Database Info

[Meizu]-[FLyme Os] Install rom international for All devices

Sorry English my "BAD"
Ground facebook: https://www.facebook.com/groups/1697660883795443/
Guide will support install rom international for Meizu MX4 , MX5 , MX4 pro Version A , U , C ......and more devices Meizu
Advantages: rather safe method, no Chinese applications, default Google Play Services, more supported languages i-rom in the near future.
Disadvantage: OTA-update not possible, (but you can always update manually).
Note: Here's how to do safe , You do not have to worry
Request:
+Rooted
+Busybox
+Driver ADB for PC because run you need command ADB
How to instal driver ADB for Meizu Devices
Note:Because English not good , pls see Guide Tks to @abaggie Meizufan
Step 1 : Enable Usb debug and Allow mock locations
Step 2: connect devices PC and choose connect CD/Rom
You can see CD driver , you install driver adb equal file in folder Usb driver
Step 3: at c: \ Users \ your name \ .android \
Creat or edit file adb_usb.ini
add a line
Code:
0x2a45
Step 4: check driver
Code:
adb kill-sever
Code:
adb devices
if cmd current "offline" you need install again driver
Step 4: download and copy file rom .img to storage
Step 5: run CMD and type command:
Code:
adb shell
Code:
su
Code:
dd if=/sdcard/system-i.img of=/dev/block/platform/xxxxx/by-name/system
Note : xxxxx leaves partition system
example : MX4pro (cpu exynos) : /dev/block/platform/15540000.dwmmc0/by-name/system
M2 note,mx4,m1note (cpu MTK) : /dev/block/platform/mtk-msdc.0/by-name/system
MX5:/dev/block/mmcblk0p18 or you can use dev/block/platform/mtk-msdc.0/by-name/system
We expect the end of the command (about 5 min . ) . After the download of the image will be prompted to enter a new team in the form of the sign '#' ;
Due to the fact that the section is replaced by a system hang smartphone . This is normal. Restart it long hold the power button , and wait for download smartphone. If your smartphone is not loaded within 15 minutes , you need to reset the settings of recovery stock ( volume down button + power button ) .
Step 6 : Now you need to reset your smartphone to factory settings. Settings - About phone - memory - factory reset . Put two checkboxes, and click " Start cleaning " .
Or reboot recovery stock and clear data
DOWNLOAD
Rom 4.5.4i for MX4 Pro: google driver
Rom 4.5.4i MX4pro use TWRP flash rom:Google driver
Rom 4.5.5i for MX4pro:Google driver
Meizu pro5 stock mod version I
4.5.4.2i: Download
M1 note: Download
MX5:Google driver
FW 4.5.2.7i Stable: Download
M2 note : Google driver
FW 4.5.3i :Link Mega
MX4 folder download: google driver
Folder run command ADB:Google driver
Meizu M1 note :Google driver
==================================================
Update tools One click auto converter system support creat system.img for meizu devices
Link download : Driver google
How to use:
Step1: Copy system.new.dat and system.transfer.list to folder "in"
Step2: Run System-conVERTER.dat
===============================
PS: Get link download max speed vietnam host Fshare: get link

Good idea!

update MX4 link rom

doesn't work... Says Permission denied.
this is the string:
[email protected]:/ $ su
su
enter main
start command :am start -a android.intent.action.MAIN -n com.android.settings/co
m.android.settings.root.RootRequestActivity --ei uid 2000 --ei pid 6904 > /dev/n
ull
[email protected]:/ # dd if=/sdcard/system-i.img of=/dev/block/platform/15540000.dwmm
c0/by-name/system
dcard/system-i.img of=/dev/block/platform/15540000.dwmmc0/by-name/system <
dd: /sdcard/system-i.img: Permission denied

I solved with the terminal emulator

ucb83 said:
I solved with the terminal emulator
Click to expand...
Click to collapse
you need flash on PC
no terminal emulator
Sent from my MX4 Pro using Tapatalk

I succeeded even with the terminal emulator. I finally managed to install via PC, great job, everything works.

Hum great... seem good new....
Envoyé de mon X98 Air 3G(C8J7) en utilisant Tapatalk

i will update rom version I use TWRP flash for mx4pro
Sent from my MX4 Pro using Tapatalk

what ROM? I don't understand how to do after the end of the command. What must i write? "#"?

TARAS88 said:
what ROM? I don't understand how to do after the end of the command. What must i write? "#"?
Click to expand...
Click to collapse
This is what i do but after when i see the sharp i reboot the smartphone and i see only the recovery.

Very great method...it worke great! Only issue is that I do not see Contacts for my google account....Any clue?...
THANKS IN ADVANCE!

popo72 said:
Very great method...it worke great! Only issue is that I do not see Contacts for my google account....Any clue?...
THANKS IN ADVANCE!
Click to expand...
Click to collapse
hi
you can install contacts google ...use file apk
i will update file apk app center
Sent from my MX4 Pro using Tapatalk

Really thanks....

What is the difference beentween the international version and the Chinese version? I'm using my phone in Norway, will this rom support Norwegian?
And if this rom is installed, will ota updates still work?
Thanks

I get "Permission denied" when trying to enter the last command in adb.
[email protected]:/ # dd if=/sdcard/system-i.img
c0/by-name/system
dcard/system-i.img of=/dev/block/platform/15
dd: /sdcard/system-i.img: Permission denied

HabueN said:
I get "Permission denied" when trying to enter the last command in adb.
[email protected]:/ # dd if=/sdcard/system-i.img
c0/by-name/system
dcard/system-i.img of=/dev/block/platform/15
dd: /sdcard/system-i.img: Permission denied
Click to expand...
Click to collapse
Install supersu or try with terminal emulator or try with twrp method.

ucb83 said:
Install supersu or try with terminal emulator or try with twrp method.
Click to expand...
Click to collapse
Will do that. But is there any advantages of installing the I ROM instead of A ROM?
Thanks for answers

stuck at step 4.
where i can find rom.img for meizu m2 note.?
only can find update.zip for international version
---------- Post added at 09:37 AM ---------- Previous post was at 09:27 AM ----------
ok found it. thanks

penyapu79 said:
stuck at step 4.
where i can find rom.img for meizu m2 note.?
only can find update.zip for international version
---------- Post added at 09:37 AM ---------- Previous post was at 09:27 AM ----------
ok found it. thanks
Click to expand...
Click to collapse
link download #1
Gửi từ MX4 Pro của tôi bằng cách sử dụng Tapatalk

