Related
I cracked the img format for Garminfones... started out by looking at the format of the file and it turns out the only difference is the loader addresses.
Took the stock recovery and disabled security, which worked. Then modified the boot.img to disable security and had the filesystems mount rw by default and flashed it to the recovery partition. Booted into recovery mode and viola... security disabled. Now it is time to flash it to the boot partition and cross fingers.
Now I just need to figure out how to compile a working recovery mode... preferrably one that can be activated by keypress. Not sure how to do that part. I can only get to recovery and bootloader mode after booting into the os.
I should have a working mkbooting soon so I don't have to hex edit the generated img files.
Well done!
I look forward to any progress reports that you make.
Are you using the official or leaked version of the 2.1 Eclair?
The official and leaked versions are equal.
And I did find out that we do have fastboot It's the blue screen that you get when you hold UP+POWER, or do adb reboot bootloader... two different messages on the screen. I can get fastboot to accept a reboot-bootloader command, but I'm having some issues actually getting any information out of it or flashing something like a boot image.
To get it to respond, you do:
fastboot -i 0x091E <command>
the -i makes it specify the Vendor ID, since fastboot only accepts a few vendors by default.
I also found out that I don't have to rebuild the mkbootimg program... if you add --base 0x1AC00000, then the load addresses match up in the resulting img file.
If someone is willing to host it, I can share the modified boot.img that sets ro.secure=0 and mounts the filesystems RW by default.
Hey, just joined to reply to this thread. Is it possible for you to upload to a file-sharing site such as megaupload, fileserve, etc.
I'm just getting into this whole rooting/modifying stuff. I used z4root to root my A50 and have installed superuser. I have deleted some of the carrier .apks but am thinking I should have made a back-up before doing so. I also bought setcpu from the market before finding out the Qualcomm chip does not allow overclocking.
Can I ask what the point of modifying the boot image is? Is this the first step in being able to install custom roms to the phone?
Anyway, appreciate the effort you guys have put in to modifying the phone.
You get a higher level of access, along with things like being able to customize parts of the phone, in my case enabling read/write by default. I also am planning on playing a bit, like remapping partitions... the instructions are in the init.rc file.
Always take a dump_image (or remount all mtd partitions as read only and just use cat to dump the mtd partitions). Also tar up each of the root folders (and files) in case you need quick access to any files you may have deleted. If you need a system app back and you don't have a backup, you have to reflash 2.1 again. Very important... if you care about the Garmin map software, make sure to get the /storage folder, including the one in it named .System... you can recover the maps, vehicles, etc by using two different Garmin web update windows programs-- one for the system stuff and one for the maps. Better safe than sorry.
any news on this
What would we need to be able to overclock?
I spent a good portion of the day yesterday rooting and installing CyanogenMod on my fiance's MyTouch Slide, and I have to say, it was amazing. It's a lot more than just a throwing around some custom default apps, cleaning up bloatware, even adding some kernel modules... I can do all of that on my rooted Garminfone just fine. It also had the Android 2.3 base, and it has polish and refinements that just can't be done without a custom built ROM.
I bought my Garminfone on purpose, even knowing that it shipped with Android 1.6, even knowing that the interface was awful, even knowing that the device wasn't going to sell as well as I wished it would. I bought it for it's offline maps, and for it's fantastic GPS. Things have improved since I bought my device... Android 2.1 was released, an improved user interface arrived, I gained root access and was able to clean up some stuff, etc. etc. But none of that prevented me from being jealous yesterday after seeing CyanogenMod. Further, Cyanogen has experience with preserving apps through the process of installing his mod for the first time; He did it when Google first sent him the Cease and Desist letter barring him from packaging CyanogenMod with Google Apps. I'm not sure HOW he did it, and I don't care, but I do think that it's very possible for him to do just that again with our Garmin Maps and the associated apps.
For these reasons, I suggest that we could have our cake, and we could eat it too: Have a modern OS (Based on Android 2.3), have a clean, unified interface, with no bloatware AND our maps... Cyanogen is not known for making his mod for phones he doesnt own. Further, as we all know, ours was possibly the worst selling and least popular android device ever released to market. While I consider myself versed in the ways of Linux, I am not a developer. I run Gentoo, and have the associated skills, and I will contribute in any way I know how, but hacking is not my forte. I can't expect brilliant minds to work for any project for nothing. Therefore, I am putting my money where my mouth is... I'm going to take all the money from my weekly paycheck that I can afford, and I'm going to donate it to that project. It won't be much... I am a starving college kid, after all... but it will be generous within my means. I am also going to post a reference to this thread everywhere I know how... My contribution might be small, but the community might be able to get something together that is mighty.
Visit topic 5864-garminfone on their forums to add your support.
(Edit: They moved my post, I have corrected this with the correct forum topic)
I have recently bought an Incredible S, and it is a great device, but I would like to gain root access for certain apps. The development forum is dead, I presume anyone with the knowledge and inclination as avoided this phone (and is waiting on the dual cores) so I decided to look for myself, but I am stuck. Either the people who usually discover root on these devices don't like documenting processes and methods, or I am loking in totally the wrong place. Can anyone give me pointers on where to start looking or where I can find info on where to start looking, or am I just barking up the wrong tree and sounding really thick?
