[RESEARCH|MT8127] Bootloader hack ideas for LeapFrog Epic - Android Software/Hacking General [Developers Only]

I dunno, but I thought maybe I could make a separate thread about a possible way to poke into the LeapFrog Epic's preloader so it could accept unsigned images. LeapFrog won't spill the beans for us, as their staff (falsely) claims to know next to nothing about it, so unless we somehow managed to social-engineer them into giving us a signed ROM or an unlocked bootloader, our only chance is to patch it so it would ignore the lack of digital signatures.
What I've done so far is to run a strings check on the preloader and uboot binaries - fastboot seems watered down somehow as it lacked references to "oem unlock" and so on, but none of that Amazon Fire-style failsafe seems present from what I can tell.
Preloader: http://pastebin.com/H9QbzqC0
lk: http://pastebin.com/kSxRKYna
Boot files from the latest firmware revision are attached here, so if anyone is interested, please please please let me know so we can fix bricked units and finally port TWRP to this underrated kids' tablet.

blakegriplingph said:
I dunno, but I thought maybe I could make a separate thread about a possible way to poke into the LeapFrog Epic's preloader so it could accept unsigned images. LeapFrog won't spill the beans for us, as their staff (falsely) claims to know next to nothing about it, so unless we somehow managed to social-engineer them into giving us a signed ROM or an unlocked bootloader, our only chance is to patch it so it would ignore the lack of digital signatures.
Click to expand...
Click to collapse
Bumping the thread.
Would also like to know is this is possible
If I may ask, how did you extract the strings from preloader and lk? Did you use a hexeditor or there is another app?

Gibz97 said:
Bumping the thread.
Would also like to know is this is possible
If I may ask, how did you extract the strings from preloader and lk? Did you use a hexeditor or there is another app?
Click to expand...
Click to collapse
I used this utility to do a strings dump off an Epic ROM:
http://split-code.com/strings2.html
It did turn up some interesting stuff but I was wondering if a binwalk or perhaps an IDA disassembly analysis would do wonders so we can finally poke into this tablet.

blakegriplingph said:
I used this utility to do a strings dump off an Epic ROM:
http://split-code.com/strings2.html
It did turn up some interesting stuff but I was wondering if a binwalk or perhaps an IDA disassembly analysis would do wonders so we can finally poke into this tablet.
Click to expand...
Click to collapse
Thanks for the tool but I cannot seem find a way to use it.
 @gursewak.10 or @smartmanvartan please chime in to help us because they were able to hack the preloader of k4 note and lk of RCA Viking Pro respectively

I also know a friend who is willing to donate a spare Epic, if that helps.
As for using Strings2, the following batch script should work:
Code:
@echo off
strings2 %1 > test.txt
pause
Just drag a binary to be analysed into the batch file, and a resulting text file with strings and stuff should be generated.

Hello friend
You need to tweak lk to unlock bootloader . i am giving you my phone's both files(.you can easily compare them.
on unlocked bootloader u can flash unsigned images via write memory option of SP flash tool .
Try HxD hex editor

gursewak.10 said:
Hello friend
You need to tweak lk to unlock bootloader . i am giving you my phone's both files(.you can easily compare them.
on unlocked bootloader u can flash unsigned images via write memory option of SP flash tool .
Try HxD hex editor
Click to expand...
Click to collapse
Hmm, I can flash the preloader to my leapfrog via SPFT, but not anything else. Write memory works, and I can flash stuff one at a time to it, but I couldn't get the tablet to force itself out of flash/download mode and into normal mode. There's no reset button, and not even taking the battery off does the trick.

However, on my working Epic, I can alter the demo system image, flash it back using Write Memory and still end up with a working device, just as long as the preloader isn't messed with in any way. Right now I am at a loss as to how to revive my other Epic, short of taking it apart and shorting KCOLO and GND. It also didn't help that the testpoints aren't labeled at all. :/
Also, I did a quick logcat while running the FOTA utility, and I managed to get a few URLs off the said logs. Problem is that while the ZIPs may be of some use, they're incremental and there doesn't seem to be a full scatter/zip image to restore a faulty unit. There definitely needs to be a way to patch the bootloader so we can do whatever we want to it, but is there any one of you guys who are experts when it comes to MTK modding?

Any more ideas?

Anyone, please?

Bumping in case there's anyone interested in poking into this.

Now this is interesting let us see what we can do.

Warrior1988 said:
Now this is interesting let us see what we can do.
Click to expand...
Click to collapse
You happen to have an Epic with you? Please let me know if you need more than just the firmware images. I've tried contacting LeapFrog regarding this issue to no avail. They did give my friend and I the kernel sources, but it's no use as the bootloader has to be unlocked for custom boot or recovery images to be used.

Is anyone willing to test if SP Flash Tool 5.1532.00 works on the Epic? I managed to flash a complete system image to a bricked Epic but I was unable to revive it as it has been bricked prior due to a botched preloader flash. The ROM's on my main Epic discussion thread, but one should take note to flash just the boot, recovery and system images and see if the device still works.

im also poking around in this since my volume up button doesnt work in bootloader mode
i have a figo gravity x55l
i can also upload the stock rom files that can be checked if needed

SP6RK said:
im also poking around in this since my volume up button doesnt work in bootloader mode
i have a figo gravity x55l
i can also upload the stock rom files that can be checked if needed
Click to expand...
Click to collapse
Are you able to muck around with LK or sbchk using IDA Pro or some other tool? Makes me wonder if merely deleting /system/bin/sbchk would disable boot-time checks or if there's more to it than just that.

blakegriplingph said:
Are you able to muck around with LK or sbchk using IDA Pro or some other tool? Makes me wonder if merely deleting /system/bin/sbchk would disable boot-time checks or if there's more to it than just that.
Click to expand...
Click to collapse
well i tried hex editors but lk.bin isnt decoded for my rom so half of my lk file is not showing me anything exept weird characters but i can see some of the other half.
if you delete the file...will it brick?...will it even boot?

GREAT NEWS I MANAGED TO GET ROOT WITHOUT UNLOCKING THE BOOTLOADER ALL YOU NEED IS TO
1.download your firmware and extract it
2.extract the boot.img from the firmware and put it on your phone REMEMBER WHERE YOU PUT IT SINCE YOU WILL NEED THIS!
3download magiskmanager install it and open it.
4click install and choose the boot.img it will install magisk into it
5.put it back in your firmware folder on your pc
6 look for a file that says Checksum_gen and run it
7 once that completes use spflash tool and load your scatterfile and flash JUST THE BOOT.IMG wait for the reboot and you have root!
THANK YOU DEVELOPERS OF MAGISKMANAGER!