Z5 Rooting & Recovery Boot Mode (UK Xperia Z5 E6653)

Morning All,
I've been looking around for a stock Lollipop 5.1.1 Rom for the Xperia Z5 but haven't come across one yet, are there preferred site to browse for stock roms?
Also, is anyone aware of how to boot into recovery mode? Does a stock Sony Rom for Lollipop have it enabled?

http://developer.sonymobile.com/201...for-a-range-of-unlocked-xperia-devices-video/

Could you call *#*#2673#*#* in dial app?
If it doesn't blocked by security, we can enable non-secure ADB thanks to new app in Z5 system.

Does anyone know if someone working on a root method

AndroPlus said:
Could you call *#*#2673#*#* in dial app?
If it doesn't blocked by security, we can enable non-secure ADB thanks to new app in Z5 system.
Click to expand...
Click to collapse
Hello AndroPlus, sorry if this is noob question but could you explain what is it non secure adb and for what exactly it is useful? I tried dial that number and i was able to get into core settings menu with option switch non secure adb on but im still not sure what does it mean exactly and google is pretty silent about this as i can't find any informations about it
Sent from my E6653 using XDA Free mobile app

flakac said:
Hello AndroPlus, sorry if this is noob question but could you explain what is it non secure adb and for what exactly it is useful? I tried dial that number and i was able to get into core settings menu with option switch non secure adb on but im still not sure what does it mean exactly and google is pretty silent about this as i can't find any informations about it
Sent from my E6653 using XDA Free mobile app
Click to expand...
Click to collapse
You can use # (root) in adb shell if non secure adb is enabled.
We have to find how to disable dm-verity and ric to mod system partition, though...

AndroPlus said:
You can use # (root) in adb shell if non secure adb is enabled.
We have to find how to disable dm-verity and ric to mod system partition, though...
Click to expand...
Click to collapse
Nice,that's interesting, I owned every single Xperia Z and red alot about rooting on each single model but never heard about non secure adb.
But now I am huge fan of non secure adb,i hope someone will find how to disable ric!
Sent from my E6653 using XDA Free mobile app

AndroPlus said:
You can use # (root) in adb shell if non secure adb is enabled.
We have to find how to disable dm-verity and ric to mod system partition, though...
Click to expand...
Click to collapse
Does that mean you can backup TA partition in adb shell using dd command?

shoey63 said:
Does that mean you can backup TA partition in adb shell using dd command?
Click to expand...
Click to collapse
Yes, if it works.
Sometimes security feature blocks root to do any actions (they are stronger than root...), so someone should try it first.

shoey63 said:
Does that mean you can backup TA partition in adb shell using dd command?
Click to expand...
Click to collapse
Could anyone with a Z5 or Z5 Compact try this, please?
I'd love to know before buying one.

non-secure ADB works on my Z5 (sim-free UK).
What is the command to backup partitions?

okgnew said:
non-secure ADB works on my Z5 (sim-free UK).
What is the command to backup partitions?
Click to expand...
Click to collapse
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/TA of=/sdcard/TA.img

hm. it does not work.
I get 'permissions denied'

okgnew said:
hm. it does not work.
I get 'permissions denied'
Click to expand...
Click to collapse
If you type
Code:
id
, what do you get?

[email protected]:/ $ id
id
uid=2000(shell) gid=2000(shell) groups=1004(input),1007(log),1011(adb),1015(sdcard_rw),1026(drmrpc),1028(sdcard_r),2993(
trimarea),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
---------- Post added at 09:48 PM ---------- Previous post was at 09:47 PM ----------
[email protected]:/ $ dd if=/dev/block/platform/msm_sdcc.1/by-name/TA of=/sdcard/TA.img
v/block/platform/msm_sdcc.1/by-name/TA of=/sdcard/TA.img <
dd: /dev/block/platform/msm_sdcc.1/by-name/TA: Permission denied
---------- Post added at 09:49 PM ---------- Previous post was at 09:48 PM ----------
W:\>adb push hosts /data/data
failed to copy 'hosts' to '/data/data/hosts': Permission denied

okgnew said:
[email protected]:/ $ id
id
uid=2000(shell) gid=2000(shell) groups=1004(input),1007(log),1011(adb),1015(sdcard_rw),1026(drmrpc),1028(sdcard_r),2993(
trimarea),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
---------- Post added at 09:48 PM ---------- Previous post was at 09:47 PM ----------
[email protected]:/ $ dd if=/dev/block/platform/msm_sdcc.1/by-name/TA of=/sdcard/TA.img
v/block/platform/msm_sdcc.1/by-name/TA of=/sdcard/TA.img <
dd: /dev/block/platform/msm_sdcc.1/by-name/TA: Permission denied
---------- Post added at 09:49 PM ---------- Previous post was at 09:48 PM ----------
W:\>adb push hosts /data/data
failed to copy 'hosts' to '/data/data/hosts': Permission denied
Click to expand...
Click to collapse
You are not root, you are shell user.
You are using secure ADB.

I run 'adb root' but it did not change anything
And 'su' returns 'command not found'

After unsecuring ADB is it possible to push su and busybox via ADB with a computer

Thekjp95 said:
After unsecuring ADB is it possible to push su and busybox via ADB with a computer
Click to expand...
Click to collapse
Not that I could see. I tried a few commands which didn't work but even if you did dm-verity would have to be disabled otherwise the system would bootloop
Sent from my E6653 using Tapatalk

@DooMLoRD will you be willing to do work on the z5

A new way to recover soft bricked G Flex 2 by uploading image files.

