Database Info

[US/WW/JP/TW/DE/TB] One-Click Universal root for stock firmware - V4

Here I am again...
This time I have written a shell script (linux only) and made a live-cd (for all windows/linux users) to automatically root the stock firmware on the TF101. Every stock firmware.
Today in Europe Asus rolled out the 3.2 upgrade. If you are on stock and you have alredy upgraded then download attached tar file and do as follows:
NOTE: Unfortunately, this script won't work with the latest revision of TF101 (3G version, B80 and some B70)
NOTE2: As someone pointed out (thank you Pieter) you need to be root on your linux box in order to make it work.
Code:
tar -xvf universal.tar
cd universal
./universal.sh
In Ubuntu the last command would be:
Code:
sudo ./universal.sh
Follow the instructions and you're done.
If you have a stock US/DE/TW/JP/TB firmware you can do the same.
If you are running an older version of Honeycomb the process is the same.
When ASUS will pull out another upgrade... same commands as above.
So this probably is the closest thing to one-click-root for the Transformer.
This won't install custom rom/CWM/strange other things (V2 version added the support for CWM); it's only root.
I've tested this morning after the 3.2 upgrade and it worked like a charm.
However this is in testing stage so, as always, if you brick/ruin/burn/crash something don't blame on me.
This package includes the Bootunpack tool, courtesy of Rayman84
LIVE CD INSTRUCTIONS
It's based on slitaz (http://www.slitaz.org/).
Burn the image into a cd or if you want it on a thumb usb drive follow this (http://doc.slitaz.org/en:guides:liveusb).
Put the cd/usb in your pc and reboot.
Follow the indication on screen (for setting locale and keymap).
When the desktop shows up, double click on "Universal Root for ASUS TF101".
Again follow the indication and you'll be ok.
For a guide on how to boot from cd/usb try this: http://www.passwordunlocker.com/knowledge/change-bios-settings.html
or search with google.
The option to install a stock boot/recovery (added on V3) is working even if not fully tested.
The program has correctly rebuilt a stock recovery on my WW version.
From version V4 root checker correctly says that the rom is not rooted after you do an unroot.
If you like the work i did take a look at that funny button under my name with the "donate to me" caption
Seriously, I appreciate even only a "Thanks".
FAQ
[Q] I'm running on Windows, how can I burn the live-cd?
[A] Try with cdburnerxp (it's the easiest way).
You can download one installer frome here:
http://cdburnerxp.se/en/download
or the portable package if you don't want to install other software:
http://download.cdburnerxp.se/portable/CDBurnerXP-4.3.8.2568.zip
Start the program (for the portable version the file is cdbxpp.exe) and click on "Burn iso image". Then select the .iso file you have downloaded and click "burn disk". All Done.
[Q] How can I reboot in APX/recovery mode?
[A] Do as follows:
VOL UP + POWER BUTTON for ~5sec = boot in APX mode. The screen will stay black as if it is turned off. This mode is used only when you use nvflash to flash boot/recovery/data partition (this is the first step in my script).
VOL DOWN + POWER BUTTON ~5sec = will appear a screen where it says to press vol down again to wipe all data (obviously you don't want to do it now), or press up to enter RCK (recovery mode). If you installed CWM you will see the main menu navigable with vol up / vol down / power button.
If you have the stock recovery you will see a green android with a esclamation mark on a yellow triangle.
[Q] Help! I can't reboot in recovery mode!
[A] I think the main problem here is that it is a bit tricky to get into CWM recovery, once you see the small text come up don't try to read anything, just hit volume up.
Hold volume down plus power until the text in upper left shows,if you let go too early it just boots up and you never see the text. If you wait too long you don't get the option to boot into recovery. Hope that helps..
Thx to ckuke4 for this answer http://forum.xda-developers.com/showpost.php?p=16306342&postcount=60
[Q] The live-cd gave me this error: "connection failed NvError 0x8" what is it?
[A] This means that either you are not in APX mode (read above), or that you have one of the latest revision of the tf101 (B7O) which have an unknown (for now) sbk.
For what i know, there's no knew method for rooting your device.
Maybe someone will find a way, but for now you have to be patient.
[Q] I'm running your scripts from my linux box, but it keep me saying "Permission Denied". Why?
[A] You need the root privileges on your local machine.
If you are running Ubuntu:
Code:
sudo ./universal.sh
[I](it will asks for your password)[/I]
If you are running another linux distro:
Code:
su
[I](it will asks for your password)[/I]
./universal.sh
[Q] I have rooted my tablet with this method, but I can't find the superuser app and Titanium Backup says that I am not rooted.
[A] The root script will asks you to reboot your tablet, make sure that usb debugging is turned on and then press any key.
You have to wait until you see a little bee on the bottom right of your tablet's screen, near the clock. Then press any key.
[Q] I've installed CWM but every time i try to do a backup, it says it can't find sdcard. But my microsd card work fine with root explorer!
[A] Don't get me wrong but, are you sure?
In root explorer you see a sdcard folder but it's not your microsd, it's the internal memory (it's weird, i know). In root explorer the microsd card is mounted under the "/removable/microsd" folder. You should also see a little sd card icon in the bottom right, near the clock.
Also you need to make sure the card is formatted correctly. Try reformat it with this: https://www.sdcard.org/consumers/formatter_3/
Thanks to skeeterpro for the link (http://forum.xda-developers.com/showpost.php?p=16385872&postcount=6)
[Q] The live cd stops at the command prompt, I can't see the desktop.
[A]The live cd doesn't include every driver for every video card, mouse, keyboard, etc.. (keep in mind that the original slitaz livecd is only 30MB).
You can do all the process in the text console, it's not much more difficult.
If it asks for a login insert "tux" (without quotes).
At the command line enter the following:
Code:
cd
cd universal
./universal.sh
Then the magic will start. The unroot script is called ./unroot.sh
CHANGELOG:
V4:
- Corrected some text
- Added a link on the Desktop to this thread
- Added stock ramdisk for all SKU (though JP, CN and DE are not the latest versions) (thanks to kovla for the latest TB recovery)
- Added a script on the Desktop to increase the font size on the fly for those who are using a very high dpi monitor/tv.
- Changed compression algoritm. Now the iso is ~10MB smaller.
- Maybe I have found the way to make everyone read the faq...
V3:
- [BETA] added a second script to come back to stock.
V2:
- added the option to install CWM (thanks Roach!)
- more error check
V1:
First version
=====> DOWNLOAD LIVE-CD V4 - (Mirror)<=====
DOWNLOAD LIVE-CD V3 (previous version)
DOWNLOAD LIVE-CD V2
As always, keep your eyes open and
Have Fun!