SP6RK said:
GREAT NEWS I MANAGED TO GET ROOT WITHOUT UNLOCKING THE BOOTLOADER ALL YOU NEED IS TO
1.download your firmware and extract it
2.extract the boot.img from the firmware and put it on your phone REMEMBER WHERE YOU PUT IT SINCE YOU WILL NEED THIS!
3download magiskmanager install it and open it.
4click install and choose the boot.img it will install magisk into it
5.put it back in your firmware folder on your pc
6 look for a file that says Checksum_gen and run it
7 once that completes use spflash tool and load your scatterfile and flash JUST THE BOOT.IMG wait for the reboot and you have root!
THANK YOU DEVELOPERS OF MAGISKMANAGER!
Click to expand...
Click to collapse
What device are you referring to? Is this for an MT8127 tablet?

blakegriplingph said:
What device are you referring to? Is this for an MT8127 tablet?
Click to expand...
Click to collapse
i have a figo gravity x55l ? and it is not a tablet
it is a mt6753 great phone btw!
im a starting developer and got this phone so i can learn from my mistakes of course?
but this should work on any device that you can get a hold of its boot.img from its firmware

Related

[ROM] ZTE Visible R2 Stock firmware

Here is the stock firmware including the firehose needed to flash it
B10 Firmware
Here
B12 Firmware
Here
ZPI file for ZTE SalesMultiDL tool
Here
Here is a step by step guide on how to flash the stock rom with QFIL and by extension any image.
Download and install the Qualcomm drivers from here
Download the firmware from above
Extract the firmware to a folder that you can easily access them from like your desktop
Download and install QPST from here
Open the QFIL application (Find it in your start menu)
In the "Select Build Type" field select Flat Build
In the "Select Programmer" field navigate to the folder you extracted the firmware and support files to and select the prog_emmc_firehose_8917.mbn file
Select the "Load XML" button and navigate to the folder you extracted the firmware and support files to and select the rawprogram0.xml and then the patch0.xml when prompted.
Plug in your tablet
Run the following adb command "adb reboot edl" (Now the screen should be blank but the led light should be red)
If the text at the top of the QFIL application says "No Port Available" click the "Select Port..." option and pick your device. If your device isn't showing up there you didn't install the drivers properly.
Click the Download Button to begin flashing your device
Here is the Stock wallpapers in case anyone wants them
https://www.androidfilehost.com/?fid=1395089523397903558
I just got this device a couple days ago and was hoping I could use PDANet/Foxfi to connect more than one device at a time to wifi hotspot but they've evidently blocked the apps.. Do you have any insight to that?
pegb856 said:
I just got this device a couple days ago and was hoping I could use PDANet/Foxfi to connect more than one device at a time to wifi hotspot but they've evidently blocked the apps.. Do you have any insight to that?
Click to expand...
Click to collapse
I don't own this device sadly just grabbed the firmware for a friend of mine and posted it here in case anyone in the future wants it.
deadman96385 said:
I don't own this device sadly just grabbed the firmware for a friend of mine and posted it here in case anyone in the future wants it.
Click to expand...
Click to collapse
Ok thank you for the reply.
deadman96385 said:
I don't own this device sadly just grabbed the firmware for a friend of mine and posted it here in case anyone in the future wants it.
Click to expand...
Click to collapse
If you WANT to own this device it's currently $19 out the door on visible.com. No Trade required.
https://slickdeals.net/f/13221781-visible-r2-is-now-19-without-service-or-trade-in-requred
I'm gonna see if I can flash Chinese firmware to unlock the bands
Bowsa2511 said:
I'm gonna see if I can flash Chinese firmware to unlock the bands
Click to expand...
Click to collapse
Good Luck finding the A0722 firmware (that's the model androidpolice thinks this is a renamed version of).
famewolf said:
Good Luck finding the A0722 firmware (that's the model androidpolice thinks this is a renamed version of).
Click to expand...
Click to collapse
https://imgur.com/yOe0vIx
Your elite google-fu obviously exceeded my own. Please make that sharable if you can....megaupload.nz would hold it and is free.
famewolf said:
Your elite google-fu obviously exceeded my own. Please make that sharable if you can....megaupload.nz would hold it and is free.
Click to expand...
Click to collapse
https://mega.nz/#!aRo0CaBA!nm37c3V11tr2260V23wIxb4yZufD5-_f6gID8i3HjSY
Let me know if it's helpful
DISREGARD. Looks like out of date info.
Any of you able to get fastboot working on it? ADB works, but my fastboot doesn't detect the phone.
Nice looking out, just ordered one.
Using one of the hidden activities app from the play store. There is an option to change from LTE to 2G/3G/4G under one of the phone settings. But calling still did not work with either AT&T or T-Mobile.
famewolf said:
Good Luck finding the A0722 firmware (that's the model androidpolice thinks this is a renamed version of).
Click to expand...
Click to collapse
Just a heads-up: even if you found the files for the A0722, you'd brick your R2 if you managed to flash them. The chassis and screen seem to be the same, but they're completely different specs-wise. Given that the A0722 has a different SoC and an eMMC chip 2-4x larger, I doubt you'd get real far in the flashing process in the first place.
FEGuy said:
Just a heads-up: even if you found the files for the A0722, you'd brick your R2 if you managed to flash them. The chassis and screen seem to be the same, but they're completely different specs-wise. Given that the A0722 has a different SoC and an eMMC chip 2-4x larger, I doubt you'd get real far in the flashing process in the first place.
Click to expand...
Click to collapse
In my case my main goal was to use it and the factory software to learn about mbn files. I've dealt with LG's TOT and KDZ files but not the mbn's. Thanks for giving folks the warning though.
Would it be possible for someone to grab the download URL for whatever OTA update is available for the device? I don't think it's anything major but I'd like to poke around at it; the firmware uploaded here seems to be from launch.
FEGuy said:
Would it be possible for someone to grab the download URL for whatever OTA update is available for the device? I don't think it's anything major but I'd like to poke around at it; the firmware uploaded here seems to be from launch.
Click to expand...
Click to collapse
I've got a logcat recorder queued up to be installed and will try to grab an url by starting the download. If that fails there are a couple of alternatives....someone who has DONE the upgrade could rip the rom and make it available if @deadman96385 can point to some instructions on how to rip the rom.
Also you can always let your own upgrade occur because he's already provided the original software and QFIL which would let you restore to original factory and get the update again.
As a last resort I can grab the log from my ROUTER that the phone is connected to and try to get the url that way which I've had to do with SOME devices.
I'll probably end up taking the OTA again anyways as I've been messing around with the firmware from the first post. Honestly, I'd really recommend staying away from flashing it without a good reason. Even when the flasher works, either the logging and/or the flasher hangs and it's close to impossible to tell which without unplugging your phone. If a partial flash leaves you in a state where you can't get to ADB to boot to EDL mode, you'll have to boot into diagnostics mode, use a piece of Chinese software to boot from there back to EDL, and within five seconds or so, close that software and start the flashing process from QFIL before the com port stops responding to requests, leaving you to reboot the phone and start again.
I've been trying to get non-LTE networks and calling working, but it's entirely impossible to tell whether my tweaks are having unintended side effects or if the flashing just crapped out partway through, even when I'm just flashing single partitions.

