Perhaps this tablet shipped with an OEM variant of CM12? More investigation is needed.>
Other Info
Other users have reported that running this device as WiFi-only (no SIM card inserted) leaves a constantly-visible NO SIM notification. I was able to remove this by uninstalling the Sprint-provided apps and phone dialer. Also, enabling Airplane Mode and then re-enabling WiFi and Bluetooth will improve performance and battery life noticably.
I've been unable to replace the boot splash, as this device apparently uses a splash partition and I'm not sure what format the image that I dumped might have and how I could replace it. This dump is also included in the Drive link.
Notably, I have had some issue with getting fastboot commands to work properly on this device. Some commands work while others fail at the remote end. I've tried to track down the issue, trying different versions of platform-tools as well as ADB driver packages. In the event that I accidentally break recovery or system, having fastboot working as a failsafe is a key priority.
I've also managed to locate the website for Quanta which lists a slightly-updated variant of this specific device. I have attempted to reach out to them via their contact email to see if they might provide a copy of the stock firmware at release. This might help with porting a newer version of AOSP.
Future Posts will include more details about installed apps and other information, as uncovered.
Click to expand...
Click to collapse
do you have another link to the files your drive account doesnt work
Click to expand...
Click to collapse

I've also come across one recently and would be more than happy to help you test ROMs or recovery custom images.

I have one of these, would love to have a newer Android version with no bloatware and ignore the cellphone radio.

[UMX U696CL- RELEASE THREAD]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Proudly Presents
Another Exclusive Release
Supported Model
UMX U696CL
Recoveries
TWRP_11 Recovery
Roms
GSI Roms - Arm32 Binder64 Required
AssuranceRom Custom Stock * WIP *
-AIO ToolKit Prerequisites-
1- Linux: Linux Mint Cinnamon Suggested
2- Python 3
Rom Notes/Disclaimer/Warning
* WIP *
Contributors
@gregeerg / BVK - for using his device as a ginuea pig to make this happen
@AndyYan - for his GSI knowledge and wisdom
@deadman96385 - for uploading dumped files to github
@Jet! - for flashing twrp and dumping stock super image
Big Thanks To The Folks In My A-Team Telegram Group
Big Thanks To The Folks Who Have Come To The A-Team Telegram Group To Help Test
Device Downloads
UMX U696CL Downloads
Recovery Device Trees
Device Source
A-Team Website
A-Team Supported Devices
TeleGram Live Support
A-Team Digital Solutions​

-Updates-
5-18-2022- Initial AIO ToolKit v0.01 Release

I don't have telegram, is there anywhere else I can download some of this stuff from?
Thanks..

karl615 said:
I don't have telegram, is there anywhere else I can download some of this stuff from?
Thanks..
Click to expand...
Click to collapse
No sir, I don't put out untested stuff. I've gotten 0 feedback on the toolkit

How do we get feedback if no one can download here? we are not forcing anyone to install tiktok whatsapp instagram facebook telegram or any other crappy pipapo, keep development on xda-developers. Think about it

aIecxs said:
How do we get feedback if no one can download here? we are not forcing anyone to install tiktok whatsapp instagram facebook telegram or any other crappy pipapo, keep development on xda-developers. Think about it
Click to expand...
Click to collapse
I left a download link, unsure what you mean. If XDA would allow me to upload a 1.7gb 7zip file I would but that's not reality. I need stuff tested and chat to be fluid and prompt. That's not possible on a forum. In reality, If I had the device, I could test in 1 day what it would take a week to do on Telegram or 3 months to do on XDA forum. So for getting things done in a timely fashion, Telegram is my go to. I've been a member of XDA since 2012, I've done my time. If people don't want the toolkit or if joining telegram is too much, that's fine, not the people I want to help me test my software then anyways. The people who just want to grab a download and go can wait for the rest of the backend process. Again, I don't even have this device. So why am I even doing this is what i'm now wondering. I guess next time someone comes to me with a untouched device I won't help and use my resources to get something going....
it's alright though, you can consider this project shelved as I have a different hands on device I've already moved on to. Enjoy the twrp I built for you guys!.....