EDIT---------------------------------------------------------
IT WORKS!
Originally, I could not get this idea to work because the 'cat' command could not be redirected to a file.
However, a new idea by @MAXIMATOR to use dd command to combine the files back together have shown to work.
The batch files for LS996 is shown in this post.
For windows machine, it requires an equivalent utility for 'dd' command for windows for the first batch file to split the main image file. The batch file needs some changes but the method itself is valid.
If you have a soft bricked LS996 or H950, this method should work to recover your phone.
EDIT----------------------------------------------------------
2nd EDIT---------------------------------------------------------
A 'dd' utility for windows can be downloaded from http://www.chrysocome.net/downloads/dd-0.6beta3.zip.
Original Post ------
I don't have time to test this idea but I think it will work. I will outline the idea below and maybe someone can try it.
There is a utility program called 'push_file.exe'. This program can upload files while the device is in the download mode. The problem with this program is that there is a size limit as to the file it can upload..
So, the idea is to split a system image file into multiple pieces and then concatenate the pieces back into one image file on the device. Then use dd command to install.
1) Find and install a version of LG Tools which includes push_file.exe program.
2) Run some upload tests using push_fiile.exe to find out the file size limit of the program.
3) Take an image file that you want to install on the device and then split the file into pieces with the byte size less than the size limit of the program. (using split command on linux or OSX).
4) Upload all the pieces to internal storage at /data/media/0/ using push_file.exe program.
5) Concatenate all the pieces back into one .img file using cat command.
6) Now use dd command to install the system. image into the proper internal block.
If all went well, the device should boot right up.
I should have some time to test the idea this weekend if no one has tried it by then.

You right, this is working for soft bricked devices, without system img on internal storage.
But no need to merge pieces to one file
The H955 system partition is 458752 block, and the block size is 8192 byte.
Need to split the system img divisible by 8192, exactly... and 'flash' the pieces with dd.
Exampe, if the push_file max file size limit is 300Mb, this is 38400 block
The system partition start from 52348 block, and count 458752 block
first 300Mb piece flash:
dd if=/data/media/0/system_first_piece.img bs=8192 seek=53248 count=38400 of=/dev/block/mmcblk0
second piece flash:
dd if=/data/media/0/system_second_piece.img bs=8192 seek=91648 count=38400 of=/dev/block/mmcblk0
third piece flash
dd if=/data/media/0/system_third_piece.img bs=8192 seek=130048 count=38400 of=/dev/block/mmcblk0

stars2 said:
You right, this is working for soft bricked devices, without system img on internal storage.
But no need to merge pieces to one file
The H955 system partition is 458752 block, and the block size is 8192 byte.
Need to split the system img divisible by 8192, exactly... and 'flash' the pieces with dd.
Exampe, if the push_file max file size limit is 300Mb, this is 38400 block
The system partition start from 52348 block, and count 458752 block
first 300Mb piece flash:
dd if=/data/media/0/system_first_piece.img bs=8192 seek=53248 count=38400 of=/dev/block/mmcblk0
second piece flash:
dd if=/data/media/0/system_second_piece.img bs=8192 seek=91648 count=38400 of=/dev/block/mmcblk0
third piece flash
dd if=/data/media/0/system_third_piece.img bs=8192 seek=130048 count=38400 of=/dev/block/mmcblk0
Click to expand...
Click to collapse
I suspect the maximum size will be much less and one will end up with not just 3 files but maybe into 20-30 pieces. It's just a guess. Really won't know until a test to try to find the maximum size.
However, if the number of files is more then few, then I think cat makes sense (if cat will work on the internal memory).

if G flex 2 have download mode, it can be unbricked with octopus box...
if you can, find a way unbricking from HS-USB QDLoader 9008 mode

gnanava said:
if G flex 2 have download mode, it can be unbricked with octopus box...
if you can, find a way unbricking from HS-USB QDLoader 9008 mode
Click to expand...
Click to collapse
They can not do anything until LG did not give the file the programmer , we signed bootloader , you need one file MPRG8994.hex, or prog_emmc_firehose_8994.mbn, digitally signed LG, then I 'll do it !
---------- Post added at 09:50 AM ---------- Previous post was at 09:41 AM ----------
gnanava said:
if G flex 2 have download mode, it can be unbricked with octopus box...
if you can, find a way unbricking from HS-USB QDLoader 9008 mode
Click to expand...
Click to collapse
Anybody can write an appeal to LG.Pochemu so bad they treat us , because we paid good money for the phone , and now suffer, because LG did not want to do for our Board diag phone! I Hate LG !!!!

emmc
yurez234 said:
They can not do anything until LG did not give the file the programmer , we signed bootloader , you need one file MPRG8994.hex, or prog_emmc_firehose_8994.mbn, digitally signed LG, then I 'll do it !
---------- Post added at 09:50 AM ---------- Previous post was at 09:41 AM ----------
Anybody can write an appeal to LG.Pochemu so bad they treat us , because we paid good money for the phone , and now suffer, because LG did not want to do for our Board diag phone! I Hate LG !!!!
Click to expand...
Click to collapse
These are links to emmc partition might be of any help
wiki.maemo.org/Repartitioning_the_flash
processors.wiki.ti.com/index.php/Android_gingerbread_eMMC_booting

csrow said:
I suspect the maximum size will be much less and one will end up with not just 3 files but maybe into 20-30 pieces. It's just a guess. Really won't know until a test to try to find the maximum size.
However, if the number of files is more then few, then I think cat makes sense (if cat will work on the internal memory).
Click to expand...
Click to collapse
The push_file exe only supports till about 15MB, so will result in 250+ files :silly:
And the cat command doesnt seem to concatenate ok the Send_Command prompt as well.
My phone is stuck on authentication fail error because I renamed a system apk, Basically
system/priv-app/LGStartupwizard/LGStartupwizard.apk ===> system/priv-app/LGStartupwizard/LGStartupwizard.apk.bak
If some how i can revert this with Send_Command prompt, the phone will boot again.
Otherwise i can try to flash 250+ pieces as last resort but i need a little help with understanding the example you have made up
bs=8192 seek=53248 count=38400
Specifically how is 300 MB = 38400 block... ?
Any help is much appreciated. Thanks.