Hey people,
I need to root my phone to.
I used z4mod and universal androot, both apps failed to root my phone.
So i hope someone succeed to root his or her incredible s, and post it here.
- Bert
unrevoked.com
just enable usb debugging, plug your phone into pc via usb, start unrevoked3 and wait. It will do all the work for you
There is no support for the HTC incredible S
i think there is a difrence between the HTC droid incredible and HTC incredible S,
so im not taking any risk trying to root my phone as an HTC droid incredible
vindicat said:
unrevoked.com
just enable usb debugging, plug your phone into pc via usb, start unrevoked3 and wait. It will do all the work for you
Click to expand...
Click to collapse
UnrEVOked does not support Inc S at the moment.
Sent from my HTC Incredible S using XDA Premium App
Alright, i'll try to make this simple, because i'm betting not a lot of people know what goes into rooting these devices.
Root is not like buried treasure. No X on a map. In fact, there is no map. We're not hitting up a command prompt on windows, crawling through thousands of bits to find the access codes so we can find the root the creators left for us.
Now that we know what it isn't, it's time to explain what it is.
Finding root is a lot like finding a back door... that's been painted to look like the rest of the outside wall... and all of its cracks sealed... and its doorknob non-existant. You'd have to look from the inside to know where it is, and even THEN you don't know if you can even OPEN the door from the outside.
What devs (or aspiring devs) attempt to do is look for the telltale signs that a phone software vendor has modified from the original stock AOSP. This means that the phone will be attempting to do something unique, something that vanilla android does not. TouchWiz, MotoBlur, etc are all examples of these.
Devs look through the changes, trying to find examples where vendors have hijacked root access (or system access) to perform a task. On Droid3, for example, we found a script that reinstalls stock sample games onto the phone. We attempted to shell-inject some code into a variable to install superuser into an executable directory. Unfortunately, the attempt failed.
In short, you're looking for signs that some root access is happening outside of vanilla android. After that, you need to find a way to hijack it. Checking files for executable permissions, finding out where files can be executed, etc are all examples of searching for root.
Your eventual goal will to be to get the su binary into an executable location. On the Droid3, this was /data/tmp, a temporary filesystem with executable permissions (but no write access for apps or shell.) Our goal was to use some exploit to push su into that directory and execute it. (We still have not achieved this.)
If you really want to learn the process that goes into rooting, check this thread out: http://forum.xda-developers.com/showthread.php?t=1193893
It is 60 pages of root theory where we are still [at time of post] attempting to gain root. We wade through our ideas, our attempts, our successes and our failures. (we have lots of those. )
Good luck, though i think you might be getting in over your head... I sure am already.
Hello, I ask for help and assistance, please.
Sony M2 - D2305
The whole tutorial was read carefully and followed as is, it was achieved, used and tried to meet the objectives happily, it is not my first flash, nor the first device to die (another lg L80 d375ar) I have vague concepts thanks to the forum and booble, I understand something. I am not a developer but I would like to go deeper, without more, I will give a description with my best effort and in the end I will go to the problem in question. (which arose from layer 8 human error in an oversight)
-the bootloader was successfully unlocked;
-I don't remember which flashtool version to use, I have 0.9.18-6 as recommended; following 0.9.22-3 (I think I used this); 0.9.25-0; 0.9.33-0; 0.9.34-0;
-all those files in theory means that then, they work, it was used very well (congratulations to dev's, great job);
-woow!! What's that? Did you launch a new updated version of the lineage, good! I want to try that now! (telling me);
TROUBLE:
Between so many times that I have done it, after doing the format, and the corresponding wipes ... I realize that I never inserted the sd card.
I slide on off.
There is no system, it does not light its LED light under any combination, its battery was at 100%, there is no dfu, there is no recovery, there is no download, no adb, no fastboot, the battery was removed, I charged it with a source of experiments and its voltage is correct, it was allowed to drain and retry after several months assuming the kernel is the one who tried to charge the battery by auto-restarting, and correcting itself, it was tested with every program found in Windows and Linux, and not gave signs of nothing.
win32
semc_device
win64
somc_device
linux
qhsusb_bulk
DEAD!! x_X
*this reminded me of the other device mentioned, qhdloader9008 or something like that, in addition to the qhsusb_bulk, it died with its stock-rom forcing shutdown with buttons because it frozen, among the few possible solutions found and tried, it is mentioned about another possible ported solution, It consists of something like making a copypaste of a complete image of all internal sectors and taking it to the sd-card, and I remember that it almost revived although something was missing and I no longer remember, I could try again but it did not work.
**I have hopes that someone with a lot of knowledge appears, a better solution or someone's help, using their image or helping me create one in some way or another, I do not know what else to do, maybe someone with it same model to try to boot from sdcard.
(I have never done it, if someone wanted to confirm, detail, or know how to provide the complete process, it would also be of great help. But according to what I "don't understand" is that the most reliable thing is to do it from a Linux environment and it would be something like for example )
dd if = /dirInput | vp | dd of = /dirOutput
and share it compressed?)
(If there is any private data, it reserves its right)
***From ignorance, I want to ask according to how little I have learned until today...
what happened here?
