[REQUEST][ROM-OFFICIAL] DOOGEE-T5S-Android6.0-20161019 - General Questions and Answers

Surely someone has or can get the Official ROM for The Doogee T5s Note it's T5s not T5 nor T5 Lite.
It's Processor is MTK6735 not MTK6753. I need the ROM with the Scatter file. If you have a Custom Recovery TWRP/CWP that would be helpful too.
If need be I'll put a bounty on it but I am hoping some samitan will be so kind as to post it.
Thanks in Advance.
Included is a screen cap of the Diagnostic Software:

I am looking for the same!

T5 Rom Needed
Hi, i'm looking for the same rom, i miss my phone's imei,
I was able to install the t5 lite Rom, but the NVRAM partition seems to be incompatible.
Thanks

Doogee t5s Stock rom
Please doogee t5s Stock rom link

Not a new ROM, but a step forward. (TWRP & SuperSU)
ethan_hines said:
Surely someone has or can get the Official ROM for The Doogee T5s Note it's T5s not T5 nor T5 Lite.
It's Processor is MTK6735 not MTK6753. I need the ROM with the Scatter file. If you have a Custom Recovery TWRP/CWP that would be helpful too.
If need be I'll put a bounty on it but I am hoping some samaritan will be so kind as to post it.
Thanks in Advance.
Included is a screen cap of the Diagnostic Software:
Click to expand...
Click to collapse
(Edited: Removed all external links due to my newcomer status)
To be brief:
I have not found the stock ROM for the DOOGEE T5S, nor tried any new custom ROM to replace it.
I have managed to install a TWRP with SuperSU powers.
These instructions might help you clean up your current system.
Bonus: the recovery menu (TWRP) is multilingual.
Caveat emptor:
My stock ROM came with a nasty couple of Trojans(a) and other potential malware(b) embedded. The Trojans subscribed me to "premium" phone services, costing me some money. I went through the whole hassle in order to get rid of them.
If you have a DOOGEE T5S, your phone is probably infected too. Owners of other DOOGEE phones should beware. (c,d,e)
DISCLAIMER: The following instructions could seriously harm or brick your phone. I make no guarantees of any type, shape or form as to the end results. These operations WILL VOID YOUR WARRANTY.
What I did:
Last warning: during these operations I had to do a factory reset of my phone. I strongly recommend you BACKUP ALL YOUR DATA before you continue.
1] Install TWRP & root the phone (f)
* Download the required files:
- The TWRP image file here:
[Search the NEEROM dot COM website]
- The SuperSU patch file here:
[Search the NEEROM dot COM website]
* Unrar the TWRP image. Leave the SuperSU patch zipped.
* Enter fastboot mode.
Using ADB in terminal:
Code:
adb reboot bootloader
* Flash the TWRP image in the recovery partition.
Code:
fastboot flash recovery /path/to/twrp/image/recovery.img
(in my case fastboot requires root privileges, so sudo it.
* Reboot and enter in recovery mode.
In fasboot send the reboot system, but press Volume UP during reboot.
* Enter into TWRP and Install the patch "SuperSU 2.78-SR1"
Once in TWRP, ADB is again functional.
Load SuperSU patch to your sdcard:
Code:
adb push /path/to/your/patch/SuperSU_Pro_v2.78-SR1.zip /sdcard/
In the TWRP menu, go to "Install". Browse to the "sdcard" directory. Select the SuperSU patch and Install.
* Reboot to the system.
Beware: system will not start if you haven't installed the SuperSU patch. It will loop at startup, and won't progress beyond the startup logo.
2] Initial setup.
From factory reset, the phone will go through the first installation procedures. Follow the setup until your system logs on, and you can connect again to your phone via ADB.
3] Get rid of the malware.
* Disable the apps:
Without need of supercow powers:
- Enter an adb shell:
Code:
adb start-server
Code:
adb shell
Disable the apps:
In a normal ADB shell:
Code:
pm disable your.package.name.here
If you don't know the name of the packages, you can always get the full list with:
In your normal terminal (not adb):
Code:
adb shell 'pm list packages -f'
In an ADB shell:
Code:
pm list packages -f
* Remove the apps:
First try a normal removal. If they are system apps this will fail, but try anyways.
Code:
pm uninstall your.package.name.here
* Escalation to remove apps:
Now that the first try has failed, get supercow powers:
In the ADB shell:
Code:
su
(You should get a message on your phone telling you that ADB is requiring root privileges. Say OK)
Now your ADB console should read something like "[email protected]"
And we try again:
Code:
pm uninstall your.package.name.here
But we have a super hardcore app that fails to be removed with the normal supercow powers. So we step it up. (g)
Code:
pm uninstall -k --user 0 your.package.name.here
... SUCCESS!
But wait, the app is still there. Yes, you only removed it for root. So... lets do some overkilling:
Meanwhile:
Let's check the ID of the system user:
Code:
id system
In my phone "system" is 1000
So, here we go:
Code:
pm uninstall -k --user 1000 your.package.name.here
Your mileage may vary. Sometimes the first command does the trick, sometimes the app is still there.
Is it gone? Not always.
Can it creep out from the netherworld? Maybe. So, let's beat the dead horse.
* Silence the dead (h)
Just in case the app is still lurking, let's make it harder for it to creep up on us.
Code:
pm hide your.package.name.here
Great. Silent in its coffin.
But is the app still there? Sadly, yes. I looked around and the apps were still there, in a privilege data folder.
* Root it out (i)
This is an extreme measure. You can really harm yourself doing this, so... you have been warned.
At this stage, you should be using supercow powers. If you are not, brief recap:
Code:
adb shell
su
Now, the systems partition is read only, so you cannot remove the content there. So, to remove the files there, you have to remount it in read-write mode. Here we go:
Code:
mount -o rw,remount /system
Now, find the app directories you want to remove. In my case, the apps were in "/system/priv-app". So:
Code:
rm -rf /system/priv-app/YourAppFolder/
And, eventually, erase the associated data:
Code:
rm -rf /data/data/your.package.name.here
A read-write /system/ partition is not a good idea, so we reset as read-only:
Code:
mount -o ro,remount /system
[You might need this]
I don't remember if this is required. Maybe to be able to write to the recovery partition via fastboot...
Code:
adb shell setprop ro.secure 0
This voids the GUARANTEE. You have been warned (AGAIN).
----
(a) Found Trojan.Hiddad & Adware.Retsanvie. Probable carrier app: com.gangyun.beautysnap (aka com.android.snap).
(b) Antivirus programs tag the OTA program as potentially dangerous: com.fota.wirelessupdate
(c) [Some articles on DOOGEE and LEAGOO shipped with Trojans]
(d) [Some articles on DOOGEE and LEAGOO shipped with Trojans]
(e) [Some articles on DOOGEE and LEAGOO shipped with Trojans]
(f) [NEEDROM dot COM website]
(g) [ROMPROVIDER dot COM website]
(h) [Reddit Post]
(i) [ANDROID dot STACKEXCHANGE dot COM Post]

