Related
Recovery BootStrap (TWRP) - Motorola Defy\Bravo
Version: 4.0
Install Recovery BootStrap (TWRP) for Motorola Defy\Bravo via a USB cable. For computers running the Windows\Linux (port version) operating system.
Download: (Windows: MEGA / Google Drive) | (Linux: port by nastys post>>)
Install Recovery BootStrap (TWRP) you can right out stock firmware (without custom recovery) with superuser.
Recovery BootStrap (TWRP) - for the recovery say thank Quarx, after installation, you can install the rom CyanogenMod from Quarx for December 2014 (but do not forget about resize.zip).
Can be installed on Defy (MB525), Defy Plus (MB526), Bravo (MB520).
Requirements for smartphone:
Enable USB debugging
Superuser (ROOT)
Free space on the memory card of 100 megabytes
Instructions:
1. Download the archive
2. Unpack it somewhere else with a short path, for example D:\andro
3. Connect your phone via USB cable ("debugging on USB" should be included)
4. Run the install_bootstrap.cmd
5. When you see the label "Let's Start? =)", press any key
6. If the superuser ask permission for full access "ADB Shell", allow.
7. After installing the smart phone will automatically restart
!IMPORTANT! after restarting the Stock firmware will not start!, but you will have BootStrap (TWRP) so you can safely install custom firmware\rom
Change log:
V3:
Changed how the script
Fixed installation errors recovery on Android 4.x and later
V4:
The script changed drastically
After installation removes trash from the memory card (so far only on Android 4.x and later)
Made for normal (mortals) users , before you start the installation script checks (by model) which smartphone connected to the computer, if your smartphone is not supported script report it and stop installation, if supported will give something "Device: MB525".
Serviceability checked on the Chinese 231 (Defy) firmware with superuser (what say thank borndead), and on the Asian 231 (Defy)
Questions\FAQ:
Error "[ERROR] Verify device!", what to do?
Error "[ERROR] Verify device!", it is may mean the following:
1. You have not enabled USB debugging
2. Your smartphone does not support this Recovery. (only for MB525, MB526, MB520)
3. You need to confirm the action ADB on your smartphone
4. Or you have some other connection problems
Stock transition to CyanogenMod 11 of Quarx
Stock transition to CyanogenMod 11 (firmware and find all necessary files can be here) of Quarx in short (generally as described on the website Quarx, only simpler and under Windows)
1. Install Recovery BootStrap (TWRP) via USB
2. Enter Recovery install resize.zip
3. Restart your smartphone
4. Install CyanogenMod 11 and GApps
Good work, comrade! I flashed CM11 on the Moto Defy - everything works!
We did observed some cases, where a "new life (resized)" Defy is not booting anymore. Only solution was to reflash SBF and start from scratch.
Does this mean, it is possible to recover TWRP from PC? That would be a step a head!
This is amazing! Everytime I needed to reflash the stock ROM I needed to install cm10, then cm11, then new bootsrap etc...
Unfortunately I don't use Windows...
@Octanium91 Would you mind if I port your script to GNU/Linux?
starbright_ said:
We did observed some cases, where a "new life (resized)" Defy is not booting anymore. Only solution was to reflash SBF and start from scratch.
Does this mean, it is possible to recover TWRP from PC? That would be a step a head!
Click to expand...
Click to collapse
I tried to do something like that, is not yet happened. Perhaps in the future even try
nastys said:
This is amazing! Everytime I needed to reflash the stock ROM I needed to install cm10, then cm11, then new bootsrap etc...
Unfortunately I don't use Windows...
@Octanium91 Would you mind if I port your script to GNU/Linux?
Click to expand...
Click to collapse
Maybe. If Iunderstand with GNU/Linux scripts
The new version, V4
The new version, V4
Changes:
The script changed drastically
After installation removes trash from the memory card (so far only on Android 4.x and higher)
More debugging: Now the script itself is not closed, and tells the user exactly what happened.
Sorry debris removal only works on Android 4.x and later.
Linux port done!
@Octanium91 I ported it to C++ (for Linux only at the moment). Please add it to the first post . Here is the link: MediaFire | MEGA
On Ubuntu just mount the ISO as image (not archive) then click 'Run' (or you can also extract the ISO and run the executable directly). It works on x86 (32 bit) and x86_64 (64 bit) CPUs. The source code is also included in the ISO. Tested on Ubuntu 14.10 and 16.04 (64 bit).
I tested it with both stock 2.3.6 rooted and CM11. It seems that the stock ROM won't boot after flashing the new bootstrap, but the recovery works fine
Also your version has a very bad bug: it flashes Defy bootstrap even on Bravo!!! It should flash Motorola Bravo specific bootstrap instead. My version only works for Motorola Defy and Defy+ at the moment, but you can edit the source code. EDIT: they are the same file with different names. I updated my version to support MB520.
After run the command script, when i boot in TWRP SDcard shows 0mb.
Already tried flashing the SBF recommended by quarx and after that the root SBF, but the result is always the same.
With CM recovery i can see the SDcard properly, but after the resize, or bootstrap, i always get 0mb at SDcard.
Any help?
Thanks!
evilinheaven said:
After run the command script, when i boot in TWRP SDcard shows 0mb.
Already tried flashing the SBF recommended by quarx and after that the root SBF, but the result is always the same.
With CM recovery i can see the SDcard properly, but after the resize, or bootstrap, i always get 0mb at SDcard.
Any help?
Thanks!
Click to expand...
Click to collapse
Format your SD card (to FAT32) or use another one.
Octanium91 said:
The new version, V4
Changes:
The script changed drastically
After installation removes trash from the memory card (so far only on Android 4.x and higher)
More debugging: Now the script itself is not closed, and tells the user exactly what happened.
Sorry debris removal only works on Android 4.x and later.
Click to expand...
Click to collapse
nastys said:
@Octanium91 I ported it to C++ (for Linux only at the moment). Please add it to the first post . Here is the link: https://www.mediafire.com/folder/candnhxj8aovj/Defy_Bootstrap_Installer_for_Linux
On Ubuntu just mount the ISO as image (not archive) then click 'Run'. It works on x86 (32 bit) and x86_64 (64 bit) CPUs. The source code is also included. Tested on 14.10 x86_64.
I tested it with both stock 2.3.6 rooted and CM11. It seems that the stock ROM won't boot after flashing the new bootstrap, but the recovery works fine
Also your version has a very bad bug: it flashes Defy bootstrap even on Bravo!!! It should flash Motorola Bravo specific bootstrap instead. My version only works for Motorola Defy and Defy+ at the moment, but you can edit the source code.
Click to expand...
Click to collapse
Greetings guys, I'm a user from the Atrix 2 section and a part of the current device supporters there. It's a pleasure to finally post here, 'the domain of Quarx' haha.
I was wondering if this recovery is able to flash and boot android Lollipop 5.0 roms yet? If so, then is there some way to port it from source to my or other similar Moto devices in the OMAP bracket with locked bootloaders?
I'm an Android novice, but I'm experienced in building custom recoveries and roms, as well as beginner git commands, so no need to hold anything back, lol. I appreciate the work you're all doing here, please continue to make the difference. Thanks for reading this and take care!
answer
Aceofzeroz said:
Greetings guys, I'm a user from the Atrix 2 section and a part of the current device supporters there. It's a pleasure to finally post here, 'the domain of Quarx' haha.
I was wondering if this recovery is able to flash and boot android Lollipop 5.0 roms yet? If so, then is there some way to port it from source to my or other similar Moto devices in the OMAP bracket with locked bootloaders?
I'm an Android novice, but I'm experienced in building custom recoveries and roms, as well as beginner git commands, so no need to hold anything back, lol. I appreciate the work you're all doing here, please continue to make the difference. Thanks for reading this and take care!
Click to expand...
Click to collapse
Hi!
flash and boot android Lollipop 5.0 roms - just can not say, but it is theoretically possible (need to check).
If so, then is there some way to port it from source to my or other similar Moto device - No, this is not possible (specifically, in this case). BUT this method you can set recovery to another smartphone (it is theoretically, need to try)
Here recovery that are in the public domain, I think that they can install Lollipop 5.0 roms - TWRP2 \ Safestrap
Moto devices in the OMAP bracket with locked bootloaders? - Most likely will not work, but no one stops to try
Octanium91 said:
Hi!
flash and boot android Lollipop 5.0 roms - just can not say, but it is theoretically possible (need to check).
If so, then is there some way to port it from source to my or other similar Moto device - No, this is not possible (specifically, in this case). BUT this method you can set recovery to another smartphone (it is theoretically, need to try)
Here recovery that are in the public domain, I think that they can install Lollipop 5.0 roms - TWRP2 \ Safestrap
Moto devices in the OMAP bracket with locked bootloaders? - Most likely will not work, but no one stops to try
Click to expand...
Click to collapse
Many thanks for the prompt and well ordered reply! I'll look into your suggestions and I'm aware that there aren't many available recovery software for our locked bootloader phones.
We were actually trying to get Safestrap working on our device since last month, but it's failing to work correctly in booting our kexec roms. So I thought I'd ask here since the Defy works by using the 2nd boot like us, but it's still under investigation. Thanks again for your assistance, we're not out of the game yet and we'll get things rolling eventually. Take care!:thumbup:
Sent from the Ace's MB865 using Tapatalk
Error. More than one device and emulator
what am i doing wrong?
LoeWn said:
Error. More than one device and emulator
what am i doing wrong?
Click to expand...
Click to collapse
Perhaps you have not enabled USB debugging
Requirements for smartphone:
Enable USB debugging
Superuser (ROOT)
Free space on the memory card of 100 megabytes
I did enable usb debugging
LoeWn said:
I did enable usb debugging
Click to expand...
Click to collapse
You can send us a screenshot?
I had a successful installation of a december build and twrp 2,6x installed, everything ran just fine. But when the CM tells me there is a update and i download it does not install from recovery, get errormsg. Also apps like rom manager pro tells my phone is not compatible with any updates, and that i should install CWM recovery. So is it possible to install a real CWM on a defy mb526?
Hi, I flashed Recovery BootStrap v4 on the Defy MB525, but its not working. After flash and reboot, phone starts booting, but it ends up with the following screen.
Doesn't matter if I choose Recovery or continue. I can press the menu button (to choose recovery) and nothing happen, till the 3rd press. Than display goes black and thats all .
Any idea where could be the problem or what I'm doing wrong?
Edit: maybe its related to the bootloader version, which is 09.10
Haldy said:
Hi, I flashed Recovery BootStrap v4 on the Defy MB525, but its not working. After flash and reboot, phone starts booting, but it ends up with the following screen.
Doesn't matter if I choose Recovery or continue. I can press the menu button (to choose recovery) and nothing happen, till the 3rd press. Than display goes black and thats all .
Any idea where could be the problem or what I'm doing wrong?
Edit: maybe its related to the bootloader version, which is 09.10
Click to expand...
Click to collapse
Based on first screenshots, Recovery installed. Now you need to install system.
Than display goes black and thats all - maybe have to wait
marcooleo said:
I had a successful installation of a december build and twrp 2,6x installed, everything ran just fine. But when the CM tells me there is a update and i download it does not install from recovery, get errormsg. Also apps like rom manager pro tells my phone is not compatible with any updates, and that i should install CWM recovery. So is it possible to install a real CWM on a defy mb526?
Click to expand...
Click to collapse
In principle it is possible, but it does not make sense.
updated4/4/2017 (Still does not work on stock 5.0) - Removed due to it still not booting stock 5.0, and ALSO now breaks booting unpatched.
twrp 3.1 is broken
twrp 2.7 is broken
twrp 3.0.1 works
some/most custom roms work
Most official/stock do not.
EFIDROID - Official link
Developer: m11kkaa
DO NOT BUG THE AUTHOR ABOUT BUGS/FEATURES, THIS IS UNOFFICIAL.