Was the recovery installed by mounting in cache? and was the data saved as temporary in a sector that is volatile not persistent? Wrong indexes were formatted and inserted into wrong sectors, losing access to gpt / mbr of all complete? or what happened here?)
****Something extreme and crazy out of context that I wonder, is the result of mixing mcu microcontroller, needles, wires, spi, i2c, bidirectional ttl converter, vcc, gnd, dat + dat- but I still don't understand much, to Unless they make it very easy for me to understand with kiss principles, boxes, apples and kittens.
Admin: Please move/delete this thread if it is in the wrong place or against the rules.
I wanted to create a thread to discuss unlocking fastboot mode on Oppo devices in general, rather than discussing it in terms of any one device in particular. The reason being is that there are currently little bits of information scattered here and there across various different device forums. I think it would be useful to have somewhere where we could pool our information on the subject.
I will say at this point, I'm not sure what progress can be made, but I do think we could answer some of each other's questions and build a bigger picture of what is going on.
One question I have for example, that I know someone out there will know, or be able to test, is if you have enabled engineer mode with the sec5 app, or otherwise, are you then able to invoke methods from the 'android.engineer.OplusEngineerManager' class without getting an selinux error?
I have decompiled the deeptesting app and looked through the sources a little and found the method that unlocks fastboot mode. Its signature is as follows:
fastbootUnlock(byte[ ] bArr, int i)
The byte array is essentially formed as followed:
a string is split into pairs of characters,
each pair is a hex code that is converted to an int,
the byte value of each of these integers is then stored in a byte array.
The int that the fastbootUnlock method takes is simply the length of the byte array.
I have a find x3 pro and have hit a bit of a brick wall in testing in that I cannot invoke methods from the 'android.engineer.OplusEngineerManager' class however I do suspect that with engineer mode enabled it may be possible to invoke methods from this class.
If you have any information you feel may be relevant, any questions, or even just want to say hello, do not hesitate to post
So, no major breakthroughs to report but some stuff that may be of use to people.
After hitting a bit of a brick wall disassembling the deeptesting and engineermode apks I have turn my attention to the system.
Both these apks rely on custom services implemented by oppo (Although most files relating to them have oplus in the name)
After loading up one of the service files '[email protected]' in ida I think I can see that the key required to unlock fastboot mode is stored on the odm partition in /odm/etc/DownloadModeKey/ (This is a little over my head but I can see multiple references to this)
Also I have found an xml with a list of mmi codes, I don't know how much use it will be to anyone, but there are a couple in there that I dont believe have been documented elsewhere, so I will upload it here
I did some very cursory reverse-engineering of the deeptest app and basically came to the conclusion that it depends on the response from Oppo's servers. In a properly designed system (which the original Danger hiptop/T-Mobile Sidekick implemented) there's an unlock entitlement cryptographically signed by the OEM. I *assume* that's the case here, but I don't know for sure.
super5at said:
I did some very cursory reverse-engineering of the deeptest app and basically came to the conclusion that it depends on the response from Oppo's servers. In a properly designed system (which the original Danger hiptop/T-Mobile Sidekick implemented) there's an unlock entitlement cryptographically signed by the OEM. I *assume* that's the case here, but I don't know for sure.
Click to expand...
Click to collapse
Getting the correct response from Oppo servers allows the app to invoke the fastbootUnlock method however I believe the key required for the method is stored on device.
From my point of view, the biggest, and perhaps only remaining, hurdle is being able being able to invoke methods from the OplusEngineerManager class from our own apps.
I know the method required and and what parameters should be passed to it. I strongly suspect from reverse engineering the engineer service the key is stored on device. This key is then seperated into pairs of digits and convertered to a byte array. The fastbootUnlock method takes 2 parameters, the byte array and an integer that is equal to the length of the byte array.
Hi! I'm trying a different approach, to spoof the device model so that the deep test.apk will do its thing.
I have the realme gt 2 (EU) RMX3311 that can't be unlocked but the Indian version (RMX3312) can be unlocked. Some guys managed to change the region of the RMX3311 to India and the deep test apk allowed the bootloader to be unlocked. So, from what I've read, deep test reads build.prop and if it finds the right model it communicates with realme backend to receive the unlock code, and everything works...
Now I'm trying to find in the deep test apk when it reads the device model and change that code so it accepts whatever it finds The problem is I can't understand smali source code )
wizard8400 said:
Hi! I'm trying a different approach, to spoof the device model so that the deep test.apk will do its thing.
I have the realme gt 2 (EU) RMX3311 that can't be unlocked but the Indian version (RMX3312) can be unlocked. Some guys managed to change the region of the RMX3311 to India and the deep test apk allowed the bootloader to be unlocked. So, from what I've read, deep test reads build.prop and if it finds the right model it communicates with realme backend to receive the unlock code, and everything works...
Now I'm trying to find in the deep test apk when it reads the device model and change that code so it accepts whatever it finds The problem is I can't understand smali source code )
Click to expand...
Click to collapse
Hi! You might find it easier to understand the flow of the app if you decompile to java, the output won't be compilable but you could pinpoint where the region is checked and cross reference that to the smali code you have, you could at least get some idea of where to start.