Successfully Flashed BNTV450 Stock Rom on BNTV460 Nook 7 (2018) Tablet

Greetings my tech peoples.
Just wanted to let everybody know I successfully flashed a BNTV450 Stock Rom on a BNTV460 Tablet. As I said in a previous post, I bricked the little guy trying to get root (it got stuck in a bootloop after I patched Magisk to the boot-sign img and then flashed it) so I thought, why not be creative and see what you can do with the little guy.
Now there are problems. A **** ton of problems. It isn't what I would call functional. Screen keeps going Red on the borders and flickering. Start thing crashed. But I can get in and finagle to developer options and such. Flashboot and ADB still working though. Keep in mind I flashed with SP Tool via scatter file.
But hey - it can be done!!!!
Also, just for note, I've also been able to flash a boot img of the 450 over an installation of the 460 stock rom - did that unlocking the device. Honestly, that caused less problems but I wasn't able to get root. Also, it naturally erased my unlocking but fret not, I've unlocked the thing 3 times in the 12 hours I've had it.
This is my first nook device, and my first timed dealing with new android, Oreo. But I just wanted to give the hope out there.
Hopefully better news in the coming days.
You wouldn't want to share your scatter file and your stock firmware would you? Trying to recover a 450 that won't boot past Nook screen. I cannot unlock it because the volume key does not respond. I have been able to flash 1.02, 2.04, and 2.05 boot and recovery images from ipdev's thread with no change. Also got a 1.02 system.img from him but that did not seem to fix it either. I do not have adb access at this moment either so cannot logcat.
toasterboy1 said:
You wouldn't want to share your scatter file and your stock firmware would you? Trying to recover a 450 that won't boot past Nook screen. I cannot unlock it because the volume key does not respond. I have been able to flash 1.02, 2.04, and 2.05 boot and recovery images from ipdev's thread with no change. Also got a 1.02 system.img from him but that did not seem to fix it either. I do not have adb access at this moment either so cannot logcat.
Click to expand...
Click to collapse
This is the 450 firmware I used:https://mega.nz/#!Ds5lTCRD!MT8za1cUYOfEkSXGZB57gIsWr12ogWs9YotDoHZLwQ4
Scatterfile is in there. Keep in mind I got it from an unverified source - use at your own risk just in case it has that piece of software in the OS that B&N knew about which you can read about here: https://techcrunch.com/2016/12/22/the-new-barnesnoble-nooks-come-with-free-malware/
Articul8Madness said:
This is the 450 firmware I used: blob:https://mega.nz/f22bf6cb-5617-4e8d-9bea-5126793db71d
Scatterfile is in there. Keep in mind I got it from an unverified source - use at your own risk just in case it has that piece of software in the OS that B&N knew about which you can read about here: https://techcrunch.com/2016/12/22/the-new-barnesnoble-nooks-come-with-free-malware/
Click to expand...
Click to collapse
The link just defaults to the mega home page for me. Am I missing something?
toasterboy1 said:
The link just defaults to the mega home page for me. Am I missing something?
Click to expand...
Click to collapse
Sorry bro, it kept redirecting weirdly. I reposted the link in the previous post and it should work.
Here is also the site I got it from: https://www.xsfirmware.com/nook-bntv450-mt8163-android-6-0-firmware-flash-files/
Back up and running. Thank you.
toasterboy1 said:
Back up and running. Thank you.
Click to expand...
Click to collapse
No prob dude.
If spflash tool is working, but you have not a correct scatter file. You can use "Wwr_MTK tool" to read back the whole emmc and read partition table from preloader, the tool will make scatter file and full image copies of the firmware partition by partition
I did this, but now I can't log into the B&N account, and if I try to open nook settings, it asks me to log in, and again, it doesn't let me...

[CLOSED]LG Stylo 6 root development! ANY HELP APPRECIATED. DISCORD LINK AVAILABLE