Most custom roms appear to boot
Install:
assumes on stock firmware (Custom roms must report the DEVICEID as hlte, hltetmo, hltespr or hltevzw. Ask your Rom maintainer to correct it or visit post #51)
assumes root and bootloader unlocked
For now "efidroid" on playstore is not configured for our device, so we will do this using our own server:
Download "EFIDROID" from the playstore
Download "TerminalEmulator" from the playstore (or use adb shell)
Download "SimpleHTTPServer" from the playstore
NEW UNTESTED - Removed
OLD Download EFIDROID_SERVER_FILES from View attachment EFIDROID_SERVER_FILES.zip
Open and extract the "device" and "ota" folder to the INTERNAL storage of your phone
Open SimpleHTTPServer (do not change default settings)
Open Terminal Emulator and enter: (make sure you didn't forget any spaces)
su
setprop efidroid.server_url "http://localhost:12345"
Now open efidroid, it should automatically connect. Now press the menu key in the top left corner and press install, then press the big install button.
Now create your slot, and reboot.
Use the vol +/- to navigate up or down, use the power button to select an option
Long press power button on internal rom/recovery to boot without efidroid
Reinstalling/Updating:
Download the new OTAPACKAGE file and extract to INTERNALSD, replace old device/ota folders
Clear EFIDROIDMANAGER cache/data
Run the SETPROP command (don't forget su)
Turn on SimpleHTTPserver
Open efidroid and click uninstall, and then click install (Or click reinstall)
MAKE SURE YOUR BUILD DATE NOW MATCHES THE UPDATED BUILD DATE
Uninstall:
if you hit the uninstall button, the app copies the contents of the UEFIESP back to the real partitions and deletes the partition_*.img files. It does not delete the UEFIESP directory or any of the multiboot directories because they may contain other important files.
flashing boot+recovery outside of EFIDroid's control(e.g. using stock's fastboot/odin flash, or using unpatched boot) is pretty much the same as uninstalling efidroid without deleting the partition_*img files.
All that means that you don't have to worry about any of that if you restores your boot+recovery partitions(either through the app or manually). If you want to free up some space you can delete the UEFIESP directory using a root file manager.
Bugs/Issues:
REPORT ERRORS/BUG ON GITHUB
"can't find tagloader for type -1" - your recovery/rom is not supported (like twrp 3)
Report errors: https://github.com/efidroid/projectmanagement/issues
What you must include:
Exact steps to reproduce the error
Give the exact error shown on screen
If its storage related:
Give the output of "cat /proc/1/mountinfo"
EMERGENCY :
If you find yourself frustrated and just wanting things back the way they were:
Download odin
Download twrp (get the md5/tar version for odin)
Turn off phone (pull battery)
boot to download mode by holding vol down and home and power
Start up odin and press the AP button and browse for the TWRP file. Press start to flash.
Reboot phone into twrp recovery (vol up + home + power), and restore your boot/recovery partitions.
EFIDROID has now been effectively disabled[/HIDE]
Help and info:
If you are familiar with adding touchscreen support please visit us!
Join us on Slack : http://join-efidroid.rhcloud.com/
Once joined: https://efidroid.slack.com/
EFIDROID G+ page : https://plus.google.com/communities/...43671219382368
[/CENTER]
Works on N9005 LTE ?
It looks pretty cool but I've got limited knowledge. My N9005 is on phronesis rom v4.1, IdleKernel v6.6.5 and all partitions converted to F2FS, will it work on this format as well :/
As long as it is a note 3 on msm8974 (sorry exynos) it should work.
File system support should be trivial. I used that same FS myself
Is this an actual GRUB loader for android?
If so am ashuming this means it's possible for UNIX install
i.e. Arch Linux as OS.......
Hmmm.... Windows RT on Note 3... ^^
What about ACPI? We might need this for WinRT
With all due respect, I think you've posted a how to post bit earlier. I'm a flashaholic & the wait for the zip is killing me
I didn't think the day would come.
As a pleb, I will follow this thread with great interest.
djmalik420 said:
With all due respect, I think you've posted a how to post bit earlier. I'm a flashaholic & the wait for the zip is killing me
Click to expand...
Click to collapse
lololol
Wonder if this is ever going to work Great concept though.
Fake ¿ ???
Only what i see its a bootanimation, in the Video from a "older and other"
The OP account is suspended so I guess something fishy is going on.
Guess we will wait and see
oh come on now. I got suspended for being rude to a well respected member of xda. And its not fake... Really? Anyways... I took my ban as a break and just started back with m1cha on getting the uefi part to work with the screen.
A few pointers: You still need devs to port each os, like windows, true linux ect.
This is just a multiboot. So many devices lack that, some had safestrap, or kexec ect, but all those methods had quirks or special rules, or depended on android. This loads before even the kernel.
Also, it will have many tools that a typical recovery has, so you may not even need to reboot into recovery to setup partitions, also aroma was ported, so maybe even installing roms/kernels too.
Also, there will be an efidroid server "store" where you can get tools and apps to run in efidroid. So devs can extend functionality. Also there will be an android installer to make everything easier.
Just think of this as a pimped out safestrap.
SaschaElble said:
oh come on now. I got suspended for being rude to a well respected member of xda. And its not fake... Really? Anyways... I took my ban as a break and just started back with m1cha on getting the uefi part to work with the screen.
A few pointers: You still need devs to port each os, like windows, true linux ect.
This is just a multiboot. So many devices lack that, some had safestrap, or kexec ect, but all those methods had quirks or special rules, or depended on android. This loads before even the kernel.
Also, it will have many tools that a typical recovery has, so you may not even need to reboot into recovery to setup partitions, also aroma was ported, so maybe even installing roms/kernels too.
Also, there will be an efidroid server "store" where you can get tools and apps to run in efidroid. So devs can extend functionality. Also there will be an android installer to make everything easier.
Just think of this as a pimped out safestrap.
Click to expand...
Click to collapse
It doesn't matter what negative comments you get because "Criticism Is The Key To Innovation" it's my personal quotation ...I've been visiting this thread since day one at minimum of three times a day hopping that you would have uploaded the zip...Make it quick buddy & keep up the good work :good:
We need a samsung expert. Getting the display to work in uefi is troublesome. DTSI and gcdb display experience is needed.
SaschaElble said:
We need a samsung expert. Getting the display to work in uefi is troublesome. DTSI and gcdb display experience is needed.
Click to expand...
Click to collapse
as far as my knowledge is concerned, Master @darkera13 is kinda expert you're looking for...I don't personally know him or his skills but people around note 3 forums praise his work very much
Is this Note 3 specific?
This is kinda an off topic question, but, just a few days ago i wanted to try Remix OS out in my PC, but noticed that there is no direct EFI support...just thinking if this thread would be any benefit for PC UEFI users trying to boot Android x86 directly through efi file.
sorry for the question, might be my knowledge limitation on the field...
Using a x64 cpu and grub or refind you can boot RemixOS, they have a uefi image on their site. (Thats what they said) Basically you really don't need efidroid for this, as it would only make it more complicated.
grub is exactly my problem...
thanks a lot for clarifying
FIsH a la carte - A porting guide for the FIsH framework.
Proudly introducing Android FIsH: Fluffy Incredible steadfasterX Hijack
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
FIsH: Fluffy Incredible steadfasterX Hijack
First of all:
All this is for the brain of DEVELOPERS.
Well.. to be more specific: not really for developers but for COMPILERS
For using FIsH You do NOT need to DEVELOP anything - normally - the only thing you should be able to do is COMPILING -> e.g. TWRP.
If you have the knowledge to compile TWRP then FIsH is what you need to bring it on your locked device.
Just follow the menu card in the post #3 "Bring FIsH on the menu card" and your job is done.
If you are a user wanting to have FIsH for your device: FIND A COMPILER (a person who is able to compile TWRP/ROMs/.. for your device!!).
DO NOT ASK IF I CAN PORT FIsH TO YOUR DEVICE!
DO NOT ASK IF I CAN COMPILE [FILL IN WHATEVER YOU WANT] FOR YOU!
-> instead find a person willing to port FIsH plus the ramdisk of your choice (e.g. TWRP) and point him/her here.
When do you feel like a compiler or u want to be one: read on
if not: really still here? I said find a compiler!
Table of content
This whole thing here is damn long.. but that's one of the major difference for the FIsH: I try to explain what I do
For a better handling I splitted the guide into several parts:
This post: Explain me the FIsH (What it is)
Post #2: FIsH bowels (What's inside)
Post #3: Bring FIsH on the menu card (porting FIsH)
Post #4: FIsH cuisine (examples)
Post #5: FIsH hydra (multiboot in FIsH)
Post #6: Chew the FIsH (Copying/License)
Post #6: FIsH mutation history (Changelog)
Post #7: Go FIsHing (enduser installation guide example)
Overview
You can not unlock your bootloader? So now it's all over right?
TWRP and flashing custom ROMs on locked devices is impossible right?
Oh no wait there are hacks (up to KK) which have a workaround for this but I couldn't find anything for LL (sorry if I missed something) and what I found was not easy to port so nothing generic which i could just adapt easily.
Here is where the Android FIsH (refered to just FIsH in this whole doc) steps in
FIsH means: [F]luffy ncredible teadfasterX [H]ijack
FIsH is different from Safestrap or other hijacks because it should be better understood as a kind of framework for any ramdisk image you want to load.
FIsH will not harm the Android boot chain! Means it will not modify /boot, /recovery or aboot partitions. It will just modify /system.
FIsH:
... is NOT MultiROM (see post #5: FIsH hydra)
... is NOT efidroid (see post #5: FIsH hydra)
... is NOT Safestrap
... is NOT TWRP (booting with FIsH is tested and works)
... does NOT root your phone
... does NOT unlock your phone
... is a WORK IN PROGRESS!
... but FIsH could (in theory) "BOOT" any of the above!
U got it? FIsH is the hack to boot whatever you want.
This also means atm it is tested on some devices only and the only FIsHFOOD (ramdisk) FULLY tested and so stated to be working is TWRP.
Nevertheless I'm hard working currently on porting either MultiROM-in-FIsH or efidroid-in-FIsH to bring custom ROMs to locked devices as well (see post #5: FIsH hydra).
What the FIsH is (in short words)
Read about the full details of the implementation of FIsH in the next post (Post #2: FIsH bowels (What's inside)) but to give you a short overview:
FIsH is a boot hijack and wants to be a FRAMEWORK for booting any fishfood (ramdisk) you like.
FIsH is portable to other devices
FIsH gives you all possibilities to make the most of your device by letting you boot whatever you like
FIsH will not provide or contain any ROM or recovery by it's own - THATS YOUR HOLY OWN JOB NOW!
FIsH is the tool -> but building a ROM or recovery is (still) up to you.
These questions may come up in your mind now
Will FIsH void your warranty? Not more or less then rooting your device.
Will FIsH unlock your bootloader? omg NO! read it again!
Is there a risk with FIsH? For example could it soft-brick my device? Well.. absolutely! Safe is the death only. There are always risks especially for untested devices. I do all I can to keep this risk as low as possible and I provided a way to get out of bootloops but again you will get no guarantees here and elsewhere.
Will it work on Android version ICS, KK, LL, MM, N, O, ....? Check the pre-requirements. If you can answer them with yes it should work. If not then not. That easy.
Will I need a recovery partition to use FIsH? No. FIsH ran in RAM only. Even if your device does not have a recovery partition it will work.
Will FIsH work for my device? FIsH is more than just a hack for a special device or model it is a hack for ALL devices of ANY vendor! wtf? yes. Your FISHFOOD is device specific so the question would be better: Will the FISHFOOD (e.g. TWRP) work on my device? The answer is it depends. You need to compile it for your specific device and it should but who knows.
To narrow it a little more down:
you have to met the pre-requirements and there has to be done some things to get a value out of it but those are straight forward for a good compiler/developer like you!
FIsH pre-requirements
Here are the pre-requirements you have to met!
If you can't get them: Close this page and FORGET it (until the day you met those reqs)!
Here are the 2 simple requirements you have to met:
a) root by SuperSU >=v2.76 (greater or equal v2.76)
--> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible
--> for many devices - if not all - this means you HAVE TO downgrade/install LL. It also means that you have to upgrade your SuperSU to this version by e.g. FlashFire if you have a lower version installed!
--> SU by phh is NOT supported => It needs a modified /boot and this would void the boot signing chain!
--> Magisk is NOT supported => It needs a modified /boot and this would void the boot signing chain!
--> I will NOT provide downgrading guides there are plenty of them so search and read.