I will say, if a modified version of the app can still access the OplusEngineerManager class without an selinux denial, then you could probably just get your download mode key by doing a dump of your device in edl mode and then modify the app to call its fastbootUnlock method with the key from your dump.
I haven't tested this because on my find x3 pro I can't even install the deeptesting app.
I haven't tried to do much in a while because I've gotten a bit stuck trying to work out how to calculate the secrecy token. I am not great with C and trying to understand decompiled pseudocode is a little bit beyond me lol. Quite disheartening too knowing that even if it was possible to work out that token by disassembling system services, it still might not mean I was able to access the OplusEngineerManager class.
Luddite I be. Tired and couldn't workout how to cancel a post
Kernel source and Device tree released
As oppo-source has released kernel_source and device_tree for find x3 and find x3 pro what possibility could be related to custom kernel, custom rom and i know the bootloader unlock issue does these two source code help in unlocking the...
forum.xda-developers.com
burhanhanzada199888 said:
Kernel source and Device tree released
As oppo-source has released kernel_source and device_tree for find x3 and find x3 pro what possibility could be related to custom kernel, custom rom and i know the bootloader unlock issue does these two source code help in unlocking the...
forum.xda-developers.com
Click to expand...
Click to collapse
Always great to get a notification for this thread
The release of the kernel sources for the Find X3 Pro is slightly old news, sadly I don't think there is much to be found in regards to unlocking the bootloader or engineer mode.
Secrecy/Engineer mode unlock possible (For a limited time), for more info please see here:
Secrecy unlock
WARNING - THIS (ORIGINAL) METHOD IS NOT WORKING WARNING - BE CAREFULL REGARDING (your) IMEI SHARING ! You need to enable Developer Options and USB Debugging in the Phone Download the Oppo_Free_Unlock_v1.0.zip Secrecy Auto Unlocker : Open the...
forum.xda-developers.com
Small update:
Decided to try and pull the DownloadModeKey from my Find X3 pro via adb, the operation was a success but sadly it just looks like an RSA public key so not much use.
User154 said:
Small update:
Decided to try and pull the DownloadModeKey from my Find X3 pro via adb, the operation was a success but sadly it just looks like an RSA public key so not much use.
Click to expand...
Click to collapse
Continue work bro
Hi there,
I have reverse engineered the process deep testing apk does and recreated it independently of the phone.
Suppose I have the "token" which is sent as a byte array to android.engineer.OplusEngineerManager method fastbootUnlock, what will that achieve, except the unlock ofcourse?
I am new to the oppo ecosystem and trying to understand what powers this engineerMode has.
serv0id said:
Hi there,
I have reverse engineered the process deep testing apk does and recreated it independently of the phone.
Suppose I have the "token" which is sent as a byte array to android.engineer.OplusEngineerManager method fastbootUnlock, what will that achieve, except the unlock ofcourse?
I am new to the oppo ecosystem and trying to understand what powers this engineerMode has.
Click to expand...
Click to collapse
So I don't actually know for sure what else that method would do, but I can't imagine it would do much else. The OplusEngineerManager class contains multiple methods that do different things, from what I could see most of them are not called by the deeptesting app at all I think I have found the library that the OplusEngineerManager class calls but I'm not 100% sure.
Have you got the token?
Hey folks - apologies for being late to the party, but thought I'd add my findings.
I stumbled across this thread & a few others after doing some digging into the "in-depth testing" tool. A few things:
I can't actually *install* the "in-depth testing" APK on my Find X5 Lite (a.k.a Reno 7 5G) - it seems like some version of the tool is already baked in to the stock ROM, so whatever APK I got my hands on fails to install because of conflicts.
I thought about trying to repack the APK, but apktool wasn't having it so I gave up pretty quickly.
I decompiled the version of the APK I have, and it looks like it's referencing the class "android.engineer.OppoEngineerManager" when it calls a "fastbootUnlock" method (already established above, I know I know)
I did some poking around and pulled (what I believed to be) the engineer mode APK using ADB, but after decompiling it things started to get a bit... weird. All of this is in a completely *different* namespace, it seems, and it's "com.oplus.engineermode" - so I have a hunch that I'm looking at bits of two different codebases. No luck, then.
One of the other threads I was looking at mentioned there being a couple things of interest in the /odm/ directory - seemingly what the "fastbootUnlock" method was actually calling *into* - but I wasn't able to pull any of that over ADB. Seems the directory is protected :/
With that in mind, I went on a quest to find a stock ROM to dig around in there. I did manage to find one and download it, but actually getting anything *out* of it has been a massive pain in the ass.
The stock ROM I found just has a big old ".ofp" file in it, instead of anything sensible - so in other words, proprietary garbage.
I had to use a dedicated extractor to get any files out of it, but even *that* wasn't enough; all of the juicy stuff is split into multiple ".img" files, and there's a bunch of different bits and pieces for the "super" image.
The bits and pieces for that super image are mentioned in a "mapping" file. This is just a text document that matches up different regions/carriers with the parts of the super image that you need.