Hey, how about an equivalent windows script for those who prefer msft's os. Ok?

awesome -one root to rule them all!

ondoy1943 said:
Hey, how about an equivalent windows script for those who prefer msft's os. Ok?
Click to expand...
Click to collapse
In linux there's no need for drivers to work with tf101.
Windows seems to be problematic with driver (for someone seems to be way too difficult install the right ones).
As i stated above, adding this to a live linux cd will be the final one-click-root (put a live cd/usb-memory on your computer, reboot, follow the easy instructions and you're rooted).
Sincerely I don't know how to modify a livecd to add these scripts and programs.
If anyone wants to try, he is welcome.
Anyway I don't plan to do a windows port of this.

Disappointed! No windows support!

Will probably be trying this method from my PCLOS partition, if I can hold off the OTA update which has just begun pestering me.
Got to find out whether the modded adhoc wpa_supplicant works with 3.2 first, thanks for the effort HF

Excellent, glad to avoid having to dig out my old Windows box to root the TF Would advise people to drop it, new Mint/Ubuntu is much nicer visually than Win7 and my startup times are fantastic, not to mention the slick media support.
Does you script give also install CWM?
Will give this a go later and see how it works.

belrik said:
Excellent, glad to avoid having to dig out my old Windows box to root the TF Would advise people to drop it, new Mint/Ubuntu is much nicer visually than Win7 and my startup times are fantastic, not to mention the slick media support.
Does you script give also install CWM?
Will give this a go later and see how it works.
Click to expand...
Click to collapse
I was thinking on it, but perhaps it's better no.
Installing cwm means no more ota, since the update relies on the stock recovery.
This script was meant to leave all as stock as possible.

For all the windows folks:
I have added to the first post a live-cd with all the necessary tools.
Just run it and you'll be fine. (anyway, you are always in time to switch to linux)

Hallo and thanks!!!
what about mac's Users?

Can you explain a bit about what it does? So we can all learn.
Thank you,

Hi !
Will it work under wmware or virtual pc ?

Sorry if this is a dumb questions, but would this work in Terminal in OS X?

RayYung said:
Can you explain a bit about what it does? So we can all learn.
Thank you,
Click to expand...
Click to collapse
So you wanna learn? Good!
First i learned how to root the stock firmware from here: http://forum.xda-developers.com/showthread.php?t=1125714 .
Essentially the steps are:
1 - download a modified boot image into the tablet
2 - install the su and superuser packages.
My scripts do these 2 steps. I wrote a small howto that explains how to modify a boot image (http://forum.xda-developers.com/showthread.php?t=1193737)
Caramel said:
Hi !
Will it work under wmware or virtual pc ?
Click to expand...
Click to collapse
scirio said:
Sorry if this is a dumb questions, but would this work in Terminal in OS X?
Click to expand...
Click to collapse
I really would like to have an answer to these questions...
The Mac should have a layer of compatibility with linux (can't tell you more), but i really don't know the mac world.
*Maybe* the live cd will work under virtual machine; there should be some options to enable the usb feature. In Virtual Box there's an option to enable the usb controller and an option to filter what device will be accessible to the guest os; don't know vmware and virtual pc.
I don't know if an Intel based Macintosh is able to boot from a x86 live-cd, you could try.
I'm sorry i can't help you much more.

scirio said:
Sorry if this is a dumb questions, but would this work in Terminal in OS X?
Click to expand...
Click to collapse
Oops- no- there is no Nvflash for Mac. Sorry.