honest1212 said:
The push_file exe only supports till about 15MB, so will result in 250+ files :silly:
And the cat command doesnt seem to concatenate ok the Send_Command prompt as well.
My phone is stuck on authentication fail error because I renamed a system apk, Basically
system/priv-app/LGStartupwizard/LGStartupwizard.apk ===> system/priv-app/LGStartupwizard/LGStartupwizard.apk.bak
If some how i can revert this with Send_Command prompt, the phone will boot again.
Otherwise i can try to flash 250+ pieces as last resort but i need a little help with understanding the example you have made up
bs=8192 seek=53248 count=38400
Specifically how is 300 MB = 38400 block... ?
Any help is much appreciated. Thanks.
Click to expand...
Click to collapse
If the problem is only that, remove the .back to the file from download mode.
mv ***.apk.back ***.apk.
then reboot.
problem solved
are you shure thats the problem?

honest1212 said:
The push_file exe only supports till about 15MB, so will result in 250+ files :silly:
And the cat command doesnt seem to concatenate ok the Send_Command prompt as well.
My phone is stuck on authentication fail error because I renamed a system apk, Basically
system/priv-app/LGStartupwizard/LGStartupwizard.apk ===> system/priv-app/LGStartupwizard/LGStartupwizard.apk.bak
If some how i can revert this with Send_Command prompt, the phone will boot again.
Otherwise i can try to flash 250+ pieces as last resort but i need a little help with understanding the example you have made up
bs=8192 seek=53248 count=38400
Specifically how is 300 MB = 38400 block... ?
Any help is much appreciated. Thanks.
Click to expand...
Click to collapse
Without the cat command working, it's almost impossible. There will be just too many files to manipulate.
/system/ is locked and chmod or remount does not work. I know it's just one small change but no way to fix it.
If you are in US, send it in to LG for repairs.

pelelademadera said:
If the problem is only that, remove the .back to the file from download mode.
mv ***.apk.back ***.apk.
then reboot.
problem solved
are you shure thats the problem?
Click to expand...
Click to collapse
/system/ is locked and can not be changed.

Mount -o remount rw does not work?
Enviado desde mi LG-H955 mediante Tapatalk
---------- Post added at 09:27 PM ---------- Previous post was at 08:56 PM ----------
csrow said:
Without the cat command working, it's almost impossible. There will be just too many files to manipulate.
/system/ is locked and chmod or remount does not work. I know it's just one small change but no way to fix it.
If you are in US, send it in to LG for repairs.
Click to expand...
Click to collapse
you can only dd the place where the app is.
so you have to slpit it and found where the app is, in wich part of the split is. maybe is in 2 of them... or make an img with only that apk, then dd it to sectors that are free...
the other way is a scrypt, simpler and will work

csrow said:
/system/ is locked and can not be changed.
Click to expand...
Click to collapse
Correct, not able to change anything in /system, Also I think that internal memory (/data/media/0/) is not mounted with latest bootloader.
And no am not present in USA to be able to send it back to LG for repair
Thanks for all your replies guys !!

honest1212 said:
Correct, not able to change anything in /system, Also I think that internal memory (/data/media/0/) is not mounted with latest bootloader.
And no am not present in USA to be able to send it back to LG for repair
Thanks for all your replies guys !!
Click to expand...
Click to collapse
At least with LS996 zv9, internal memory is mounted and is r/w accessible. However, external SD card can not be mounted.
Some other parts of the root '/' is r/w accessible but not /system/. I will try later on today to test and see if 'cat' command works on the internal memory.

Under send-command.exe, 'cat' only redirects to the console. It will not redirect to a file so this idea is dead.

csrow said:
Under send-command.exe, 'cat' only redirects to the console. It will not redirect to a file so this idea is dead.
Click to expand...
Click to collapse
1. using dd split image of stock or rooted system
this is my batch file for this (dd must be in windows or use Linux)
https://dl.dropboxusercontent.com/u/32328783/_split_bs_512.rar
2. theh push files in to device using thih batch file
https://dl.dropboxusercontent.com/u/32328783/_996_push_to_datalocaltmp.rar
3. list all files
ls /data/local/tmp/
and see that all 272 files correctly copied with size 15728640
4. On the device, combine all files to one
https://dl.dropboxusercontent.com/u/32328783/996_склеить.rar
5. flash image

MAXIMATOR said:
1. using dd split image of stock or rooted system
this is my batch file for this (dd must be in windows or use Linux)
https://dl.dropboxusercontent.com/u/32328783/_split_bs_512.rar
2. theh push files in to device using thih batch file
https://dl.dropboxusercontent.com/u/32328783/_996_push_to_datalocaltmp.rar
3. list all files
ls /data/local/tmp/
and see that all 272 files correctly copied with size 15728640
4. On the device, combine all files to one
https://dl.dropboxusercontent.com/u/32328783/996_склеить.rar
5. flash image
Click to expand...
Click to collapse
Thanks for making the large batch files. This promising and may solve the people with soft bricked phones without an image file in the internal memory.
For those who wants to try this method, here are few notes.
1) For the split batch file, a windows user would need a 'dd' utility. There are few available. I am not sure which would be the best for this application.
2) The second upload batch and the third combine batch will have to be run within the send_command .exe environment. So, create a wrapper batch command to set up send_command first and then feed in the dd command strings.
3) These batch files are for LS996 only. For AT&T versions, the image files size is larger so the batch files will have to be extended to cover the extra file length.
Good luck and let us know if it works for you.