rrm. said:
(Edited: Removed all external links due to my newcomer status)
To be brief:
I have not found the stock ROM for the DOOGEE T5S, nor tried any new custom ROM to replace it.
I have managed to install a TWRP with SuperSU powers.
These instructions might help you clean up your current system.
Bonus: the recovery menu (TWRP) is multilingual.
I am amazed you were able to do as much as you did with just ADB! Usually this type of phone (ChinaPhone) requires flashing the bootrom with a utility called SP Flash Tool and , VCOM Drivers as well as the aforementioned Scatter file! BTW There is a rom for the T5S LITE but not T5S (Despite many many requests, falling on deaf ears)
Click to expand...
Click to collapse

ethan_hines said:
rrm. said:
(Edited: Removed all external links due to my newcomer status)
To be brief:
I have not found the stock ROM for the DOOGEE T5S, nor tried any new custom ROM to replace it.
I have managed to install a TWRP with SuperSU powers.
These instructions might help you clean up your current system.
Bonus: the recovery menu (TWRP) is multilingual.
I am amazed you were able to do as much as you did with just ADB! Usually this type of phone (ChinaPhone) requires flashing the bootrom with a utility called SP Flash Tool and , VCOM Drivers as well as the aforementioned Scatter file! BTW There is a rom for the T5S LITE but not T5S (Despite many many requests, falling on deaf ears)
Click to expand...
Click to collapse
Yes, I did notice the lack of help regarding the release of the stock ROM. Given that (in my case) it was a compromised ROM (Trojans & Co.), I would imagine why they would not release the original one. It surprises me they are not releasing a cleaned up version, though.
The TWRP for the T6 works fine on the T5S. I was tempted to try one of the custom roms for T6 pro available at needrom DOT com. The thing is I need a working phone, so I cannot hard or soft brick my T5S. Not having a fallback ROM, that kind of nails it down for now.
I'm deploying LineageOS on a series of other devices. If all goes well, I might give LineageOS for T6 pro a try on my T5S. My concern is not the chipset of the SOB, it's the periphericals. Chiefly the capacity to recognize the SIM cards. It would defeat the purpose to have a running Android Nougat on my phone and not be able to make calls.
Click to expand...
Click to collapse

Replacement stock ROM: use the T5 lite stock ROM
ethan_hines said:
Surely someone has or can get the Official ROM for The Doogee T5s Note it's T5s not T5 nor T5 Lite.
It's Processor is MTK6735 not MTK6753. I need the ROM with the Scatter file. If you have a Custom Recovery TWRP/CWP that would be helpful too.
If need be I'll put a bounty on it but I am hoping some samitan will be so kind as to post it.
Thanks in Advance.
Included is a screen cap of the Diagnostic Software:
Click to expand...
Click to collapse
UPDATE:
Previously described to have successfully flashed TWRP 3.0.3 from needrom, with root powers, allowing for housekeeping of the original ROM.
I now inform you to have successfully flashed the T5 Lite stock rom (the UPDATE) into the T5S.
The ROM is apparently fully functional: RadioFM, front camera, back camera, WiFi, SIMs. I have not found any non-functioning feature.
I have tried to flash in a custom ROM, but until now I have been unsuccessful. While flashing the ROM with TWRP I get a 255 error. I'm thinking I need TWRP 3.1 or 3.2 to flash the custom ROMs I have. Sadly, there doesn't seem to be a TWRP 3.2 for the DOOGEE T5 lite/T5S.
I'll keep you all posted.

Need SuperSU
Is anyone here who can send me the "SuperSU_Pro_v2.78-SR1.zip"
PLEASEEEE don't send me the needrom link. Thanks!

ethan_hines said:
Surely someone has or can get the Official ROM for The Doogee T5s Note it's T5s not T5 nor T5 Lite.
It's Processor is MTK6735 not MTK6753. I need the ROM with the Scatter file. If you have a Custom Recovery TWRP/CWP that would be helpful too.
If need be I'll put a bounty on it but I am hoping some samitan will be so kind as to post it.
Thanks in Advance.
Included is a screen cap of the Diagnostic Software:
Click to expand...
Click to collapse
Finally the T5S firm is available at doogee.cc comunity!
I had to use it to revive my T5S after trying to flash TWRP recovery: I tried TWRP from T5, T6 and T6 Pro but in all cases phone got stuck in a boot loop. :crying:
I don't know if the official firmware contains bloatware... I'll keep any eye on it...

Doogee T5S rooten
After some time consuming experiments, I finally got my T5S rooted.
The main point after installing TWRP, througth fastboot or SP-Flash tool is:
1st: Booting immediatly into the recovery mode (prevents the operating system to switch to the original recovery app)
2nd: installing Super-SU before booting in the system (I my case it prevents the boot-loop. I think a must!)
When you finally restarted successfully the operating system, deactivate the APP "Aktualisierung mit Funknetz" (in englisch I think something like "OTA WiFi upgrade") , which seems to be reason for the malware. I my case, since I did it, no pop ad's appeared! (since 3weeks)
Remark:
As the T5S has the some CPU as T5light you can flash this firmware as well. I did it with the SP-tool but with same problem of poping up of unwished AD's, i.e. you have to root to put the above mention APP in deactivat mode (I did it with the app: 3C System Tuner Pro).

