Hello folks,
This is a revised version of the same question posted to another forum, where no usable answer was received. I hope this might reach more knowledgeable people here .
On Allwinner A10/A13 platforms (tablets), the boot process differs significantly in Gingerbread (& earlier) vs. ICS (& later)
I think I have a pretty good understanding of the normal vs. recovery boot process in GB-style firmwares:
- boot.axf detects the special "boot to recovery" button combination based on info (key_min, key_max) found in script.bin
- it goes reading /linux/recovery.ini instead of /linux/linux.ini
- recovery.ini gives the name of the kernel to boot (uImage) and the name of the parameters file: paramsr instead of params found in linux.ini
- paramsr contains the name of the NAND partition to mount as root (the one that contains the recovery) and the proper arguments passed as the kernel command line
- done deal.
However in ICS-style firmware, things happen differently:
The uImage kernel has been replaced by a tertiary bootloader: u-boot.bin, whose job is to load the Linux kernel.
The recovery.ini file is gone, only linux.ini remains.
The u-boot binary does seem to have all the necessary parameters embbeded to boot in normal or recovery mode. But since it is boot.axf that detects the key combination, how does it pass the information "boot in recovery, dude" to u-boot? It's not using the "boot-recovery" string written to the "misc" partition because this information is checked and used by boot.axf itself and not by u-boot.bin as far as I can tell. Since boot.axf gets alls the information it needs from linux.ini I doubt that it has the ability to pass command-line arguments to u-boot.bin (I suspect that the limited environment available at this time has any such notion as process arguments anyway).
Actually the same question goes when "boot-recovery" is written to the "misc" partition: boot.axf detects this, but how is this information passed to u-boot?
Summary: in ICS-style firmware, how is the "boot to recovery" information passed from boot.axf to u-boot.bin?
I've Googled for this and found only one post with someone basically asking the same question, without a reply.
If someone can enlighten me I'd be immensely grateful.
@Lannig - I'm facing a similar issue in trying to figure out how the "boot to recovery, dude" message is passed to u-boot from boot.axf. I've created a thread with the information here: http://forum.xda-developers.com/general/help/allwinner-a20-stuck-recovery-reboot-loop-t2979416
I went through your thread here as well: http://www.slatedroid.com/topic/41091-ics-bootloader-recovery-boot-process-question/, where you seem to have had little success in your venture, could you please update on the details how you got the boot from SD card working. Thanks!
Testers wanted: Anyone who uses this method, let me know if you can access stock recovery after this method.
Summery
Thanks to the amazing work by our active member @bibikalka, a method was found to unbrick these devices Thread link here. The method he found was slightly tedious for some people, so I've decided to put together a Linux iso that you can boot into on your computer with everything you need to get your device running again. It uses the same methods proposed but makes things easier. This comes with all the necessary drivers, scripts to do everything you need, all the img files needed to flash, a hex editor for advanced users, and more. Before the scripts included in this OS, determining the option (A, B, or C) to take in order to unbrick the device required .part files to be evaluated manually. Now with the custom script, it can quickly evaluate what option to take.
Video Instructions
Brief Instructions
1. Download the Linux iso:
Linux ISO
2. Burn the iso to a USB drive or cd
3. Boot into the operating system
4. Type "root" at the login prompt
5. Right click on the desktop and choose file manager. Go to "aftv2-tools" folder
6. Right click on file manager and press "open in terminal"
7. From device turned off, enter command "./handshake.py", then plug in device. You may need to do this a couple times to get a connection. Try pressing volume keys & power etc to get it connected. See video if you have problems
8. After handshake is complete, run "./reader.sh"
9. After all addresses are read in, run "./determineOption.sh". You should get back a result of A, B, or C
10. Depending on the option returned (A,B,or C), run "./readerSpecialOptionA.sh", "./readerSpecialOptionB.sh", or "./readerSpecialOptionC.sh". This is an optional step but may be useful if you want to back up part files or their were no options available. Back up part files to a usb drive if you want to be safe.