All of the parts of the super image (once you've figured out which ones you need) need to be joined together. Just running "cat super0.xxxxx.img super1.xxxxx.img super2.xxxxx.img" seemed to work for this? (... but I was also able to use "simg2img" from the android otatools as well, see below)
But the troubles don't end here! This is a sparse image, so you need to go through *another* step to deflate it. I wound up using "simg2img" for this, and it gave me a final, honest-to-god super image. (imjtool was also able to do this for me)
Then comes the process of actually *extracting* the component parts of the super image. I originally used "lpunpack" (also from the android otatools) for this, but the output was really bizarre. *Some* of the output files were mountable ext4 partitions, but the ones I cared about *weren't*. More specifically, the files for the "product", "vendor", "system" and "odm" partitions were all just... gibberish. I wasn't able to mount them at all.
After some more searching I came across "imjtool", which is available here. And this tool has singlehandedly saved my entire ass. I got it to extract the super image again, and LO AND BEHOLD, it was able to identify the file system used by the "product", "vendor", "system" and "odm" partitions. It's.... (drum roll please) Huawei EROFS. More proprietary garbage.
Now that I *know* this, I can see the light at the end of the tunnel, and I think I have a reasonable chance of grabbing whatever-the-... the in-depth testing APK is actually calling *into*. Hopefully then I can decompile that, and figure out what the hell fastboot is doing on this device.
If I manage to get anywhere, I'll mention it here ^^ it's been a bit of a rigmarole so far haha
{Mod edit: Inappropriate language edited. Oswald Boelcke, Senior Moderator}
mkaylynn7 said:
Hey folks - apologies for being late to the party, but thought I'd add my findings.
I stumbled across this thread & a few others after doing some digging into the "in-depth testing" tool. A few things:
I can't actually *install* the "in-depth testing" APK on my Find X5 Lite (a.k.a Reno 7 5G) - it seems like some version of the tool is already baked in to the stock ROM, so whatever APK I got my hands on fails to install because of conflicts.
I thought about trying to repack the APK, but apktool wasn't having it so I gave up pretty quickly.
I decompiled the version of the APK I have, and it looks like it's referencing the class "android.engineer.OppoEngineerManager" when it calls a "fastbootUnlock" method (already established above, I know I know)
I did some poking around and pulled (what I believed to be) the engineer mode APK using ADB, but after decompiling it things started to get a bit... weird. All of this is in a completely *different* namespace, it seems, and it's "com.oplus.engineermode" - so I have a hunch that I'm looking at bits of two different codebases. No luck, then.
One of the other threads I was looking at mentioned there being a couple things of interest in the /odm/ directory - seemingly what the "fastbootUnlock" method was actually calling *into* - but I wasn't able to pull any of that over ADB. Seems the directory is protected :/
With that in mind, I went on a quest to find a stock ROM to dig around in there. I did manage to find one and download it, but actually getting anything *out* of it has been a massive pain in the ass.
The stock ROM I found just has a big old ".ofp" file in it, instead of anything sensible - so in other words, proprietary garbage.
I had to use a dedicated extractor to get any files out of it, but even *that* wasn't enough; all of the juicy stuff is split into multiple ".img" files, and there's a bunch of different bits and pieces for the "super" image.
The bits and pieces for that super image are mentioned in a "mapping" file. This is just a text document that matches up different regions/carriers with the parts of the super image that you need.
All of the parts of the super image (once you've figured out which ones you need) need to be joined together. Just running "cat super0.xxxxx.img super1.xxxxx.img super2.xxxxx.img" seemed to work for this? (... but I was also able to use "simg2img" from the android otatools as well, see below)
But the troubles don't end here! This is a sparse image, so you need to go through *another* step to deflate it. I wound up using "simg2img" for this, and it gave me a final, honest-to-god super image. (imjtool was also able to do this for me)
Then comes the process of actually *extracting* the component parts of the super image. I originally used "lpunpack" (also from the android otatools) for this, but the output was really bizarre. *Some* of the output files were mountable ext4 partitions, but the ones I cared about *weren't*. More specifically, the files for the "product", "vendor", "system" and "odm" partitions were all just... gibberish. I wasn't able to mount them at all.
After some more searching I came across "imjtool", which is available here. And this tool has singlehandedly saved my entire ass. I got it to extract the super image again, and LO AND BEHOLD, it was able to identify the file system used by the "product", "vendor", "system" and "odm" partitions. It's.... (drum roll please) Huawei EROFS. More proprietary garbage.
Now that I *know* this, I can see the light at the end of the tunnel, and I think I have a reasonable chance of grabbing whatever-the-... the in-depth testing APK is actually calling *into*. Hopefully then I can decompile that, and figure out what the hell fastboot is doing on this device.
If I manage to get anywhere, I'll mention it here ^^ it's been a bit of a rigmarole so far haha
{Mod edit: Inappropriate language edited. Oswald Boelcke, Senior Moderator}
Click to expand...
Click to collapse
Hi, sorry I only have chance to write a quick reply, I had a similar headache trying to extract the system files
I did manage to do it in the end, and I can unlock engineer mode on my find x3 pro, if you want any specific files, pm me and I'll send then over
What files were you looking for? I think the apk makes calls to the service I mentioned in OP I have had a look in IDA but I am not so great at understanding the pseudo code so have not gotten very far
User154 said:
Hi, sorry I only have chance to write a quick reply, I had a similar headache trying to extract the system files
I did manage to do it in the end, and I can unlock engineer mode on my find x3 pro, if you want any specific files, pm me and I'll send then over
Click to expand...