--> I will NOT provide any guides in rooting your device
--> Before you think about downgrading to LL read about ANTI-ROLLBACK protection some devices and may have! Anti-Rollback means you CAN NOT downgrade - it would HARD-BRICK your device (wtf thinking the vendors who we are?? Is this even legal?!)! Check that before!!
b) you have to be able to disable SELinux in your booted Android
--> You do NOT need to set SELinux permanently to permissive. Just CHECK if you COULD get it MANUALLY. If you can get it OK. If not.. you obviously have not full root access but check the forums maybe there is something you can do about this.
--> I will NOT provide any guides enabling SELinux but some lines later you will see how u can execute the very simple check
--> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible
Those above are hard facts so it may NEVER work with MM. Google has changed the way on how the boot chain will be verified and that means changes in /system will void it from now on.
If MM can get fully rooted somehow/somewhen on your device with SuperSU installed and you are able to disable SELinux the method will work there as well.
If you can not meet ALL of the above 2 requirements lay down and cry.
For the others: calm down and read on!
You can simply test those both requirements by downloading FIsH and execute the installer with the testing parameter:
./install.sh --check
Example output:
############# Checking for busybox
...downloading busybox
--2017-03-24 13:37:44-- https://busybox.net/downloads/binaries/1.26.2-defconfig-multiarch/busybox-armv6l
fishing/busybox 100%[========================>] 1,06M 542KB/s in 2,0s
2017-03-24 13:37:47 (542 KB/s) - »fishing/busybox« saved [1107664/1107664]
Waiting for your device... (you may have to switch to PTP mode on some devices!!)
Android Debug Bridge version 1.0.36
Revision 7.1.1_r13
############# checking Android version
-> Good. Matching exact the required Android SDK: 22
############# checking SuperSU version
-> Matching required SuperSU version: 279
############# temporary disable SELinux
-> command ended successfully (err=0)
SELinux mode: Permissive
... restoring SELinux mode to Enforcing
Tests finished! Check the above output!! Exiting here because in checking mode. Nothing installed.
Click to expand...
Click to collapse
The important lines are:
Matching required SuperSU version: XXX
"SELinux mode: Permissive"
If you see "SELinux mode: Enforcing" or any error messages you may doing something wrong or it just do not work for you.
Limitations!
Keep in mind what I said above: FIsH does NOT unlock your bootloader!
That means with FIsH itself you can NOT "install" anything. FIsH actually is the FRAMEWORK(!) for the FIsHFOOD (ramdisk) you want to load.
One good example is TWRP. This can be loaded even on devices do not having a recovery partition (I believe Sony is one of those).
Let's stay by the example of TWRP.
Keep in mind that when you use FIsH to provide TWRP you can NOT
Install a custom ROM like CM/Lineage (this will modify boot = SOFT-BRICK. for this u would need efidroid or multirom as FIsHFOOD)
Install a custom Kernel (this will modify boot = SOFT-BRICK)
Install a custom recovery (this will modify recovery =may SOFT-BRICK)
In short: do nothing which modifies boot or recovery partitions. Those changes will break your boot signing chain.
You can of course flash everything which is modifying /system /data only (e.g. xposed, Audio mods, etc...)
You're able to backup and restore as well of course and doing any other modifications which you may can't while the Android system is running.
Download
You will get the most current downloads at github but I uploaded all stable releases here at XDA as well to mirror them.
Latest stable (well tested and so hopefully fewest bugs): Download latest release at github (click)
Mirror / older stable versions: DOWNLOAD-TAB (click)
Next stable (lesser chances of issues but may still not released yet): github master branch
LIVE/FRESHEST code u can get (high chances of failures, bugs, unexpected behavior - but the latest and greatest features/bugfixes): github develop branch
FIsH helpers
If you want to reboot directly to an implemented version of FIsH from within Android check out this:
Thanks to @sdembiske who has onboarded the developer @AntaresOne we have an option to reboot into FIsH very comfortable now!
Check it out here: QuickReboot App
Support / IRC Channel
(DEVS/COMPILERS ONLY - NO ENDUSER SUPPORT!)
IRC means Internet Relay Chat and you will get best support here only.
This channel mentioned here is NOT an ENDUSER channel!!
It is for developers and compilers only!)
Endusers should use: #Carbon-user instead !
Choose how to get in:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
Web (KiwiIRC-Web,FreenodeWebchat])
When you have to choose a channel it is: #Carbon-Fusion (this is NOT an ENDUSER channel!! It is for developers and compilers only!)
Endusers should use: #Carbon-user instead !
When you be asked for a server network choose: freenode
Credits (without them - no FIsH!!!)
If you feel that someone / you is missing on this list lemme know!
Chainfire for SuperSU! This is the main part of FIsH.
TeamWin for TWRP
@cray_Doze, @dssmex, @Aaahh and @KeiranFTW for their hijack implementations (e.g. https://forum.xda-developers.com/showthread.php?t=2608408, first steps to a G4 hijack)
@dibbled for creating the android FIsH logo
steadfasterX for the android FIsH !
Famous last words
You may say: When this will work for up to LL only.. Why the hell are u releasing this now? We just see the upcoming Android O and you talk about LL? Well.. This whole thing is just a fun project. I want to learn and I want to give back something which helps others.
So at the end.. If u don't like.. its ok. If you don't need it.. ok. If you can't get any value out of it.. ok..
But maybe it helps others out there instead.
So if you're still not scared and want to continue.. what u r waiting for??
XDA:DevDB Information
android FIsH, Tool/Utility for all devices (see above for details)
Contributors
steadfasterX, BigCountry907, Rees86
Source Code: https://github.com/Carbon-Fusion/android_FIsH
Version Information
Status: Stable
Current Stable Version: v3.0
Stable Release Date: 2017-06-14
Created 2017-03-24
Last Updated 2017-09-11
FIsH bowels (What's inside)
This is for ppl understanding the basics. I will not explain it for dummies
Ok prepare urself for the naked magic
Actually FIsH is mostly similar to other RAM hijacks around with 3 major differences:
1. FIsH is based and depends on SuperSU.
YES - I make my life EASY. You actually need a rooted devices for the most kind of hijacks.
... and I assume the most ppl using SuperSU as their su binary.
... and SuperSU does not require to modify boot (at least until LL)
With this in mind and reading the SuperSU docs I had read that beginning from version 2.76 SuperSU
comes with a special kind of internal init.d support means: It executes custom scripts very early with full SELinux perms available.
Check out the docs here: https://su.chainfire.eu/#updates-sud
2. FIsH tries to be a generic framework with instructions to bring it on all devices.
The hack here is not device specific due to its nature of just executing a custom script by SuperSU.
I've made all scripts inside as easy portable as possible and given hopefully good descriptions and
porting instructions for EACH variable you may need to adjust.
3. it works for up to LL (when u can met the pre-reqs for MM or N, O or whatever comes then - it will work there as well!)
I found only methods for up to KK (e.g. 2nd init and others) but nothing for LL (sorry if I missed someone!) so I started FIsH.
So in sum FIsH is:
a set of scripts and tools which gets executed by SuperSU on early boot stage which hijacks the boot process to bring up your own ramdisk.
FIsH vs Flashfire
Flashfire is absolutely an AMAZING tool! You can backup, installing ZIPs etc all without an unlocked bootloader.
Due to it's nature it is not possible to do EVERYTHING with it (on a locked device), e.g. restoring your whole system partition.
TWRP-in-FIsH (FIsH plus TWRP as FIsHFOOD ramdisk) can provide this - even with a locked bootloader.
Besides this FIsH can do more like (hopefully) bringing you custom ROMs on locked bootloader devices.
FIsH vs Safestrap
Safestrap is supported up to KK and besides this it actually is some kind of MultiROM pendant (+ the hijack part).
FIsH supports any Android version up to LL (GB, ICS, KK, LL,..) as long as the 2 bloody requirements can be met.
Safestrap is a very customized version of TWRP and so limited to updates from there.
FIsH lets you boot any ordinary TWRP completely unmodified. This makes it easier to get new TWRP features on your device.
Besides this FIsH wants to be easy to port for everyone thats why it uses standard components only.
AFAIK it is not supported anymore anyways.
FIsH vs other RAM hijacks
The main reasons why FIsH exists are described already (LL support, easy portable and easy to use) so if you still feel that this is not different from the others... i dunno what to say
FIsHing (Hijacking) means:
FIsH kills all running services, scripts, binaries it can find.
Afterwards it will unmount everything and delete all files left behind from the initial ramdisk.
Now in that more or less clean state it will replace the initrd with the FIsHFOOD - means your own ramdisk like e.g. TWRP.
Some other stuff may happen also but at the end a binary will be started - normally a /init from your own ramdisk
So in sum it is a live replacemnt of the current ramdisk with your own.
Requirement <SuperSU>
It prepares the system to run the FIsH init script and also ensures that SELinux can be run in permissive mode.
Keep in mind that FIsH will enforce permissive mode on boot to do it's job so you do not have to do anything (normally) to let the FIsH boot.
Main components of FIsH:
./install.sh (file)
The installer is the first part you may need to adjust when you want to port FIsH.
This installer is for Linux users only. If you want to have Windows users executing FIsH point them to https://tinyurl.com/FWULatXDA !!
.. but you're free to port the installer to Windows (if u like: bring it back to me so I may include it..)
Your FIsHFOOD (your own ramdisk) has to be compatible to your running STOCK ROM. If you have LL 5.x running your ramdisk has to run / build for it.
important variables:
MINSDK: Adjust this SDK level to match your runnin STOCK ROM which has to be compatible with your FIsHFOOD
MINSU: The minimum SuperSU version required. Do not use anything lower than 279 (means 2.79) because this may not work!
BUSYBOXURI: This is a full URL to a busybox binary compatible with your device. You may have to adjust this but ensure u use a compatible version
because we highly depend on its syntax. The reason why FIsH does not come with busybox bundled is besides license stuff (I do not wanted to provide their
sources ) it may be required that you need another binary then me.
fishing/ (directory)
The real FIsH. Means all files which gets copied to the target device.
fishing/busybox (file - will be auto downloaded by the installer)
You should know what it is..
FIsH comes without busybox but the installer will download it automatically and place it here.
FIsH uses busybox to have all commands with the expected syntax in place and we highly depend on this in the hijack process!
fishing/fishfood.gz (file)
The FIsHFOOD is your own ramdisk - in gziped cpio (e.g. TWRP)
This ramdisk has to be compatible to your device's ROM. Means when you have a STOCK ROM 5.1 installed your ramdisk have to be compatible to LL 5.1.
You can ensure this within the installer (see FIsH Installer) where the Android version will be read and compared before FIsH installs actually.
fishing/fishfood.release (file)
The version and content of your FIsHFOOD
I recommend the following naming convention:
[yourFIsHFOOD]-in-FIsH-v[VERSIONNUMBER]_[DEVICE-MODEL]_[Android-Version]
e.g.
TWRP-in-FIsH-v1_LG-G4_LL
You can write in here whatever you like. The content will be send to the fish.log to identify which version the user has installed (helps debugging).
fishing/callmeFIsH (file)
a caller script which gets executed at very first.
The only task callmeFIsH has is to prepare the whole FIsH to get started out of /system and then starting FIsH from /res. After this it immediately exists to not keep open tasks on /system. callmeFIsH will be placed in /system/su.d/ to get autostarted by SuperSU.
fishing/FIsH (file)
The heart of the FIsH.. Get's called by callmeFIsH.
It will be executed by SuperSU on boot and will hijack the process and prepare and setup everything to let your FIsHFOOD coming up.
fishing/FIsH.me (file)
Functions and vars a user/dev normally wouldn't need to change. They are internal stuff only.
fishing/FIsH.porting (file)
As you're trying to port FIsH this file is your main part when it comes to customization for your device.
Here you should find everything required to be adapted and there are very high chances that you HAVE to adjust this to your device.
fishing/gofishing.sh (file)
The remote installer part. It will actually run as root and prepare your system for FIsH.
You normally will never need to touch this.
FIsH target directories
/system/fish/
All the bowels of FIsH like, FIsH, Busybox, fishfood.gz and fishfood.release go here
/system/su.d/
The FIsH caller (callmeFIsH) goes here
/cache/fish/
The most important directory for you: Here you will find all logfiles required for debugging!
.