11. Now the actual unbricking. Run "./unbrickOptionA.sh", "./unbrickOptionB.sh", or "./unbrickOptionA.sh" depending on your option. This can take about 40 minutes
12. hold volume up and run "./complete.sh" at the same time to get into TWRP
13. boot into your default operating system on your computer
BE VERY CAREFUL FROM NOW ON
13. We will be installing Fire OS 5.3.1. If you are not installing this ROM, make sure you know what you are doing. Download the ROM:
update-kindle-20.5.5.2_user_552153420.bin
14. Download 5.4.1_1133_stock_recovery_uboot.zip: 5.4.1_1133_stock_recovery_uboot.zip. Without this you could turn your device into a paperweight. This installs stock recovery and a uboot version that MUST be installed. This file was taken from the thread here: how-to-upgrade-to-lollipop-root-gapps
15. Rename the ROM extension from .bin to .zip
16. Transfer the two files to the Fire
17. Do a factory reset. Flash the ROM and uboot&recovery file
18. Reboot! Your device should now be working. It will take about 15 mins to boot up.
Big thanks to @bibikalka for helping work everything out and for the initial unbrick method.
Edit 10/13/21: Fixed Google Drive Link
Linux ISO Changelog
Updated 10/5/16:
*Optomized scripts
*Added "complete.sh" This reboots the device
Updated 9/27/16:
*Added script to auto-detect which unbrick option to use (determineOption.sh)
*Added scripts to write img files to correct addresses ( unbrickOptionA.sh, unbrickOptionB.sh, and unbrickOptionC.sh)
*Added scripts to read in and label part files (readerSpecialOptionA.sh, readerSpecialOptionB.sh, and readerSpecialOptionC.sh)
*Nemo open in terminal fixed
*.part files set to open with ghex by default
Updated 9/24/16:
*Nemo as default file manager
*Updated html page with instructions from forum
well, after seriously struggling with the parent thread mentioned in the OP I've managed to get to TWRP & am just waiting for my win10 machine to install it's updates before attempting to adb push the uboot & zip files for installation back to fireOS.
feels great to see the screen displaying something other than the looping amazon logo after months of frustration. I do not have the words to express my gratitude for @powerpoint45 for an excellent & well thought through tool and walkthrough. special mention also goes out to @bibikalka
gascomm said:
well, after seriously struggling with the parent thread mentioned in the OP I've managed to get to TWRP & am just waiting for my win10 machine to install it's updates before attempting to adb push the uboot & zip files for installation back to fireOS.
feels great to see the screen displaying something other than the looping amazon logo after months of frustration. I do not have the words to express my gratitude for @powerpoint45 for an excellent & well thought through tool and walkthrough. special mention also goes out to @bibikalka
Click to expand...
Click to collapse
great to hear! I hope everything works for you! After you get everything done, can you check if you can get into recovery.
after flashing both zips & rebooting I've now got my working fire (OS 5.3.1.0) back. thank you Mr PowerPoint!
i tried rebooting to recovery & it now takes me to the stock amazon recovery not TWRP..... which is unfortunate.
I did get asked if I wanted to install SuperUser which was a no-brainer YES. although I'm staying offline until I identify a functional (fast) flavour of android to flash. suggestions welcome.
gascomm said:
after flashing both zips & rebooting I've now got my working fire (OS 5.3.1.0) back. thank you Mr PowerPoint!
i be tried rebooting to recovery & it now takes me to the stock amazon recovery not TWRP..... which is unfortunate.
I did get asked if I wanted to install SuperUser which was a no-brainer YES. although I'm staying offline until I identify a functional (fast) flavour of android to flash. suggestions welcome.
Click to expand...
Click to collapse
Good to hear everything is working. Ya TWRP does not work with 5.x bootloader. Good to hear you can get into stock recovery because I had some incidents where I could not get into it. Thanks for responding. The only custom ROM ATM is CM13.
powerpoint45 said:
The only custom ROM ATM is CM13.
Click to expand...
Click to collapse
sorry to trouble you again but do you know where I can find a guide/walkthrough of how to root via adb & install twrp or cwm to allow flashing of a rom & gapps..
I can only find the kingroot method & the CM11 rom discussion. where might I find the CM13 you mentioned?
I have searched fruitlessly. I guess I just need a little guidance to avoid running straight into another brick.
cheers.
gascomm said:
sorry to trouble you again but do you know where I can find a guide/walkthrough of how to root via adb & install twrp or cwm to allow flashing of a rom & gapps..
I can only find the kingroot method & the CM11 rom discussion. where might I find the CM13 you mentioned?
I have searched fruitlessly. I guess I just need a little guidance to avoid running straight into another brick.
cheers.
Click to expand...