Created a live usb, booted via windows, and voila i am looking at a linux desktop, which i have not seen for a long time. Started going to its paces to root my tf, but did not push thru to the end, in as much as my tf is already rooted beforehand. But i can sense that barring any unforeseen miscues by the |op|, this almost one-click rooting procedure should produce its desired result. Highly recommended; good job |op|.
Looks like this calls for an "unrooting" routine to complement the rooting process. How about it?

Nice script! I just completed one of my own for unrooting the TF
One thing: why not just use adb reboot recovery instead of telling them how to do it manually?

brando56894 said:
Nice script! I just completed one of my own for unrooting the TF
One thing: why not just use adb reboot recovery instead of telling them how to do it manually?
Click to expand...
Click to collapse
I have already tried this, but seems it doesn't work.
if i write "adb reboot recovery" or "adb reboot bootloader" my tablet reboot in normal mode.
It's more reliable do it manually.

how can install ClockworkMod recovery
i rooted my transformer with your one click tool from live cd.
if i want install ClockworkMod recovery how can do ?

zulu99 said:
i rooted my transformer with your one click tool from live cd.
if i want install ClockworkMod recovery how can do ?
Click to expand...
Click to collapse
For now if you are running on windows, you can use one of these methods:
http://forum.xda-developers.com/showthread.php?t=1125714
http://forum.xda-developers.com/showthread.php?t=1185104
you are already rooted, so just need the cwm.
Since i had many requests on adding cwm, i am going to update the scripts and live-cd for adding this feature.
I'll keep you updated.

Noob Tutorial: Ubuntu on Transformer

I've been looking around for some good tutorials, but in my opinion, almost everything was pretty difficult to understand for me.
But finally I found out how things are working (except of wifi, can You help me?
http://forum.xda-developers.com/showthread.php?t=1295718)
So I want to share my knowledge with You all and try to make it easy to understand.
1. The ony way in the moment to install Ubuntu on Your Transformer is over a Ubuntu or other Linux PC. (I easily installed Ubuntu virtually in VMware Workstation)
2. Get the required files on Your Linux machine:
http://forum.xda-developers.com/showthread.php?t=1191141
On this link, in the second post is written flash kit for linux:
klick on "here" to download the flash kit.
3. Extract the flash kit into a folder (e.g. Desktop)
4. Now download the Ubuntu root files. They are located here:
http://rootzwiki.com/showthread.php?1072-ubuntu-on-the-transformer
You have to scroll a bit down then You see
"ubuntu-rootfs:
is available here md5sum(95eda389e64461533c51fd1e4e237a30)"
Again, click on "here" to download the rootfiles. (It'll take a while, since the file is 950mb)
4. Once this is done, extract the rootfiles into linux-flash-kit/images. (This folder is the one You have extracted in 3.
5. When You want to Dual-Boot Your device with Andoid AND Ubuntu, read on, otherwise go to point 6.
You have to download a nvflashable rom like for example "PRIME!"
http://forum.xda-developers.com/showthread.php?t=1251044
There You download the NVflash version and extract the image files in it, to linux-flash-kit/images, like You have done it with the ubuntu image file.
6. Now You have to choose.
If You want only linux: remember flash-purelinux.sh
If You want linux and Android Dual-Booting with Android as default OS:
flash-linux-android.sh
If You want linux and Android Dual-Booting with Linux as default OS:
flash-linux.sh
If You want to restore back to android: flash-android.sh
If You want to get to factory state: restore-default.sh
Now You have to install the APX drivers. How to do this, You can read in other threads. Basically download the NVflash file from this thread, in it, You'll find the drivers: http://forum.xda-developers.com/showthread.php?t=1123429
So connect Your tablet to Your PC, turn it off, and turn it on while holding down the Power Button and the Volume+ button.
What You'll see is nothing. Now Your device is in APX mode.
In Your Linux Computer, open up the console and go to the linux-flash-kit directory (In my case it is on the Desktop)
so I do:
cd Desktop\linux-flash-kit
So now You are in Your linux-flash-kit directory. From here You have to type:
sudo sh flash-linux-android.sh
OR You type this in what You have remembered in Point 6.
e.g.
sudo sh flash-purelinux.sh
or
sudo sh flash-linux.sh
This will take a while because the files are transfered to Your device.
7.
When it's done, Your device will start.
Turn it off, and start into Your Ubuntu.
When Ubuntu is Your main system, You start it up normally by pressing the power button.
When Android is Your main system and You are Dual-Booting it, hold down the power button and the Volume down key until the device says that Your have to press the Volume-up key. Do this and You will see a Linux code with two penguins on the top running down Your screen. That's just good like it is.
Finally You should see the Ubuntu Setup with the language selection.
Now You can go on, and now You can set up Your Ubuntu PC!
FYI:
When You have not got a keyboard-dock, Connect Your tablet with Your pc and enter the adb shell
When You don't know how to enter it:
open up Your console, get into the directory of the android-sdk and into the platform-tools.
Then You type:
adb shell
Now You should be in the ADB shell
Now You can type:
DISPLAY=:0 onboard
Then a virtual keyboard should appear on Your tablet and You're ready to go!