Bring FIsH on the menu card (porting FIsH)
So you may now have a little bit understanding of what FIsH can do for you and what not.
When you feel FIsH could work for your device then why not just trying to port it?
This guide should help you for this task.
FIsH was made from scratch with portability in mind.
That means I tried to make it as simple as possible for you to port.
I really hope that task has been accomplished..
1. Met the pre-requirements
You have to understood that FIsH will work ONLY when the pre-requirements are met.
There is no way around or "if i met 1 of the 2 - will it work?" NO. You need BOTH!
If you will be asked by a user to port FIsH -> Ensure that the requirements can be met first before investing your time.
There is an easy test u can go for this: just execute the installer like this:
./install.sh --check
The installer will test and check if it get what it needs and then EXIT without(!) any installation.
2. Build your FIsHFOOD (your custom ramdisk)
I recommend to start with TWRP but choose whatever you like. For this guide i stay with TWRP.
Keep in mind that your FIsHFOOD has to be build with the same sources as your running STOCK ROM.
If you want to support multiple STOCK ROM versions you may have to build multiple FIsHFOOD versions.
Testing your FIsHFOOD is not that easy on locked devices so your only option is to go on once you feel your build is ready.
3. Cook the FIsHFOOD
When you build images or ramdisks you may end up with an image file needed some preparation first:
create a gziped cpio of your initial ramdisk u wanna load
example of twrp build by you:
after your build has finished you will find several img files in your out/ directory and you just need to copy the following file:
out/target/product/<YOURCODENAME>/ramdisk-recovery.img
and move it to:
fishing/fishfood.gz
example of an existing twrp image:
abootimg -x twrp.img (will extract the twrp image)
file initrd.img (should tell something like: gzip compressed data. if NOT: gzip it!)
mv initrd.img fishing/fishfood.gz (moves the extracted initial ramdisk)
Some Notes:
- this cpio has to be compressed with gzip (.gz file ending is importat!)
- the name of this file should be fishfood.gz (exactly this)!
- edit or add a file fishing/fishfood.release and type in what ur fishfood is (e.g. TWRP)
and the version of it course (a good example is: TWRP-in-FIsH-v1_LG-G4_LL)
Click to expand...
Click to collapse
4. Prepare the FIsH installer
Download FIsH and extract it.
open the file install.sh
Check the variables u may need to adjust: Check Post #2 above for some explanations and read the comments within
Note about the Android goFIsHing installer (fishing/gofishing.sh)
You normally do not need to touch this file. It may be required if you cannot install FIsH but that should hopefully not happen..
5. Cook the FIsH
open fishing/FIsH.porting
You will find 2 sections: GLOBAL and PORTING
Each section has hopefully meaningful comments to give you an idea what they do and how you should modify them.
Most vars also have example instructions to find the correct values for your device.
When you're trying to port FIsH you may have to try & error FIsH several times before and you may do not want to use your defined key combo to do so.
For this and also as a convenient option when you want to boot directly into FIsH from Android you can set a special flag to always boot FIsH.
Use it with care because it may let it bootloop while in your testing phase.
The file which activates FIsH without a key press is: /cache/recovery/boot
It can make sense to use this for an easier testing process (don't need any key presses to activate FIsH).
In sum the following command comes very handy while developing:
./install.sh && adb shell "su -c touch /cache/recovery/boot" && adb reboot
So the other way is using a key combo without the need to boot into Android.
For this you will find everything you need in the file fishing/FIsH.porting which you usually have to adjust to your specific device.
Providing user feedback for activating the FIsH:
FIsH gets NOT activated by default. That means if you would reboot your device it will just reboot.
To activate FIsH you need either to use a key combination (provided by you) or using the FIsH file flag.
The idea of the FIsH booting process is (see fishing/FIsH.porting)
a) WAIT_LED: show a LED color indicating FIsH has been STARTED (not ACTIVATED)
---> the user has to press the magic key combo NOW
b) VIBRATE: will vibrate to indicate that the time for pressing the magic key combo is over
c) FISH_LED: show a LED color indicating that FIsH has been ACTIVATED .... or NOT!
d) boot into either Android or your FIsHFOOD depending on what the user wants
If your device does not support different LEDs you can instead use the path to vibrate in the LEDs.
e.g. WAIT_LED="$VIBRATE". This will let the device vibrate instead of showing a LED color.
Whatever you end up with you have to check and adapt the enduser installation guide ofc as well..
6. Let the FIsH swim
Now it's time to test your FIsH port. But BEFORE:
You will take a high risk here at this early stage because it CAN bootloop/soft-brick your device if something goes totally wrong!
I hope I had done all to keep the risk for this low but no guarantees!!
So make a FULL backup of ALL your apps and do not forget to backup your internal storage with all your pictures etc.!!! (just a reminder: TWRP does NOT backup your internal storage!! Read the explanation here)
If the worse case happens you may need to totally bring your device back to pure STOCK so you have been warned!
7. Finally give the FIsH a name
If your FIsH swims... omg.. CONGRATS well done !!! The most hardest stuff is done now! Woot u r a REALLY good dev did u know that?! Your community will praise u!
Of course u r free to choose a name but I recommend to name your FIsH package like this:
[yourFIsHFOOD]-in-FIsH-v[VERSIONNUMBER]_[DEVICE-MODEL]_[Android-Version]
e.g.
TWRP-in-FIsH-v1_LG-G4_LL.tgz
Note: Did u see the different use of dashes and underscores? Keeping it that way is important.
This way we all get a clear understanding what it is, which TWRP-in-FIsH version, for which device and for which STOCK ROM version.
8. Release your FIsH to the wild ocean
Ok I will not tell you how you should release but it would be nice if you tell the users where this all comes from
Do not forget to report back to this thread if you have implemented a port so I can add it here for reference.
An example installation guide for your endusers can be found at Post #7: Go FIsHing
If you struggle somewhere you can find me in the IRC (see OP)
When you have to choose a channel it is: #Carbon-Fusion
When you will be asked for a server network choose: freenode
Trouble / Bootloop fix
if you encounter a bootloop (should never happen but who knows) you have 3 choices at least:
Option 1a: (TWRP-Bootloop) Within TWRP open Advanced -> File Manager -> Goto: /system/su.d and click "select" button -> Delete
Option 1b: (TWRP-Bootloop) From your PC: adb shell rm -rf /system/su.d/
Important: Catch the fish log (see next topic)
Option 2 (this works also for a bootloop without twrp): boot into download mode and use LGLaf to get a shell
then:
setenforce 0 <-- if that doesn't work you may have to do a FULL restore to stock
mount -oremount,rw /system
rm -rf /system/su.d/
reboot. You are out of the bootloop.
Important: Catch the fish log (see next topic)
Option 3: Last resort: Reflash STOCK. sorry.. there is always a risk..
Catch the FIsH logs
when in TWRP (or other ramdisk providing adb shell):
adb shell "cat /cache/fish/fish.log"
adb shell "cat /tmp/recovery.log"
OR - when in Android:
adb shell "su -c cat /cache/fish/fish.log"
adb shell "su -c cat /cache/fish/fish.log.old"
adb shell "su -c tar cvzf recoverylogs.tgz /cache/recovery"
adb pull recoverylogs.tgz
Upload the output to https://paste.omnirom.org and paste the link in the IRC channel
FIsH cuisine (examples)
Example implementations
LG G4 (any model):
TWRP-in-FIsH (https://forum.xda-developers.com/g4/development/locked-twrpinfish-locked-g4-devices-t3573048)
HTC Desire 626s:
FIsH-in-SDCARD - big thx to @BigCountry907 (https://forum.xda-developers.com/showpost.php?p=71630297&postcount=35)
HTC DESIRE 526 VERIZON:
FIsH-in-SDCARD - big thx again to @BigCountry907 (https://forum.xda-developers.com/desire-526/general/super-sd-htc-526-vzw-t3596497)
LG Flex 2 (h955):
TWRP-in-FIsH - big thx @ergo911 (https://forum.xda-developers.com/g-flex2/development/fish-flex-2-t3583093/post71690950)
If you have ported another device or know about one just post to this thread so I can list it here
.
FIsH hydra (multiboot in FIsH)
Bringing multiboot to your device is still not finished yet.
I just wanted to release FIsH now because I was able to proof the working concept based on TWRP and as FIsH is nothing device specific anything else should do so as well.
I have little hope that maybe other developers step in and trying to help me with this but well if not it doesn't matter.. just taking longer
The whole thing of multiboot is a WIP (work in progress) currently.
But now you can prepare yourself for a possible way on this by starting a port of TWRP-in-FIsH first to see if the FIsH concept works for your device. This is strongly recommended to start with whereever we will end up here. Then come back here and hopefully until then I have some news about that topic..
So in theory multibooting by FIsH should be possible. FIsH is just executing your ramdisk so..
The only thing we would need is a way to start any of the tools already available right?
Correct. But.. any of them have its own requirements and way of work. So I need to investigate the bowels of them first to adapt them to FIsH.
Let's think about my first choice: multiboot by efidroid.
While it is quite new for me and it's implementation of booting multiple ROMs is very nice and different from MultiROM. Kudos to MultiROM which provide multi boot of custom ROMs for years but I really like the approach of efidroid (even when I just starting to use it).
When you would be able to boot into efidroid with FIsH you could use as many (unpatched) ROMs as you like. Just 1 or 20 - depending on your disk space mainly. So what does that mean? With FIsH you can hijack the boot and jump in efidroid and now u r able to boot whatever custom ROM you like. That's the theory.
The practice is: efidroid is a bootloader and so completely different to TWRP for example. Using the same hack here will not work without modifications of efidroid and maybe FIsH. The key here is to use the efidroid binary plus the cmdline needed to get a custom ROM booted.
Don't get me wrong what NEVER will work is booting into efidroid like fastboot boot uefi_boot.img can provide. The first thing what I'm trying to achieve is to use the efidroid binary plus the needed cmdline to boot up a manually added custom ROM (thx to the efidroid dev @m1cha by the way.. I promise to bug u as often as possible ). When this works we have won. Well it will be far away from user friendly leaving it this way but it should be possible to write a GUI (e.g. based on AROMA) and then doing the actions efidroid offers in its boot menu. So.. at the end some kind of MultROM but without kexec patches would be possible then.
The other way around: multiboot by MultiROM.
A long player in the game of multiboot and often ported to many devices. The problem here is that it is more than just a ramdisk. It is splitted into a modified TWRP plus MultiROM itself which needs to be flashed from within TWRP. This flashing will inject modifications in your /boot image so it will not work this way on locked devices out of the box.
Before I want to dive into the deeps of a possibly MultiROM implentation for FIsH I want to end my testing for efidroid. So atm I cannot say if there will be a way or not because for this I need to find out what MultiROM really do in the boot image and adapt this change to FIsH. I strongly believe that this can be adapted but my time is limited and my priority lays on efidroid for the moment.
Tbh bringing up the modified TWRP version should be easy because it will work the same way as bringing the ordinary TWRP to FIsH but the other part in the boot image is what I'm not sure about what it does (haven't had the time to look into this yet).
If u feel like a developer and you are able to unbrick a soft-bricked device then feel free to investigate and try on your own and let me know
Update (2017-06-27):
I had the time to look into the possibilities of a multirom port to FIsH.
The bad news: its not easy as thought. Its near impossible yet not complete impossible.
I was a little bit confused by a new compile flag in multirom named MR_NO_KEXEC which allows you to use kernels not patched for kexec-hardboot.
Well but its not that easy..
- using kexec-hardboot needs a patched kernel
- and not using it (MR_NO_KEXEC flag set) will replace the whole boot partition(!) when a secondary ROM boots
So both options will break and can't be used.
The only way to go would be to modify the multirom sources (likely the trampoline part) to behave like efidroid does (heavy usage of loop devices instead of the current phys ones).
You can think of that this modification goes VERY deep, means a LOT of work and requires heavy C / C++ skills.
That's why I can't proceed here. I don't think that it is worth it tbh so I will investigate the other options and abandon the MultiROM approach.
The FIsH plate (sdcard booting)
Thanks to @BigCountry907 we could boot FIsH on every qualcomm device in a manner which has the potential to root any device, boot any ROM and more.
You remember? FIsH can be installed on a rooted device ONLY!