Click to collapse
I meant to say CM11. This guide is probably one of the best http://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950/page1
This is a bit older one: http://forum.xda-developers.com/fire-hd/general/how-to-downgrade-to-4-5-3-root-device-t3139351/page1
In order to have TWRP, you must have a 4.x bootloader so CM11 would work with it.
Thank you
I have a question I can work downgrade from 5.3.1 to 4.5.3
I'm currently on version 5.3.1
PRInCEI7 said:
Thank you
I have a question I can work downgrade from 5.3.1 to 4.5.3
I'm currently on version 5.3.1
Click to expand...
Click to collapse
yes you should be fine doing that
Unfortunately, did not respond
I worked
MacBook-Air-2:ROOT IP$ ./handshake.py
Waiting for preloader...
Found port = /dev/cu.usbmodem1420
Handshake complete!
In the second step does not respond to the order ./reader.sh
Also tried
/.read_mmc.py 0x0000000 0x1000 0x0000000.part
Does not respond
By the way tried way on more than one device
And tried through the system Max os x and the system arch-custom-firehd67-unbrick100516.iso did not work and also the same result
MY device Amazon Fire HD 6 version 5.3.1 All functions work, but I need to work downgrade to 4.5.3
Is there a solution to my problem
[/SIZE]
@powerpoint45 thanks for the pointers. I am now the proud owned of an hd6 booting straight into cm11 & it's been well worth the wait. I am forever in your digital debt.
gascomm said:
@powerpoint45 thanks for the pointers. I am now the proud owned of an hd6 booting straight into cm11 & it's been well worth the wait. I am forever in your digital debt.
Click to expand...
Click to collapse
sweet!!!
PRInCEI7 said:
Unfortunately, did not respond
I worked
MacBook-Air-2:ROOT IP$ ./handshake.py
Waiting for preloader...
Found port = /dev/cu.usbmodem1420
Handshake complete!
In the second step does not respond to the order ./reader.sh
Also tried
/.read_mmc.py 0x0000000 0x1000 0x0000000.part
Does not respond
By the way tried way on more than one device
And tried through the system Max os x and the system arch-custom-firehd67-unbrick100516.iso did not work and also the same result
MY device Amazon Fire HD 6 version 5.3.1 All functions work, but I need to work downgrade to 4.5.3
Is there a solution to my problem
[/SIZE]
Click to expand...
Click to collapse
I am also getting the same results with my HD 7 4th gen. The handshake completes just fine, but the reader just hangs. When I'm in recovery, I get errors saying the /cache folder failed to mount. I'm thinking the memory is corrupt and there is no way to fix this.
nai1ed said:
I am also getting the same results with my HD 7 4th gen. The handshake completes just fine, but the reader just hangs. When I'm in recovery, I get errors saying the /cache folder failed to mount. I'm thinking the memory is corrupt and there is no way to fix this.
Click to expand...
Click to collapse
Unfortunately it appears that with the latest bootloader on the latest Amazon update that they have disabled these commands (such as reading and writing). Unfortunately if you can't get into recovery with (vol+ & power) then it is currently unrecoverable. Best option for an unrecoverable device would be to buy another motherboard from eBay or some place. They are pretty cheap and easy to replace. I've had to do it a couple times now.
Confused
First you say it should be OK to downgrade:
powerpoint45 said:
PRInCEI7 said:
Thank you
I have a question I can work downgrade from 5.3.1 to 4.5.3
I'm currently on version 5.3.1
Click to expand...
Click to collapse
yes you should be fine doing that
Click to expand...
Click to collapse
Although, it's unclear how, since reports indicate that sideloading older
firmware bricks the device (or, does that only apply to 5.x?).
Then, we learn that the preloader trick (from aftv2-tools) doesn't work anymore:
Code:
[[email protected] aftv2-tools]# ./handshake.py
Waiting for preloader...
Found port = /dev/ttyACM0
Handshake complete!