Moderator Announcement:
Thread closed and content removed on request of OP.
- Oswald Boelcke
I SERIOUSLY would like to know how you get that bug report so I can get any files for the stylo 6 boost mobile
Where did you find the zip or link to the site hosting the zip in the big report? I can get that far but I really want any help on getting similar files from this specific device model/variant
I am not gonna lie your post is an oasis in a desert and I hope this does find its way into the right hands to push root dev
Me to I have the lg stylo 6 from my cable company
I'm currently browsing through the root directory to see if I can pull the boot.img.. there's a method of rooting it with magisk manager.. the bigger issue is how to reinstall the modified boot.img.. I think we will need the bootloader unlocked
Spoiler
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I just checked on firmware download and the kdz for lgup is available to download.. in theory because I don't have a pc to verify.. a possible root method might be as simple as, extracting the kdz file, modifying the boot.img with magisk manager, rebuild the kdz file with a kdz tool.. then flashing the modified kdz with lgup.. then install magisk manager after 1st boot and hope we have root.. feel free to test or share any other ideas..
Spoiler
It seems like very few working on this project.. I've come across a dual mode lgup made by one of our developers capable of crossflash.. probably the best version of lgup to flash firmware with modified boot.img.. I'm also buying a laptop for experiments on this device.. I now have 2 versions of the stylo 6 to play with.. hopefully I don't go overboard and turn them to paperweight .. the only thing I need is the method or tool to rezip kdz to try achieving root myself.. if anyone find such a tool, please share ..
The boot image wouldn't work. In theory, you would use kdzTools and it will turn the KDZ into a DZ file and then you extract the DZ file. You would have to use Qfil or fastboot to flash a modified boot image, and have an unlocked bootloader. LGUP is an amazing tool to crossflash different firmware from different Stylo variants, but with AVB 2.0, this doesn't work on many of the LG devices that came out of the box with Android 10, and repacking the KDZ with a modified boot image would fail because of the boot image being signed inncorrectly. Your best bet is to see if there is an exploit like what was found on the V50, and to hope that someone makes gets Firehose working for the Stylo.
Yeedatoy said:
The boot image wouldn't work. In theory, you would use kdzTools and it will turn the KDZ into a DZ file and then you extract the DZ file. You would have to use Qfil or fastboot to flash a modified boot image, and have an unlocked bootloader. LGUP is an amazing tool to crossflash different firmware from different Stylo variants, but with AVB 2.0, this doesn't work on many of the LG devices that came out of the box with Android 10, and repacking the KDZ with a modified boot image would fail because of the boot image being signed inncorrectly. Your best bet is to see if there is an exploit like what was found on the V50, and to hope that someone makes gets Firehose working for the Stylo.
Click to expand...
Click to collapse
I just found all the information necessary to root our Stylo.. I'm not experienced enough to do the final step but I'm willing to pay our more experienced developers to do it.. we can simply use an all in one tool I'll share the link to, that will let us extract the kdz, modify the system.img and reconstruct the kdz.. in the extracted system.img we can hopefully find the boot.img and modify it for root using magisk manager.. dual mode lgup should flash the modified kdz.. I plan to try.. then on 1st boot we can manually install magisk manager and enjoy root.. the downside is with a locked bootloader all we get is root.. no custom recovery or custom rom until we unlock the bootloader.. but it's a start.. again.. bounty for dev that can use this handy tool.. Happy New Year
GitHub - ehem/kdztools: Tools for working with KDZ files (LG's Android device upgrade format)
Tools for working with KDZ files (LG's Android device upgrade format) - GitHub - ehem/kdztools: Tools for working with KDZ files (LG's Android device upgrade format)
github.com
Spoiler
lowkeyst4tus said:
I just found all the information necessary to root our Stylo.. I'm not experienced enough to do the final step but I'm willing to pay our more experienced developers to do it.. we can simply use an all in one tool I'll share the link to, that will let us extract the kdz, modify the system.img and reconstruct the kdz.. in the extracted system.img we can hopefully find the boot.img and modify it for root using magisk manager.. dual mode lgup should flash the modified kdz.. I plan to try.. then on 1st boot we can manually install magisk manager and enjoy root.. the downside is with a locked bootloader all we get is root.. no custom recovery or custom rom until we unlock the bootloader.. but it's a start.. again.. bounty for dev that can use this handy tool.. Happy New Year
GitHub - ehem/kdztools: Tools for working with KDZ files (LG's Android device upgrade format)
Tools for working with KDZ files (LG's Android device upgrade format) - GitHub - ehem/kdztools: Tools for working with KDZ files (LG's Android device upgrade format)
github.com
View attachment 5179601
Click to expand...
Click to collapse
Give it a shot, it's not as confusing as it may look at first glance. Just put everything in the same folder on you computer. Open the tool and select your KDZ file. Extract it, and it turns it from a KDZ file into DZ file. Select extract DZ in KDZ tools next, and it will fully extract the file. You'll see a bunch of bin files. You can simply rename bin, to img for boot, and then copy it to your phone and patch it with magisk. Then copy the patched boot image back to your PC and change the img extension back to bin and rezip the KDZ.
Do you have fastboot access on the Stylo 6?
Not sure yet but I don't think I'll need it.. I don't want to start by diving deep and overlook a simpler solution than accessing fastboot.. I just need a developer that can modify a kdz.. if I can simply achieve root via the new magisk method, it's a start.. I'm picking up another stylo 6 today, then a real computer cause my chromebook useless.. I'll update if I get a modified kdz and what happens when I try to flash
lowkeyst4tus said:
Not sure yet but I don't think I'll need it.. I don't want to start by diving deep and overlook a simpler solution than accessing fastboot.. I just need a developer that can modify a kdz.. if I can simply achieve root via the new magisk method, it's a start.. I'm picking up another stylo 6 today, then a real computer cause my chromebook useless.. I'll update if I get a modified kdz and what happens when I try to flash
Click to expand...
Click to collapse
I myself have just finally found this thread and am super more than willing to put in some work!
so i've gotta:
- `adb reboot recovery`
- boot into fastboot from recovery
- unlock the bootloader with `fastboot oem_unlock`
- let the phone factory reset with an unlocked bootloader
_____________________
and:
- download the .kdz firmware file for the unlocked version on pc
- locate and extract the boot.bin with kdzTools and convert it to boot.img
- send extracted file to my personal phone
- patch boot.img in magisk manager app on my phone
- send it back to pc with `adb pull /sdcard/boot.img C:/users/myname/`
_____________________
then:
- load patched boot.img into the stylo 6 through `fastboot flash boot boot.img`
- `fastboot reboot` and let it reboot hopefully with root AND with carrier unlock
- download magisk manager to verify
I guess I'll give this a shot and get back to you guys.
haise.zero said:
I myself have just finally found this thread and am super more than willing to put in some work!
so i've gotta:
- `adb reboot recovery`
- boot into fastboot from recovery
- unlock the bootloader with `fastboot oem_unlock`
- let the phone factory reset with an unlocked bootloader
_____________________
and:
- download the .kdz firmware file for the unlocked version on pc
- locate and extract the boot.bin with kdzTools and convert it to boot.img
- send extracted file to my personal phone
- patch boot.img in magisk manager app on my phone
- send it back to pc with `adb pull /sdcard/boot.img C:/users/myname/`
_____________________
then:
- load patched boot.img into the stylo 6 through `fastboot flash boot boot.img`
- `fastboot reboot` and let it reboot hopefully with root AND with carrier unlock
- download magisk manager to verify
I guess I'll give this a shot and get back to you guys.
Click to expand...
Click to collapse
If you do manage to get into fastboot, there's 2 commands to try.. the new command is " fastboot flashing unlock".. you can also try getting unlock.bin even though there's no mention of availability.. it might be required for fastboot unlock.. the unlocked firmware is what I was going to experiment with also.. if you do manage to successfully extract the boot.img from the kdz, skip fastboot flashing.. just install magisk manager on your phone and follow the instructions on other threads to modify the boot.img.. then rezip the kdz with the modified boot.img.. flash with dual mode lgup for better chance of success.. it should install and boot normal.. on the surface you should not notice any change like errors with boot.. after 1st boot, install magisk manager and it should say root is working .. good luck and I look forward to your results
Spoiler
lowkeyst4tus said:
If you do manage to get into fastboot, there's 2 commands to try.. the new command is " fastboot flashing unlock".. you can also try getting unlock.bin even though there's no mention of availability.. it might be required for fastboot unlock.. the unlocked firmware is what I was going to experiment with also.. if you do manage to successfully extract the boot.img from the kdz, skip fastboot flashing.. just install magisk manager on your phone and follow the instructions on other threads to modify the boot.img.. then rezip the kdz with the modified boot.img.. flash with dual mode lgup for better chance of success.. it should install and boot normal.. on the surface you should not notice any change like errors with boot.. after 1st boot, install magisk manager and it should say root is working .. good luck and I look forward to your results View attachment 5181357
Click to expand...
Click to collapse
Sounds good, thanks for the advice! It's super helpful.
I'll be taking a crack at it here soon, or maybe tomorrow since it's 1:30am and I'm having a drink (depends on my mood ). I'll probably go with fastboot flashing unlock_critical just to be on the safe side of things and have everything unlocked from the get go for development purposes. I did run into an issue when I ran that command already -
C:\Users\myname>fastboot flashing unlock_critical
...
FAILED (remote: Unrecognized command flashing unlock_critical)
finished. total time: 0.006s
I can get into fastbootd on the device, and need to read up on it a bit since nearly every fastboot command I send in is unrecognized (see above) or gets a response like FAILED (remote: Unable to open fastboot HAL)
I'll enable test signing mode on my windows machine and get the right drivers installed, and get fastbootd working and then try again. I'll likely run into a roadblock though, since Boost doesn't exactly want us unlocking the bootloader - nor does LG, apparently...