Related

[HELP!] Velocity Cruz T301 Full Brick Recovery

Hi XDA,
so basically i bought a Velocity Cruz T301 recently and followed the known procedures for rooting, flashing ClockworkMod Recovery and custom rom (SJHill Rom v0.3).
before the full brick my device was at ClockworkMod 5 and rooted with SJHill Rom v0.3.
i installed CWM by flashing the zip in stock recovery, then succesfully rooted the device, finally wiped and flashed my custom rom
after major dissapointment in this tablets performance i decided i wanted to get rid of it.
So i downloaded the stock rom, wipe and flashed it onto the tablet...
the tablet turned off when it was finished (i think it was attempting to reboot) and never turned back on again...EVER! :good:
i cant even get to recovery
i tried flashing with adb and fastboot but the device is never even presents itselft to the computer.
i found out that you can boot the device into USB boot mode where you hold the "VOL -" (Volume Down) button and press the reset button and while connected to the computer (windows only) a "JZ4760 USB Boot Device" appears.
i did some googling and also found out that the T301 is based on similar tech to a bunch of tablets and they can all be modified by some software released by Ingenic called USBBootTool.exe
the tool is written in chinese and i cant decypher it all, though i found out how to use it based on its usage for other Ingenic based tablets
1.) you will need to disable driver signature verification (press F8 on boot of windows and toggle the setting, i hate rebooting too but it has to be done)
2.) boot your tablet into USB Boot Mode (hold down Vol - and press Reset button)
3.) install the driver for your device (included in the files below)
4.) with the tablet disconnected you would open the USBBootTool.exe
5.) select your tablet in the options and fill each box with the files needed to flash (files included below)
6.) reconnect the tablet while still in USB Boot Mode and the software will flash your device on detection
everything goes fine for me except when i get to the flashing part in the end.
when USBBootTool detects my tablet, it attempts to flash and gives me a stream of errors and never flashes my device.
i dont know what to do at this point. i have provided direct links to all the software im using and also links to where i got them.
any help would be appreciated, thank you to the XDA community in advance
>------------------- DOWNLOADS ------------------------<
USBBootTool.exe / Tablet Drivers (4725 / 4725B / 4740 / 4750 / 4755 / 4760 / 4770)
http://dl.dropbox.com/u/79196608/burn_tools_3.0.16.rar
obtained from - http://forum.xda-developers.com/showthread.php?t=1720621
Velocity Cruz T301 Update.zip (contains the system.img / data.img / mbr-xboot.bin files)
http://www.cruztablet.com/T301update.zip
obtained from - http://www.cruztablet.com/Article_861.php
SJHill Rom v0.3
http://www.androidfilehost.com/?fid=9390362690511176486
obtained from - http://www.slatedroid.com/topic/27583-rom-t301-sjhill-rom-17-feb-2012-download-link-updated/
ClockworkMod 5
http://files.androtab.info/ingenic/cwm/20120514/T301-recovery-signed.zip
obtained from - http://androtab.info/mips/ingenic/clockworkmod/
I have the same situation. I have gone through every menu in the USB Boot tool and to no avail am I able to recover my T100.
gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.
feyerbrand said:
gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.
Click to expand...
Click to collapse
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one
JustSayTech said:
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one
Click to expand...
Click to collapse
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.
wow, i learned alot from that post, seems like writing a usbboottool-like application that can send the commands but also log and possibly bypass security checks etc but that def would take sometime. thank you for your insight, seems youve come the closest to cracking the case, actually you found the fault, hopefully your methods can eventually bring about a fix
JZ 4770
gmick said:
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.
Click to expand...
Click to collapse
for my JZ4770 Earlier USB tool was flashing .img without any problem but for now it is saying "load cfg failed". "API downlaod failed' like dialogues and doesnt flash anything. Any idea? Thanks in advance!!
First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball
Yes, I did
JustSayTech said:
First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball
Click to expand...
Click to collapse
Yes, I tried with this suggestion. Rather I reinstalled xp and the tried again. But the dialogues are same. The history is like this. Was having ICS on JZ 4770. Formatted with usb tool and put JB updates. It was not sensing touch so reflashed another JB updates. Now the tab boots, it reaches to boot logo for around 12 seconds and restarts in stock recovery. While it is in booting stage it get detected by windows and adb also. In stock recovery mode it get detected by windows and in turn by adb also. If I tried to install updates through SD card it shows it had installed and reboots after completion. But again the same way it goes to boot logo and then back to stock JB recovery. It also boots in ingenic boot device mode and gets detected by USB burn tools. But when try to flash any of the ROM it gives the same dialogues "check cfg failed" "api download failed" "boot. fw failed" and cant flash anything.
Is there any tool which can be flashed or a script which can be used from SD card for completely formatting flash memory so that USB burn tool can flash required ROM?
can you flash the stock rom in recovery?
Managed using USB BOOT TOOL for ingenic JZ 4770 board in English
JustSayTech said:
can you flash the stock rom in recovery?
Click to expand...
Click to collapse
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html
Got USBBootTool.exe kind of working.
1. Download the following file from Ingenic.
ftp * ingenic * cn/3sw/01linux/tmp/jz4770-20110610.rar
2. Download Applocale from Microsoft.
www * microsoft * com/en-us/download/details.aspx?id=13209
3. Extract the jz4770-20110610.rar and find the folder. (Using 7zip should keep the UTF encoding in Chinese)
20110610\04burn\20110524_4770_Programmer
4. Copy the folder 20110524_4770_Programmer to location you want to use it in.
5. Install Microsoft Applocale (Just in case, I don't think it is required)
Now Start Applocale and create a shortcut to USBbootTool.exe inside 20110524_4770_Programmer
中文(简体) is simplified Chinese option and should let you view the GUI correctly.
6. Now with the Applocale Shortcut created for USBbootTool.exe you can start the application with correct fonts.
Now this is where is breaks down.
TABLET-8 NAND FINAL BSP(S3 TEST) will allow you to read from it and write to it, but the CFG is off.
\tool_cfg\tablet-8-nand-final.ini is the configuration for it.
DO NOT CONNECT THE DEVICE WITH ANY OPTIONS CHECKED OR LOAD ANY FILES.
See Attached Images.
Next to the Read button is some Boot Option menu. I am not fulling aware of what this does.
What I need is a someone to help me fix/correct the ini/cfg files in
\20110524_4770_Programmer\tool_cfg\.ini
\20110524_4770_Programmer\4760\
to correctly match the files of the NAND.
Also if anyone has a copy (dd to img) or (cat to img) of the block devices.
That would help a ton.
# cat /proc/partitions
# cat /proc/mtd
I would also love another T10x Tablet for cheap.
I want to start building things like new bootloader, kernel, system image,
performance libraries to take full use of the Ingenic JZ4760 (www * ingenic * cn/product.aspx?CID=11)
I also bring Christmas gifts
2 APKS. You can place them in /system/app or /data/app.
Google Play will crash now and again, but it will load and work. (Vending.apk)
Secondly I bring the gift of performance increase, just by a slight bit.
edit the line of the heapsize in /system/build.prop dalvik.vm.heapsize=96m
Remember to make sure the permissions are set back to 666 or 644.
Original Vending.Apk before updates came from here: (Incase you are paranoid)
code * google * com/p/ics-nexus-s-4g/source/browse/trunk/system/app/Vending.apk?spec=svn20&r=18
ics-nexus-s-4g * googlecode * com/svn-history/r18/trunk/system/app/Vending.apk
To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for
Click to expand...
Click to collapse
Stupid. how do you expect real people to help post Tech Docs? That is bad Moderating and Administrating.
Make sure to replace the Asterisk's with spaces to normal dots.
Requesting Block Images.
Does anyone have a copy of it they can send me for a T10x?
block images......
IceGryphon said:
Does anyone have a copy of it they can send me for a T10x?
Click to expand...
Click to collapse
Which block images do you want?
...also is there a way to rip the stock images off the jz4760 in the t301.
Such as:
Can i usethe ingenic uboot tool?
Anybody find the jtag pins?
Is the 4 pin conn next 2 the batt for serial?
.......i guess ill try to take a look this weekend
Ics would be really nice, but probably slower than stock..... especially with the limited ram
I unpacked the stock rom. I also unpacked an ics rom for a jz4770, and repo sync'd the aosp and mips 3.0.8 android kernel.
I'm still trying to figure out specs for the processor though. I know that its mips32 - el- fp- r1, but i cannot figur out the dsp version ... if it has one?
Error in erasing nand
nanachitang420 said:
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html
Click to expand...
Click to collapse
I used english ingenic tool to erase bad blocks but m nt able erase bad blocks live suit is giving eror id=0x4848