That's still true but with this you can boot e.g. TWRP-in-FIsH even on a not rooted MM / N /... by using the FIsH plate..
The whole process makes use of a qualcomm feature which let you do this.
- the whole process is incredible complicated to get it working!!!
- the whole process is very sensitive and you have to find the right combination of needed partitons to make it work
- the whole process is a complete try & error
- if I mean IF I get this working I could patch the bootloader partition on that sdcard partition without touching the REAL bootloader to test without bricking...
- I work together with @BigCountry907 to get it working but we live in complete diff timezones which makes it not easier
-
If you want to help you can find me in the IRC (see OP)
.
Chew the FIsH (Copying/License)
# This is Android FIsH: Fluffy Incredible steadfasterX Hijack
#
# Copyright (C) 2017 steadfasterX <[email protected]>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see http://www.gnu.org/licenses/
Click to expand...
Click to collapse
FIsH mutation history (Changelog)
android FIsH v3.0
Released: 2017-06-14
Full Changelog: https://github.com/Carbon-Fusion/an...oidFIsH_v2.0...Carbon-Fusion:androidFIsH_v3.0
Download: see the OP
Summary Changelog:
adding the possibility to exclude easily process names/pid's from being killed (coming with a default exclusion list already)
check it out: `fishing/FIsH.porting` --> `EXCLUDEPROCS / EXCLUDEPIDS`
several fixes regarding the ramdisk extraction
heavy speed improvements regarding kill & mount
adding a version string to FIsH to be able to identify which framework is running
added a better `ps` command than the one provided by `busybox ps`
android FIsH v2.0
Released: 2017-04-11
Full Changelog: https://github.com/Carbon-Fusion/an...oidFIsH_v1.0...Carbon-Fusion:androidFIsH_v2.0
Download: see the OP
Summary Changelog:
Improved general speed by factor 4
Many bug fixes
Many improvements for the installer like a new clean function (uninstall FIsH)
android FIsH v1.0
Released: 2017-03-24
Full Changelog: https://github.com/Carbon-Fusion/android_FIsH/commits/androidFIsH_v1.0
Download: see the OP
Summary Changelog:
first general public release
Go FIsHing (enduser installation guide example)
COPY & PASTE template for your own XDA thread (completely pre-formatted)
installguide_XDA_format.txt
.
Special FIsH Dinner (Notes)
TWRP
The first step to get a success with FIsH is to use TWRP as your FIsHFOOD.
Once started the first thing coming in your mind may be backup & restore but use it with care!
FIsH will brutally unmount /system in - afaik - all cases because there will be open files on it which can't be avoided.
In order to use TWRP successfully you should set at least this special flag:
# Always use rm -rf to wipe
TW_ALWAYS_RMRF := true
This is a workaround because it means wiping /system or /data will behave differently then you might expect normally. Without this flag TWRP will format the partition. With this flag set TWRP will use rm and delete all files on it without formatting the partition.
Very interesting. I actually have a locked (bootloader) device which I'm looking for a way to unlock. I feel likr I could get something (*cough*TWRP*cough*) working because of this. Keep it up :good:
veez21 said:
Very interesting. I actually have a locked (bootloader) device which I'm looking for a way to unlock. I feel likr I could get something (*cough*TWRP*cough*) working because of this. Keep it up :good:
Click to expand...
Click to collapse
Just remember the limitations and leave thanks to @steadfasterX
I am very happy to have stumbled on this today.
I cant wait to get a little deeper into it but i must say very nice job.
I have been working on a big project myself. For creating a clone of any device emmc.
Burn the GPT Partition Table to a External_SD Card and flash the images.
What I have found is that If you make the SD Card right the Qualcomm Devices will boot from the sd card.
To the extent that If i unlock a device that normally can not be unlocked using my XTC-2 clip then copy the images ect from the unlocked device burn to sd card and then boot into H-boot or Download mode the Unlocked Status for example Bootloader Unlock and S-off and Super Cid ect ect ect will be present on the locked device. Thus giving elevated permissions. My setback has been there is no normal way for me to write any partitions yet. Anything I flash through H-boot writes to the SD Card. And I have been unable to make TWRP boot this way.
My initial though is to set up my unlocked device with fish and get it all working. Then create the sdcard image that includes the installed fish scripts. It would be simple to modify the external sd to meet all the fish requirements. even if the device itself can not meet the requirements. My device currently meets the requirements but it isnt for me. Its for the community of people that dont have java cards. This could potentially lead to a way of overcoming both of our current limitations.
All i need is a way to boot TWRP from my elevated privileged sd card and I can utilize that to provide unlocking.
Awesome
BigCountry907 said:
I am very happy to have stumbled on this today.
I cant wait to get a little deeper into it but i must say very nice job.
I have been working on a big project myself. For creating a clone of any device emmc.
Burn the GPT Partition Table to a External_SD Card and flash the images.
What I have found is that If you make the SD Card right the Qualcomm Devices will boot from the sd card.
To the extent that If i unlock a device that normally can not be unlocked using my XTC-2 clip then copy the images ect from the unlocked device burn to sd card and then boot into H-boot or Download mode the Unlocked Status for example Bootloader Unlock and S-off and Super Cid ect ect ect will be present on the locked device. Thus giving elevated permissions. My setback has been there is no normal way for me to write any partitions yet. Anything I flash through H-boot writes to the SD Card. And I have been unable to make TWRP boot this way.
My initial though is to set up my unlocked device with fish and get it all working. Then create the sdcard image that includes the installed fish scripts. It would be simple to modify the external sd to meet all the fish requirements. even if the device itself can not meet the requirements. My device currently meets the requirements but it isnt for me. Its for the community of people that dont have java cards. This could potentially lead to a way of overcoming both of our current limitations.
All i need is a way to boot TWRP from my elevated privileged sd card and I can utilize that to provide unlocking.
Awesome
Click to expand...
Click to collapse
cool. your project sounds amazing as well keep us updated please .. !
btw I personally do not need FIsH .. lol.. i have all my devices unlocked but there were many users for my current device which cannot unlock (LG G4 -> only a few models can be unlocked) so I started FIsH..
so don't give up and if u need help.. go to IRC channel #Carbon-Fusion on freenode.. see us there
.
You may have just saved the Verizon sgs4 from total death. We have to see if selinux can be changed first.
ninjasinabag said:
You may have just saved the Verizon sgs4 from total death. We have to see if selinux can be changed first.
Click to expand...
Click to collapse
just use the installer..
./install.sh --check
will tell you..
.
steadfasterX said:
just use the installer..
./install.sh --check
will tell you..
.
Click to expand...
Click to collapse
Knox disables selinux permission changes by default. So I know the install.sh will return with a negative.
I posted the link to this thread on the VZW S4 forums in the hopes someone will pick up.
ninjasinabag said:
Knox disables selinux permission changes by default. So I know the install.sh will return with a negative.
I posted the link to this thread on the VZW S4 forums in the hopes someone will pick up.
Click to expand...
Click to collapse
So no root available there?
.
Sent from my LG-H815 using XDA Labs
@steadfasterX
In my mind it is threads like this and projects like this that make this place so great.
Same reason for my project. To unlock HTC devices. Verizon devices cannot be unlocked easily.
If you ever need any help with the bash script let me know.
I'm pretty good with it. Bells and whistles like menus and whatnot too.
I was glad to see your shell scripts.
I know the language and it makes this easy.
steadfasterX said:
So no root available there?
.
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Root, but barely. We've gotta use kingroot to open the door before replacing kinguser with SuperSU.
This is where the sd card trick works well.
See if we can boot TWRP off of it then we automatically have root access in adb.
Then its a matter of flashing the right partitions ( Device Specific ) to unlock permanently.
DevUt said:
Just remember the limitations and leave thanks to @steadfasterX
Click to expand...
Click to collapse
No , I reached my thanks limit. I do know the proper ways of man :good:
Update March 23, 2019: I'd like to apologize to everyone. It looks like I am not going to be able to actively keep this thread updated like I used to. I have had too much going on at home an work and it doesn't look like it's going to settle down any time soon. The thread is still usable so I will leave it open for discussion.
Code:
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards, fires, rigged elections,
* thermonuclear war, or you getting fired because the alarms failed and you
* could not call in.
*
* Please ensure you have an advanced understanding of this device before
* flashing it! YOU are choosing to make these modifications or your own free will.
Thread Notes:
I cannot stress this enough--Please READ EVERY STEP FULLY to be sure of what you need to do.
Some steps listed in this process WILL wipe your userdata. If you have anything you need to save back it up first. While flashing via bootloader you should see it say "(bootloader) Image not signed or corrupt" - (and can show "bad key" or "N/A" while booting) this is normal expected behaviour as the image is no longer properly signed by motorola (I had to repack as our dtb's are compressed inside the boot image)
This thread is not about custom roms - You may be able to run them using the boot images provided, but this thread does NOT cover that
This guide assumes your are on COMPLETELY STOCK (FACTORY) FIRMWARE. If you have previously flashed *any* other firmware, system images, kernels, or anything else I cannot say for sure that this guide will work for you
This WILL affect your ability to get OTA's if/when they come. This thread does not cover getting back to stock. It's up to you to figure out how to get back to stock if you want the update. You're best bet to avoid issues (boot-loops, non-booting, failed updates, etc) is to go completely back to stock first!
Android GSI's - For the record, I have booted GSI's made (Aonly-32bit) however there are some issues I've noticed regarding sounds while using them. Again, this thread is NOT the place to discuss problems with this.
TWRP - We can now use official twrp! Please click this link to see details. I have edited the first post to reflect the current state of our twrp images. If you see an error or run across an issue please let me know and I"ll see about fixing it. I have linked an unofficial build I made in the official thread to fix some issues with the official build. When I get a chance to properly verify the new test-build (made by the twrp gerrit) I will see about having the official one updated.
PIE - These instructions were made using Oreo, not Pie. There are differences in the boot images at the very least (you may not need a modified boot image for Magisk). I have not flashed Pie yet to test things. If you want to test, please let me know how things work out for you.
Working Images:
The variant models below have been verified working using one of the firmware versions listed.
XT1925-2, XT1925-3, XT1925-4, XT1925-5, XT1925-6, XT1925-13
OPS27.82-19-4 (Build Date: Fri Mar 9 11:04:39 CST 2018)
OPS27.82-41 (Build Date: Sat Mar 24 01:37:45 CDT 2018)
OPS27.82-72 (Build Date: Sun May 27 02:13:41 CDT 2018)
OPS27.82-87 (Build Date: Mon Jul 16 14:54:23 CDT 2018).
OPSS27.82.87-3 (Build Date: September 2018 Security Update)
OPSS27.82-87-6 *Provided by @Jleeblanch
OPS27.104-15-10 (Build Date: Wed Mar 28 21:13:40 CDT 2018)
OPSS27.104-15-10-4 (Build Date: July 2018 Security Update) *Provided by @Jleeblanch
OPS27.104-92 (Build Date: September 2018 Security Update)
OPSS27.104-92-2 (Build Date: November 2018 Security Update) *Provided by @Jleeblanch
*
*Waiting for confirmation:
*OPS27.82-57
*
Prerequisites:
Unlocked bootloader.
ADB/Fastboot installed on your machine ( https://developer.android.com/studio/releases/platform-tools ) If you have issues with commands make sure you have a current build of ADB and fastboot.
At least some knowledge of how to use ADB and fastboot, this guide does not cover that.
Some knowledge of how TWRP/custom recoveries work.
Finally, the guide:
Step 1) Downloading TWRP and modified boot image
Download TWRP and a modified boot image that matches your factory firmware version to the ADB/Fastboot folder on your computer. The boot image downloads are based on the premise of the firmware you are running. If yours is not listed please back up (next step) and provide a link for me to edit.
Official TWRP Thread: please read the thread for more information regarding this build. The download link is in that thread.
Unofficial TWRP, this link is just like official but added a vendor image mount for testing vendor operations: [AFH] twrp-v3.2.3-ali.img
BOOT Image Links - [AFH] No-verity edited boot images link
Reboot to your bootloader. You can do this by turning on your device while holding the power and volume down buttons at the same time. Once the device reboots to the bootloader connect your phone to your computer.