Click to collapse
How about the unlock bootloader ?
xuanhoang1811 said:
How about the unlock bootloader ?
Click to expand...
Click to collapse
This requires firstly the code which I do believe has to come from Oppo/Realme/whoever. The code stored on the device is an RSA key that the code is presumably checked against.
If someone manages to work out how to get code from Oppo unofficially then we need a way for an app to invoke the fastbootUnlock method from a custom app.
I haven't done much on this recently, I have been working on other projects, sorry.
Hi just wanted to say that it's nice to hear that some people try to unlock Bootloader on OPPO Qualcomm i thought that everyone accepted that it's not possible to unlock it and if you didn't know there is app called APKTool M you can read some root files with this app like this DownloadMode key and I can install Depp Testing app but I get this error:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
For extracting firmware maybe you can putting phone to EDL and extracting firmware with Qualcomm Softwares as said we can use ApkTool M to read some root files but not all I attach Deep testing file that worked for me here and site from where I got it:https://www.oppo.cn/thread-397164526-1
Just to let ppl know the old way to flash did not work for me if you use the command at fastboot menu fastboot flash init_boot path/to/magisk_patched.img and it didn't work, you have to specify the partition your flashing to, you can see this from the fastboot menu if your on partition "a" then the command is fastboot flash init_boot_a path/to/magisk_patched.img and switch "a" for "b" if your on b. hope this helps
You don't need to specify the partition slot, because it always goes to the "Active slot".
*Fastboot flash init_boot init_boot.img*
ekin_strops said:
You don't need to specify the partition slot, because it always goes to the "Active slot".
*Fastboot flash init_boot init_boot.img*
Click to expand...
Click to collapse
This.
Also, it's easier to opened CMD in the directory you have the patched image so you don't have to type out the path to it.
I've found that a lot of people who find it necessary to specify which slot to flash (fastboot flash init_boot_a... or fastboot flash init_boot_b...) use Windows PowerShell instead of classic good ol' CMD. I'm unsure why PowerShell has little issues like this (I've seen some people are required to include the "./" in the command line or it doesn't work), but that's why I exclusively use CMD & suggest using that instead when giving advice...You don't really run into any issues using that (although, sometimes it's tricky to try and explain someone on how to run it with Administrator privileges...)
simplepinoi177 said:
(although, sometimes it's tricky to try and explain someone on how to run it with Administrator privileges...)
Click to expand...
Click to collapse
It's not that difficult.
Hit the Windows key to bring up the Start Menu, type cmd, right-click command prompt, run as administrator. Even my grandma could follow those instructions.
Honestly if people don't know how to do something that basic, they really shouldn't be messing with their phones in the first place.
EtherealRemnant said:
It's not that difficult.
Hit the Windows key to bring up the Start Menu, type cmd, right-click command prompt, run as administrator. Even my grandma could follow those instructions.
Honestly if people don't know how to do something that basic, they really shouldn't be messing with their phones in the first place.
Click to expand...
Click to collapse
Good advice...I'm a bit old school and normally advise using the Run command...I forget Windows after 7 implemented that way of doing it...
And then sometimes in certain cases using the Run command doesn't give the option to run as administrator...
But I've not found many cases (if any) that things went badly because it wasn't an elevated command prompt, but I just think it's good practice just to eliminate a possible hitch right off the bat before working on numerous solutions only to find out it was something like that...
And it's always surprising how many novice users are able to achieve advance goals without knowing the basics -- for better or worse, it probably just compels and instills confidence to be messing with their phones/devices more...
simplepinoi177 said:
Good advice...I'm a bit old school and normally advise using the Run command...I forget Windows after 7 implemented that way of doing it...
And then sometimes in certain cases using the Run command doesn't give the option to run as administrator...
But I've not found many cases (if any) that things went badly because it wasn't an elevated command prompt, but I just think it's good practice just to eliminate a possible hitch right off the bat before working on numerous solutions only to find out it was something like that...
And it's always surprising how many novice users are able to achieve advance goals without knowing the basics -- for better or worse, it probably just compels and instills confidence to be messing with their phones/devices more...
Click to expand...
Click to collapse
I used to work tech support so I got in the habit of finding the absolute easiest way to tell people to do things. Windows key shortcuts are a godsend for tech calls. They're obscure enough that if you get a techie on the line who would normally be offended by you holding their hand through things they might actually thank you for learning something new but easy enough that someone who can barely turn on a computer can key peck their way through it lol.
I also specifically like using this shortcut because it's so easy to run in admin mode. It's how I personally launch basically everything on my computer that I haven't pinned to the taskbar.
simplepinoi177 said:
But I've not found many cases (if any) that things went badly because it wasn't an elevated command prompt, but I just think it's good practice just to eliminate a possible hitch right off the bat before working on numerous solutions only to find out it was something like that...
Click to expand...
Click to collapse
Yeah, I've never had to use elevated command prompt when flashing.
I just put whatever I'm flashing in the Platform Tools folder, type "cmd" in the address bar of the Platform Tools folder to open command prompt from that folder and away I go.
Curiousn00b said:
Also, it's easier to opened CMD in the directory you have the patched image so you don't have to type out the path to it.