I'm going to try this method and get back to you. I tried using the Mod in the dev section and ended up with IPSERVICE force closes, couldn't do anything, tried to factory reset, and ended up now with no adb, only download mode. Will let you know how it works out, I did have the idea of trying Send_Command and Push_file, but it failed after a certain point, nice find, hope it works, I miss my ls996
---------- Post added at 02:59 AM ---------- Previous post was at 02:36 AM ----------
Push_File.exe \\.\COM8 rs.1113 /data/local/tmp/rs.1113
Author : blog.lvu.kr
File : rs.1113
Path : /data/local/tmp/rs.1113
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : WRTE8388608byte sent
WRTE : WRTE7340032byte sent
CLSE: FAIL
Soo far a whole bunch of that, Not sure what this means with the big FAIL, but it's almost done sending
---------- Post added at 03:05 AM ---------- Previous post was at 02:59 AM ----------
Later
Push_File.exe \\.\COM8 rs.1255 /data/local/tmp/rs.1255
Author : blog.lvu.kr
File : rs.1255
Path : /data/local/tmp/rs.1255
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : FAIL8388608byte sent
WRTE : FAIL7340032byte sent
CLSE: FAIL
ping -n 2 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Push_File.exe \\.\COM8 rs.1256 /data/local/tmp/rs.1256
Author : blog.lvu.kr
File : rs.1256
Path : /data/local/tmp/rs.1256
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : Ç
8388608byte sent
WRTE : F
7340032byte sent
CLSE: %N'z
---------- Post added at 03:17 AM ---------- Previous post was at 03:05 AM ----------
ls /data/local/tmp/
busybox
rs.1001
through, accounted for.
rs.1272
I don't quite understand how to do step 4 though
---------- Post added at 03:58 AM ---------- Previous post was at 03:17 AM ----------
Welll... This operation didn't work, and now my phone can't see anything with the LS command after doing this guess I'm waiting for a ZV9 TOT or KDZ now -_-
---------- Post added at 04:00 AM ---------- Previous post was at 03:58 AM ----------
send_command \\.\COM8
Author : blog.lvu.kr
SPECIAL COMMAND : ENTER, LEAVE
#ls
EXEC W ║º║╝#
That's what I got -_-

x4gvnferdy said:
I'm going to try this method and get back to you. I tried using the Mod in the dev section and ended up with IPSERVICE force closes, couldn't do anything, tried to factory reset, and ended up now with no adb, only download mode. Will let you know how it works out, I did have the idea of trying Send_Command and Push_file, but it failed after a certain point, nice find, hope it works, I miss my ls996
---------- Post added at 02:59 AM ---------- Previous post was at 02:36 AM ----------
Push_File.exe \\.\COM8 rs.1113 /data/local/tmp/rs.1113
Author : blog.lvu.kr
File : rs.1113
Path : /data/local/tmp/rs.1113
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : WRTE8388608byte sent
WRTE : WRTE7340032byte sent
CLSE: FAIL
Soo far a whole bunch of that, Not sure what this means with the big FAIL, but it's almost done sending
---------- Post added at 03:05 AM ---------- Previous post was at 02:59 AM ----------
Later
Push_File.exe \\.\COM8 rs.1255 /data/local/tmp/rs.1255
Author : blog.lvu.kr
File : rs.1255
Path : /data/local/tmp/rs.1255
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : FAIL8388608byte sent
WRTE : FAIL7340032byte sent
CLSE: FAIL
ping -n 2 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Push_File.exe \\.\COM8 rs.1256 /data/local/tmp/rs.1256
Author : blog.lvu.kr
File : rs.1256
Path : /data/local/tmp/rs.1256
UNLK : FAIL
OPEN : OPEN
TOT FileSize : 15728640
SendStart
WRTE : Ç
8388608byte sent
WRTE : F
7340032byte sent
CLSE: %N'z
---------- Post added at 03:17 AM ---------- Previous post was at 03:05 AM ----------
ls /data/local/tmp/
busybox
rs.1001
through, accounted for.
rs.1272
I don't quite understand how to do step 4 though
---------- Post added at 03:58 AM ---------- Previous post was at 03:17 AM ----------
Welll... This operation didn't work, and now my phone can't see anything with the LS command after doing this guess I'm waiting for a ZV9 TOT or KDZ now -_-
---------- Post added at 04:00 AM ---------- Previous post was at 03:58 AM ----------
send_command \\.\COM8
Author : blog.lvu.kr
SPECIAL COMMAND : ENTER, LEAVE
#ls
EXEC W ║º║╝#
That's what I got -_-
Click to expand...
Click to collapse
reboot phone to download mode and try again
contact me in skype maximator82 and provide access to the phone via Teamviewer. I try to help. This method of working.

MAXIMATOR said:
1. using dd split image of stock or rooted system
this is my batch file for this (dd must be in windows or use Linux)
https://dl.dropboxusercontent.com/u/32328783/_split_bs_512.rar
2. theh push files in to device using thih batch file
https://dl.dropboxusercontent.com/u/32328783/_996_push_to_datalocaltmp.rar
3. list all files
ls /data/local/tmp/
and see that all 272 files correctly copied with size 15728640
4. On the device, combine all files to one
https://dl.dropboxusercontent.com/u/32328783/996_склеить.rar
5. flash image
Click to expand...
Click to collapse
I'm going to try this on my softbricked AT&T H950, wish me luck!
Edit: So far, I've already splitted the rootedsystem.img to 288 parts of 14.5Mb.
The COM361 in the second batch file must be changed to the port that shows under my device manager (COM4)?

ChrysSG said:
I'm going to try this on my softbricked AT&T H950, wish me luck!
Edit: So far, I've already splitted the rootedsystem.img to 288 parts of 14.5Mb.
The COM361 in the second batch file must be changed to the port that shows under my device manager (COM4)?
Click to expand...
Click to collapse
Yes the COM port will have to match your set up. Usually 3 or 4.
Also try pushing the files to '/data/media/0/temp/' if pushing to '/data/local/temp/' does not work for you.

Android 7 overwrites /system/build.prop on every boot?