PizzaG said:
I left a download link, unsure what you mean. If XDA would allow me to upload a 1.7gb 7zip file I would but that's not reality. I need stuff tested and chat to be fluid and prompt. That's not possible on a forum. In reality, If I had the device, I could test in 1 day what it would take a week to do on Telegram or 3 months to do on XDA forum. So for getting things done in a timely fashion, Telegram is my go to. I've been a member of XDA since 2012, I've done my time. If people don't want the toolkit or if joining telegram is too much, that's fine, not the people I want to help me test my software then anyways. The people who just want to grab a download and go can wait for the rest of the backend process. Again, I don't even have this device. So why am I even doing this is what i'm now wondering. I guess next time someone comes to me with a untouched device I won't help and use my resources to get something going....
it's alright though, you can consider this project shelved as I have a different hands on device I've already moved on to. Enjoy the twrp I built for you guys!.....
Click to expand...
Click to collapse
Appreciated..
Update: flashed the recovery using 'fastboot flash recovery /path-to-.img' and the recovery works fine as far as I can tell, but the system is gone. Or something is up anyway, I can't get it to boot normally.. only to recovery. What did I do wrong?

Sorry Pizza i havent had the time to give feedback on it but i have the same issues booting. please dont let one person ruin it for everyone. i will hyu on telegram later today

PsYk0n4uT said:
Sorry Pizza i havent had the time to give feedback on it but i have the same issues booting. please dont let one person ruin it for everyone. i will hyu on telegram later today
Click to expand...
Click to collapse
Actually i havent had the time to get my linux machine setup correctly because of a memory leak issue that kept crashing my system but i finally got it running stable. i tried using relive on virtualbox but couldnt get it working properly due to driver issues in the host OS on this windows machine and for some reason i had more than one python version installed causing me conflicts. i ended up just using adb to flash the images and the phone no longer boots. i want to test it on a native linux os first

Well, folks...I'm about to give this a go....I still have a BLU View 3 to root today. Much gracias for all the effort

Cinephile 74 said:
Well, folks...I'm about to give this a go....I still have a BLU View 3 to root today. Much gracias for all the effort
Click to expand...
Click to collapse
Well I seem to have faux pas along the way.... bootloader unlocked easy-peasey. But I can't get fastboot to flash TWRP no matter what directory I use....RELP!

Is this the ROM or the bootable zip?

I'm back and about to try this again with an actual thumb drive with the ReLiveDVD on a thumb drive now that I have one

I downloaded A-Team-UMX_U696CL_AIO_ToolKit-v0.01.7z from the tg group and here's my feedback. I don't mean to sound ungrateful but:
Root does not work. I opened Main_Menu.sh and the root option literally does nothing. The lines are commented out and the image it was supposed to flash doesn't exist. Bootloader unlocking works (seems to literally be a single fastboot command i.e. "fastboot flashing unlock", seems like the new "oem unlock") and TWRP does work, but only once. If I flash it in fastboot and immediately reboot to recovery from there, I can get in. If I try to go to recovery after restarting, I get the dead android with the red ! triangle saying "no command". TWRP won't mount data (I think it said it couldn't decrypt, but I don't even have a lock code on it) so you need a micro sd to store the boot.img in order to patch it in Magisk. It would've been nice if you included it, though it seems you intended to but haven't gotten around to it since it's only v0.01. Still, it's not much of an all-in-one if it can't do the primary thing most people will want from it. I do fortunately have micro sd cards so I was able to save (manually in TWRP terminal using dd, annoying as hell on a touchscreen, can't even type "=" without going through 2 keyboard menus) and patch it in Magisk and now do have root working.
I don't understand why this requires Linux. The AIO doesn't do anything you can't do in Windows. The Python file is just an ASCII logo that makes you wait 10 seconds for no reason. It would have more user friendly as just a bunch of separate partition IMG uploads and instructions. I wish I had actually looked at the shell scripts beforehand instead of downloading a Linux distro and booting it as a live cd. If you make a new version, consider just including a portable adb/fastboot with it and skipping Linux/Python since it's not necessary.
After googling the "no command" screen, I held down power and pressed volume up and got into the regular Android recovery. So despite the bootloader being unlocked, it appears TWRP got overwritten by the default recovery. I flashed TWRP at least 3 times, immediately entering TWRP each time afterward, but it never stuck.
I'm attaching my Magisk'd boot.img in case anyone else gets stuck at that part. If anyone chooses to use it, MAKE YOUR OWN BACKUP FIRST, obviously. I'm not responsible for anything that happens using that file.

Eric janaika said:
TWRP does work, but only once.
Click to expand...
Click to collapse
proof that TWRP works for you, anything beyond is usage problem.

aIecxs said:
proof that TWRP works for you, anything beyond is usage problem.
Click to expand...
Click to collapse
I got twrp to stick but could not do anything with it since I didn't have an SD card before I misplaced the phone. Yes the scripts unfinished but as stated above somewhere, the dev did not have a device to test on.
If you wanna help, and it's probably the only way anyone else who isnt so knowledgable as many visiting xda seeking a way to root their device is gonna get this finished as well, please consider joining the telegram chat and contribute to this forum whatever you learn. Maybe Pizza will still be interested in helping. I tried but somehow misplaced the phone in the middle of filling in my huge gaps of knowledge on the subject.
I could not mount or wipe /data in twrp and even flashing the super.imgwould not allow me to boot because I was unable to do anything with the data partition. Had to flash the stock recovery to get it to boot period.
Maybe twrp will get you root if you patch your boot image with Magisk and flash it in twrp.
I'm not sure what else could be done. And not even sure that would work without being able to mount /data.
It's really hard for anyone working on a device they don't have to finish the work without some feedback from people who have enough knowledge to give them useful feedback.