Just to create a vocal point, This requires root doesn't it?

Also, is the wifi and stuff working? What's not working?

Mr.Ox said:
1. The ony way in the moment to install Ubuntu on Your Transformer is over a Ubuntu or other Linux PC. (I easily installed Ubuntu virtually in VMware Workstation)
Click to expand...
Click to collapse
Nice guide. There is one correction: it took me a while to find this but there is a windows-flash kit that I've used to install ubuntu on the transformer from Windows 7.

roflcopterofl said:
Just to create a vocal point, This requires root doesn't it?
Click to expand...
Click to collapse
I don't think so, because everything is flashed via nvflash. This way, You can flash a rom without having it rooted, too.
But I'm not quite sure..
moseskim said:
Nice guide. There is one correction: it took me a while to find this but there is a windows-flash kit that I've used to install ubuntu on the transformer from Windows 7.
Click to expand...
Click to collapse
Oh, that's a nice one, I haven't seen this yet! Thank You!
asdfuogh said:
Also, is the wifi and stuff working? What's not working?
Click to expand...
Click to collapse
What's working and not You can read in the Q&A Thread, there is written everything, I just tried to explain it a littlebit easier.
The thread is here:
http://forum.xda-developers.com/showthread.php?t=1191141
There You can see what's working, what not, and how to connect to a WiFi network (For me it doesn't work...)

Thank for this, I am itching to try this... Is there any "easy" way to get back to stock honeycomb after i try this ?
(sorry for this stupid question, I do no know much about these things)

In my opinion it's very easy.
On the one hand, run the command
Flash-android.sh
Or
Restore-default.sh
Or your use nvflash to wipe the device and get a normal rom on it.
Sent from my HTC Desire using xda premium

Thanks, I will try this later today then

tombolek said:
Thanks, I will try this later today then
Click to expand...
Click to collapse
Yeah, when You get Your wifi working, please tell me how because mine does not work
Sent from my HTC Desire using xda premium

Hello yesterday i've try to put linux and android on transformer, all work's great but after 5 minut nvidia apx was disconnected because battery load 0%; i work on vmware machine; after I've charged my dock e tablet and run again the script but that's is the result
sudo sh '/media/Nuovo volume/linux-flash-kit/flash-linux-android.sh'
/media/Nuovo volume/linux-flash-kit/flash-linux-android.sh: 2: /ubuntu/abootimg-i386: not found
/media/Nuovo volume/linux-flash-kit/flash-linux-android.sh: 3: /nvflash: not found
rm: impossibile rimuovere "linux.img": File o directory non esistente
why?
I've already tryed to restore with nvflash all partition and download all in new virtual hdd but not work.

[Q] Trouble with fastboot

Hi all,
I had a nice, long, detailed post typed out but then my browser at work crashed, so here is the revised edition:
I recently (three days ago) bought a TF300T tablet. Absolutely love it. As any android fan does, I immediately wanted to root it to get the full benefit of the device. I followed the step-by-step guide on the cyanogenmod wiki and have been successful (after a few hours of figuring things out) in unlocking the device. I am aware at this point that my device is unlocked and my Asus warranty is voided. I am also aware I may have to follow different steps to root it, and am willing to do so accordingly.
I'm not set on using cyanogenmod, but that seems to be the most popular and well-known one so I'd like to use one that is established.
So, up until now I have followed that guide but I am having an issue with flashboot. When I go to do the 'fastboot devices' command, I get nothing. It just jumps to the next line, as if I sent a blank command. When I type 'adb devices' it works fine and shows some letters&numbers so I know my device is recognized.
With all that being said, can anyone advise me on which step I'm doing wrong, if any?
Also, I'm -really- cautious about potentially bricking this thing. I still have 30 days at Best Buy but I'm also an employee there and my co-workers know I'm trying to root so if I brick it, it may not be as easy to return it as with a normal customer. I also have the Accidental Damage & Handling plan so if I DO brick it, I can smash it and get a new one without too much incident, if it comes down to it (which obviously is a LAST resort)
My device is as following:
Asus Transformer Pad TF300T unlocked, firmware .29.
I' have about 15 tabs open in Google Chrome right now after SEARCHing the forums, specifically the TF300 forum, and I'm filtering through all the posts right now. If I find a solution I will post asking for this thread to be deleted.
I'm very tech-savvy, but completely new to android. I don't own a smartphone, and this is my first android device, so this is an incredible learning experience. If anyone feels so kind, could you please explain the different terminiologies used in the rooting scene? I hear stuff about blobs, .build files, DE, WW, US stuff. What's what? And what does it all mean?
Thanks so much, and here's to hoping my computer doesn't crash as soon as I press "post"!!
-Opethfan89
*edit* Forgot to add that when I use the command
fastboot flash recovery recovery-clockwork-5.5.0.4-tf300t.img
Click to expand...
Click to collapse
the command prompt just stays stuck on "waiting for device", while my device is stuck on "Starting fastboot USB download protocol"

Slight resolution
So I am just posting with a slight update to what I've been trying to get this working. I uninstalled the ADK, all drivers, and started over from scratch. I installed ADB using the method listed on the CyanogenMod wiki, and it works fine (I can use all ADB commands from command prompt and it lists my device when I use the 'adb devices' command.
So I'm continuing to follow the steps on the CyanogenMod wiki page and I get back to the part about Fastboot. I boot into fastboot mode, plug the device in, and the new development is that my computer DOES recognize fastboot only in device manager. I do have a yellow exclamation mark near it meaning I don't have the proper driver installed.
So now my newest question is, how do I install the driver for -just- fastboot, or where can I find the .inf file so I'm able to install it myself?
I'm SO close to rooting this device I can just taste it!! Any device is very much appreciated
Thanks!
Opethfan89

Are you following this guide?
http://forum.xda-developers.com/showthread.php?t=1668173
Pretty easy to follow and the easiest way to install recovery and root device.

Yes I have followed that guide and like I said I get to the step where fastboot SHOULD be recognized by my computer but it isn't. It shows up in my device manager with a yellow exclamation point so I literally just need the driver to make things work and I should be rooted.

This thread has the drivers you need: http://forum.xda-developers.com/showthread.php?t=1661653
There are no special fast boot drivers. Just install the Asus drivers, and you'll be good to go.
Also, I know this is off-topic, and I mean no offense to you, but every time I see a thread about driver problems in Windows, I feel a thousand times better about using Linux. No drivers to install. It just works.

Have you tried to see the index on tf300t development?
Hope you have all you need and all process.
For Fastboot : [GUIDE] Help for flash more faster when you use Fastboot Line Command
And for Drivers:
ASUS Android USB Drivers.zip - 2012/04/13 - MD5 Sum: 43af8f39ed421caabecd6c4a2de17212 - Size: 8.28 MB (8687221 bytes)
ASUS Pad PC Suite (PC version V1.0.41) - MD5 Sum: 02d7661affefeb0ae05f577b6b24b37a - Size: 145.09 KB (148570 bytes)
ASUS Sync V1.0.82 - MD5 Sum: a7d229ee2f2678819e6a99711d1f572d - Size: 62.18 MB (65195236 bytes)
You will find all you need for your TF300t in this index

As long as you have the android sdk installed and the asus pad suite driver installed it should work no problem

vel0city said:
As long as you have the android sdk installed and the asus pad suite driver installed it should work no problem
Click to expand...
Click to collapse
You don't need to use android sdk except if you to use commands line.
Use the guide about [URL "http://forum.xda-developers.com/showpost.php?p 27218675&postcount 20"][GUIDE] Help for flash more faster when you use Fastboot Line Command[/URL] and you will see than it's easy and faster to push something
I haven't use android sdk though it's installed on my laptop

philos64 said:
You don't need to use android sdk except if you to use commands line.
Use the guide about [URL "http://forum.xda-developers.com/showpost.php?p 27218675&postcount 20"][GUIDE] Help for flash more faster when you use Fastboot Line Command[/URL] and you will see than it's easy and faster to push something
I haven't use android sdk though it's installed on my laptop
Click to expand...
Click to collapse
I think you do need to install android sdk because of the fastboot files are in there and need it to use fastboot that could be the reason why his computer does not recognize the tablet when he is in fastboot mode. If you look at your android manager you will see a file under android tools that fastboot files are installed.

you need to specify device id
fastboot -i 0x0b05 flash recovery recovery-clockwork-5.5.0.4-tf300t.img
Click to expand...
Click to collapse
try that op

IT WORKED!!!!
EndlessDissent said:
This thread has the drivers you need: http://forum.xda-developers.com/showthread.php?t=1661653
There are no special fast boot drivers. Just install the Asus drivers, and you'll be good to go.
Also, I know this is off-topic, and I mean no offense to you, but every time I see a thread about driver problems in Windows, I feel a thousand times better about using Linux. No drivers to install. It just works.
Click to expand...
Click to collapse
See, I think that's where I messed up. None of the guides say to download ASUS' drivers, and in my anxiousness to root I must have overlooked that step. I will try this today and post my results accordingly!! Also, no offense taken by the linux comment, and I've used linux in the past, but I've had quite a few times where it doesn't "just work" (Like using a broadcom wireless card on my old laptop. I had to learn how to use ndiswrapper and whatnot, not a pleasant experience for a linux newb at that time!!)
I recently removed my Linux partition (was using ubuntu 10.10 because I hate unity!!) and can re-install it if it will make my rooting process easier?
vel0city said:
As long as you have the android sdk installed and the asus pad suite driver installed it should work no problem
Click to expand...
Click to collapse
Yea I didn't download the asus pad suite drivers, and I think that is what is causing my issue. I wish I could post links to the guides I am following but none of them specify that. They just say to download the android SDK and all drivers are included.
FlyingPoo said:
you need to specify device id
try that op
Click to expand...
Click to collapse
I did do that, flyingpoo. At one point my cmd line showed "Sending file recovery.img (5***kb)" but the tablet never picked it up, so I know there is just some miscommunication between the tablet and the PC. When I typed adb devices in cmd line, I see the device listed, but when I type fastboot devices in cmd line, it just goes to a blank line.
I will try the above listed solutions and hope that something works. Thank you all so much for your help!
*edit* This guy, right here? Yea, he's freakin ecstatic! I installed the drivers from EndlessDissents' post, and it worked!! As soon as I booted into fastboot mode, my computer recognized the device. I then used the command that FlyingPoo used (which I tried in the past), and it showed:
Code:
c:\recovery1>fastboot -i 0x0b05 flash recovery recovery.img
sending 'recovery' <5306 KB>...
OKAY [2.417s]
writing 'recovery'...
OKAY [2.053s]
finished. total time: 4.473s
So now I'm following the next few steps to root it. I've backed up my apps using Astro as well as the ASUS backup suite, and I'm using CWM for a backup of my entire system at the moment.
Thank you again to everyone who responded. I always get hung up on the simplest step, but once that is overcome everything else is a smooth ride downhill

One last noobish question to ask, and then I think I'll be done:
I've downloaded the root-signed.zip file, as well as the latest CyanogenMod file I could find (The official wiki didn't have one listed for any asus products, for some reason?) as well as a google apps for cyanogenmod. I put the files on my SD card but nothing on there is detected within CWM. So the noobish question is which directory do I need to put the files in for CWM to detect it?
That being said, I'm also wanting to backup my system to my external SD card and I selected the option in CWM to backup but it said no sd\ext was detected. Any thoughts?
Thanks again everyone for your responses.
*EDIT* For anyone following this thread, I did figure it out. Another guide I referenced specifies that you copy the files to the INTERNAL SD card (which is kind of confusing, as SD card explicitly refers to an external memory card) and then choose it from CWM. So for me, I downloaded the files on my computer, copied them to my SD card, put the SD card in my tablet, and copied the files to the root directory of the internal storage on my tablet.
Thanks again everyone, I now have root (at least, I'm pretty sure I do?)
Mod, please feel free to close this thread as necessary.

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2016 (giza)

Read this whole guide before starting.
This is for the 6th gen Fire HD8 (giza).
Current version: amonet-giza-v1.3.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings.
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If your PL/TZ/LK versions are too new, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
sudo fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there.
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and releasing the original amonet exploit for karnak.
Special thanks also to @k4y0z for making all this possible and porting the exploit to 64 bit devices.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Special thanks also to @lovaduck for all the testing.

Unbricking
If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device and partially take it apart.
1. Extract the attached zip-file "amonet-giza-v1.2.zip" and open a terminal in that directory.
2. Start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
If you're lucky and have an old preloader (Up to FireOS 5.3.2.0), you can just hold the left volume button while plugging the device in.
If you're on a newer preloader, there are two options:
Open the device and short the marked pin (CLK) in the attached photo to ground while plugging in.
Downgrade to 5.3.1.0 firmware (google drive mirror) via adb sideload in Amazon recovery, then proceed to use the left volume button to enter boot-rom.
NOTE: Using option two may brick your device until you have successfully finished the process.
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it fails at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
The device should reboot to TWRP. Format data and use TWRP to flash a custom ROM, Magisk or SuperSU.
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID 0e8d:0003 MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice= 1.0

Source Code:
https://github.com/R0rt1z2/amonet-giza
https://github.com/R0rt1z2/android_device_amazon_giza
https://github.com/chaosmaster/android_bootable_recovery

Reserved #1

Great job by Roger, everything worked very much at first attempt while I tested. Now I have revived an old tablet that was not in use anymore!
I would advise everybody trying this process to keep in mind that things can always go wrong, but you have nothing to lose anyways. Hack at your own risk.
So good luck with the mod, and again, kudos to @Rortiz2

I get the following when running step 1:
This is only for the "giza" - Amazon Fire HD 8 (2016) - , your device is a "full_giza"
Click to expand...
Click to collapse
Is there much of a difference between the two and if not should I just edit the check in step-1.sh & step-2.sh?

cultofrobots said:
I get the following when running step 1:
Is there much of a difference between the two and if not should I just edit the check in step-1.sh & step-2.sh?
Click to expand...
Click to collapse
Oh well, my fault, let me fix that.
EDIT: Fixed the product check, use the v1.1 package.

Wrong thread.... deleted.