First post, please move my thread to a more appropriate category if needed or send me to a duplicate thread if I missed it.
It looks like Android 7/Nougat overwrites the /system/build.prop file on every boot, and I'm trying to figure out - am I editing it wrong or is that a new design? It did not happen in Android 6/Marshmallow. I have a Nexus 5X FWIW, and being a software engineer I am comfortable with adb and fastboot and even wrote a couple Android apps in the past, but the android file system is a black box to me. This is what I did:
$ adb reboot bootloader
$ fastboot boot /tmp/twrp-3.0.2-2-bullhead.img
// Mounted system read/write, edited build.props
$ adb shell
# cat /system/build.prop | tail -n 3
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
# echo 'net.tethering.noprovisioning=true' >> /system/build.prop
# cat /system/build.prop | tail -n 4
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
net.tethering.noprovisioning=true
# exit
// Rebooted into stock
$ adb reboot
$ adb shell
$ cat /system/build.prop | tail -n 3
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
// See how the net.tethering line is not there
// Rebooted into twrp
$ adb reboot bootloader
$ fastboot boot /tmp/twrp-3.0.2-2-bullhead.img
// Mounted system read/write
$ adb shell
# cat /system/build.prop | tail -n 4
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
net.tethering.noprovisioning=true
// See how the net.tethering is still there
If this is as designed, why does /system/build.prop differ when booting stock vs twrp?

mgbelisle said:
First post, please move my thread to a more appropriate category if needed or send me to a duplicate thread if I missed it.
It looks like Android 7/Nougat overwrites the /system/build.prop file on every boot, and I'm trying to figure out - am I editing it wrong or is that a new design? It did not happen in Android 6/Marshmallow. I have a Nexus 5X FWIW, and being a software engineer I am comfortable with adb and fastboot and even wrote a couple Android apps in the past, but the android file system is a black box to me. This is what I did:
$ adb reboot bootloader
$ fastboot boot /tmp/twrp-3.0.2-2-bullhead.img
// Mounted system read/write, edited build.props
$ adb shell
# cat /system/build.prop | tail -n 3
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
# echo 'net.tethering.noprovisioning=true' >> /system/build.prop
# cat /system/build.prop | tail -n 4
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
net.tethering.noprovisioning=true
# exit
// Rebooted into stock
$ adb reboot
$ adb shell
$ cat /system/build.prop | tail -n 3
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
// See how the net.tethering line is not there
// Rebooted into twrp
$ adb reboot bootloader
$ fastboot boot /tmp/twrp-3.0.2-2-bullhead.img
// Mounted system read/write
$ adb shell
# cat /system/build.prop | tail -n 4
ro.build.expect.baseband=M8994F-2.6.36.2.20
ro.expect.recovery_id=0xc3fa4d20943e3f2c988a1ee26f54d3982287ac4b000000000000000000000000
net.tethering.noprovisioning=true
// See how the net.tethering is still there
If this is as designed, why does /system/build.prop differ when booting stock vs twrp?
Click to expand...
Click to collapse
Have you tried pulling a copy of build.prop then opening it in a text editor and make your changes to it then save it and push the edited copy back to /system?
Sent from my SCH-I535 using Tapatalk

Droidriven said:
Have you tried pulling a copy of build.prop then opening it in a text editor and make your changes to it then save it and push the edited copy back to /system?
Click to expand...
Click to collapse
Thanks for the reply Droidriven. I did not try that because the bash commands I did seem like the same thing. But I tried it just now, and it's the same result.

mgbelisle said:
Thanks for the reply Droidriven. I did not try that because the bash commands I did seem like the same thing. But I tried it just now, and it's the same result.
Click to expand...
Click to collapse
You're using a temp recovery aren't you? Are you using that because your bootloader is locked? Are you rooted?
Sent from my SCH-I535 using Tapatalk

Yes I'm using a temp recovery to make the edit as root, twrp specifically, like my shell commands show in the first post. My bootloader does happen to be unlocked, but the reason I'm using the temp recovery is so my firmware stays stock so I can use Android Pay. Which answers your last question incidentally, no I'm not rooted.

mgbelisle said:
Yes I'm using a temp recovery to make the edit as root, twrp specifically, like my shell commands show in the first post. My bootloader does happen to be unlocked, but the reason I'm using the temp recovery is so my firmware stays stock so I can use Android Pay. Which answers your last question incidentally, no I'm not rooted.
Click to expand...
Click to collapse
I doubt you'll make the changes and keep them without root.
Sent from my SCH-I535 using Tapatalk

Droidriven said:
I doubt you'll make the changes and keep them without root.
Click to expand...
Click to collapse
Hmm but that doesn't quite make sense to me. I made the changes as root and they've definitely persisted (even when I reboot into twrp) and the changes are there if you do the same thing in Android 6. There are many references to doing changes this way like in http://forum.xda-developers.com/nexus-5x/general/guide-how-to-unlock-tethering-nexus-5x-t3231301 but it's just with Android 7 now, the stock 7 firmware is mounting something on /system/build.prop that is different than what TWRP mounts at /system/build.prop. I'll try the same thing with CyanogenMod Recovery, maybe that will have different results.

mgbelisle said:
Yes I'm using a temp recovery to make the edit as root, twrp specifically, like my shell commands show in the first post. My bootloader does happen to be unlocked, but the reason I'm using the temp recovery is so my firmware stays stock so I can use Android Pay. Which answers your last question incidentally, no I'm not rooted.
Click to expand...
Click to collapse
I don't see where actually flashing TWRP would cause a problem instead of using a temp recovery. Your stock firmware will still be full stock, I don't think which recovery you have would cause a problem with android pay.
Sent from my SCH-I535 using Tapatalk

Droidriven said:
I don't see where actually flashing TWRP would cause a problem instead of using a temp recovery. Your stock firmware will still be full stock, I don't think which recovery you have would cause a problem with android pay.
Click to expand...
Click to collapse
Yeah I understand that, but even though it wouldn't cause a problem it doesn't seem that would be necessary. Interestingly, when I'm booted into twrp with /system mounted, the build.prop file has the contents and timestamp I expect.
# ls -la /system/build.prop
-rw-r--r-- 1 root root 4919 Dec 17 16:52 /system/build.prop
But when booted into system (stock Android 7 like I mentioned) the timestamp shows a very different file is being mounted.
$ ls -la /system/build.prop
-rw-r--r-- 1 root root 4876 2009-01-01 03:00 /system/build.prop

More info, flashing twrp as opposed to just booting it had the same effect. I tried that because of what you said Droidriven, BTW thanks for your help so far.