[[email protected] aftv2-tools]# ./reader.sh
^CTraceback (most recent call last):
File "./read_mmc.py", line 355, in <module>
if msdc_dma_status():
File "./read_mmc.py", line 146, in msdc_dma_status
return False if sdr_read32(MSDC_CFG) & MSDC_CFG_PIO else True
File "./read_mmc.py", line 82, in sdr_read32
check(dev.read(2), b'\x00\x00') # arg check
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 450, in read
ready, _, _ = select.select([self.fd, self.pipe_abort_read_r], [], [], timeout)
KeyboardInterrupt
^CTraceback (most recent call last):
File "./read_mmc.py", line 355, in <module>
if msdc_dma_status():
File "./read_mmc.py", line 146, in msdc_dma_status
return False if sdr_read32(MSDC_CFG) & MSDC_CFG_PIO else True
File "./read_mmc.py", line 82, in sdr_read32
check(dev.read(2), b'\x00\x00') # arg check
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 450, in read
ready, _, _ = select.select([self.fd, self.pipe_abort_read_r], [], [], timeout)
KeyboardInterrupt
^Z
[1]+ Stopped ./reader.sh
[[email protected] aftv2-tools]# kill %1
[[email protected] aftv2-tools]#
[1]+ Terminated ./reader.sh
[[email protected] aftv2-tools]#
The above is for a 4th gen HD7 with this device showing in 'lsusb':
Code:
Bus 001 Device 006: ID 0e8d:3000 MediaTek Inc.
powerpoint45 said:
Unfortunately it appears that with the latest bootloader on the latest Amazon update that they have disabled these commands (such as reading and writing). Unfortunately if you can't get into recovery with (vol+ & power) then it is currently unrecoverable. Best option for an unrecoverable device would be to buy another motherboard from eBay or some place. They are pretty cheap and easy to replace. I've had to do it a couple times now.
Click to expand...
Click to collapse
BTW, are we sure that this is *disabled* as opposed to _tweaked_?
(e.g. by changing the protocol slightly by, say, requiring an extra byte
or two "confirmation" before execution? has anyone bothered reversing
the bootloader? [Please excuse my ignorance, but would this be handled
by UBOOT, TEE1, or some other component?])
So, what's the current best option for 5.3.1?
---------- Post added at 11:23 ---------- Previous post was at 10:58 ----------
draxie said:
BTW, are we sure that this is *disabled* as opposed to _tweaked_?
(e.g. by changing the protocol slightly by, say, requiring an extra byte
or two "confirmation" before execution? has anyone bothered reversing
the bootloader?
Click to expand...
Click to collapse
OK. So, I found this post by @zeroepoch,
which makes it very clear that said exercise has been performed for the AFTV2...
No reason to believe that this would be different for the Fire HD7...
draxie said:
First you say it should be OK to downgrade:
Although, it's unclear how, since reports indicate that sideloading older
firmware bricks the device (or, does that only apply to 5.x?).
Then, we learn that the preloader trick (from aftv2-tools) doesn't work anymore:
The above is for a 4th gen HD7 with this device showing in 'lsusb':
BTW, are we sure that this is *disabled* as opposed to _tweaked_?
(e.g. by changing the protocol slightly by, say, requiring an extra byte
or two "confirmation" before execution? has anyone bothered reversing
the bootloader? [Please excuse my ignorance, but would this be handled
by UBOOT, TEE1, or some other component?])
So, what's the current best option for 5.3.1?
---------- Post added at 11:23 ---------- Previous post was at 10:58 ----------
OK. So, I found this post by @zeroepoch,
which makes it very clear that said exercise has been performed for the AFTV2...
No reason to believe that this would be different for the Fire HD7...
Click to expand...
Click to collapse
My understanding is that you only need to worry about bricking if You are downgrading to another lollypop ROM. We found out that the device has a fuse that is set in later lollypop ROMs where it will check against the current version. But this check only seems to be on lollipop ROM's. As for the aftv2 protocol, you might be right but I don't know enough about that yet to know. Currently we have no unbrick method for latest bootloader. If you can get into recovery then you could sideload but most can't get into recovery during brick.
I've followed the steps but not into twrp, only screen amazon and reset. I'm not good at English
error trying to unbrick hd6
[[email protected] aftv2-tools]# ./complete.sh
1: 0xd1
4: 0x00 0x00 0x00 0x00
4: 0x00 0x00 0x00 0x01
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 468, in read
'device reports readiness to read but returned no data '
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./read32.py", line 69, in <module>
ret = read32(addr, size)
File "./read32.py", line 45, in read32
print_hex_byte(dev.read(2)) # status
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 475, in read
raise SerialException('read failed: {}'.format(e))
serial.serialutil.SerialException: read failed: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
[[email protected] aftv2-tools]#
kingwill101 said:
[[email protected] aftv2-tools]# ./complete.sh
1: 0xd1
4: 0x00 0x00 0x00 0x00
4: 0x00 0x00 0x00 0x01
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 468, in read
'device reports readiness to read but returned no data '
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./read32.py", line 69, in <module>
ret = read32(addr, size)
File "./read32.py", line 45, in read32
print_hex_byte(dev.read(2)) # status
File "/usr/lib/python3.5/site-packages/serial/serialposix.py", line 475, in read
raise SerialException('read failed: {}'.format(e))
serial.serialutil.SerialException: read failed: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
[[email protected] aftv2-tools]#
Click to expand...