[RECOVERY]TWRP 3.1.0.0 - FIsH for FLEX 2

TWRP 3.1.0.0 with FIsH for our FLEX 2
Tested on h955 and it's still a BETA
Requirements
Here are the pre-requirements you have to met!
If you can't get them: Close this page and FORGET it (until the day you met those reqs)!
Here are the 2 simple requirements you have to met:
1. root by SuperSU >=v2.76 (greater or equal v2.76)
--> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible
--> for many devices - if not all - this means you HAVE TO downgrade/install LL. It also means that you have to upgrade your SuperSU to this version by e.g. FlashFire if you have a lower version installed!
--> SU by phh is NOT supported => It needs a modified /boot and this would void the boot signing chain!
--> Magisk is NOT supported => It needs a modified /boot and this would void the boot signing chain!
--> I will NOT provide downgrading guides there are plenty of them so search and read.
--> I will NOT provide any guides in rooting your device
--> Before you think about downgrading to LL read about ANTI-ROLLBACK protection some devices and may have! Anti-Rollback means you CAN NOT downgrade - it would HARD-BRICK your device (wtf thinking the vendors who we are?? Is this even legal?!)! Check that before!!
2. you have to be able to disable SELinux in your booted Android
--> You do NOT need to set SELinux permanently to permissive. Just CHECK if you COULD get it MANUALLY. If you can get it OK. If not.. you obviously have not full root access but check the forums maybe there is something you can do about this.
--> I will NOT provide any guides enabling SELinux but some lines later you will see how u can execute the very simple check
--> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible
Those above are hard facts so it may NEVER work with MM. Google has changed the way on how the boot chain will be verified and that means changes in /system will void it from now on.
If MM can get fully rooted somehow/somewhen on your device with SuperSU installed and you are able to disable SELinux the method will work there as well.
If you can not meet ALL of the above 2 requirements lay down and cry.
For the others: calm down and read on!
You can simply test those both requirements by downloading the FIsH package and execute the installer with the following test parameter:
./install.sh --check
This way nothing get installed but you will see if it would work on your device or not.
Limitations!
Keep in mind what I said above: FIsH does NOT unlock your bootloader!
That means with TWRP-in-FIsH you can NOT:
Install a custom ROM like CM/Lineage (this will modify boot = SOFT-BRICK)
Install a custom Kernel (this will modify boot = SOFT-BRICK)
Install a custom recovery (this will modify recovery = may SOFT-BRICK)
In short: do nothing which modifies boot or recovery partitions. Those changes will BREAK your boot signing chain.
You can of course flash everything which is modifying /system /data only (e.g. xposed, Audio mods, etc...)
You're able to backup and restore as well of course and doing any other modifications which you may can't while the Android system is running.
Download
READ THE REQUIREMENTS above before proceeding!
Then UNDERSTAND the requirements before proceeding! <-- omg this is crucial important!!!! Ensure that you really do not skip this step!
READ THE LIMITATIONS above before proceeding!
Then UNDERSTAND the limitations before proceeding! <-- omg this is crucial important!!!! Ensure that you really do not skip this step!
... and NEVER ask for ETA's!
if you can say:
Yes! I have read and totally understood the limitations AND the requirements!
then proceed. Otherwise read again until you got it.
Keep in mind that this is a HACK. It may soft-brick your device. you have been warned!
The concept is the same for all models but again no guarantees here for anything.
There is ALWAYS a risk and you should better backup what you do not want to loose before starting downloading this.
Download
Installation (Linux)
You can just install any newer version over an old one.
boot Android and connect USB cable
download the newest version to your PC and open a terminal in that directory
tar xzf TWRP-in-FIsH*.tgz
cd android_FIsH
./install.sh
check the output of that script. you should not see any errors there (hopefully)
Installation (Windows)
use FWUL or be patient.. maybe i or someone else release an installer... maybe...
First run (no PC required)
This FIsH gets installed PERMANENTLY! That means:
You can boot up TWRP the same way as described here again without re-installing.
If you re-install your STOCK image you have to re-install TWRPinFIsH as well.
reboot Android
you should now see: LED goes from blue to GREEN
NOW directly when u see this GREEN LED press VOLUME DOWN and do NOT release
wait until the device vibrates and the LED changed to RED. Then release the Volume Down button.
Wait until FIsH completed and TWRP should be shown --> This means FIsH has done it's job well!
This is a good time to do a full backup isn't it ? Manually mount the SYSTEM partition as it gets not auto mounted atm and do a full backup
reboot from here (safely ignore the msg "no OS installed" and reboot anyways) and you should see Android booting (hopefully ... if not see bottom)
Daily Usage (no PC required)
reboot Android
you should now see: LED goes from blue to GREEN
NOW directly when u see this GREEN LED press VOLUME DOWN and do NOT release
wait until the device vibrates and the LED changed to RED. Then release the Volume Down button.
Wait until FIsH completed and TWRP should be shown --> This means FIsH is doing it's job still very well
AGAIN: keep your mind up! You HAVE to ensure that whatever you do and whatever you flash -> NEVER TOUCH BOOT/RECOVERY! If you flash a ZIP ensure first that it do not modify them! Otherwise you WILL softbrick. You have been warned (several times now)
Trouble / Bootloop fix
if you encounter a bootloop (should never happen but who knows) you have 3 choices at least:
Option 1a: (TWRP-Bootloop) Within TWRP open Advanced -> File Manager -> Goto: /system/su.d and click "select" button -> Delete
Option 1b: (TWRP-Bootloop) From your PC: adb shell rm -rf /system/su.d/
Important: Catch the fish log (see next topic)
Option 2 (this works also for a bootloop without twrp): boot into download mode and use LGLaf to get a shell
then:
setenforce 0 <-- if that doesn't work you may have to do a FULL restore to stock
mount -oremount,rw /system
rm -rf /system/su.d/
reboot. You are out of the bootloop.