Ever get any farther with this? I'm having the same issues on my Stock bl-unlocked Google Play N5X 7.1.1 NMF26F
Booting into TWRP, pulling /system/build.prop, editing, mounting /system RW, replacing /system/build.prop, still not making changes.
Also for some reason every SuperSU attempt I make (for any versions since 2.78 (and 2.79+) fails at Patching sepolicy - Failure, aborting.
Ugh...

tronik said:
Ever get any farther with this? I'm having the same issues on my Stock bl-unlocked Google Play N5X 7.1.1 NMF26F
Booting into TWRP, pulling /system/build.prop, editing, mounting /system RW, replacing /system/build.prop, still not making changes.
Also for some reason every SuperSU attempt I make (for any versions since 2.78 (and 2.79+) fails at Patching sepolicy - Failure, aborting.
Ugh...
Click to expand...
Click to collapse
I never figured out why it was happening, but when I flashed TWRP and installed SuperSU (which were successful for me, no errors) then the problem went away and I was able to persist edits to /system/build.prop. That is odd how SuperSU installation fails for you with that error. I have the exact same setup as you Nexus 5X 7.1.1 NMF26F and following these instructions I installed SuperSU without error.
http://www.theandroidsoul.com/npf10c-root-android-7-1-1-nexus-5x-6p/
The version I used were twrp-3.0.2-2-bullhead.img and SR5-SuperSU-v2.78-SR5-20161130091551.zip

mgbelisle said:
I never figured out why it was happening, but when I flashed TWRP and installed SuperSU (which were successful for me, no errors) then the problem went away and I was able to persist edits to /system/build.prop. That is odd how SuperSU installation fails for you with that error. I have the exact same setup as you Nexus 5X 7.1.1 NMF26F and following these instructions I installed SuperSU without error.
http://www.theandroidsoul.com/npf10c-root-android-7-1-1-nexus-5x-6p/
The version I used were twrp-3.0.2-2-bullhead.img and SR5-SuperSU-v2.78-SR5-20161130091551.zip
Click to expand...
Click to collapse
Appreciate the prompt response. Yeah, I'm using twrp 3.0.2-2 also, and I've tried numerous versions of SuperSU all failing with the same sepolicy update error... I just don't get it. Never had these problems before Nougat.
Just tried with the specific one in the article you linked:
"Patching sepolicy
--- Failure, aborting"
So weird. Anyway, glad to know yours was fixed!
edit:
I finally decided to try this other root method (phh) and it is working: http://www.theandroidsoul.com/npf10c-root-android-7-1-1-nexus-5x-6p/
I don't know why my trusty SuperSU no longer works.
Oh well.

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 10 2017 (suez)

Read this whole guide before starting.
This is for the 7th gen Fire HD10 (suez).
Current version: amonet-suez-v1.1.2.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If you are on firmware 5.6.4.0 or newer, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-suez-v1.1-return-to-stock.zip" into the same folder where you extracted "amonet-suez-v1.1.2.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.3.0 or newer, otherwise you may brick your device)
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @retyre for porting the bootrom-exploit and for testing.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks also to @bibikalka and everyone who donated
Thanks to @TheRealIntence and @b1u3m3th for confirming it also works on the 64GB model.

Unbricking
If Recovery OR FireOS are still accessible there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device and partially take it apart.
Follow this guide by @retyre until (including) step 8..
At Step 6. you will replace
Code:
sudo ./bootrom.sh
with
Code:
sudo ./bootrom-step.sh
Should the script stall at some point, restart it and replug the USB-cable (Shorting it again should not be necessary unless the script failed at the very beginning).
If the script succeeded, put the device back together.
When you turn it on, it should start in hacked fastboot mode.
You can now use
Code:
sudo ./fastboot-step.sh
This will flash TWRP and reset your device to factory defaults, then reboot into TWRP.
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00

Changelog
Version 1.1.2 (26.03.2019)
Fix regenerating GPT from temp GPT
Version 1.1.1 (26.03.2019)
Fix unbricking procedure
Version 1.1 (25.03.2019)
Update TWRP-sources to twrp-9.0 branch
TWRP uses kernel compiled from source
Add scripts to use handshake2.py to enter fastboot/recovery
Features.
Uses 5.6.3 LK for full compatibility with newer kernels.
Hacked fastboot mode lets you use all fastboot commands (flash etc).
Boots custom/unsigned kernel-images (no patching needed)
TWRP protects from downgrading PL/TZ/LK
For the devs: sets printk.disable_uart=0 (enables debug-output over UART).
NOTE: Hacked fastboot can be reached via TWRP.
NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock

Source code:
https://github.com/chaosmaster/amonet/tree/mt8173-suez
https://github.com/chaosmaster/android_device_amazon_suez
https://github.com/chaosmaster/android_kernel_amazon_suez
https://github.com/chaosmaster/android_bootable_recovery

First unreserved !!!

bibikalka said:
First unreserved !!!
Click to expand...
Click to collapse
You are quick

Now we need custom kernels and/or roms, any advice where to start?

Murcielagoz99 said:
Now we need custom kernels and/or roms, any advice where to start?
Click to expand...
Click to collapse
Download Lineage OS Sources, create device tree, create kernel tree, create vendor tree and compile ROM.
---------- Post added at 09:04 PM ---------- Previous post was at 08:58 PM ----------
@k4y0z in the ReadMe of the amonet source code says that the exploit is for the fire hd8 2018.
Is it correct or is it an error?
On the other hand, very good work!

sudo ./step-1.sh
"command not found"
Got the script to run using chmod. But it doesn't reboot,
"PL version 5
LK version 2
TZ Version 263
press enter to continue...
(doesnt reboot)
Dumping GPT
....
Modifying GPT (still hasnt reboot)
What am i am missing?

BRAVO!! Fantastic work, my friend! I'm looking forward to the customization and ROMs that will soon follow.