Rortiz2 said:
Oh well, my fault, let me fix that.
EDIT: Fixed the product check, use the v1.1 package.
Click to expand...
Click to collapse
That worked. Thanks.

thankssssss my frind , but i want root for fire hd8 5gen veeeeeerynessry sory bad englash
also i can buy it form you pleassss

789mod said:
thankssssss my frind , but i want root for fire hd8 5gen veeeeeerynessry sory bad englash
also i can buy it form you pleassss
Click to expand...
Click to collapse
Unfortunately, the Amazon Fire HD8 2015 (thebes) uses MT8135 which is pretty different to MT8163. Since I don't own the device, I can't really help you with that.

Rortiz2 said:
Unfortunately, the Amazon Fire HD8 2015 (thebes) uses MT8135 which is pretty different to MT8163. Since I don't own the device, I can't really help you with that.
Click to expand...
Click to collapse
have you any way to root these ) fire HD 10 5gen ?
I need it to my wrok
my work it unlockbootloader

Hi. I have a problem on Step 2
adb: error: cannot stat 'bin/boot0short.img': No such file or directory
Click to expand...
Click to collapse
I checked bin directory and really didn't found boot0short.img. Maybe it should be generated by the script. I checked code and didn't found any other mentions about this file...
What I doing wrong?

sancho_sumy said:
Hi. I have a problem on Step 2
I checked bin directory and really didn't found boot0short.img. Maybe it should be generated by the script. I checked code and didn't found any other mentions about this file...
What I doing wrong?
Click to expand...
Click to collapse
I've updated the main post with the v1.2 version, can you try with that one, please?
(https://forum.xda-developers.com/attachments/amonet-giza-v1-2-zip.5405917/)

Rortiz2 said:
I've updated the main post with the v1.2 version, can you try with that one, please?
(https://forum.xda-developers.com/attachments/amonet-giza-v1-2-zip.5405917/)
Click to expand...
Click to collapse
Now I have a brick...
Dark screen after "Rebooting into TWRP"
Dark screen, device didn't responce on power button...

sancho_sumy said:
Now I have a brick...
Dark screen after "Rebooting into TWRP"
Dark screen, device didn't responce on power button...
Click to expand...
Click to collapse
Bricked after running the 1.2 version? That makes no sense, unless your RPMB was updated. What's the output of "lsusb" when you plug in the tablet to the computer"?

Rortiz2 said:
Bricked after running the 1.2 version? That makes no sense, unless your RPMB was updated. What's the output of "lsusb" when you plug in the tablet to the computer"?
Click to expand...
Click to collapse
Yes. I run Step 2 from 1.2 version.
After "Rebooting into TWRP" screen off and didn't on anymore.
It's not listed in lsusb:
[email protected]:~/Downloads/amonet-giza-v1.2$ lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 5986:2113 Acer, Inc Integrated Camera
Bus 001 Device 005: ID 0bda:c024 Realtek Semiconductor Corp. Bluetooth Radio
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Click to expand...
Click to collapse
After plug in to USB dmesg:
usb 1-3: USB disconnect, device number 7
Click to expand...
Click to collapse
Is there any chances to fix it? :-(

sancho_sumy said:
Yes. I run Step 2 from 1.2 version.
After "Rebooting into TWRP" screen off and didn't on anymore.
It's not listed in lsusb:
After plug in to USB dmesg:
Is there any chances to fix it? :-(
Click to expand...
Click to collapse
don't worry
first short your devices after this
2. sudo ./boot-fastboot.sh
the screen still black
after that
unplug your USB write sudo ./ fastboot-step.sh and plug it
and wait 1sec
will successfully..
thank

789mod said:
don't worry
first short your devices after this
2. sudo ./boot-fastboot.sh
the screen still black
after that
unplug your USB write sudo ./ fastboot-step.sh and plug it
and wait 1sec
will successfully..
thank
Click to expand...
Click to collapse
do you have any detailed instruction how to short it?

sancho_sumy said:
do you have any detailed instruction how to short it?
Click to expand...
Click to collapse
before short ,
try this commands
sudo ./boot-fastboot.sh
and wait 3sec
and
sudo ./fastboot-step.sh

"This phone model does not support deep testing." Is it possible to bypass that screen in the Realme's deep testing app?

Update: after a break for a couple of days, this appears to work again. But probably not for long -- so better try it if and while it's still up ;-)
I was able to do just that (and unlock the bootloader on my phone) some two months ago (in February 2023).
I did by using this perl script of mine to simulate the https requests performed by the deep testing app.
My phone was a Realme 9 5G (RMX3474), the EU/GDPR variant.
A dry run with bogus serial num and imei strongly suggests that they haven't "fixed" it yet and it may still work.
I also suspect that it may work with other Realme phones not supported by the deep testing app.
But I don't have any spare phone (and I will not test my luck by locking it back ;-)), so I'll be grateful if anyone with a locked Realme phone would give it a try (the deep testing app would still ask you for confirmation, you don't have to unlock your phone if you don't want to).

turistu said:
I was able to do just that (and unlock the bootloader on my phone) some two months ago (in February 2023).
I did by using this perl script of mine to simulate the https requests performed by the deep testing app.
My phone was a Realme 9 5G (RMX3474), the EU/GDPR variant.
A dry run with bogus serial num and imei strongly suggests that they haven't "fixed" it yet and it may still work.
I also suspect that it may work with other Realme phones not supported by the deep testing app.
But I don't have any spare phone (and I will not test by luck by locking it back ;-)), so I'll be grateful if anyone with a locked Realme phone would give it a try (the deep testing app would still ask you for confirmation, you don't have to unlock your phone if you don't want to).
Click to expand...
Click to collapse
Thank You!
It realy works!