The unlock bootloader option and the flash twrp recovery options work.
Script could be finished but I doubt there's much motivation for them since th3y don't own the device.
But the script is there. Most of the work on that part is done.
would only take some contributions by interested people.
PsYk0n4uT said:
I got twrp to stick but could not do anything with it since I didn't have an SD card before I misplaced the phone. Yes the scripts unfinished but as stated above somewhere, the dev did not have a device to test on.
If you wanna help, and it's probably the only way anyone else who isnt so knowledgable as many visiting xda seeking a way to root their device is gonna get this finished as well, please consider joining the telegram chat and contribute to this forum whatever you learn. Maybe Pizza will still be interested in helping. I tried but somehow misplaced the phone in the middle of filling in my huge gaps of knowledge on the subject.
I could not mount or wipe /data in twrp and even flashing the super.imgwould not allow me to boot because I was unable to do anything with the data partition. Had to flash the stock recovery to get it to boot period.
Maybe twrp will get you root if you patch your boot image with Magisk and flash it in twrp.
I'm not sure what else could be done. And not even sure that would work without being able to mount /data.
It's really hard for anyone working on a device they don't have to finish the work without some feedback from people who have enough knowledge to give them useful feedback.
Click to expand...
Click to collapse

what do you need a script for? read any random TWRP install guide steps are more or less same
- unlock bootloader
- patch avb/dm-verity/vbmeta
- install TWRP
- makesysrw super.img (optional)
- disable encryption (optional)

PsYk0n4uT said:
The unlock bootloader option and the flash twrp recovery options work.
Script could be finished but I doubt there's much motivation for them since th3y don't own the device.
But the script is there. Most of the work on that part is done.
would only take some contributions by interested people.
Click to expand...
Click to collapse
Agreed. PizzaG has done a bang up job with his UMX U696CL offerings, and his knowledge is extensive regarding custom ROMs and recoveries.

Eric janaika said:
I downloaded A-Team-UMX_U696CL_AIO_ToolKit-v0.01.7z from the tg group and here's my feedback. I don't mean to sound ungrateful but:
Root does not work. I opened Main_Menu.sh and the root option literally does nothing. The lines are commented out and the image it was supposed to flash doesn't exist. Bootloader unlocking works (seems to literally be a single fastboot command i.e. "fastboot flashing unlock", seems like the new "oem unlock") and TWRP does work, but only once. If I flash it in fastboot and immediately reboot to recovery from there, I can get in. If I try to go to recovery after restarting, I get the dead android with the red ! triangle saying "no command". TWRP won't mount data (I think it said it couldn't decrypt, but I don't even have a lock code on it) so you need a micro sd to store the boot.img in order to patch it in Magisk. It would've been nice if you included it, though it seems you intended to but haven't gotten around to it since it's only v0.01. Still, it's not much of an all-in-one if it can't do the primary thing most people will want from it. I do fortunately have micro sd cards so I was able to save (manually in TWRP terminal using dd, annoying as hell on a touchscreen, can't even type "=" without going through 2 keyboard menus) and patch it in Magisk and now do have root working.
I don't understand why this requires Linux. The AIO doesn't do anything you can't do in Windows. The Python file is just an ASCII logo that makes you wait 10 seconds for no reason. It would have more user friendly as just a bunch of separate partition IMG uploads and instructions. I wish I had actually looked at the shell scripts beforehand instead of downloading a Linux distro and booting it as a live cd. If you make a new version, consider just including a portable adb/fastboot with it and skipping Linux/Python since it's not necessary.
After googling the "no command" screen, I held down power and pressed volume up and got into the regular Android recovery. So despite the bootloader being unlocked, it appears TWRP got overwritten by the default recovery. I flashed TWRP at least 3 times, immediately entering TWRP each time afterward, but it never stuck.
I'm attaching my Magisk'd boot.img in case anyone else gets stuck at that part. If anyone chooses to use it, MAKE YOUR OWN BACKUP FIRST, obviously. I'm not responsible for anything that happens using that file.
Click to expand...
Click to collapse
Did you flash this from fastboot or from twrp?