Important: Catch the fish log (see next topic)
Option 3: Last resort: Reflash STOCK. sorry.. there is always a risk..
Catch the FIsH logs
when in TWRP (or other ramdisk providing adb shell):
adb shell "cat /cache/fish/fish.log"
adb shell "cat /tmp/recovery.log"
OR - when in Android:
adb shell "su -c cat /cache/fish/fish.log"
adb shell "su -c cat /cache/fish/fish.log.old"
adb shell "su -c tar cvzf recoverylogs.tgz /cache/recovery"
adb pull recoverylogs.tgz
Upload the output to https://paste.omnirom.org and paste the link in the IRC channel (see next topic)
Support / IRC Channel
IRC means Internet Relay Chat and you will get best support here only.
Choose how to get in:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
Web (KiwiIRC-Web,FreenodeWebchat])
When you have to choose a channel it is: #Carbon-user
When you will be asked for a server network choose: freenode
Known issues (may never get fixed)
Due to the fact that FIsH is a BRUTAL hijack of the booting process several things may not work as expected.
This will normally not harm anything but you have to know about.
ZIP / ROM flashing:
omg really you wanna hear that again? OK: DON'T TOUCH BOOT / RECOVERY. And you be safe.
When you try to install a ROM it will modify at least BOOT. That means soft-brick!
When you try to install a custom Kernel.. omg really? It will definitively SOFT-BRICK! Maybe you should read the limitations again??
When you try to install a ZIP like xposed, supersu, Vipermod and others ensure that those are not modifying BOOT or RECOVERY partitions. For those mentioned it would be very unlikely but who knows.
FIRMWARE partition:
cannot be mounted - even not manually. You have to live with it.
Double Tap to wakeup (in TWRP):
Unfortunately this cannot work in TWRP-in-FIsH due to the nature of this hijack. You have to live with it.
Credits (without them - no FIsH!!!)
If you feel that someone / you is missing on this list lemme know!
Chainfire for SuperSU! This is the main part of FIsH.
TeamWin for TWRP
@cray_Doze, @dssmex, @Aaahh and @KeiranFTW for their hijack implementations (e.g. https://forum.xda-developers.com/showthread.php?t=2608408, first steps to a G4 hijack)
steadfasterX for the android FIsH !
Here is the h955 device tree for building TWRP with omnirom minimal sources - https://github.com/jarno83/android_device_lge_h955
Here are TWRP logs from backups and restoring if anyone interested - https://github.com/jarno83/twrp_logs
Changelog
29.04.2017 - TWRP-3.1-in-FIsH-v2.0_LGFLEX2_LL_BETA3.zip
Latest FIsH source code and fixes.
3.04.2017 - TWRP-3.1-in-FIsH-v2.0_LGFLEX2_LL_BETA2.zip
Fixed the RESTORE issue - thanks to SteadfasterX
Used latest FIsH source code.
Went to zip format, now a pit smaller.
2.04.2017 - TWRP-3.1-in-FIsH-v2.0_LGFLEX2_LL.tar.gz
The fishfood is TWRP 3.1.0.0 it uses 15c stock kernel for now. And has a problem with restoring.
What is TESTED
BACKUP and RESTORING /system and /data partitions - OK
Xposed V87 - flashes ok with twrp and works - http://dl-xda.xposed.info/framework/sdk22/arm64/
Tested Device List
H955 running 5.1.1 15c ROM
H950 running 5.1.1 PR ROM - thanks to iDefalt
Congrats
Have you seen the XDA template for FIsH?
https://forum.xda-developers.com/an...ack-to-boot-want-device-t3578373/post71567825
.
Sent from my LG-H815 using XDA Labs
steadfasterX said:
Congrats
Have you seen the XDA template for FIsH?
https://forum.xda-developers.com/an...ack-to-boot-want-device-t3578373/post71567825
.
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Ok, thanks Didn't saw that
So anyone tested it yet ? TWRP booting ?
I have my phone in repair center atm cant test anything.
Yes, I have it on my h955 and twrp boots fine. I tested system backup and restore, now working. Flashed xposed also ?
Sent from my LG-H955 using XDA-Developers Legacy app
/data backuped and restored with success ?
Sent from my LG-H955 using XDA-Developers Legacy app
Ok so now what? What is the next step? On road To install custom rom or custom kernel.
dadaa1 said:
Ok so now what? What is the next step? On road To install custom rom or custom kernel.
Click to expand...
Click to collapse
SteadfasterX is developing some stuff... so maybe on day we will have a possibility to use full custom roms.
But for now we have a custom recovery
If someone is willing to cook something interesting that can work with not touching the boot or recovery partitions... then well I would call it a custom rom
In theory it should work on a H950PR? So I can at least test it
maucvs said:
In theory it should work on a H950PR? So I can at least test it
Click to expand...
Click to collapse
Hi, I think it will work. You'll need to be rooted and You can give it a try ?
Sent from my LG-H955 using XDA-Developers Legacy app
It should work..
I already tried this on h950 but there is dead android with red '!' ..
For some reason it wont boot into the fishrecovery and goes to the recovery partition..
Ill try smth when i have time.
adds08 said:
It should work..
I already tried this on h950 but there is dead android with red '!' ..
For some reason it wont boot into the fishrecovery and goes to the recovery partition..
Ill try smth when i have time.
Click to expand...
Click to collapse
Seams like the twrp I build is not liking h950
Sent from my LG-H955 using XDA-Developers Legacy app
I'll try to make h950 tree and build a test twrp.
Sent from my LG-H955 using XDA-Developers Legacy app
adds08 said:
It should work..
I already tried this on h950 but there is dead android with red '!' ..
For some reason it wont boot into the fishrecovery and goes to the recovery partition..
Ill try smth when i have time.
Click to expand...
Click to collapse
Can you test this... made a h950 test tree. The twrp boots on my h955 also.
ergo911 said:
Seams like the twrp I build is not liking h950
Click to expand...
Click to collapse
I had a similar issue for the g4 and here it was FIsH because it was too slow for some devices . I will release a new FIsH release which improves speed dramatically asap.
.
Sent from my LG-H815 using XDA Labs
Thanks ?
ergo911 said:
Thanks ?
Click to expand...
Click to collapse
Ok so please use git pull to get the latest updates!
Lemme know if you have any trouble.
.
Sent from my LG-H815 using XDA Labs
ergo911 said:
Can you test this... made a h950 test tree. The twrp boots on my h955 also.
Click to expand...
Click to collapse
Works like a charm on my H950. Thanks! The only issue is TWRP booting time, but it's should be right that, if I understand correctly.
Thank you!