Step 2) Backing up your stock boot and recovery images and fstab.qcom file--if you have these already you can safely skip to step 3.
Open a terminal/command prompt on your computer and type the following to boot into TWRP (If your filename is different, please replace the filename below with yours):
Code:
fastboot boot twrp-v3.2.3-ali.img
Once TWRP boots (it may take a bit to boot because it is trying to decrypt your userdata. It will fail as TWRP--at least for now--needs to be flashed to decrypt properly. Swipe to allow modifications if you want if asked), type the following in your computer's terminal/command prompt to back up your boot and recovery images:
Code:
adb pull /dev/block/bootdevice/by-name/boot stockboot.img
Code:
adb pull /dev/block/bootdevice/by-name/recovery stockrecovery.img
If you intend to remove encryption you'll want a backup of your fstab.qcom file:
To back up your fstab.qcom file (modified in a later step) we need to mount Vendor in TWRP first if it's not already mounted. From TWRP's main menu press 'Mount'. You can see if the vendor partition is mounted (check mark next to the word 'Vendor') . If it isn't mounted just press 'Vendor' and it should mount. Next type the following:
Code:
adb pull /vendor/etc/fstab.qcom factory-fstab.qcom
Reboot to the bootloader.
Step 3) Installing TWRP and modified boot images
Run the following command from your computer's terminal/command prompt to install the TWRP image to your device (If your filename is different, please replace the filename below with yours).
Code:
fastboot flash recovery twrp-v3.2.3-ali.img
Run the following command from your computer's terminal/command prompt to install the boot image to your device.
usage:
Code:
fastboot flash boot <insert-boot-image-name-here>.img
example:
Code:
fastboot flash boot OPS27.104-92_no-verity_boot.img
Step 4) Wiping your data on your phone to remove the current encryption. Ensure you have a backup beforehand if you want it.
This step is only needed if you intend to remove your current encryption, if you don't want to do this please skip to the next step
Boot into TWRP by using the volume keys on your phone to select "recovery mode" and then press the power button and TWRP will boot up (it may take a bit to boot because it is trying to decrypt your userdata or if you have a screen lock it may ask for it--enter it and proceed. Please read the thread linked above for help if you enter it incorrectly.)
Swipe to allow system partition modifications if you want and are asked. If you wish to backup your data and restore it after formatting then do so now. Next click the "Wipe" button in TWRP and then "Swipe to Factory Reset". This step should have formatted data as it was encrypted (removing internal storage ) however if it didn't and data is still not mountable in TWRP you can use the "Format Data" button above "Swipe to Factory Reset", this will format data and remove EVERYTHING from the internal storage as well. You may need to format data again and reboot into TWRP. DON'T REBOOT TO SYSTEM YET.
Step 5) Removing forced-encryption upon first boot (you may still choose to encrypt after booting--Moto's firmware defaults to saying it's encrypted, at least on mine, in the security tab of settings but it's not and the option to encrypt still exists within that menu)
This step is only needed if you intend to remove forced encryption, if you don't want to do this please skip to the next step
**THIS STEP DOES NOT REMOVE CURRENT ENCRYPTION--IT ONLY REMOVES FORCED ENCRYPTION DURING THE FIRST BOOT: YOU MUST HAVE COMPLETED STEP 4 ABOVE TO REMOVE CURRENTLY ENCRYPTED DATA**
This file has been verified working on Oreo and may not function correctly on Pie, please be aware of this: see HueyT's Post.
Download the force-encryption disabler zip to your ADB/Fastboot folder: [AFH] Force_Encryption_Disabler_For_ALI_Oreo_v2.zip
Now push that zip file to your phone. The example uses the /tmp directory. From your computer's terminal/command prompt type the following into your command prompt/terminal from your adb/fastboot folder:
Code:
adb push Force_Encryption_Disabler_For_ALI_Oreo_v2.zip /tmp
Flash the zip you just pushed by pressing the Install button in the TWRP main menu, select the folder where you pushed the zip to and install it. We can verify it flashed by mounting vendor manually if it's not mounted and using the following command from your computer's terminal/command prompt and checking the line that mounts /data says "encryptable" instead of "forceencrypted":
Code:
adb shell "cat /vendor/etc/fstab.qcom"
The result should include this line:
/dev/block/bootdevice/by-name/userdata /data f2fs rw,discard,nosuid,nodev,noatime,nodiratime,nobarrier,inline_xattr,inline_data wait,check,formattable,encryptable=/dev/block/bootdevice/by-name/metadata
Click to expand...
Click to collapse
Note where it says "encryptable". That means we now have the choice to do so vs. being forced to. If for whatever reason it still says "forceencrypted" mount vendor manually and try again.
Step 6) Rooting via Magisk
This step is only needed if you intend to have root access, if you don't want to do this or wish to do this later please skip to the next step
To be safe, you may need to reboot back into TWRP to make sure it sees the data partition mounted correctly and again swipe to allow system partition modifications if you want. (I've seen Magisk say forced-encryption was still detected even though it actually wasn't if I didn't reboot)
Download Magisk from the linked thread to your ADB/Fastboot folder: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Run the following command to push the Magisk zip to your device (v17.3 (beta) is current as of the last edit of this post, if it changes please put your version number instead).
The example uses the /tmp folder:
Code:
adb push Magisk-v17.3.zip /tmp
Flash the Magisk zip from TWRP by pressing the Install button in the main menu and navigate to the /tmp (or wherever you pushed it) folder to select and install it. Magisk should show success without any mention of verity or encryption. If it does, something hasn't gone right and you may need to start again.
Step 7) Almost finished!
Reboot your device. If you installed Magisk it will say "N/A" in the top corner of your device for a few seconds (otherwise it should say "bad key"). This is normal. It may look like it bootloops that screen, just let it go and and it should boot the Motorola boot screen and you can setup your device as a new phone.
Once booted, if you installed Magisk, verify Magisk Manager is installed and the root functionality works.
Step 8) ???
Step 9) Profit
Credits:
@kwiksi1ver - getting things going for us, work with twrp and verity and allowing me to use his thread as base for this guide.
@CodyF86 and his Moto E5 thread for clues as to what it would take to turn off DM-Verity (per kwik)
@Dadud - testing and constantly nuking said device
@AngryManMLS - testing and communications
@Vache - Provided us the fix for sdcards in TWRP.
@Xennet's thread regarding verity and encryption and the disabler zip and everyone there: Disable [DM-Verity]/[Force Encryption] [OnePlus 3T/3] for [Oreo] Oxygen OS
@likemiketoo - Having had TWRP built for us for testing purposes
@Jleeblanch - Helping provide various no-verity images and other help/advice like....everywhere
Everyone else who I am forgetting because let's be honest, I'm sure I have. If you feel like mention is owed please let me know and I'll be happy to add.
Extras:
THE BOOT IMAGE LINKS IN THIS POST HAVE BEEN REMOVED TO AVOID CONFUSION: THEY WERE OLD DOWNLOADS WITH IMPROPERLY LABELED NAMES.
The following is provided for backup purposes only in case you forgot to back up. When pulled from the phone, the images are the full partition size, not actual size.
XT1925-6 (OPS27.104-15-10) Factory pulled files
These files will get you back to stock as far as this guide is concerned. Remember though, 'bad key' will be displayed as they were pulled from a device instead of being provided by Motorola
Factory boot image - *link removed*
Factory recovery image - *link removed*
Factory fstab.qcom file - factory-fstab.qcom - You can push this file to /vendor/etc/ to go back to stock vendor parition if you need. You'll need to rename it to 'fstab.qcom' to make it work right. Factory boot images will probably have an issue booting without vendor being completely stock.
The following images have been provided by other XDA members:
XT1925-2
Factory boot image - *link removed*
XT1925-4
Factory boot image - *link removed*
XT1925-5
Factory boot image - *link removed*
Notes regarding editing the boot images
First off, this is not going to be a "guide" like the first post. Different devices may have different needs, and at this time I am not changing this thread to answer questions about the editing process. Maybe that'll change in the future.
It took me a minute to realize that the G6 (ALI) dtb's are compressed and this is why directly hex editing the boot images (like the G6 Play (jeter)) initially resulted in non-booting. I'd think anyone could decompress the lz4 archive and edit the necessary info, recompress (I used max compression) and then repack the boot image and it should boot. Before that realization I had at one time built the kernel from source code (OPS27-104.15.10) with verity support disabled there so I could get around verity.
Story time!
I'll keep it shorter than it really was so be happy!
So the last time I was into building roms and such was several years ago. If the dtb's existed then, I didn't remember them I started off with some of the various "kitchens" unpacking the boot image I pulled and was getting no where. Even simply unpacking and repacking seemed like it was causing issues. I saw the results kwiksi1ver was having with the G6 Play and asked for advice: Hex edits, don't unpack..
Not sure where to go from there I searched around for posts regarding verity and at some point came across Xennet's thread: Disable [DM-Verity]/[Force Encryption] [OnePlus 3T/3] for [Oreo] Oxygen OS. Within that thread there was a link for another post in that thread that spoke a more in detail about what needed to change (post #3). Please read up on that if you want to know more.
Details:
Basically, if we're not rebuilding from source, etc etc, then we need to hex edit the dtb file (ours is actually I believe 6 dtb files combined into one, other devices can vary). On some devices these files are not-compressed and we can just edit them and go. For ours, I found the need to unpack them with a kitchen (AIK). Once there, I decompress the dtb archive (it's in 'lz4' format, max compression) and make the edits. The lines we are looking for contain "wait,verify". Under normal circumstances these will mount the system and vendor partitions with verity enabled (verify) to be sure they aren't modified. We need to REPLACE the ",verify" portion of the "wait,verify" with zeros. We can't just delete them, replace with zeros so we don't change the overall file size. We have to make sure we get all references to ",verify" replaced. It'll just say "wait" now. After I've edited the dtb file I recompress in 'lz4' format with max compression and then repack the boot image. After that, we should be good to go!
Please reference Xennet's thread if you want more details of how the lines actually look in code, just be aware ours may not be 100% the same. I may add or change stuff here later.
Great guide!
thanks, can't try it yet but i will soon.
Excellent work broski, sweet guide. Really looking forward to testing some stuff out, I'm off for the next two days... so gotta get to a computer [I know pathetic, I don't have one] ... Jeez you couldn't make a one click solution for all this? ?
For real though, super big thanks to all of you for
enduring the grueling task of cracking this bad boy
How bout some donate links? ... and @kwiksi1ver, I'm not sure if you're into developing ROMs or Kernels, but I say more is always better, so there's still good cause for you to get a G6.
dejello said:
Extras:
The following is provided for backup purposes only in case you forgot to back up. When pulled from the phone, the images are the full partition size, not actual size.
Moto G6 (Ali - OPS27.104-15-10) Factory pulled files
Factory boot image - MotoG6-ali-factory-boot.img
Factory recovery image - MotoG6-ali-factory-recovery.img
Factory fstab.qcom file - factory-fstab.qcom
Click to expand...
Click to collapse
it serves for XTI 1925-4?
OPS 27.82-72
Enviado desde mi moto g(6) mediante Tapatalk
dejello said:
Extras:
The following is provided for backup purposes only in case you forgot to back up. When pulled from the phone, the images are the full partition size, not actual size.
Moto G6 (Ali - OPS27.104-15-10) Factory pulled files
Factory boot image - MotoG6-ali-factory-boot.img
Factory recovery image - MotoG6-ali-factory-recovery.img
Factory fstab.qcom file - factory-fstab.qcom
Click to expand...
Click to collapse
First off thank you for the work, this is incredible and I would love to donate.
And second, I am running the RetBr firmware as I softbricked my retus version, do you know how or where I could get the us firmware?
stifmaster81 said:
it serves for XTI 1925-4?
OPS 27.82-72
Enviado desde mi moto g(6) mediante Tapatalk
Click to expand...
Click to collapse
This is for the US version xt1925-6, but seems that it may work for you depending on the files
bird412 said:
First off thank you for the work, this is incredible and I would love to donate.
And second, I am running the RetBr firmware as I softbricked my retus version, do you know how or where I could get the us firmware?
This is for the US version xt1925-6, but seems that it may work for you depending on the files
Click to expand...