Click to expand...
Click to collapse
You can also just copy and paste the path - which is presumably what OP was doing.
NippleSauce said:
You can also just copy and paste the path - which is presumably what OP was doing.
Click to expand...
Click to collapse
That too. I'm so use to installing ADB/fastboot into my system's path that I forgot if you have it in one location, you need to do paths.
I be having one open in my downloads, the desktop, and a folder where I keep stuff when I mess with my phone's, lol.
ekin_strops said:
You don't need to specify the partition slot, because it always goes to the "Active slot".
*Fastboot flash init_boot init_boot.img*
Click to expand...
Click to collapse
i wrote this post because when i did not specify a partition it failed. its literally in my post that the normal way to do it failed for me. I used cmd to not powereshell.
simplepinoi177 said:
I've found that a lot of people who find it necessary to specify which slot to flash (fastboot flash init_boot_a... or fastboot flash init_boot_b...) use Windows PowerShell instead of classic good ol' CMD. I'm unsure why PowerShell has little issues like this (I've seen some people are required to include the "./" in the command line or it doesn't work), but that's why I exclusively use CMD & suggest using that instead when giving advice...You don't really run into any issues using that (although, sometimes it's tricky to try and explain someone on how to run it with Administrator privileges...)
Click to expand...
Click to collapse
i used cmd and not specifying a partition made it fail.
EtherealRemnant said:
It's not that difficult.
Hit the Windows key to bring up the Start Menu, type cmd, right-click command prompt, run as administrator. Even my grandma could follow those instructions.
Honestly if people don't know how to do something that basic, they really shouldn't be messing with their phones in the first place.
Click to expand...
Click to collapse
What are you talking bout? I did exactly that and it FAILED for me unless i specified a partition. The only thing i did a lil funky is i didnt open cmd in the folder the patched image was in so i had to drag and drop file to add path.
simplepinoi177 said:
Good advice...I'm a bit old school and normally advise using the Run command...I forget Windows after 7 implemented that way of doing it...
And then sometimes in certain cases using the Run command doesn't give the option to run as administrator...
But I've not found many cases (if any) that things went badly because it wasn't an elevated command prompt, but I just think it's good practice just to eliminate a possible hitch right off the bat before working on numerous solutions only to find out it was something like that...
And it's always surprising how many novice users are able to achieve advance goals without knowing the basics -- for better or worse, it probably just compels and instills confidence to be messing with their phones/devices more...
Click to expand...
Click to collapse
novice? yes. and this post is for other novices who want full control of their phones. im a specialized mechanic that rebuilds transmissions for a living, not a techie but i love to dabble. i dont put others down because they cant install an overdrive sprag or a rear case bearing with race, or intermediate and overdrive servos cause im not fffing 12 years old. and please explain what im doing wrong then cause everything you guys say is basic i did. I installed adb and fastboot drivers i patched the init image, opened admin cmd and tryed to flash and it didnt work until i specified a partition. the only thing i did a lil diff is i didnt open cmd in the folder the patched img was in i had to drag and drop,,, its jus sad how ppl can type like there some tough sh*t but if this was face to face youd have nothing to say, in prison we called you guys window warriors lol.
Linxy420 said:
novice? yes. and this post is for other novices who want full control of their phones. im a specialized mechanic that rebuilds transmissions for a living, not a techie but i love to dabble. i dont put others down because they cant install an overdrive sprag or a rear case bearing with race, or intermediate and overdrive servos cause im not fffing 12 years old. and please explain what im doing wrong then cause everything you guys say is basic i did. I installed adb and fastboot drivers i patched the init image, opened admin cmd and tryed to flash and it didnt work until i specified a partition. the only thing i did a lil diff is i didnt open cmd in the folder the patched img was in i had to drag and drop,,, its jus sad how ppl can type like there some tough sh*t but if this was face to face youd have nothing to say, in prison we called you guys window warriors lol.
Click to expand...
Click to collapse
whoa whoa whoa... someone's pretty touchy...
how was I putting others down? I said I found it surprising that some "novice" users skip some steps to achieve more advanced stuff without understanding basics and can get themselves into trouble and/or not be able to properly backtrack because they skipped through the basics -- it was simply based off of a ironic situation of how if someone couldn't even run an elevated cmd yet they are trying to mod their device. Never did I say you, or anyone specifically, were these novice users. It was a general comment on that type of situation.
How am I typing "like they're some tough sh*t"? And I find it hypocritical that you make assumptions about me "talking down" and generalizing you as a novice, when you make assumptions of me that I just "type like they're some tough sh*t" but face to face I'd have nothing to say and generalizing me as "window warriors". Interesting that you're so insulted, yet sling the same type of remarks...
Linxy420 said:
... please explain what im doing wrong then ...
Click to expand...
Click to collapse
and in an attempt to posit an idea that might've been wrong, I did mention that, in many cases I found, a lot of people were required to do what you did because they were using powershell instead of cmd and powershell is iffy in its execution, so it might've been that...
I know in the end you clarified that you use an elevated cmd, not powershell, and still had to specify what slot to apply it to. Sometimes it just goes that way, I guess. None of us are Google software engineers, so we can only guess and probably can't give you a complete straight answer. Most of us don't need to specify the slot; applying it to the active slot usually is enough.