Click to collapse
You are on any version.
You can access to recovery now
New User, so apologies if this post is in the incorrect format :fingers-crossed:
Sorry if TL,DR: but the more information on my issue I give you the less chance your advice encounters any variables.
Recently got into ethical Hacking / pentesting.
Wanting to use a nethunter ROM on my Nexus 5 so when I inevitably break something its replaceable and not my gaming rig.
I did the following:
- Installed Nexus Root Toolkit on my laptop.
-Unlocked the boot loader from this first.
-Then installed Root Permissions and TWRP
These initial steps seemed to have worked.
Boot loader marked as unlocked, SU app installed upon booting new ROM, checks as rooted, and TWRP was being interacted with on the next step.
I then selected the 'advanced' menu in the Nexus Root Toolkit.
And flashed the .zip file for the hammerhead nethunter build version 3.0
There was advice to do several things during this step which I have ignored due to not understanding the process.
- installing gapps. I believe the gapps version for hammerhead is 6.0 however it's listed purpose was to allow access to Google play apps which I have so I discarded this step.
- installing over cryogenmod 14.1 as my Android build is marshmallow 6.0.1. This is the advice I received on the official Kali site, that Nethunter was designed to be used over CM, and perhaps my issue as I flashed it over the stock OS for the phone.
Once the nethunter zip file was flashed through the root Toolkit, I rebooted my phone and logged on. After the initial setup I had all of the applications and the background for the KL Nethunter build, however I encounter a major issue trying to set them up.
When I go to set up the Chroot. I select download option, and then "full Chroot install".
I am then prompted with a message saying bad handshake / server error and I am unable to get past this stage.
The error message is " javax.net.sslSSL handshake exception" no valid pins found in chain.
I am not using a mobile carrier only Wi-Fi.
This is killing me because obviously it means I basically don't have nethunter lmao :laugh: really not funny but any human input you guys can offer with this challenge would be immensely appreciated. I want to begin hooking this up to a TP Link Wi-Fi receiver and I'm extremely demoralised by the fact I can't complete what is essentially " the easy bit ".
Disclaimer - I will follow any suggested links to the letter but for the record. I have combed YouTube. Google. XDA and several other sources for a fix to this. I am aware I need a Kali " arm-hf" file however can't find a repository for such a download or I would download it to the Sd and try to mount it manually!
I just pretty much completed the same process on my nexus 7 (2012) which resulted in me being stuck at the same point. Doing a search has lead me here for possible resolution to our issues.
"The error message is " javax.net.sslSSL handshake exception" no valid pins found in chain."
UPDATE:
I was able to locate the file within the zip file we had flashed to install kali.
Full path was /data/local/kalifs-full.tar.xz
I manually extracted and copied to /emulated/sdcard and ran the chroot wizard and chose to install from sd, it's extracting now.
I'll update once extraction has completed (this tablet has the slowest writes, ever..)
Here is the link to kali chroot.
8point6 said:
I just pretty much completed the same process on my nexus 7 (2012) which resulted in me being stuck at the same point. Doing a search has lead me here for possible resolution to our issues.
"The error message is " javax.net.sslSSL handshake exception" no valid pins found in chain."
UPDATE:
I was able to locate the file within the zip file we had flashed to install kali.
Full path was /data/local/kalifs-full.tar.xz
I manually extracted and copied to /emulated/sdcard and ran the chroot wizard and chose to install from sd, it's extracting now.
I'll update once extraction has completed (this tablet has the slowest writes, ever..)
Click to expand...
Click to collapse
build.nethunter.com/kalifs/kalifs-latest/kalifs-i386-full.tar.xz
I see they dropped support for the nexus 7 2012, likely due to lack of space. I was able to get a full extract done, but hope enough info has been relayed to get you and anyone else past the error we had received. If I pick up where I left off, I'll try to provide an update on this, tabled for now.