Thanks,
Worked for me with Android 13/RealMe UI 4.0.
Now to magisk...

After unlocking the phone, I'm looking for the boot.img.
I can find firmware update package for UI3.0, but none seems available for 4.0.
Could someone point me to it ? (either boot.img or ofp package)

Is there a way to use this script on realme 9 pro 5g eu rmx3472?
Edit: It works perfectly and i was also able to change my region to ru.

mister_slowhand said:
After unlocking the phone, I'm looking for the boot.img.
I can find firmware update package for UI3.0, but none seems available for 4.0.
Could someone point me to it ? (either boot.img or ofp package)
Click to expand...
Click to collapse
Try https://rms01.realme.net/sw/RMX3472GDPR_NN.X.NN_YYYYMMDDHHMM0000.zip,
(replacing the N, Y, etc with the actual version of the firmware).
Also the variants with .7z instead of .zip.

hatbo said:
Thank You!
It realy works!
Click to expand...
Click to collapse
Hey lads,
Could you post me here some steps how to install and unlock bootloader using that script PERL ?
I'd really appreciate it. Cheers.
Thanks. Rob

RobertoSt25 said:
Hey lads,
Could you post me here some steps how to install and unlock bootloader using that script PERL ?
I'd really appreciate it. Cheers.
Thanks. Rob
Click to expand...
Click to collapse
As already mentioned at the end of that github page, you can use the "Strawberry Perl" distro to run that perl script on Windows.
1) First install strawberry perl
2) download the deeptesting-junk.pl script
3) start the "perl command prompt" (it should be the first result when you type "perl" in window's search box)
4) inside the command prompt change to the directory where you had downloaded the script
5) run the commands and follow the instructions from the github page. Take care to replace the dummy HHH and DDD with your actual serial number and IMEI ;-).
If you have problems with those instructions (e.g. the deeptesting app still does not work, despite the script getting a successful result to the "ckeckApproveResult" command), please mention exactly what happened.

I love you Turistu, thank you for the guide!
I've had the problem, that the device wasn't getting recognized in fastboot mode.
That is because the OnePlus Fastboot USB Drivers are NOT SIGNED!
You have to restart Windows with advanced startup settings, and deactivate driver signing. So that Windows trusts unsigned drivers.
Then you can restart Windows in that mode, settings -> windows update -> advanced options -> reset options -> advanced restart. Go to advanced boot -> deactivate usb driver signing (option 7), start the pc with that option.
AND THEN you can boot your device into fastboot mode, go into your drivers and if it's still coming up as unrecognized, right click it and update it's drivers manually with the oneplus drivers.
Then it should work for you, too. Gave me lots of Headaches.
I have attached the Oneplus drivers i've used for fastboot and a patched boot.img with magisk 26.1 from RMX3311_11.C.10_EU_202303171905.

You did a great job! Thank you!
PS. Dacă ești român, ești foarte tare frate!

turistu said:
As already mentioned at the end of that github page, you can use the "Strawberry Perl" distro to run that perl script on Windows.
1) First install strawberry perl
2) download the deeptesting-junk.pl script
3) start the "perl command prompt" (it should be the first result when you type "perl" in window's search box)
4) inside the command prompt change to the directory where you had downloaded the script
5) run the commands and follow the instructions from the github page. Take care to replace the dummy HHH and DDD with your actual serial number and IMEI ;-).
If you have problems with those instructions (e.g. the deeptesting app still does not work, despite the script getting a successful result to the "ckeckApproveResult" command), please mention exactly what happened.
Click to expand...
Click to collapse
Hello there,
I tried your method, I did everything step by step and it actually worked and it did unlock the bootloader.
However after yelow sign saying the "device is unlocked" went black screen, rebooted and again fastboot mode.
Now I really do not know what to do -.-
Any advice would help.
Thanks Rob

RobertoSt25 said:
However after yelow sign saying the "device is unlocked" went black screen, rebooted and again fastboot mode.
Click to expand...
Click to collapse
If the top of the screen has "START" in green letters, then just press the power button.
BTW, what phone model do you have?

turistu said:
If the top of the screen has "START" in green letters, then just press the power button.
BTW, what phone model do you have?
Click to expand...
Click to collapse
yes top of the screeen is START green, but when I pressed power just keeps rebooting into fastboot.
RMX 3474 REALME 9 5G
Thanks