So, I hope you consider all this and re-evaluate some things....
Linxy420 said:
What are you talking bout? I did exactly that and it FAILED for me unless i specified a partition. The only thing i did a lil funky is i didnt open cmd in the folder the patched image was in so i had to drag and drop file to add path.
Click to expand...
Click to collapse
If you go back and re-read what I wrote, I wasn't talking about you, just giving @simplepinoi177 an easy way to tell people how to run command prompt and other things in administrator mode...
Strange, I've never had to specify the partition....
Two thoughts: first make sure you use the latest platform tools as available from Google and second it may be an idea to use --slot=all as parameter for flashing, this way you can make sure all slots are flashed......
simplepinoi177 said:
whoa whoa whoa... someone's pretty touchy...
how was I putting others down? I said I found it surprising that some "novice" users skip some steps to achieve more advanced stuff without understanding basics and can get themselves into trouble and/or not be able to properly backtrack because they skipped through the basics. Never did I say you, or anyone specifically, were these novice users. It was a general comment on that type of situation.
How am am I typing "like they're some tough sh*t"? And I find it hypocritical that you make assumptions about me "talking down" and generalizing you as a novice, when you make assumptions of me that I just "type like they're some tough sh*t" but face to face I'd have nothing to say and generalizing me as "window warriors". Interesting that you're so insulted, yet sling the same remarks...
and in an attempt to posit an idea that might've been wrong, I did mention that, in many cases I found, a lot of people were required to do what you did because they were using powershell instead of cmd...
I know in the end you clarified that you use an elevated cmd, not powershell, and still had to specify what slot to apply it to. Sometimes it just goes that way, I guess. None of us are Google software engineers, so we can only guess and probably can't give you a complete straight answer. Most of us don't need to specify the slot; applying it to the active slot usually is enough.
So, there is all that....
Click to expand...
Click to collapse
I posted of what i had to do to get my pixel to gain root access. your answer made it sound like only advanced users should ever have root access to their phones and a "novice" shouldn't even try, you might not have meant it but you made it sound like that and yea it ticked me off a lil but i do apologize, I might have taken it a lil far rereading my post. I try to help when I can even with my meager tech savvy and if i can help a couple people having the same issue as me im quite happy. and im sry but saying being a novice and getting it done jus instills confidence for them to mess up later is a put down, i dont know bout others but i do know my limits i toyed with many phones in my past and even bricked a couple and through a bunch of trial and error got em unbricked.
simplepinoi177 said:
And it's always surprising how many novice users are able to achieve advance goals without knowing the basics -- for better or worse, it probably just compels and instills confidence to be messing with their phones/devices more...
Click to expand...
Click to collapse
Linxy420 said:
... and im sry but saying being a novice and getting it done jus instills confidence for them to mess up later is a put down, i dont know bout others but i do know my limits i toyed with many phones in my past and even bricked a couple and through a bunch of trial and error got em unbricked.
Click to expand...
Click to collapse
I was going to leave this all well enough alone, but I wanted to give some clarification and leave a word of warning/caution for any novice users (*not anyone in particular*) that just might be perusing this, and since this is a thread about "root issues" I hope its considered still be on topic -- although being an I.T. tech I have numerous other examples, the particular situation that came to mind in my original quoted remark is on novice users who nonchalantly attempt to manually relock their bootloader on Pixels (I'm sure experts here who have assisted others in the subject are already groaning and can sense where I'm going with this...). It's pretty much always the case where there are seemingly countless users who have found themselves in this situation where they skipped through past the basics (merely unticking the OEM unlock button, unlocking the bootloader), modified partitions (whether just to root or to apply custom ROM), and because they achieved this they had become overconfident without understanding how running the unlock bootloader command is severely a lot less riskier than the locking bootloader command (without proper preparations and considerations), how to flash a Full Factory image, or why it's important to keep (or even just have remain) the OEM unlock button unticked until the end; and ultimately, hard-brick their device where no amount of trial and error will get it unbricked in the end.
As in this case, speaking on novice users who were successfully able to go straight to modifying partitions and/or applying a custom ROM (advanced goals) and had become overconfident that they didn't properly research the basics (flashing Full Factory images) or heed warnings of re-locking bootloaders and ended up hard-bricking their devices -- basically "being a novice and getting it done jus instills confidence for them to mess up later" -- is not, and was not meant to be, a "put down", but merely stating what happens from time to time. And, I did state that it is "for better or worse" that it "compels and instills confidence to be messing with their phones/devices more" -- "better" if it leads to careful experience, "worse" if it leads to overconfidence and brazen irreparable but avoidable damage. But, I'm sure, that all experienced users, both experts and not, had been led to their success due to them messing with their devices, so it's not to say one shouldn't do it and me trying to gatekeep, it's more me saying; sometimes you have to crawl before you walk before you run, it always surprises me when some people run after just learning to crawl (let alone walk), and people who do that should brace themselves for faceplanting -- but it should not be considered putting them down saying this.
In the end, don't skip the basics, thoroughly research, it is not a put down when speaking on those who do not do these things but attempt advanced scenarios anyways, and do not relock the bootloader on Pixels (unless very particular, exceptional circumstances).