I'm on stock oos 10.3.11(Rooted and have twrp 3.5.2). Today I decided to install nethunter 2021.2 on my device.
since my last try with 2021.1 was a failure Installation was complete and finished but was stuck with bootloop last time.
But this time, I stuck on installation itself. I'm getting not enough free space on /system error during the installation.
I googled for like 2 hours and found only one article about this issue but that article was about lineage os.
solution from that article is moving pre-installed apps from ‘/system/app/’ to ‘/sdcard/Documents/’ temporarily.
So i tried to move some pre installed apps using the command it provided but it's not working and little bit out dated it seems. so i tried the help function in terminal but i don't know which options i should be using in order to do that operation. I don't want to brick my device. So, if anyone know how to fix this issue, please help me out here.
nethunter dl link: https://images.kali.org/nethunter/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip
solution for lineage os link: https://www.zerodaysnoop.com/how-to/how-to-install-nethunter-lite-part-2/
Amudhan501 said:
I'm on stock oos 10.3.11(Rooted and have twrp 3.5.2). Today I decided to install nethunter 2021.2 on my device.
since my last try with 2021.1 was a failure Installation was complete and finished but was stuck with bootloop last time.
But this time, I stuck on installation itself. I'm getting not enough free space on /system error during the installation.
I googled for like 2 hours and found only one article about this issue but that article was about lineage os.
solution from that article is moving pre-installed apps from ‘/system/app/’ to ‘/sdcard/Documents/’ temporarily.
So i tried to move some pre installed apps using the command it provided but it's not working and little bit out dated it seems. so i tried the help function in terminal but i don't know which options i should be using in order to do that operation. I don't want to brick my device. So, if anyone know how to fix this issue, please help me out here.
nethunter dl link: https://images.kali.org/nethunter/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip
solution for lineage os link: https://www.zerodaysnoop.com/how-to/how-to-install-nethunter-lite-part-2/
Click to expand...
Click to collapse
Im getting the exact same issue with my stock OOS 10.2.12. I was able to successfully disable dm-verity and force encryption. When I got to the step of installing nethunter I ended up with
"Error: Not enough space on /system to continue!
Aborting...
Cleaning Up...
Failed to install Kali Nethunter!
Updater process ended with ERROR: 1 Error installing zip file usbstorage/Download/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip"
I am getting the same issue on a OnePlus 6T, OOS 10.3.12
The steps I follow to install are:
Wipe data
Flash stock ROM
Flash TWRP Installer Zip
Reboot into TWRP
Flash force-decrypt
Flash magisk
I verify with Root Checker that I do indeed have root
I also verify that force-decrypt works by:
Mount vendor
cat /vendor/etc/fstab.* | grep force
No output - suggesting decryption is successful
I am using the official Oneplus 6 Kali image from:
Get Kali | Kali Linux
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
www.kali.org
Any advice on how to fix this?
Thank you!
Hey guys,
try this
for me this works!
5K1PP3R said:
Hey guys,
try this
for me this works!
Click to expand...
Click to collapse
I tried that but it didn't work. Im not really in the mood to try the other method. I'm just going to get another phone to do it with because Im using this one for some personal stuff I dont want deleted anyway. Great post though, should help someone out for sure.
So heres the steps I used to get Nethunter up and running.
Tmobile 6T user converted to International. (So for all of you running 6, skip the next paragraph and start at Unlock bootloader).
Started fresh with a msm firehose, went back to android 9. Updated to whatever the version you had to download first to get to 10. 9.0.17 I believe. Then after that I upgraded to the very last 10 version. 10.3.12.
Unlock bootloader.
After that I install magisk, pull the payload from the 10.3.12 firmware and pull my boot.img. Patch it.
Boot into TWRP, flash the magisk boot img. Boot into OOS
Now heres the part where everyone (myself included) messes up. Install nethunter via magisk, and not via TWRP. There's just something messed up with how the storage size of system is being reported to the nethunter install script. I've had plenty of space and the script say theres not enough space 0mb free.
Installing via magisk worked just fine as far as app support goes. I haven't checked functionality beyond an apt upgrade and booting into KeX so I havent put it through its paces yet.
Edit: You can also disable system updates afterwards by running:
Code:
adb shell pm disable-user --user 0 com.oneplus.opbackup
i have had the problem o when trying to flash nethunter through twrp it always ending in error not enough space blah blah it was doing my head in but i found a solution so fdroid goto an app called smart flasher and flash it through that it will install after rebooting