For now, here's a few resources that might help catch you up on things and possibly give me some more room to wiggle around:
- Android documentation on fastbootd and fastboot being moved to userspace (contains information about the HAL)
- A mildly helpful and more easy-on-the-eyes article that can help explain the above documentation
I'll try and get past this issue. There's gotta be something, somewhere... I first just need to communicate with the phone correctly and get it to do what I need it to do in fastboot mode.
I also have downloaded two different .kdz files and have indeed extracted both of them into .dz files. I didn't get past that last night, so I'll have to get in there soon or maybe tomorrow and see if I can't find the system.img and/or the boot.img contained within. If I can, I'll be sure to get it patched and try to pass it to the phone.
For anyone trying to use the kdztools, it's outdated and you'll get some error about the headers when you try to extract the Stylo 6's .kdz files. Below are links to a couple of repositories that will be helpful:
- An updated fork of the original kdztools from somebody else that I've forked for laziness (fixes the headers issue)
- A fork of KDZZ, an up-to-date-enough tool for zipping .kdz files into TWRP-able zip files (again, personally forked for laziness)
There's only one problem... Boost Mobile.
I bought this phone from a third party and it is still registered to someone else on the Boost network. Since it's gone through a factory reset and my google account has been added to it, the phone isn't activated on their network and they seem to have disabled my ability to use wifi as they constantly send me screens and notifications trying to get me to activate the device, which I don't have the money to do. So, no internet access; I'll have to adb push and pull files and apks in order to get things working. I could factory reset and not ping their networks or put the other person's SIM in, but for the sake of longevity, I'd love if anybody had a solution to carrier unlocking this thing - or even an idea of what to do for that? Could I flash stock firmware? Is there any process to read the code I need from logcat? Any ideas at all? New ideas, hypothetical ideas, or even old ideas I could shine up and make new? Even just a thought? This is a pain.
I will keep everyone posted! I'd ask you all do the same - about this, and about carrier unlocking just as a possible favor.
PS: Bounty, huh? I could really use the reward. I might just have to take you up on that if we can get this working haha, exciting!
haise.zero said:
Sounds good, thanks for the advice! It's super helpful.
I'll be taking a crack at it here soon, or maybe tomorrow since it's 1:30am and I'm having a drink (depends on my mood ). I'll probably go with fastboot flashing unlock_critical just to be on the safe side of things and have everything unlocked from the get go for development purposes. I did run into an issue when I ran that command already -
C:\Users\myname>fastboot flashing unlock_critical
...
FAILED (remote: Unrecognized command flashing unlock_critical)
finished. total time: 0.006s
I can get into fastbootd on the device, and need to read up on it a bit since nearly every fastboot command I send in is unrecognized (see above) or gets a response like FAILED (remote: Unable to open fastboot HAL)
I'll enable test signing mode on my windows machine and get the right drivers installed, and get fastbootd working and then try again. I'll likely run into a roadblock though, since Boost doesn't exactly want us unlocking the bootloader - nor does LG, apparently...
For now, here's a few resources that might help catch you up on things and possibly give me some more room to wiggle around:
- Android documentation on fastbootd and fastboot being moved to userspace (contains information about the HAL)
- A mildly helpful and more easy-on-the-eyes article that can help explain the above documentation
I'll try and get past this issue. There's gotta be something, somewhere... I first just need to communicate with the phone correctly and get it to do what I need it to do in fastboot mode.
I also have downloaded two different .kdz files and have indeed extracted both of them into .dz files. I didn't get past that last night, so I'll have to get in there soon or maybe tomorrow and see if I can't find the system.img and/or the boot.img contained within. If I can, I'll be sure to get it patched and try to pass it to the phone.
For anyone trying to use the kdztools, it's outdated and you'll get some error about the headers when you try to extract the Stylo 6's .kdz files. Below are links to a couple of repositories that will be helpful:
- An updated fork of the original kdztools from somebody else that I've forked for laziness (fixes the headers issue)
- A fork of KDZZ, an up-to-date-enough tool for zipping .kdz files into TWRP-able zip files (again, personally forked for laziness)
There's only one problem... Boost Mobile.
I bought this phone from a third party and it is still registered to someone else on the Boost network. Since it's gone through a factory reset and my google account has been added to it, the phone isn't activated on their network and they seem to have disabled my ability to use wifi as they constantly send me screens and notifications trying to get me to activate the device, which I don't have the money to do. So, no internet access; I'll have to adb push and pull files and apks in order to get things working. I could factory reset and not ping their networks or put the other person's SIM in, but for the sake of longevity, I'd love if anybody had a solution to carrier unlocking this thing - or even an idea of what to do for that? Could I flash stock firmware? Is there any process to read the code I need from logcat? Any ideas at all? New ideas, hypothetical ideas, or even old ideas I could shine up and make new? Even just a thought? This is a pain.
I will keep everyone posted! I'd ask you all do the same - about this, and about carrier unlocking just as a possible favor.
PS: Bounty, huh? I could really use the reward. I might just have to take you up on that if we can get this working haha, exciting!
Click to expand...
Click to collapse
I have the boost mobile version and I got the cricket wireless version yesterday just for gradient blue.. according to Gsmarena, all versions of the Stylo 6 are identical.. I'm going to try flashing the unlock firmware on the boost mobile version.. it should unlock the sim and no longer ask for activation .. then I'm going to sell it before I drop it .. I'll use my blue one for development
lowkeyst4tus said:
I have the boost mobile version and I got the cricket wireless version yesterday just for gradient blue.. according to Gsmarena, all versions of the Stylo 6 are identical.. I'm going to try flashing the unlock firmware on the boost mobile version.. it should unlock the sim and no longer ask for activation .. then I'm going to sell it before I drop it .. I'll use my blue one for development
Click to expand...
Click to collapse
Could you link me to the unlocked firmware? Is it the Q730M10l? Or another one?
I would love to flash the unlock firmware and factory reset this thing to get some internet and functionality back. It would greatly help with my development
Thank you!
haise.zero said:
Could you link me to the unlocked firmware? Is it the Q730M10l? Or another one?
I would love to flash the unlock firmware and factory reset this thing to get some internet and functionality back. It would greatly help with my development
Thank you!
Click to expand...
Click to collapse
The unlocked model according to Best Buy is LMQ730QM.. I can't find a download source yet but I'm still looking
Weird, my Stylo 6 says its software version is Q730TM... Q730TM10P to be specific There shouldn't be any issues if they're all identical though, right? I can safely flash a Q730QM image on a Q730TM device?
And I'm looking as well - I'll edit this post if/when I find a source
Edit:
Found this, and this, but I'm unsure if Q730QM10c or Q730QM10d is the genuinely unlocked version, (the C variant is USA and the D variant is USL) and I'm also unsure what carrier, if any, NAO stands for (Q730QM10c_00_NAO_US_OP_0908.kdz for example)
I suppose I'll download the kdz and flash it to try it out. I can always revert back to stock if something goes wrong. I'll let you know how that goes
Hmm... I'm having some trouble. kdzdownloader downloads 0kb. I tried switching my useragent but it didn't work out, either. You having any better luck? Able to attach the file?
Woohoo! I got it.
Use this to install the XDM download manager, and then paste this link into a new job (just hit the + button). It just worked for me.
We officially have the .kdz for Q730QM10C! Time to flash it as soon as it's done downloading.
haise.zero said:
Weird, my Stylo 6 says its software version is Q730TM... Q730TM10P to be specific There shouldn't be any issues if they're all identical though, right? I can safely flash a Q730QM image on a Q730TM device?
And I'm looking as well - I'll edit this post if/when I find a source
Edit:
Found this, and this, but I'm unsure if Q730QM10c or Q730QM10d is the genuinely unlocked version, (the C variant is USA and the D variant is USL) and I'm also unsure what carrier, if any, NAO stands for (Q730QM10c_00_NAO_US_OP_0908.kdz for example)
I suppose I'll download the kdz and flash it to try it out. I can always revert back to stock if something goes wrong. I'll let you know how that goes
Hmm... I'm having some trouble. kdzdownloader downloads 0kb. I tried switching my useragent but it didn't work out, either. You having any better luck? Able to attach the file?
Woohoo! I got it.
Use this to install the XDM download manager, and then paste this link into a new job (just hit the + button). It just worked for me.
We officially have the .kdz for Q730QM10C! Time to flash it as soon as it's done downloading.
Click to expand...
Click to collapse
Great job bro.. use dual mode lgup from XDA as it's designed for crossflashing and supposed to have more features than regular lgup.. let me know if you sim unlock with Q730QM firmware.. Q730TM is the Boost Mobile model.. I have that and the Q730AM in gradient blue from cricket wireless.. I want to crossflash both to Q730QM
Alrighty, well I've been halted. Before I could get to flash, I installed the LG drivers because LGUP wasn't detecting my device (or maybe I was just being dumb).
After that... the phone stopped being recognized. In device manager it says Unknown USB (Device Descriptor Failed)
I've looked online, no solutions have helped. I've installed the Google USB drivers through Android Studio, I've uninstalled the device and reconnected the phone, tried reinstalling the LG drivers, I've factory reset the phone, tried a different USB port, a different cable, and nothing. After I factory reset, it showed up for a bit, but upon a reconnection it crapped itself again and refuses to show up.
Any ideas? I can't continue development if I can't communicate with the phone.
Never mind, possibly? It works after uninstalling the device and replugging again... for the 20th time. But ADB still won't recognize the phone even as unauthorized; it just doesn't show up. Weird... I guess I'll tinker and get back to the post here in a while.
It's back to the error... so damn weird. I'll look into it. If and when I find a solution I'll let you know.
Development has been paused for the time being.