Question A newbie question about X3 Pro with LineageOS

Hi Fellows,
First of all, I’m newbie to flashing (or so-called) phones. I want to change my phone for de-googled one. I’m thinking about POCO X3 Pro with LineageOS 18.1.
I’ve been recently reading a lot about changing OS, but I feel completely overwhelmed by how complex knowledge it is. Even on the forum there is so much info, so much specific vocabulary/acronyms
Can you advise me, how to start?
Or maybe different way... do you know any reliable service/somebody in the UK, who could help? I've already checked services in my town - no one does software modifications
kamien8 said:
Hi Fellows,
First of all, I’m newbie to flashing (or so-called) phones. I want to change my phone for de-googled one. I’m thinking about POCO X3 Pro with LineageOS 18.1.
I’ve been recently reading a lot about changing OS, but I feel completely overwhelmed by how complex knowledge it is. Even on the forum there is so much info, so much specific vocabulary/acronyms
Can you advise me, how to start?
Or maybe different way... do you know any reliable service/somebody in the UK, who could help? I've already checked services in my town - no one does software modifications
Click to expand...
Click to collapse
You don´t need to pay someone else for that, you can do it by your own.
I will give you the topics in order, one by one, and just search for the info till understand what you are want to achieve.
1-Unlocking bootloader.
2-Flashing a custom recovery.
3-Rooting (optional)
4-installing a custom ROM (like LineageOS)
Search for these topics in your own forum, read carefully and apply them when you are sure what you are doing.
Copied these from my old post in other forums, I updated a little but still might be a little outdated
Spoiler: How to unlock bootloader
Link your poco x3 pro to your MI account
Activate "Find my device" for Mi account
Settings > About Phone > Tab "MIUI version (For POCO)" until developer mode unlocked
Settings > Additional Settings > Developer Options
OEM unlocking - Checked
Mi Unlock status > Add account and device - Do only once, anymore will reset 168 hours unlock counter
Go to https://en.miui.com/unlock/and download the mi unlock software
Latest version to date of this post is https://miuirom.xiaomi.com/rom/u1106245679/5.5.224.55/miflash_unlock-en-5.5.224.55.zip
Prepare for future unlock
Turn off your mobile
Boot into fastboot mode - Volume Down + Power
Run "MiUsbDriver.exe" located in the miflash_unlock_en zip
Connect mobile to PC or laptop
Poco X3 Pro driver should be installed
Run "miflash_unlock.exe" and proceed through the software
If you yet to apply for permission to unlock, you can apply from there (I think, the last I applied was years ago, not sure still a thing now or not)
The software will tell you the countdown which is 168 hours aka 1 week.
Exit fastboot mode on phone by holding the power button.
A week later, time to unlock.
Backup your file, if you have used the phone intensively, unlocking will result in factory reset.
Turn off mobile
Boot into fastboot mode - Volume Down + Power
Run "miflash_unlock.exe"
Connect mobile to PC
Proceed through "miflash_unlock.exe"
Unlocked
Spoiler: How to Flash Custom Recovery
Download google platform tool from https://developer.android.com/studio/releases/platform-tools
Extract the tool
In the tool folder, type "cmd" at "Address bar" to open command prompt to that folder
Press enter after you type "cmd", if it isn't obvious.
Turn off mobile
Boot into fastboot mode - Volume Down + Power
Connect mobile to PC
Go to command prompt window, type "fastboot devices".
Your phone will be shown if detected, otherwise, fix your driver.
Download Custom Recovery
OrangeFox - https://orangefox.download/device/vayu
TWRP - https://forum.xda-developers.com/t/recovery-unofficial-teamwin-recovery-project.4269551/
Lineage OS Recovery - https://download.lineageos.org/vayu
Don't use LOS recovery if you are rooting, it doesn't support OTA data decryption thus magisk need to be reflashed everytime during OTA.
Extract the "img" recovery file to the tool's folder
Type "fastboot flash recovery <filename>"
Done, type "fastboot reboot recovery" or Volume Up + Power on mobile to enter recovery
Spoiler: How to Flash Custom Rom
Connect mobile to PC
Copy files to mobile
Firmware - https://xiaomifirmwareupdater.com/firmware/vayu/
Rom
XDA Roms - https://forum.xda-developers.com/f/xiaomi-poco-x3-pro.12163/?prefix_id=33
Xiaomi EU Rom - https://xiaomi.eu/community/forums/miui-rom-releases.103/
Gapp (if you want)
MindtheGapps
NikGapps
FlameGapps
OpenGapps (Personally Recommended)
Magisk (If rooting) - https://github.com/topjohnwu/Magisk/releases
Boot into recovery - Vol up + Power
install in order
Firmware
Rom
Gapps (if you want)
Magisk (if rooting)
Format data in recovery
Wipe Cache and Dalvik/Art Cache (If the recovery support it)
Reboot into system
Done
If you mess up the format data sequence, don't worry, you can always use "adb sideload". Also, if you use LOS recovery, you need to use sideload.
Look for sideload in recovery
Open command prompt in your tool folder, type "adb sideload <filename>" to install the things you want.
Spoiler: How to flash back or to official rom along with official recovery
Download xiaomi flash tool - https://xiaomiflashtool.com/
Download fastboot package - https://xiaomifirmwareupdater.com/archive/miui/vayu/
Extract xiaomi flash tool, run "XiaoMiFlash.exe"
Extract fastboot package to somewhere, preferably root subfolder of c:\ or whatever drive
Long pathname can cause "XiaoMiFlash.exe" to run into error
Boot mobile into fastboot - Vol down + power
Connect mobile to pc
In "XiaoMiFlash.exe", select folder of fastboot package
Bottom right of the software, choose "clean all" or "clean and lock (bootloader)"
Click flash
Once done, it will auto reboot into MIUI
Spoiler: How to pass safetynet for custom rom
At the moment of this post, most custom roms fail safetynet. It is not absolutely necessary to get safetynet to work. Only do this if the gapps you want to install require it.
Install magisk (No way around it)
Install props config module
Reboot
Run any terminal app - https://play.google.com/store/apps/details?id=com.termux
Type "su" and enter
Grant super user rights to it
Type "props" and enter
Type "1" and enter
Type "f" and enter
Type "22" and enter
Type "6" and enter
Basically, you are choosing "Poco X3 Pro (Global)"
Type "y"
Reboot and test your safetynet
Spoiler: How to make Nasty Anti-Root Apps work with Magisk
In magisk, install Riru module
Download Unshare - https://github.com/vvb2060/riru-unshare/releases
In magisk, install Unshare
In magisk, enable "Magisk Hide" in settings
In magisk, "hide Magisk" in settings, choose some really unpredictable name
In magisk, press "Shield", hide all options (dropdown) for the targetted App
Reboot
Try run the apps multiple times
If fail