Click to collapse
I just want to install magic, I do not want to decrypt it at the moment, what I'm scared if it's boot.img will be useful for me, anyway if it goes wrong, installing the factory image
Enviado desde mi moto g(6) mediante Tapatalk
---------- Post added at 04:37 PM ---------- Previous post was at 04:35 PM ----------
anyway if something goes wrong, installing the factory image by adb is solved everything not?
Enviado desde mi moto g(6) mediante Tapatalk
stifmaster81 said:
I just want to install magic, I do not want to decrypt it at the moment, what I'm scared if it's boot.img will be useful for me, anyway if it goes wrong, installing the factory image
Enviado desde mi moto g(6) mediante Tapatalk
---------- Post added at 04:37 PM ---------- Previous post was at 04:35 PM ----------
anyway if something goes wrong, installing the factory image by adb is solved everything not?
Enviado desde mi moto g(6) mediante Tapatalk
Click to expand...
Click to collapse
I believe you are correct, that if you fastboot the original boot img it should fix any issues. Of course you should back up your data in the case that you need to completely reflash
someone could do this same but for the version OPS27.82-72 XTI 1925-4 ??
This did not work for me, I had to reinstall everything again, I would be very grateful
Same here
It didnt work for XT1925-2
Thanks anyway
But could anyone help us to do the same with the other varients pls :b as it seems it depends on it (and the boot img) (i had ALI_OPS27.82-72_cid50 in mine)
Btw thanks you again, all of you did a great job giving us a working TWRP, Root and magisk
(Just we need make it work for everyone )
Josio67 said:
Same here
It didnt work for XT1925-2
Thanks anyway
But could anyone help us to do the same with the other varients pls :b as it seems it depends on it (and the boot img) (i had ALI_OPS27.82-72_cid50 in mine)
Btw thanks you again, all of you did a great job giving us a working TWRP, Root and magisk
(Just we need make it work for everyone [emoji14] )
Click to expand...
Click to collapse
+1
Enviado desde mi moto g(6) mediante Tapatalk
---------- Post added at 07:40 PM ---------- Previous post was at 07:39 PM ----------
stifmaster81 said:
someone could do this same but for the version OPS27.82-72 XTI 1925-4 ??
This did not work for me, I had to reinstall everything again, I would be very grateful
Click to expand...
Click to collapse
Help us please
Enviado desde mi moto g(6) mediante Tapatalk
bird412 said:
First off thank you for the work, this is incredible and I would love to donate.
And second, I am running the RetBr firmware as I softbricked my retus version, do you know how or where I could get the us firmware?
Click to expand...
Click to collapse
@bird412 I do not currently. I have yet to see them posted anywhere. @Dadud had a similar (same?) issue and is now on a different bootloader as a result. If you give us a bit we can see about getting links for what you need (minus the bootloader) to see if we can get you mostly back to stock. I will not post pulled bootloader files at this time as I have zero clue if it could brick your device *permenantly* and I just don't want that on my conscience Can you let me know what all files you flashed?
For everyone else on different variants
Looks like we're going to have to do what @kwiksi1ver has done on G6 Play boot images, just slightly different. It will take a tiny bit more time per device.... Plus I'm about to go out for a bit so yeah, it'll still be a minute.
Firstly, does the TWRP image boot for you?
Secondly, if TWRP boots for you, I'd like for you to get me a couple of things:
A) I need you to pull the boot image following the steps in the first post and post a link here (along with your model number ie XT1925-#). I will see what I can do and try to find what's actually different so maybe we can avoid having to do this in the future.
B) If someone could pull the config.gz from the phone while booted in TWRP and post the model number you're using (XT1925-#) that may help.
Code:
adb pull /proc/config.gz
dejello said:
@bird412 I do not currently. I have yet to see them posted anywhere. @Dadud had a similar (same?) issue and is now on a different bootloader as a result. If you give us a bit we can see about getting links for what you need (minus the bootloader) to see if we can get you mostly back to stock. I will not post pulled bootloader files at this time as I have zero clue if it could brick your device *permenantly* and I just don't want that on my conscience [emoji14] Can you let me know what all files you flashed?
For everyone else on different variants
Looks like we're going to have to do what @kwiksi1ver has done on G6 Play boot images, just slightly different. It will take a tiny bit more time per device.... Plus I'm about to go out for a bit so yeah, it'll still be a minute.
Firstly, does the TWRP image boot for you?
Secondly, if TWRP boots for you, I'd like for you to get me a couple of things:
A) I need you to pull the boot image following the steps in the first post and post a link here (along with your model number ie XT1925-#). I will see what I can do and try to find what's actually different so maybe we can avoid having to do this in the future.
B) If someone could pull the config.gz from the phone while booted in TWRP and post the model number you're using (XT1925-#) that may help.
Code:
adb pull /proc/config.gz
Click to expand...
Click to collapse
If you tell me the steps that I have to do I will try to take mine out of my variant XTI 1925-4
Enviado desde mi moto g(6) mediante Tapatalk
---------- Post added at 08:21 PM ---------- Previous post was at 08:14 PM ----------
stifmaster81 said:
If you tell me the steps that I have to do I will try to take mine out of my variant XTI 1925-4
Enviado desde mi moto g(6) mediante Tapatalk
Click to expand...
Click to collapse
Tell me the steps to remove from the phone the configuration you are asking me please
Enviado desde mi moto g(6) mediante Tapatalk
dejello said:
@bird412 I do not currently. I have yet to see them posted anywhere. @Dadud had a similar (same?) issue and is now on a different bootloader as a result. If you give us a bit we can see about getting links for what you need (minus the bootloader) to see if we can get you mostly back to stock. I will not post pulled bootloader files at this time as I have zero clue if it could brick your device *permenantly* and I just don't want that on my conscience Can you let me know what all files you flashed?
For everyone else on different variants
Looks like we're going to have to do what @kwiksi1ver has done on G6 Play boot images, just slightly different. It will take a tiny bit more time per device.... Plus I'm about to go out for a bit so yeah, it'll still be a minute.
Firstly, does the TWRP image boot for you?
Secondly, if TWRP boots for you, I'd like for you to get me a couple of things:
A) I need you to pull the boot image following the steps in the first post and post a link here (along with your model number ie XT1925-#). I will see what I can do and try to find what's actually different so maybe we can avoid having to do this in the future.
B) If someone could pull the config.gz from the phone while booted in TWRP and post the model number you're using (XT1925-#) that may help.
Code:
adb pull /proc/config.gz
Click to expand...
Click to collapse
thank You for your help, I am gonna try to find out what @kwiksi1ver did to modify the boot.img.
But in every case here are the files for XT1925-5
dejello said:
@bird412 I do not currently. I have yet to see them posted anywhere. @Dadud had a similar (same?) issue and is now on a different bootloader as a result. If you give us a bit we can see about getting links for what you need (minus the bootloader) to see if we can get you mostly back to stock. I will not post pulled bootloader files at this time as I have zero clue if it could brick your device *permenantly* and I just don't want that on my conscience Can you let me know what all files you flashed?
Click to expand...
Click to collapse
I downloaded the firmware from this and flashed it using the code provided in the op. Later in the thread someone uploaded some files from their RetUS phone but I could not get past their encryption passwords
nightmw said:
thank You for your help, I am gonna try to find out what @kwiksi1ver did to modify the boot.img.
But in every case here are the files for XT1925-5
Click to expand...
Click to collapse
Can you help me make mine? What steps do I have to do, thanks
Enviado desde mi moto g(6) mediante Tapatalk
nightmw said:
thank You for your help, I am gonna try to find out what @kwiksi1ver did to modify the boot.img.
But in every case here are the files for XT1925-5
Click to expand...
Click to collapse
Thanks for doing this...Stifmaster hold on buddy, it's going to be okay, breath.
adb pull /dev/block/platform/soc/7824900.sdhci/by-name/boot stockboot.img
what to put who ... by-name / boot adb pull /dev/block/platform/soc/7824900.sdhci/by-name/boot stockboot.img
what to put who . ... by-name/boot para el motog6 ali xti 1925-4
Code:
[I]DISCLAIMER[/I]
[COLOR="red"]Do not mirror my builds![/COLOR] Please post a link to this thread instead.
All information and files — both in source and compiled form — are provided on an as is basis.
No guarantees or warranties are given or implied. The user assumes all risks of any damages
that may occur, including but not limited to loss of data, damages to hardware, or loss of
business profits. Please use at your own risk. Note that unless explicitly allowed by the
warranty covering your device, it should be assumed that any warranty accompanying your
device will be voided if you tamper with either the system software or the hardware.
Introduction
This is my unofficial build of LineageOS 16.0 for the ZTE Blade S6 aka P839f30.
This is the first alpha release, so be aware that issues could arise.
I have tested this version with my AS variant device. Other variants have to be tested.
Click to expand...
Click to collapse
Features
working:
phone: calls, sms, data.
wifi
bluetooth
sensors
gps: mostly I have used the energy saving mode
sound
camera: rear with flash and front.
torch
headphone detection
swap back and menu button
light: button backlight, brightness control and adaptive brightness, breath light (notification and/or battery)
not working:
SELinux is permissive.
We have to test to find out.
Click to expand...
Click to collapse
Installation instructions
It is best to have installed the latest stock rom beforehand, so modem and all other vendor stuff is up to date.
If you like you can use this mod to have a unified data partition, please proceed with caution.
You will need TWRP or any other custom recovery.
Reboot into recovery and do a nand backup.
Do a factory format.
Download Rom and put it on your phone or use adb sideload.
Install the rom and then clear cache and dalvik cache.
optional: install su and/or gapps (preferable pico).
Click to expand...
Click to collapse
Changelog:
25.05.2021 - new release:
los security patch level 05.05.2021
revert some kernel changes from the last release
add some cpu governors and cpu hotplug
now with Boeffla WakeLock Blocker and other things
wireguard kernel support
22.12.2019 - 1st beta release:
los security patch level 05.12.
kernel supports EU device variant
add autosmp hotplug
add cpu governors blu_active, darkness, lionfish and relaxed
Revert CwMcu sensor driver from SU6 kernel release
24.10.2019 - 2nd alpha release:
los security patch level 05.10.
CwMcu sensor driver from SU6 kernel release, with wake lock disabled
wifi mac is loaded anyway, remove the loading in the wifi driver
give bluetooth a null mac address, to overcome force close error
kang gps from oppo
04.10.2019 - 1st alpha release:
los security patch level 05.09.
initial release of pie
Click to expand...
Click to collapse
Downloads
new release - 25.05.2021:
Google Drive.
first beta release - 22.12.2019:
Google Drive or here.
second alpha release - 24.10.2019:
Google Drive or here.
first alpha release - 04.10.2019:
Google Drive or here.
If you want root use the lineage addon package found here - download arm version.
Install it after flashing the rom or download your favourite root package and install it.
Click to expand...
Click to collapse
Sources
device
msm8916-common
vendor
kernel
Click to expand...
Click to collapse
FAQ
Here you will find some answers to common question which could arise.
Q: How to give root access to an app or adb?
A: First install the su extra package from Lineage OS or any other su tool you like. Then go into settings and about device, click there multiple times on the build number until you unlocked the developer options. Go to developer options and look for root access.
Q: I thing I found an issue, what to do now?
A: Do a logcat or grab a dmesg while having the issue, otherwise we can't say what is happening. Report as much info as possible. Quote your stock rom your device shipped with or which device variant you possess.
Click to expand...
Click to collapse
Thanks To/Credits
Code:
*aquaris-dev team
*aymende7
*PacMM79
*LineageOS team
*many others
XDA:DevDB Information
Unofficial LineageOS 16.0 [PQ3A.190801.002] P839F30, ROM for the ZTE Blade S6
Contributors
lightwars
ROM OS Version: 9.x Pie
ROM Kernel: Linux 3.10.x
Based On: LineageOS 16.0
Version Information
Status: Beta
Current Beta Version: 20191213
Beta Release Date: 2019-12-22
Created 2019-10-04
Last Updated 2019-12-22
many thanks for the new version, i will tested later :good: :highfive:
Hello, works on my ZTE Blade S6 Plus (p839f50)
but only with a fixed updater-script
from Folder: lineage-16.0-20191002-UNOFFICIAL-p839f30.zip\META-INF\com\google\android
the bold text must delete and than save the file
after the start my phone , i have a error message with bluetooth is deactivated
updater-script - original
https://filehorst.de/d/crqjwnjI
updater-script - fixed
https://filehorst.de/d/cbmctorj
new update is in the op.
just small changes and updated security patch level.