how to unbrick a pixel 4a anyone need help

flashed from graphene os and back to stock during stock flashing something failed and gives me a black screen and goesinto the screenshot provided
You can try to go through the applicable steps in this guide:
[GUIDE] UNLOCKING, DOWNGRADING TO A10, TWRP, ROOT
Hello, I'm posting this guide for those (like me) who can't do without TWRP on their device. I'm providing only a step-by-step explanation. Credits to @nikamura for his kernel and TWRP...
forum.xda-developers.com
Like installing the USB drivers, and SDK platform tools.
Then put the phone in fastboot mode and download an image from google and do a "flash-all.bat"
JohnC said:
You can try to go through the applicable steps in this guide:
[GUIDE] UNLOCKING, DOWNGRADING TO A10, TWRP, ROOT
Hello, I'm posting this guide for those (like me) who can't do without TWRP on their device. I'm providing only a step-by-step explanation. Credits to @nikamura for his kernel and TWRP...
forum.xda-developers.com
Like installing the USB drivers, and SDK platform tools.
Then put the phone in fastboot mode and download an image from google and do a "flash-all.bat"
Click to expand...
Click to collapse
it wont work , that is what caused the issue, there is no adb or fasboot commands as the phone has nothing to load or read, it was flashing the official latest stock firmware using the flash-all.bat, then after the first rebbot and waiting for devices it goes to a black screen and shows what i put in the screen shot,(i believe the battery died during flashing) there is two modes it goes into the qusb which is the qualcomm download mode and some other mode i cant tell neither can the pc device find drivers to read the phone, techinically this phone is not fixable using normal methods , but i believe there is a way to flash to firmware back on,i have looked into using edl and qspt flashing but it still doesnt read the phone, any help would be greatful i have device protection but they are sending me a refurbished phone i would rather try to fix this before i do get the replacement, as it was a new and working device
i have been able to find a working qualcomm driver is there anyway to edl or msm file for the pixel 4a to fix this, now that the phone is being read properly it should be able to take commands as it is reconized as a modem driver or port
Any Ideas Why Its Failing , says sahari protocal failed
files needed to repair phone, anyone able to extract or have files
RAM file (MPRGXXXX.mbn), e.g: MPRG8916.mbn
Boot file (XXXX_msimage.mbn), e.g: 8916_msimage.mbn
miko12312 said:
files needed to repair phone, anyone able to extract or have files
RAM file (MPRGXXXX.mbn), e.g: MPRG8916.mbn
Boot file (XXXX_msimage.mbn), e.g: 8916_msimage.mbn
Click to expand...
Click to collapse
I did the same thing as you trying to got back to stock. Still trying to find those files to unbrick myself.
vabeachboy0 said:
I did the same thing as you trying to got back to stock. Still trying to find those files to unbrick myself.
Click to expand...
Click to collapse
I believe Qualcomm is the ones that obtain these files not Google , only other way is to dump the files from download mode on a working device
I'd like to help by dumping the required files, I didn't know anything about EDL before doing research for this thread, but as I understand using EDL mode require a device-specific non-free "loader".
I'm trying to use B. Kerler's EDL tool (https://github.com/bkerler/edl) but fail because it doesn't have the proper loader file in its database.
If anyone come across the loader for the Pixel 4a (000e60e10066000a_3ef72a02fb931be1_fhprg.bin), I'd be happy to share boot and memory dump from my phone.
I encountered the same situation as you, did you solve it?
Older thread I know, but I've used EDL mode (on LG phones) to save partitions and write partitions.
But you have to have a 'programmer file' for the specific device for it to work. Aka a 'firehose' file for the specific device / chip.
Some mfg's make this available, some don't. Google does not. So, even having the file(s) you want to flash won't help, not if you don't have the firehose file.
sorry, cheers
Has anyone figured this out? Could really use some help. Thank you
Did anyone managed to unbrick phone? I bricked my phone. Now it's just black screen.
mizzunet said:
Did anyone managed to unbrick phone? I bricked my phone. Now it's just black screen.
Click to expand...
Click to collapse
Only suggestions are the go to software of choice,, pixel flasher or android flash tool, both need bootloader unlocked
@hammered58 Gladly, I was able to get it back. I was trying to relock bootloader with custom ROM. But failed.
Has anyone relocked bootloader with LineageOS/custom ROM?
I was following https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/ to sign boot and recovery images. Then flashed and relocked bootloader. But phone stuck at black screen. Has anyone managed to self...
forum.xda-developers.com
mizzunet said:
@hammered58 Gladly, I was able to get it back. I was trying to relock bootloader with custom ROM. But failed.
Has anyone relocked bootloader with LineageOS/custom ROM?
I was following https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/ to sign boot and recovery images. Then flashed and relocked bootloader. But phone stuck at black screen. Has anyone managed to self...
forum.xda-developers.com
Click to expand...
Click to collapse
Glad u got it going, the only time I relock is when I sell the phone, otherwise I have no need as all my apps work with unlocked
hammered58 said:
Glad u got it going, the only time I relock is when I sell the phone, otherwise I have no need as all my apps work with unlocked
Click to expand...
Click to collapse
Right. Every apps working even on unlocked state. But would be nice to get rid of the warning while booting.
mizzunet said:
Right. Every apps working even on unlocked state. But would be nice to get rid of the warning while booting.
Click to expand...
Click to collapse
I will second that, unfortunately I don't think it's possible, at least not that IAM aware of

Blu bl140dl unlock bootloader and ROOT w/magisk

Unlocked bootloader and acheived root/magisk on b140dl aka blu view 3, i did search for this phone on xda before(1 week ago as my first stop) and could not find, or across across web, after deep hair pulling, disapointments in the dark ( I Im pretty new at this guys), and not trying to present something already found or reinvent the wheel, just trying to perpetuate the freedom to "really OWN your device and perceverence of never giving up and you shall prevail!!!!! Any questions, pm me
rtype77 said:
Unlocked bootloader and acheived root/magisk on b140dl aka blu view 3, i did search for this phone on xda before(1 week ago as my first stop) and could not find, or across across web, after deep hair pulling, disapointments in the dark ( I Im pretty new at this guys), and not trying to present something already found or reinvent the wheel, just trying to perpetuate the freedom to "really OWN your device and perceverence of never giving up and you shall prevail!!!!! Any questions, pm me
Click to expand...
Click to collapse
Im now working on removing orange status warning (only meaning unlocked bootloader with 5 sec. delay)
I did extract my stock image in .bin dump as well as extracting .img partitions from this dump. I tried the few online methods of altering the lk.bin hex and reflash leading to no boot, no lights, no nothing as if a security encryption signature principal must be in place, to put a halt if not matched. Not sure but could sure use some advice, Im kinda new at this.
I've also been trying to figure out how to port a twrp recovery, which i also attempted, flashed, same result-phone black, no boot, so i flashed back original, back to normal,(what a scare on such a dead response!!- holding power button down and nothing) So ive softbricked twice, and recovered twice without a problem.
Specs
Helio p22 mtk chipset (6762)
4.19.127 kernel android 11
I do realize each phone has different specific source and understand this determines if twrp compatible, correct me if im wrong my friends, im just learning and open, one more thing, ive gotten a status of p22 from installed play store app device info, cpu-z. no root permission. mtk _client tool gives me p35 as my processor which is the (6735). Maybe the difference is negligible in the two 2 readings? or the mtk_client is old and rounds the 6762 to 6765, as maybe there differences are small enough to ignore 62-65 differences? Like i mentioned Im very new, and though ive researched a lot, this is tough, but i must say, I love a good game of chess!!!!
. Ive currently got two of these phones and Im starting from scratch tryna do the same thing you are. So at least youre not alone. I figured id kinda follow the guide for the b130dl (since that seems to have so much success even with other variants and devices) idk how much help I will be, seeing as I havent done any development of any kind for about 5 years.... But since I have 2, lmk if there is anything kinda risky you wanna try. (After I catch up of course)
Yeah right on, im goin at orange status removal once again, I did do a little homework, and beleive the inability to flash any custom partition is due to encryption of partitions by dm verity and or AVB preventing boot even if rooted? Not sure exactly but reading and learning. btw my friend, Im Rob, pleasure to meet. I dont know any coding, though ready to learn, just mods a bit, though im relatively new to that as well, but i try being creative, and was stoked I actually pulled off root on this newer phone, unlocked the bootloader with mtk_client, from git-hub, no problem : https://www.google.com/url?sa=t&rct...er/mtkclient&usg=AOvVaw1EA0UgBcE8bbeVuiVn4L7c
I then read all partitions to my laptop which dumped in .bin form, from there i looked everywhere for a root on this phone. too new, as i found nothing. That made me think if mtk_gui could pull off unlocking the bl, what else can it do? So read its readme a bit and noticed the magisk root using adb and fastboot, with accompaning custom magisk for mtk. Thought i was probably wasting my time as this phones security is newer. Well, it worked, so bootloader down, root accomplished with magisk, now this orange state, which i tried online hex manipulation of lk.bin file and flashed it to original lk.bin partition on phone, no boot. Tried making a custom logo.bin and same flash, no boot. So used my mtk_client tool to flash my backup abov 2 partitions and, booted right up, no problem which led me to investigate this vb meta and AVB which im currently trying to grasp. Oh and yes i figured out how to take a complete flash dump into a .bin file with mtkclient, so I have backup of partitions from this tool by reading partitions section, and also backup by using the read flash option under flash in the tool. It gave me one giant file called user.bin. I researched what bin and img files are and learned we can use 7 zip or any storage compress/decompress software or cd iso software to open bin files, so preceded with 7 zip on user.bin file and was able to extract the partitions in .img format, really cool, so now i have backup in3 styles lol .bin partitions, .img partitions or 1 .bin complete rom dump which when opened with 7 zip gives you the img forms, been fun, but this orange state and security stuff seems a bit tricky to understand, so thats where im at my freind, Let me know you need any help, Good idea about starting with previous phone guide, my thoughts exactly as well when i started gettin my hands dirty lol What a universe in these gadgets, awesome
Is there anyway you could post a guide of sorts. Looking to unlock the bootloader and root (aren't we all).
Am relatively new at this. Last phone I rooted before this year was the Epic Touch! Please at least list which downloads are needed. Thanks in advance. *Jaymi*
Thsi a Specs by your phone?
Okay. Let's go to the beginning.
I have a friend who knows how to handle Mediatek phones. He even has a BLU MT6762 with Android 9. He compiled the TWRP himself. Maybe compile one to you.
I'll try to send him a message to know if he can help you.
But the bigger question is about the original firmware (without ROOT/Magisk). Have you tried using the Smart Phone Flash Tool (SPFT) to copy all the firmware? Is there an official stock firmware? So you could use the scatter.txt file to use SPFT.
If you couldn't use SPFT then were you forced to use mtk_client?
To unlock bootloader, can you use this guide?: https://forum.xda-developers.com/t/...om-rom-on-a-blu-g90-pro.4253737/post-85180967
Update:
Okay. He agreed to help. He asked someone to put the stock recovery.img file attached to the message and information about fastboot:
Code:
fastboot getvar all
and fastbootd:
Code:
fastboot getvar all
Furthermore an experienced user should contact him to test the TWRP files he will compile. So think hard if you can get your phone back to normal if something strange happens. Usually just reinstall the stock file and everything will be simple. One more detail: you should be able to understand that the test needs the phone with the full wipe process and without using magisk at the moment.
rtype77 said:
Yeah right on, im goin at orange status removal once again, I did do a little homework, and beleive the inability to flash any custom partition is due to encryption of partitions by dm verity and or AVB preventing boot even if rooted? Not sure exactly but reading and learning. btw my friend, Im Rob, pleasure to meet. I dont know any coding, though ready to learn, just mods a bit, though im relatively new to that as well, but i try being creative, and was stoked I actually pulled off root on this newer phone, unlocked the bootloader with mtk_client, from git-hub, no problem : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjlsKWdh7b2AhVXjokEHXJ1DD4QFnoECAsQAQ&url=https://github.com/bkerler/mtkclient&usg=AOvVaw1EA0UgBcE8bbeVuiVn4L7c
I then read all partitions to my laptop which dumped in .bin form, from there i looked everywhere for a root on this phone. too new, as i found nothing. That made me think if mtk_gui could pull off unlocking the bl, what else can it do? So read its readme a bit and noticed the magisk root using adb and fastboot, with accompaning custom magisk for mtk. Thought i was probably wasting my time as this phones security is newer. Well, it worked, so bootloader down, root accomplished with magisk, now this orange state, which i tried online hex manipulation of lk.bin file and flashed it to original lk.bin partition on phone, no boot. Tried making a custom logo.bin and same flash, no boot. So used my mtk_client tool to flash my backup abov 2 partitions and, booted right up, no problem which led me to investigate this vb meta and AVB which im currently trying to grasp. Oh and yes i figured out how to take a complete flash dump into a .bin file with mtkclient, so I have backup of partitions from this tool by reading partitions section, and also backup by using the read flash option under flash in the tool. It gave me one giant file called user.bin. I researched what bin and img files are and learned we can use 7 zip or any storage compress/decompress software or cd iso software to open bin files, so preceded with 7 zip on user.bin file and was able to extract the partitions in .img format, really cool, so now i have backup in3 styles lol .bin partitions, .img partitions or 1 .bin complete rom dump which when opened with 7 zip gives you the img forms, been fun, but this orange state and security stuff seems a bit tricky to understand, so thats where im at my freind, Let me know you need any help, Good idea about starting with previous phone guide, my thoughts exactly as well when i started gettin my hands dirty lol What a universe in these gadgets, awesome
Click to expand...
Click to collapse
I get handshake error with mtk client on my b140dl, on both windows and relived iso. Would love to have mine unlocked.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hey guys, I am a total noob with android but I have this same model hone and I have a custom OS. I'm not sure what it means outside of:
"my crazy ex gf managed to get spyware on my new phone like the day after she got the cops to take my old one (Jan 12th) and has been ruining what's left of my sad existence"
But google isn't giving me any results for this firmware version or really this model phone at all so if it would help people working on modding it and there is a way I could like dump the data from it somewhere?
jayleemcnabb81 said:
Is there anyway you could post a guide of sorts. Looking to unlock the bootloader and root (aren't we all).
Am relatively new at this. Last phone I rooted before this year was the Epic Touch! Please at least list which downloads are needed. Thanks in advance. *Jaymi*
Click to expand...
Click to collapse
Hi Jaymi, sorry for the late 2 month late response, been totally busy and other places, but yes, i think i will make a guide, to the best of my ability as im relatively new at this as well and have never wrote a guide, but shall give it my best! Any questions, just ask, Rob
Can someone show me how to do this? it appears OP has been offline and nobody ever got around to actually SHARING THIS METHOD OF BOOTLOADER UNLOCK... I used to unlock my phones bootloaders all the time around 2014 but the game has changed and now you gotta edit files on notepad and download github sources it seems...
tl:dr: NEED ISNRUCTIONZ pl0X!!
rtype77 said:
Yeah right on, im goin at orange status removal once again, I did do a little homework, and beleive the inability to flash any custom partition is due to encryption of partitions by dm verity and or AVB preventing boot even if rooted? Not sure exactly but reading and learning. btw my friend, Im Rob, pleasure to meet. I dont know any coding, though ready to learn, just mods a bit, though im relatively new to that as well, but i try being creative, and was stoked I actually pulled off root on this newer phone, unlocked the bootloader with mtk_client, from git-hub, no problem : https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjlsKWdh7b2AhVXjokEHXJ1DD4QFnoECAsQAQ&url=https://github.com/bkerler/mtkclient&usg=AOvVaw1EA0UgBcE8bbeVuiVn4L7c
I then read all partitions to my laptop which dumped in .bin form, from there i looked everywhere for a root on this phone. too new, as i found nothing. That made me think if mtk_gui could pull off unlocking the bl, what else can it do? So read its readme a bit and noticed the magisk root using adb and fastboot, with accompaning custom magisk for mtk. Thought i was probably wasting my time as this phones security is newer. Well, it worked, so bootloader down, root accomplished with magisk, now this orange state, which i tried online hex manipulation of lk.bin file and flashed it to original lk.bin partition on phone, no boot. Tried making a custom logo.bin and same flash, no boot. So used my mtk_client tool to flash my backup abov 2 partitions and, booted right up, no problem which led me to investigate this vb meta and AVB which im currently trying to grasp. Oh and yes i figured out how to take a complete flash dump into a .bin file with mtkclient, so I have backup of partitions from this tool by reading partitions section, and also backup by using the read flash option under flash in the tool. It gave me one giant file called user.bin. I researched what bin and img files are and learned we can use 7 zip or any storage compress/decompress software or cd iso software to open bin files, so preceded with 7 zip on user.bin file and was able to extract the partitions in .img format, really cool, so now i have backup in3 styles lol .bin partitions, .img partitions or 1 .bin complete rom dump which when opened with 7 zip gives you the img forms, been fun, but this orange state and security stuff seems a bit tricky to understand, so thats where im at my freind, Let me know you need any help, Good idea about starting with previous phone guide, my thoughts exactly as well when i started gettin my hands dirty lol What a universe in these gadgets, awesome
Click to expand...
Click to collapse
Hey, I have a B140DL and unlocking it's bootloader has become personal. I have achieved root on other handsets and tablets, but this little bastard is something else. I was just inquiring to see if you ever put together a guide. Any advice is greatly appreciated. I will say for a cheap phone, it has been a Mother-Fuxxer!
iamx51 said:
I get handshake error with mtk client on my b140dl, on both windows and relived iso. Would love to have mine unlocked.
Click to expand...
Click to collapse
I kept getting handshake error also. Then I started getting device not configured. Have you made any headway?
One more thing, out of curiosity I ran the command "fastboot flashing lock" and I got a menu that asked Do you wish to LOCK BOOTLOADER? Locking your BOOTLOADER will wipe your device of all DATA! You must then flash your phone with a stock ROM.
Looking into this device myself and having a hard time. I haven't rooted a phone since a droid x2 and back then i did it with some kind of software through an ubuntu terminal. Not sure what's being used now but has anyone been able to do this or can anyone offer any tips or guidance?
oldt7mer said:
Looking into this device myself and having a hard time. I haven't rooted a phone since a droid x2 and back then i did it with some kind of software through an ubuntu terminal. Not sure what's being used now but has anyone been able to do this or can anyone offer any tips or guidance?
Click to expand...
Click to collapse
MTK Client and Python with Chimera exploit can supposedly do it. Look to GitHub. Hope you enjoy a challenge. I have made little problems.
ive been playing with this all day and its safe to say this is impossible with currently released tech on the latest security updates. the only way youre going to be able to do this is if youre able to force the phone into brom mode. doesnt seem possible from where im standing unless that can be done, would have to be done through a hardware mod.
oldt7mer said:
ive been playing with this all day and its safe to say this is impossible with currently released tech on the latest security updates. the only way youre going to be able to do this is if youre able to force the phone into brom mode. doesnt seem possible from where im standing unless that can be done, would have to be done through a hardware mod.
Click to expand...
Click to collapse
in case i wasnt clear, if you are on 2021 security updates with this phone (i.e. havent updated it or just got it and declined updates) you can easily unlock the phone with mtkclient and root with magisk; however if you've installed the 2022 security updates, brom mode is basically disabled making it impossible to unlock the phone.
oldt7mer said:
ive been playing with this all day and its safe to say this is impossible with currently released tech on the latest security updates. the only way youre going to be able to do this is if youre able to force the phone into brom mode. doesnt seem possible from where im standing unless that can be done, would have to be done through a hardware mod.
Click to expand...
Click to collapse
Run the fastboot command "fastboot flashing lock". Do that and tell me what you think. Trust me. Just be sure to read the prompt on your phone.
oldt7mer said:
in case i wasnt clear, if you are on 2021 security updates with this phone (i.e. havent updated it or just got it and declined updates) you can easily unlock the phone with mtkclient and root with magisk; however if you've installed the 2022 security updates, brom mode is basically disabled making it impossible to unlock the phone.
Click to expand...
Click to collapse
MTK Client has been no go. Lib USB error and NO BACK END error.

Categories

Resources