Install App Manager - https://f-droid.org/en/packages/io.github.muntashirakon.AppManager/
In App Manager, look for the apps, go to "Services", disable that one "(Isolated)" service.
Double make sure it is applied
Reboot
Try run the apps multiple times
Still fail
Try this, some say it worked
In magisk, install LsPosed module
Install XPrivacyLua - https://repo.xposed.info/module/eu.faircode.xlua
In LsPosed, enable XprivacyLua and Singpass in that same list
Reboot
In XPrivacyLua, look for the app, enable restrict on "Get Applications"
Reboot
Try run the apps multiple times
this is the last resort
Install Shelter - https://play.google.com/store/apps/details?id=net.typeblog.shelter
Clone the App in Shelter
In shelter, under work profile, make sure no rooted apps in there
Reboot
Try run the App in work profile multiple times
SubwayChamp said:
You don´t need to pay someone else for that, you can do it by your own [...]
Click to expand...
Click to collapse
Thanks a lot. It makes sense.
I was also told, that before flashing it is esential to do a backup.
What's your opinion? How to do so?
kamien8 said:
Thanks a lot. It makes sense.
I was also told, that before flashing it is esential to do a backup.
What's your opinion? How to do so?
Click to expand...
Click to collapse
About backup the first important is what is important for one, I mean personal information like messages, call, WhatsApp and so on.
But the most important in other sense is about the well functioning of the device itself, for example EFS where is stored the IMEIs, sometimes vendor, dtbo and persist images depending on the custom recovery if it includes these options.
Particularly, I never need any other partition from recovering eventually my device/s.
I would like to suggest you to try flashing some roms on any other device which you don't use(for ex. an old abandoned phone) and gain some experience before trying on your poco x3 pro.
dey18 said:
I would like to suggest you to try flashing some roms on any other device [...]
Click to expand...
Click to collapse
That was my idea. Unfortunately the only 'old' phone I've got is Huawei P9 Lite 2017 with Android 7. I haven't found any information, that there is a way to install LineageOS on the device.
However, for training purposes I could install any different OS, suitable for the device. Do you know any?
By the way, is the following link the only valid repository for the OS?
LineageOS Downloads
download.lineageos.org
kamien8 said:
That was my idea. Unfortunately the only 'old' phone I've got is Huawei P9 Lite 2017 with Android 7. I haven't found any information, that there is a way to install LineageOS on the device.
However, for training purposes I could install any different OS, suitable for the device. Do you know any?
By the way, is the following link the only valid repository for the OS?
LineageOS Downloads
download.lineageos.org
Click to expand...
Click to collapse
yes, thats the official site
kamien8 said:
That was my idea. Unfortunately the only 'old' phone I've got is Huawei P9 Lite 2017 with Android 7. I haven't found any information, that there is a way to install LineageOS on the device.
However, for training purposes I could install any different OS, suitable for the device. Do you know any?
By the way, is the following link the only valid repository for the OS?
LineageOS Downloads
download.lineageos.org
Click to expand...
Click to collapse
If you had no experience of flashing a phone, read and follow this guide with Pictures :
https://forum.xda-developers.com/t/4288121/post-85137963
It should be sufficient to help you flash a ROM.
No tutorial about backup data from phone in that guide, you have to do it on your own.
pl1992aw said:
If you had no experience of flashing a phone, read and follow this guide with Pictures :
https://forum.xda-developers.com/t/4288121/post-85137963
It should be sufficient to help you flash a ROM.
No tutorial about backup data from phone in that guide, you have to do it on your own.
Click to expand...
Click to collapse
I like this method, and this specific guide is what helped me flash custom rom on my X3 pro.
It is detailed and even gives notice if in case we get lost in a step.
I hope the OP can read this as the guide was really helpful. I know they used arrowOS for example, but I applied the method with different rom.
kamien8 said:
That was my idea. Unfortunately the only 'old' phone I've got is Huawei P9 Lite 2017 with Android 7. I haven't found any information, that there is a way to install LineageOS on the device.
However, for training purposes I could install any different OS, suitable for the device. Do you know any?
By the way, is the following link the only valid repository for the OS?
LineageOS Downloads
download.lineageos.org
Click to expand...
Click to collapse
I suggest you to try any other roms available for your device and not just lineage.
Try flashing multiple roms one by one and identify and rectify your errors.
And don't forget to read documentation provided by the wiki completely and also check out some vids on youtube(people on telegram would tell you to watch yt channel named "Munchy" because he has got this phone).
I wouldn't try and flash an old p9 lite. I remember when I had a p9 and tried to flash it it was a nightmare and was an unorthodox method. If you could grab an old Moto like the Moto g as that would be ideal for a practise flash.
Warren_Orange said:
[...] Moto g [...]
Click to expand...
Click to collapse
I've never used Motorola before. Which G would be good to start gaining an experience?
I'll try to find a pre-owned one.
I'd go for a moto g 2nd or 3rd Gen. You can get them for peanuts on eBay and there is still development for them even now.
I recommend Moto G5.. pretty active community on xda, replacable battery and should be very cheap
k3lcior said:
I recommend Moto G5.. pretty active community on xda, replacable battery and should be very cheap
Click to expand...
Click to collapse
Moto G5
Warren_Orange said:
I'd go for a moto g 2nd or 3rd Gen. You can get them for peanuts on eBay and there is still development for them even now.
Click to expand...
Click to collapse
Do you mean something like this?
gsmarena_moto_g
Will it be possible to go with LineageOS 18.1 on such an old phone?
kamien8 said:
Moto G5
Do you mean something like this?
gsmarena_moto_g
Will it be possible to go with LineageOS 18.1 on such an old phone?
Click to expand...
Click to collapse
Yes that's the one. After having a quick look at the forums I don't think you'd get 18.1 on it. There is a micro g 17.1 rom that seems active.
Is this for practice or for use as well? If it's for using I'd probably go with the g5 for a few bucks extra as the Moto g is quite old but it's not a bad spare spare phone. I picked one up as a backup and I liked the feel of it (if your into small phones) . It reminded me of the first Moto X.

[PX5][Android 10] Patched recovery

This is the Android 10 recovery image by HCT (version 10.3.1) patched to skip signature checking on .zip files
Tested on MTCE_LM (Eunavi). Use at your own risk
It can be flashed from a root shell (either adb or via terminal emulator) by performing the following steps
1. upload recovery via adb
Code:
adb push hct_recovery_patched.img /sdcard/
2. flash recovery
Code:
# backup current recovery
dd if=/dev/block/by-name/recovery of=/sdcard/recovery_backup.img
# write new recovery
dd if=/sdcard/hct_recovery_patched.img of=/dev/block/by-name/recovery
NOTE: If you do not disable the "flash_recovery" service in /init.rc, AND you have a stock kernel, recovery will be restored to the original version after rebooting.
There are 3 ways to avoid this:
- Flash magisk (or a modified kernel) while in recovery. The patch will then fail to apply and recovery won't be overwritten
- Disable "flash_recovery" by doing "adb remount" and editing /init.rc (comment out the following)
Code:
service flash_recovery /system/bin/install-recovery.sh
class main
oneshot
- Neuter the service by either:
- removing /system/bin/install-recovery.sh​- replacing /system/bin/install-recovery.sh with a dummy script​- removing /system/recovery-from-boot.p​
Woo-hoo, after hundreds of rubbish posts in the MTCD forums, we have a real development post!
Great work and thanks for sharing this, these forums need more like you.
Thanks for the kind comment!
I have to admit that it was frustrating to see the lack of information sharing on this forum, and the pervasive pay-per-use model.
I spent a lot of time just getting Android 10 installed (starting from Android 9), and i had to bring the head unit to my desk as working in the car was rather hard and all i achieved was a brick.
I unfortunately had to bring it back in the car now (can't sit on my desk forever) but, now that i figured out how to make bootable recoveries, i was wondering how hard it could be to have TWRP or at least a hassle-free recovery to install Android 10 from Android 9.
As a first step, this recovery makes it possible to install Magisk or other zip files without doing it manually within adb.
Cheers!
Your work is really good!
Thanks a lot for it.
Now you can also modify ROM's without signatur errors when installing.
Wouldn't it be good if we had an app like the ModInstaller ?
So a one click installation of the recovery without shell or adb.
I have now built an app.
And now need help.
Namely, in the app is the recovery and the script.
Unfortunately, the flash process is not started.
It always comes only the first message from the script.
The app is open source and the script and the recovery are in res/raw.
In the attach you will find the finished app and pictures.
If someone has a solution, he can write me or make a pull request on Github.
Source code:
GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
Application for flashing custom recovery on Rockchip Android Head-Units. - GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
github.com
The script:
RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
Application for flashing custom recovery on Rockchip Android Head-Units. - RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
github.com
First of all, congrats for the work!
DISCLAIMER:
I don't own ModInstaller, i have never bought a copy of it and i don't intend to do so.
Analysis is purely done from Youtube videos, open source code analysis and existing and openly available binary images.
I was working to figure out how to make a FLOSS alternative to ModInstaller.
The issues i found in all my attempts are the following:
- A6 recovery is the only one that can boot from SD Card (which can then be used to flash A9 -> A10 with the 2SD trick)
- (it took me a long time to pull these information together and unbrick my unit)​- The A6 recovery is unable to directly flash A10 RKAF/RKFW images (sdupdate.img) due to the code being too old
- a failure will be observed while writing super.img. This happens because the device needs to be repartitioned, and the A6 recovery is not doing it correctly​- A9 recovery is buggy. Booting it with no system installed will result in a black screen.
- it will only boot succesfully after being written by the A6 flash tool, which writes the "misc" partition with the recovery commands to run (the "hint" i get from this is that the misc partition is important)​- A10 recovery can't be loaded by the A6 recovery. I always got a black screen after flash. Is it a flash issue? is it an issue with the recovery itself? hard to know
Theory: maybe the recovery could be written over the kernel partition? ("boot")
This way, the recovery will always run after being flashed instead of requiring an explicit "enter recovery" trigger (buttons, misc partition, etc.)
Besides these experiments, in parallel, i did some bug fixing to this repository: https://github.com/liftoff-sr/rockchip-tool/commits/master (i'm "smx-smx")
That allows me to unpack nad repack "sdupdate.img" , "reduced recovery images" and "full IMG files".
With those tools. i tried to swap "recovery.img" in the A6 image, but i always got the black screen upon booting from SD.
Either A9/A10 breaks sdboot or the bootloader crashes before it gets there.
Since this also happens when being flashed, this could either be a bug in the flashing program or a bug in the boot stack (which fails to run recovery perhaps due to a dirty state of the internal flash). It's hard to know for sure without having a UART connection with the board.
BUT, we have an alternative, in the form of the recovery built-in ISP flash tool.
This is the code that reads "sdupdate.img" from the SD Card and flashes it
After reading the recovery source code, i realised that this code can only be triggered correctly when booting from the SD card.
It detects this state by reading /proc/cmdline and probing for specific values (https://github.com/rockchip-android...6f72b7d3123dab27135ac41d55029/sdboot.cpp#L206)
This means the bootloader can (and will) pass those arguments under specific conditions (https://github.com/rockchip-linux/u...c873f178c/arch/arm/mach-rockchip/board.c#L358)
If you check here https://github.com/rockchip-linux/u...3f178c/arch/arm/mach-rockchip/boot_mode.c#L47 you can see the magic word that needs to be written to the "misc" partition in order to trigger that code.
Note that, besides the well known "sdboot", "usbboot" is also possible.
I'm not sure if the ROM can physically boot from USB, but the bootloader and recovery do support (according to code) passing the flag to enable flashing from USB.
So, recapping, there are these ways we can try:
a - try to overwrite "boot" with "recovery" (but it might not work due to the partitioning layout, e.g. jumping from A6 -> A10)
- note: uboot might also need to be written when doing this.
b - making a modified "sdupdate.img" that flashes recovery on top of boot, and all the other core partitions like "misc", "uboot", "trust", "vbmeta"
c - writing "misc" from android in order to triggers the "rkfwupdate" mode
d - taking a dump of the first portion of the flash in various states (A6, A8, A9, A10), and having a "dd" that writes it back to the beginning of the flash (i suspect this is how ModInstaller does it)
Considering cases "b" and "c" depend on a recovery that can write them correctly (and the A6 one is buggy), this leaves us with "a" and "d"
Considering that ModInstaller does it in one shot, and doesn't seem to matter about the partitioning layout, i believe "d" might be the most viable option...
Using the "rockchip-tool" repository i linked from github, the partition table can be dumped from any .img file
You can observe "Image/parameter.txt" from the extracted firmware
This is the partition table from A6's recovery:
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
And this is the partition table from A9's recovery
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
Notice how uboot, trust, misc, resource, kernel, dtb, and others live in the same space. (2000, 4000, 6000, 8000, 10000, ...)
What we could do is create a raw blob that spans that address range, and "dd" it directly to /dev/mmcblk0 at the right offset.
So i would focus on converting recovery images to raw blobs, with recovery-as-kernel so it boots straight away on the first try.
Bump a real thread.
Is it possible to convert it to a file installed by SDDiskTool?
marchnz said:
Bump a real thread.
Click to expand...
Click to collapse
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/
blala said:
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/
Click to expand...
Click to collapse
This file hct_recovery.patched.img does not appear to be installed via rkupdate
sadaghiani said:
Is it possible to convert it to a file installed by SDDiskTool?
Click to expand...
Click to collapse
It needs to be converted, yes
I'll take a look this afternoon
blala said:
It needs to be converted, yes
I'll take a look this afternoon
Click to expand...
Click to collapse
Is it possible to create a boot image that includes moded recovery & magisk and moded kernel ?
If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system
blala said:
If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system
Click to expand...
Click to collapse
boot.img file included recovery+magisk+kernel
Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell
Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell - script.sh
gist.github.com
MTCD has separate boot and recovery partitions.
Perhaps you can adapt both recovery/kernel to be in the same image but the bootloader won't know about that (and will always boot from "recovery" partition)

Rooting OPPO A15s

Hi everyone, today I want to share my experience of rooting OPPO A15s (CPH2179)
(Specs: Mediatek Helio P35, 4GB RAM LPDDR4x, 64GB storage, 2 nano SIMs 4G, SD card supported)
It seems like fastboot doesn't really work on newer OPPO phones, as neither did my phone get that to work. Trying "adb reboot bootloader" (of course after unlocking OEM in dev options) will give the "fastboot_unlock_verify fail".
It was such a pain in the ass for me trying to find a way to flash my phone with Magisk (fastboot failed, TWRP needs fastboot to flash), until I found mtkclient.
The steps are simple through the command line; I've got some bootloops, red code, etc... But those problems can be easily avoided if you made them right.
In the end, I still managed to make my phone gets rooted.
A thing to notice is that don't try to use the GUI interface; otherwise, you will get stuck in "Waiting for connection" while your phone still stays in BROM mode.
CLI is recommended.
OPPO phones have the Secure Payment feature, which helps to check the integrity of the system in order to allow banking apps to execute. This feature checks if your phone is rooted (you can hide that easily using Zygisk); and if your phone has an unlocked bootloader.
If one of those conditions is met, then banking apps will be blocked by a system banner. The system will also issue a root detection to the app so in case you made it to turn off the system banner, you won't be able to get into the app.
Losing the ability to use banking apps brought me a lot of inconvenience at the end of the day, so while I still have yet to find out a Magisk module to bypass the system check, I decided to relock my bootloader - which in order to do must delete metadata and userdata, of what that also made my phone unrooted.
If you are planning to root the OPPO A15s, visit mtkclient's Github link for the tutorial. Keep in mind that you'll still need a copy of the stock ROM in case of something goes nuts, and an ozip to zip decryptor to decrypt the stock ROM ozip file (OPPO sucks)
Links:
mtkclient: https://github.com/bkerler/mtkclient
ozip to zip: https://github.com/bkerler/oppo_ozip_decrypt (bkerler massive tbh)
CPH2179 stock ROM: https://support.oppo.com/in/software-update/software-download/?m=A15s

Categories

Resources