Anybody tested with EU device?
... at the moment no time to test myself (to much effort to keep my other devices up-to-date ), just wanted to ask if anybody already tested on EU device (and forgot to post ).
Gtz
Kurt
Kurt Krummbein said:
... at the moment no time to test myself (to much effort to keep my other devices up-to-date ), just wanted to ask if anybody already tested on EU device (and forgot to post ).
Click to expand...
Click to collapse
Answer my own request, gave it a try, didn't boot, screen stayed black and device went into fastboot-mode ... restored my nandroid-backup of stock-EU-B15 .
Next time, i format system and just install rom without gapps and addon-su.
Gtz
Kurt
Kurt Krummbein said:
Answer my own request, gave it a try, didn't boot, screen stayed black and device went into fastboot-mode ... restored my nandroid-backup of stock-EU-B15 .
Next time, i format system and just install rom without gapps and addon-su.
Gtz
Kurt
Click to expand...
Click to collapse
Hello Kurt,
please, if you find the time to do another test. Download the attached zip extract the boot.img and copy it to your device, flash it with twrp right after installing the lineage zip through twrp. report back if something different happens.
I splited the dtb from the zImage and attached the almost stock eu dtb, so maybe we are lucky. But I have not find any big differences in analyzing the dts of EU vs AS and kernel defconfigs EU vs AS.
I can show this files too, if somebody has a better understanding of this.
lightwars said:
Hello Kurt,
please, if you find the time to do another test. Download the attached zip extract the boot.img and copy it to your device, flash it with twrp right after installing the lineage zip through twrp. report back if something different happens.
I splited the dtb from the zImage and attached the almost stock eu dtb, so maybe we are lucky. But I have not find any big differences in analyzing the dts of EU vs AS and kernel defconfigs EU vs AS.
I can show this files too, if somebody has a better understanding of this.
Click to expand...
Click to collapse
Hi!
Well, i loaded the def's and config's into WinMerge and did a compare ... in the def's there are some different addresses, but i have now clue what the meaning of that all is :angel:. The config files look like beeing from different kernel versions, there are some options which don't exist in both, one is modularised, the other is not ... all in all quite strange.
Ok, i made a try with the boot_eu.img:
- Made a factory reset
- Flashed the LOS.zip
- Wiped caches
- unzipped the boot.img
- copied it to boot partition with dd if=boot_eu.img of=/dev/block/bootdevice/by-name/boot
- reboot
... screen goes black, one buzz .... nothing. One the PC the fastboot device appears and that's it. I was looking for tombstones, but couldn't find any ... they are stored to /data/tombstones, are they? I'm not sure, the kernel i getting up high enough to mount /data.
Cheers
Kurt
P.S.: one thing i forgot to mention ... i coulnd't find the "OEM unlock" swich in the stock system anywhere and the bootloader seems to be quite dumb, many commands from fastboot just end in a "command unknown", perhaps there's something left to do on my side (tweak in build.prop etc ... googleed for it no result ).
Kurt Krummbein said:
Ok, i made a try with the boot_eu.img:
- Made a factory reset
- Flashed the LOS.zip
- Wiped caches
- unzipped the boot.img
- copied it to boot partition with dd if=boot_eu.img of=/dev/block/bootdevice/by-name/boot
- reboot
... screen goes black, one buzz .... nothing. One the PC the fastboot device appears and that's it. I was looking for tombstones, but couldn't find any ... they are stored to /data/tombstones, are they? I'm not sure, the kernel i getting up high enough to mount /data.
Click to expand...
Click to collapse
Thanks for testing. You used the reboot system button of twrp I guess. Have you tried to reboot by pressing the power button?
I can think of two things: There is some flag in the kernel source which is called download_mode. I have seen that some devices have different default values! At the moment the value is 0, devices like the ones from bq with msm8916/msm8939 used this too, but devices from oppo with msm8939 uses a value of 1 as default. We can try this one.
Or there is a mask, which defines the restart reason so to speak says the device which mode to boot to. Here we have some differences in the meaning of the bits, a different bit shifting is used.
I can not really think that one of these causes your device to boot into download mode, because the recovery uses the same kernel on both region variants...
lightwars said:
Thanks for testing. You used the reboot system button of twrp I guess. Have you tried to reboot by pressing the power button?
I'll give that one a try .
Hope my device is not "going over the Wupper" LOL (this one has to come somewhen ...)
Click to expand...
Click to collapse
Ok, tried it ... same result. Then did a (perhaps a bit wired) test, just restored boot from my nandroid-backup. With this, the white ZTE bootscreen comes up and after some seconds it reboots to twrp.
Perhaps the dumb-bootloader refuses to boot with AS keys ... otherwise it wouldn't boot recovery. Strange puzzle.
Cheers
Kurt
Kurt Krummbein said:
Ok, tried it ... same result. Then did a (perhaps a bit wired) test, just restored boot from my nandroid-backup. With this, the white ZTE bootscreen comes up and after some seconds it reboots to twrp.
Perhaps the dumb-bootloader refuses to boot with AS keys ... otherwise it wouldn't boot recovery. Strange puzzle.
Cheers
Kurt
Click to expand...
Click to collapse
It is okay to do some unusual testings. I was doing this sort of things also, back then.
I'm not sure I get you, when you write about AS keys. Do you mean the fingerprint in the build.prop? I think I used the ones from the eu version. Maybe they build in some kind of kernel version check inside the bootloader, but only for the eu and other versions.
The cause is, that android needs an advanced kernel, so we can not use the stock kernel to boot newer android version like nougat, oreo or pie.
Sorry, I can not be of much help here, because I do not have a device with eu or some other region version. But we can try do some changes, if you like to do some more testing and maybe get something like a log, last_kmseg or ramoops. We should look to activate some of them.
Hello @Kurt Krummbein,
if you find the time please post the info you get by issuing this commands in the adb shell or on your phone in a terminal:
Code:
su
cat /sys/zte_board_id/board_id
cat /proc/device-tree/model
cat /proc/device-tree/compatible
Do this on your rom or stock rom you are using a the moment. Thank you.
For reference mine output is this:
Code:
Blade-S6:/ # cat /sys/zte_board_id/board_id
wrbA
Blade-S6:/ # cat /proc/device-tree/model
Qualcomm Technologies, Inc. MSM 8939 MTP
Blade-S6:/ # cat /proc/device-tree/compatible
qcom,msm8939-mtp qcom,msm8939 qcom,mtp
It could be that the eu variant uses another device tree inside the kernel, because the bootloader request that, but we have only this model available.
lightwars said:
Hello @Kurt Krummbein,
if you find the time please post the info you get by issuing this commands in the adb shell or on your phone in a terminal:
Code:
su
cat /sys/zte_board_id/board_id
cat /proc/device-tree/model
cat /proc/device-tree/compatible
Do this on your rom or stock rom you are using a the moment. Thank you.
For reference mine output is this:
Code:
Blade-S6:/ # cat /sys/zte_board_id/board_id
wrbA
Blade-S6:/ # cat /proc/device-tree/model
Qualcomm Technologies, Inc. MSM 8939 MTP
Blade-S6:/ # cat /proc/device-tree/compatible
qcom,msm8939-mtp qcom,msm8939 qcom,mtp
It could be that the eu variant uses another device tree inside the kernel, because the bootloader request that, but we have only this model available.
Click to expand...
Click to collapse
Mine is:
cat /sys/zte_board_id/board_id
wrbA-EUROPE
cat: /proc/device-tree/model: No such file or directory
cat: /proc/device-tree/compatible: No such file or directory
ls /proc/device-tree
/proc/device-tree: No such file or directory
Attached my build.prop ... perhaps this sheds some light .
Thx
Kurt
Kurt Krummbein said:
Mine is:
cat /sys/zte_board_id/board_id
wrbA-EUROPE
cat: /proc/device-tree/model: No such file or directory
cat: /proc/device-tree/compatible: No such file or directory
ls /proc/device-tree
/proc/device-tree: No such file or directory
Attached my build.prop ... perhaps this sheds some light .
Thx
Kurt
Click to expand...
Click to collapse
Sorry for that, I forgot that the stock kernel did not expose the device tree.
But I think I remeber the info about the model is in the logcat after boot up...
Please try this ones in a terminal on the phone or via adb shell, they should work.
Code:
su
Blade-S6:/ # cat /sys/devices/soc0/hw_platform
MTP
Blade-S6:/ # cat /sys/devices/soc0/soc_id
239
lightwars said:
Sorry for that, I forgot that the stock kernel did not expose the device tree.
But I think I remeber the info about the model is in the logcat after boot up...
Please try this ones in a terminal on the phone or via adb shell, they should work.
Code:
su
Blade-S6:/ # cat /sys/devices/soc0/hw_platform
MTP
Blade-S6:/ # cat /sys/devices/soc0/soc_id
239
Click to expand...
Click to collapse
mine is:
cat /sys/devices/soc0/hw_platform
MTP
cat /sys/devices/soc0/soc_id
268
cat /sys/devices/soc0/image_version
10:LRX22G:eng.root.20150808.123811
Gtz
Kurt
Kurt Krummbein said:
mine is:
cat /sys/devices/soc0/hw_platform
MTP
cat /sys/devices/soc0/soc_id
268
cat /sys/devices/soc0/image_version
10:LRX22G:eng.root.20150808.123811
Gtz
Kurt
Click to expand...
Click to collapse
Fantastic! Here we have an explanation. Your device reports 268 as id which equals to msm8929 and I have a device with id 239 which is msm8939. The kernel only holds a device tree blob (dtb) for the id 239. I thought that the variant were very similar, so last time I used a dtb from the eu release but only for id 239. Attached I have added a dtb for id 268. Please test this rom with that boot image.
Again, just unpack the bootASEU.img and copy it to your device, flash it after installing the lineageos zip.
Please make a backup beforehand and report back, when you have time. Happy trying out.
lightwars said:
Fantastic! Here we have an explanation. Your device reports 268 as id which equals to msm8929 and I have a device with id 239 which is msm8939. The kernel only holds a device tree blob (dtb) for the id 239. I thought that the variant were very similar, so last time I used a dtb from the eu release but only for id 239. Attached I have added a dtb for id 268. Please test this rom with that boot image.
Again, just unpack the bootASEU.img and copy it to your device, flash it after installing the lineageos zip.
Please make a backup beforehand and report back, when you have time. Happy trying out.
Click to expand...
Click to collapse
One step ahead ! Phone is booting with the new boot.img ... but ends with a bootloop.
Highest was one boot with start of the setup-wizard, but after setting language to "Deutsch (Deutschland)" (and several "Bluetooth is not working" messages) it went around again. Couldn't get logs yet ... well see :
Cheers
Kurt
Kurt Krummbein said:
One step ahead ! Phone is booting with the new boot.img ... but ends with a bootloop.
Highest was one boot with start of the setup-wizard, but after setting language to "Deutsch (Deutschland)" (and several "Bluetooth is not working" messages) it went around again. Couldn't get logs yet ... well see :
Cheers
Kurt
Click to expand...
Click to collapse
Yeah! Would be best to build the dtb from source, rather than attaching just the right one to the kernel...
The bluetooth message can be made silent, by the way what build you are using? I think the first build has not the fix for the message. The build.prop should contain this line:
Code:
ro.boot.btmacaddr=00:00:00:00:00:00
and the message should not appear.
I hope there are not any preferences with could only be applied to msm8939 and not to msm8929.
@Kurt Krummbein
Here is my latest build or just grab the boot.img from the attachment. Which has a dtb for msm8929 build from source.
Maybe this will boot without any bootloop.
lightwars said:
@Kurt Krummbein
Here is my latest build or just grab the boot.img from the attachment. Which has a dtb for msm8929 build from source.
Maybe this will boot without any bootloop.
Click to expand...
Click to collapse
For which version is your latest build? the eu?
Thanks
BR Slawo
slawoko said:
For which version is your latest build? the eu?
Thanks
BR Slawo
Click to expand...
Click to collapse
AS and hopefully EU.