Rortiz2 said:
Download Lineage OS Sources, create device tree, create kernel tree, create vendor tree and compile ROM.
Click to expand...
Click to collapse
Or start with the (minimal) TWRP device tree I linked to.
Rortiz2 said:
@k4y0z in the ReadMe of the amonet source code says that the exploit is for the fire hd8 2018.
Is it correct or is it an error?
On the other hand, very good work!
Click to expand...
Click to collapse
I just forgot to update the Readme fixed it.
Michajin said:
sudo ./step-1.sh
"command not found"
Got the script to run using chmod. But it doesn't reboot,
"PL version 5
LK version 2
TZ Version 263
press enter to continue...
(doesnt reboot)
Dumping GPT
....
Modifying GPT (still hasnt reboot)
What am i am missing?
Click to expand...
Click to collapse
What OS are you using?
Is there no other output?
Try running
Code:
modules/gpt.py
Does that give any errors?

k4y0z said:
Or start with the (minimal) TWRP device tree I linked to.
I just forgot to update the Readme fixed it.
What OS are you using?
Is there no other output?
Try running
Code:
modules/gpt.py
Does that give any errors?
Click to expand...
Click to collapse
i had permission errors on my ubuntu 16.04. IT rebooted into recovery but nothing happened.
Testing root access...
uid=0(root) gid=0(root) context=u:r:init:s0
PL version: 5 (5)
LK version: 2 (2)
TZ version: 263 (263)
Your device will be reset to factory defaults...
Press Enter to Continue...
Dumping GPT
tmp-mksh: dd if=/dev/block/mmcblk0 bs=512 count=34 of=/data/local/tmp/gpt.bin: not found
tmp-mksh: chmod 644 /data/local/tmp/gpt.bin: not found
199 KB/s (17408 bytes in 0.085s)
Flashing temp GPT
246 KB/s (17408 bytes in 0.068s)
tmp-mksh: dd if=/data/local/tmp/gpt.bin.step1.gpt of=/dev/block/mmcblk0 bs=512 count=34: not found
Preparing for Factory Reset
tmp-mksh: mkdir -p /cache/recovery: not found
/system/bin/sh: can't create /cache/recovery/command": Permission denied
/system/bin/sh: can't create /cache/recovery/command": Permission denied
Rebooting into Recovery
Recovery, nothing happens.
I have root.....

Michajin said:
i had permission errors on my ubuntu 16.04. IT rebooted into recovery but nothing happened.
Testing root access...
uid=0(root) gid=0(root) context=u:r:init:s0
PL version: 5 (5)
LK version: 2 (2)
TZ version: 263 (263)
Your device will be reset to factory defaults...
Press Enter to Continue...
Dumping GPT
tmp-mksh: dd if=/dev/block/mmcblk0 bs=512 count=34 of=/data/local/tmp/gpt.bin: not found
tmp-mksh: chmod 644 /data/local/tmp/gpt.bin: not found
199 KB/s (17408 bytes in 0.085s)
Flashing temp GPT
246 KB/s (17408 bytes in 0.068s)
tmp-mksh: dd if=/data/local/tmp/gpt.bin.step1.gpt of=/dev/block/mmcblk0 bs=512 count=34: not found
Preparing for Factory Reset
tmp-mksh: mkdir -p /cache/recovery: not found
/system/bin/sh: can't create /cache/recovery/command": Permission denied
/system/bin/sh: can't create /cache/recovery/command": Permission denied
Rebooting into Recovery
Recovery, nothing happens.
I have root.....
Click to expand...
Click to collapse
What are you using for root?
it seems like your "su" doesn't like the commands my script sends, what su are you using?
You could try disabling root/ungrant root access and use mtk-su.

k4y0z said:
What are you using for root?
it seems like your "su" doesn't like the commands my script sends, what su are you using?
You could try disabling root/ungrant root access and use mtk-su.
Click to expand...
Click to collapse
SuperSU Pro v 2.82

Michajin said:
SuperSU Pro v 2.82
Click to expand...
Click to collapse
Interesting, it seems it interprets all the arguments as one command.
I'll see if I can find a workaround to work with SuperSU, but it will take me a moment.
What should work however is if you disable root-access in SuperSU-app.
And place mtk-su into bin-folder.
Then just let it do it's thing using mtk-su.

k4y0z said:
Interesting, it seems it interprets all the arguments as one command.
I'll see if I can find a workaround to work with SuperSU, but it will take me a moment.
What should work however is if you disable root-access in SuperSU-app.
And place mtk-su into bin-folder.
Then just let it do it's thing using mtk-su.
Click to expand...
Click to collapse
It is showing
new UID/GID: 0/0 (over and over)
then UID/GID: 2000/2000 ( occasionally)
Then did not find own task_struct (237)
This normal? It has been about 10 minutes

Michajin said:
It is showing
new UID/GID: 0/0 (over and over)
then UID/GID: 2000/2000 ( occasionally)
Then did not find own task_struct (237)
This normal? It has been about 10 minutes
Click to expand...
Click to collapse
Then abort it and try again.
Make sure the screen is unlocked.
Is there no other output?
Did you use arm or arm64 mtk-su?
Also I just tested with SuperSU 2.82 su-binary, and it worked as expected.
I'm not sure why you are getting this issue.

k4y0z said:
Then abort it and try again.
Make sure the screen is unlocked.
Is there no other output?
Did you use arm or arm64 mtk-su?
Also I just tested with SuperSU 2.82 su-binary, and it worked as expected.
I'm not sure why you are getting this issue.
Click to expand...
Click to collapse
I factory reset, no luck, I tried it on my Raspberry pi3 and it worked. Something with my ubuntu i guess? What version of magisk? i flashed 18.1 and it seems to be looping (or taking a really really long time). Rebooting into recovery is easy though (right volume and power).

Michajin said:
I factory reset, no luck, I tried it on my Raspberry pi3 and it worked. Something with my ubuntu i guess? What version of magisk? i flashed 18.1 and it seems to be looping (or taking a really really long time). Rebooting into recovery is easy though (right volume and power).
Click to expand...
Click to collapse
Great you got it to work. Not sure why it didn't in Ubuntu.
Did you end up using mtk-su or SuperSu?
Magisk 18.1 is working fine for me, what FireOS-Version are you on?

k4y0z said:
Read this whole guide before starting.
This is for the 7th gen Fire HD10 (suez).
I have only tested it on the 32GB-model, but it should also work on the 64GB-model ....
Click to expand...
Click to collapse
Outstanding 'win' presented with clarity and humility. Not to mention timely given the short time you've had the target hardware. A fantastic ROI for those who underwrote the device and for uncounted others who will benefit from your work (along with those of several others noted in your full post) for years to come.
:good: