Database Info

[STOCK] [MM] Root Xperia Z5 Premium Sony Stock Marshmallow (Android 6.0) Guide

The updated cross-device Sony thread tested with Nougat is here.
Guide updated on 21 October 2016.
PREFACE
First of all, this guide will probably work for all recent Sony phones.
This guide is based on a work of number of people. The information how to get this goal achieved is very sparse and it is scattered across the Internet. There are lot of guides, but typically they require a strong familiarity with many things, so inexperienced users may became confused. I decided to assemble a detailed newbie-friendly guide myself. So here it is.
Get rooted stock Sony firmware is not a straightforward and easy task, but if all steps covered in this guide are performed well, the goal will be achieved. Since the creation of this guide, stock firmware versions got bumped multiple times, but nothing has changed fundamentally in terms of rooting.
In this guide I (and you) will use the stuff from these notable people:
@Androxyde — Flashtool
@IgorEisberg — XperiFirm (integrated into Flashtool)
@Dees_Troy et al. — TWRP
@Chainfire — SuperSU
@tobias.waldvogel — Kernel repack script and DRM fix
@zxz0O0 — iovyroot
The whole process divided into the following steps:
Getting your phone recognized by your computer (driver installation).
Backup your DRM keys.
Unlocking a bootloader.
Flashing stock firmware with Flashtool.
Repacking and flashing a kernel.
Rooting with SuperSU.
Restore your DRM keys.
Optional tasks.
The one thing to consider before the flashing of your Xperia phone is the unlocking of the bootloader. There is the official way of doing this provided by Sony. It's easy and straightforward. Check step #3 below.
Before unlocking, one should know the main caveat: once you have unlocked your phone, you have lost your DRM keys. These keys are used to make certain proprietary Sony functions to work, such as X-Reality for Mobile, camera noise suppression and some others. It is possible to backup your keys in beforehand and restore them once the phone is rooted. This will be covered in this guide.
The repack script mentioned before, incorporates a so called DRM fix which effectively emulates lost DRM keys and most of proprietary functions remain in a working state. This fix will suffice for most users, so you probably may want to root your phone straight away, nevermind the keys. I hadn't myself extracted and restored DRM keys ever, since DRM fix works perfectly for me, so you may want to forget about these keys too. Some users are not ready to just erase them, however. The choice is up to you, but if the camera performance is your sole concern, I can confirm that with DRM fix it works perfectly.
After the completion of this guide, your phone contents will be completely erased, so you may want to backup all what is important to you to some external locations. External microSD card will not be erased, so you may copy your stuff to it. If you are on a rooted Lollipop or older Android, you may want to use some specialized tools like Titanium Backup or like. TWRP also have a nice backup features, if you have one already installed.
The guide was tested on Windows 10 Pro 64-bit and Sony Xperia Z5 Premium Dual-SIM E6883 official model for the Russian market. During the course of this guide you will get a specific firmware for your particular market so don't worry, this guide is market-agnostic. It is even model-agnostic. I believe this guide works for most Xperia phones on the market, but I personally tested it just with my Z5 Premium.
Let's go.
1. GETTING YOUR PHONE RECOGNIZED BY YOUR COMPUTER (DRIVER INSTALLATION)
During the course of this guide, your phone will comminicate with your computer in Fastboot and Flashmode connection modes. When connected in these modes, for the phone to be properly recognized by a computer, you have to provide special drivers. Thanks to Flashtool creators, it comes bundled with generic drivers compatible with all recent Windows operating systems, so at first you should install Flashtool. You can get installer from the official website.
Next, you should install Fastboot and Flashmode drivers for your phone.
One caveat here however, these drivers are not from a "recognized Windows developer", that is they are not Windows-certified, so to get them installed on Windows 8/10, you should reboot with the disabled driver signature enforcement. Use Google to know how to perform this.
Once booted in the aforementioned mode (or in a regular mode if you are still on Windows 7), proceed to the actual driver installation. The drivers are packed into the Flashtool\drivers\Flashtool-drivers.exe executable, but it didn't work on my system, perhaps because it is 64-bit (but feel free to try it yourself), so I simply unarchived it with 7-Zip (right-clicked it and chose 7-Zip > Extract to "Flashtool-drivers"). I got a Flashtool-drivers folder, which contained all the drivers from the executable.
Once drivers are unpacked, connect your phone in a Fastboot mode. Recent Sony devices can boot in Fastboot just like this: shutdown the phone, press and hold Volume Up rocker button and connect USB cable to the phone while the other end is connected to a running PC. The phone's LED will turn blue shortly. That's it, you are in a Fastboot mode. Open Device Manager (Win + X, Device Manager) and check if there is some unknown device (with the name S1Fastboot or something like this).
Double-click this unknown device in the Device Manager, click Update Driver..., then Browse my computer for driver software, and choose the Flashtool-drivers folder created earlier with 7-Zip (leave Include subfolders checked). Shortly you will get a red warning dialog window, which inform you that this driver doesn't have a proper signature:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Very scary. Just proceed with the install despite all the red flags, it's safe.
Once Fastboot driver is installed, plug out the USB cable off the phone and connect it in a FlashMode mode. This is done just like for Fastboot, but in this case you should press and hold Volume Down rocker button during the cable plugging in. The LED in this case will be green and not blue. The procedure to install the driver is exactly the same.
After the successful installation, try to reconnect the phone in these modes again couple more times to make sure all devices get properly recognized by Windows. If all seems good, proceed to the next step.
2. BACKUP YOUR DRM KEYS
There is a tool called iovyroot, with which you can backup your DRM keys from an unrooted phone, but at the time of the writing it doesn't support latest firmwares. It does support a lot of older firmwares so it may be useful to not upgrade your phone before checking up this tool.
If you're into this backup DRM thing, go to the original thread, download the latest version and check if it is working for you. For now I just skip this step. Basically, you want to download the zip, connect your phone in USB Debugging mode, run the tabackup.bat script and see the output.
I will not cover DRM keys extraction/restore in details, since I never did it, so I don't want to write about something I haven't myself performed. Please check corresponding threads.
Note that most proprietary Sony features will work even without DRM keys, such as X-Reality for Mobile, camera denoise filter and some others. DRM fix will be covered later in this guide. Some features will not work with DRM fix, Widevine for example. Most users will not even notice these.
3. UNLOCKING A BOOTLOADER
Sony does provide its own guide. It is a plain and simple and — good news! — if you have followed the previous steps, you just got all the prerequisites covered!
4. FLASHING STOCK FIRMWARE WITH FLASHTOOL
The Flashtool was installed on the completion of the first step, so let's start it. If you are on 64-bit Windows, start Flashtool64 (there is a shortcut in the Start menu). It does require administrator privileges.
Once you are in Flashtool, at first you need to obtain the most recent official stock firmware from Sony. Press the "XF" icon (the right-most one in the toolbar) to start XperiFirm. The window will open, choose the phone from the left part of the window (Xperia Z5 Premium (Satsuki)), then choose your particular model (I chose E6883 Dual) and after that choose your market and operator from the right part of the window. I chose 1299-4828 Russia Customized RU. Of course, you don't have to choose exactly this, click on the entries of your own choice. The entry will become highlighted and shortly there will be some info in the last column (Latest Firmware). This definition will be also in the right-most part of the window just under the phone thumbnail, click on it. Not a brilliant design decision, but that's it. Here is a screenshot for your reference:
The new window will pop up, press Download. The stock firmware will be downloaded to your computer and unpacked. Once the download is completed, close all XperiFirm windows to return to the main Flashtool window. Flashtool will begin creation of the .ftf file from the downloaded files which will be used for a (subsequent) flashing. FTF-files are similar to ZIP-files, and may be opened with 7-Zip. I've got E6883_32.2.A.0.305_1299-4828_R4C.ftf after the completion of this procedure. Flashtool places firmwares in the C:\Users\<Your Windows Username>\.flashTool\firmwares.
Now, once the stock firmware is downloaded, packed into .ftf and ready to be installed, let's do this. Disconnect the phone for now, physically extract microSD card (if any) and press the left-most button on the Flashtool's toolbar (the "Lightning" one) and choose Flashmode. The Firmware Selector window will appear with a selected default folder and list of all firmware available for a flashing. I've got a single entry, the firmware I just downloaded. Before actual flashing, you can check some checkboxes from the Wipe section, I usually check all to start clean (all the data on the phone is erased). Once again, just to be safe, extract the microSD card from the phone at this moment. It is not needed for a flashing anyway. Here is how the window looked to me:
After all is set up, press Flash. The flashing process will begin. At first Flashtool will prepare files for a flashing. After a while, window will appear which will ask you to connect the phone in the Flashmode mode. Shutdown the phone, hold the Volume Down button, connect the USB cable. Once Flashtool detects the phone in the Flashmode mode, it will start the actual flashing automatically.
After the completion of the flashing procedure after some minutes, you'll get a stock Sony firmware installed, and now it is perfect time to proceed to the next step. You may leave your phone off at this moment, but if you are curious, start it up and check if the new Android is actually there. Note however that first start after the firmware installation takes a long time.
5. REPACKING AND FLASHING A KERNEL
To get the stock firmware rooted, you need a way to install SuperSU. SuperSU is some tool which enables root access to the Android system. To install SuperSU, you need TWRP. To run TWRP, you need a kernel, which supports both TWRP and your Android version.
You can extract the kernel from .ftf file, prepared by Flashtool earlier, repack it and integrate TWRP (and DRM fix) into it, and finally flash it to your phone back modified. Sound like a complex task but it's definitely achievable.
At first you should extract the actual kernel from the .ftf file. Reminder: it's in the C:\Users\<Your Windows Username>\.flashTool\firmwares folder and may be titled E6883_32.2.A.0.305_1299-4828_R4C.ftf or something like this. Open it as an archive (right-click on a file, 7-Zip > Open archive) and extract kernel.sin. It's your phone's packed kernel.
If it is packed, obviously you need to unpack it. Thankfully the almighty Flashtool can do this. Open Flashtool, navigate to the Tools > Sin Editor, select a kernel.sin you've just extracted and press Extract data. As a result, you'll get a kernel.elf file in the directory where your packed kernel was. As you may have guessed, kernel.elf is an unpacked kernel. It can be modified, repacked and flashed back to the phone. Let's do this.
You will need a Stock kernel repack script from @tobias.waldvogel. Here is the original thread. Grab the script there. I used v5.0 and it worked perfectly for .253 and older.
Once the contents of the zip-file are extracted to some directory, copy the kernel.elf there and summon command prompt in this directory (right-click in the empty space of this folder in File Explorer with the Shift button pressed and choose Open command windows here).
In the command line type the following:
Code:
rootkernel.cmd kernel.elf boot.img
You'll get some questions about adding some features/tools to your kernel, feel free to answer "Yes" (type Y) to all of them. Screenshot for your reference:
If all went smoothly, you'll get a repacked kernel, boot.img in the script folder, supercharged with TWRP and DRM fix, and most importantly, which also supports rooting. Now it is time to flash it to your phone.
Turn off your phone and connect it in a Fastboot mode: hold the Volume Up rocker button and connect USB cable. The LED on the phone will turn blue.
Flashing images in this mode is typically done with a fastboot.exe from the Android SDK. Android SDK weighs many gigabytes but thankfully you don't need to download it. Fortunately Flashtool contains fastboot.exe from the SDK. It's in the Flashtool\x10flasher_lib folder. For the brevity of the following steps, copy the newly generated boot.img to this folder. Shift-right-click in the empty space of this folder window and choose Open command window here entry from the context menu. Windows console will appear.
At first try this command:
Code:
fastboot.exe devices
If all is good, there will be one device in the output of this command, just like this:
If not, perhaps there is some driver issue, so head back to the step #1 and make sure the drivers are installed correctly.
If your device is shown correctly, let's flash some files to the phone. Execute the following command to flash the modified kernel:
Code:
fastboot.exe flash boot boot.img
The proper output of this command will be like this:
If you get any errors, the first and more likely reason is that you still have a locked bootloader. Head to the step #3 to verify its state and unlock it if necessary.
If there were no errors, you now just flashed a custom kernel with TWRP recovery and DRM fix. You're almost done! You may plug out the cable from your phone. If you are attentive to the details, you'll notice that now, once your phone is started, its LED turns amber for 2-3 seconds. This is a special signal for those looking to boot into a recovery (TWRP).
Although @tobias.waldvogel claims his script is able to also integrate SuperSU during the kernel repacking, I didn't managed to get this working, so the SuperSU installation is a separate step in my guide. The next step.
6. ROOTING WITH SUPERSU
Now when you have TWRP in place and Marshmallow installed, let's root it. SuperSU distributed in a TWRP-friendly .zip archives, so you should copy one to your microSD card. I used beta version 2.78 SR1 from here. At the time of your reading, there probably will be some newer versions available, try them instead.
Once SuperSU zip-file is copied to your microSD card, reboot to recovery (TWRP). To do this restart or power up your phone and look at the LED. Once it lights amber, press Volume Up rocker button and you'll get into recovery — TWRP 3.0.
To install SuperSU, press Install, go to the /external_sd and select the .zip (in my case SR1-SuperSU-v2.78-SR1-20160915123031.zip). Swipe right to confirm installation. Once it is installed, press Reboot System button. Phone will reboot twice. Do not interfere with the phone during these multiple reboots, the things are getting done right, so just wait once Android is started. Once it's started, the phone is rooted and functional!
7. RESTORE YOUR DRM KEYS
If you had successfully backed up your DRM keys in step #2, it is now time to restore it back to the device. There is a flash_dk.cmd script shipped with the Root kernel repack script you used in the previous step. flash_dk.cmd can be used to flash the DRM partition back to your phone.
At first prepare the flashable .ftf:
Code:
flash_dk.cmd <ta backup image> dk.ftf
And then flash dk.ftf via Flashtool, just like you flashed the whole firmware in the step #4, but don't wipe anything this time.
8. OPTIONAL STEPS
8.1. Xposed installation
Since Z5P uses Lollipop and later, you should install Xposed APK from here. At the time of writing there is XposedInstaller_3.0_alpha4.apk installer there.
Once APK is installed, grab the latest .zip from the repository, I've got xposed-v86-sdk23-arm64.zip. Install it in a regular TWRP way covered in step #6.
Once all these steps are done, you should have Xposed Installer app in your phone, and if you open it and check Framework section, if everything is alright, there will be text in green, something like "Xposed framework version 86 is active".
Installation of actual Xposed modules can be performed in different ways. For example you may install HideSimIcons module from @tobias.waldvogel if you've got dual-SIM Z5P and you're mad at SIM-card icons in the system tray. Get the APK from the original thread and install it just like you install regular APKs.
8.2. Resolving Voice Search and random volume up/down issues while using regular headphones
See this thread.
8.3. Disable startup notification if there is a newer firmware available
Some people get annoyed by a persistent notification, which is displayed once the new firmware become available (new Android version from Sony). Rooted users cannot just tap it and update over-the-air, because they need to perform a complex rooting procedure in beforehand (covered in this guide). It is possible to disable this notification. You may get these notifications by email anyway.
The easiest and safest way is to use some autorun manager. I used Autorun Manager Pro and disabled all receivers of system apps com.sonymobile.fota.service, fota update service and Software update. Notification vanished after a restart.
You may even freeze or remove these apps via some app manager like Titanium Backup Pro.
THAT'S IT
At this point you have a stock Sony Android enhanced with root privileges. SuperSU app is also installed, so you are ready to use root right away. SuperSU now can be updated in a regular way via Play Store.
P.S. WHEN NEW FIRMWARE IS AVAILABLE
Once the new firmware is released, you may perform the same procedure for it beginning from the step #4, but if it is a minor upgrade, you may want not to wipe anything during Flashtool flashing this time. If it is a major upgrade, e.g. Marshmallow > Nougat, you probably may want to start with a clean system and wipe all.

Hello
THX for this guide
ihave this problem
C:\Android\sdk\platform-tools>fastboot.exe flash boot E6883_MM_ROOTABLE_PERMISSIVE_boot.img
target reported max download size of 536870912 bytes
sending 'boot' (15548 KB)...
OKAY [ 0.353s]
writing 'boot'...
FAILED (remote: Command not allowed)
finished. total time: 0.384s
---------- Post added at 12:01 PM ---------- Previous post was at 11:59 AM ----------
I dont have this folder with"Flashtool\x10flasher_lib f"

get2easy said:
Hello
THX for this guide
ihave this problem
C:\Android\sdk\platform-tools>fastboot.exe flash boot E6883_MM_ROOTABLE_PERMISSIVE_boot.img
target reported max download size of 536870912 bytes
sending 'boot' (15548 KB)...
OKAY [ 0.353s]
writing 'boot'...
FAILED (remote: Command not allowed)
finished. total time: 0.384s
---------- Post added at 12:01 PM ---------- Previous post was at 11:59 AM ----------
I dont have this folder with"Flashtool\x10flasher_lib f"
Click to expand...
Click to collapse
Hello. This seem like a driver problem to me. Or maybe bootloader is locked. Was fastboot driver installed from the Flashtool package? Do you have your bootloader unlocked?

Hy THX for ure answer.
Drivers are installed, but myBL is LOCKED!! Must i have UL BL??

get2easy said:
Hy THX for ure answer.
Drivers are installed, but myBL is LOCKED!! Must i have UL BL??
Click to expand...
Click to collapse
Sure, I've explicitly stated in the preface section of this guide, that you need to unlock your bootloader to get things done.

OK THX. I dont will loose my performance and the quality from the cam. I wait when is available from the Locked BL.

Hey thank you for posting this it helped a lot! But I don't really know what happened after I flashed the custom kernel and TWRP my phone won't recognize the microSD, not even when booting at recovery. Help.

renezada88 said:
Hey thank you for posting this it helped a lot! But I don't really know what happened after I flashed the custom kernel and TWRP my phone won't recognize the microSD, not even when booting at recovery. Help.
Click to expand...
Click to collapse
I heard about this issue with some large microSD cards of sizes >=128 GB. What is your card?

128gb indeed

renezada88 said:
128gb indeed
Click to expand...
Click to collapse
That's probably a kernel issue. You can try to ask support from its creators, but don't expect anything, because this all is a volunteer work.

get2easy said:
OK THX. I dont will loose my performance and the quality from the cam. I wait when is available from the Locked BL.
Click to expand...
Click to collapse
Just updated the guide, adding the last section (P.S.). Check it out, you may be interested.

Fragmentation said:
That's probably a kernel issue. You can try to ask support from its creators, but don't expect anything, because this all is a volunteer work.
Click to expand...
Click to collapse
Solved it! I needed the E6583 kernel not the E6883. Thanks for everything now root is working with that kernel and it reads the microSD.

Fragmentation said:
Just updated the guide, adding the last section (P.S.). Check it out, you may be interested.
Click to expand...
Click to collapse
sir are all the drm protected features restored by the mod????, and my phone is already MM can I proceed to the 3rd step??

renezada88 said:
Solved it! I needed the E6583 kernel not the E6883. Thanks for everything now root is working with that kernel and it reads the microSD.
Click to expand...
Click to collapse
That's good. I will update the guide and explicitly mention, that it is needed to pay attention to what particular model the phone is. There are different kernel options for different models of Z5P.
1dave said:
sir are all the drm protected features restored by the mod????, and my phone is already MM can I proceed to the 3rd step??
Click to expand...
Click to collapse
I think they are all restored, however I applied the mod just yesterday and checked only photo quality in dark conditions. X-Reality is also seems like works properly, but honestly I didn't tested it before and after the mod. So far so good.
If you already have stock MM, proceed to the stage 3 directly. But of course you should have fastboot drivers properly installed, if not, head to the stage one.

Does anybody have some problem with whatsapp notification when the smartphone is wifi connected?
Sometimes I don't receive any message until I enter the application. This does not happen if I am connected via 3g.
Edit: Sometimes I received delayed whatsapp notification even if the smartphone is connected through 3g.
Inviato dal mio E6853 con Tapatalk 2

We needs this! A light for LB users... Someone can port for Z5? ?
http://forum.xda-developers.com/showthread.php?t=3337357
Enviado de meu E6853 usando Tapatalk

Guto ViP said:
We needs this! A light for LB users... Someone can port for Z5? ?
http://forum.xda-developers.com/showthread.php?t=3337357
Enviado de meu E6853 usando Tapatalk
Click to expand...
Click to collapse
1. There is no dm-verity on Z3 Beta MM but we have it
2. Flashing needs working recovery for locked bootloader (it needs root to install recovery!)

Is it possible to make a flashable.zip of twrp? For a pre-rooted stock rom

Black_Focus_X said:
Is it possible to make a flashable.zip of twrp? For a pre-rooted stock rom
Click to expand...
Click to collapse
That'd be great !

Black_Focus_X said:
Is it possible to make a flashable.zip of twrp? For a pre-rooted stock rom
Click to expand...
Click to collapse
If you are talking about the PRFCreator, then no, currently it doesn't work with Marshmallow for some reason. Check the corresponding thread.

Lenovo Tab3-710f custom recovery?

We are trying to get hold a custom recovery for Lenovo Tab3-710F. We are using hundreds of Lenovo tablets in our projects and have up until now used Tab2 A7-10 which has a custom recovery build for it (found here att XDA).
The reason we need the custom recovery is for cloning the unit which works good in CWM or TWRP.
The problem now is that Lenovo have stopped selling Tab2 so we are now stuck with a unit we cant clone.
Have somebody successfully created a custom recovery for the unit? If not or if you have we are offering payments/devices to get this working asap. Are you interested please PM us? When we have it we can share it to the world here no problems for us.
If you need to root the device KingoRoot latest APK works.
So hope somebody can help us.

Perhaps useful for you: I've managed to extract the stock rom of a brand new TB3-710F
http://forum.xda-developers.com/android/help/lenovo-tab-3-7-essential-tb3-710f-mt8127-t3416397
This also includes the "recovery.img" so you could try to change this image and simply flashing it. If it does not work you'll have a stock rom to restore it.

gogetrd said:
We are trying to get hold a custom recovery for Lenovo Tab3-710F. We are using hundreds of Lenovo tablets in our projects and have up until now used Tab2 A7-10 which has a custom recovery build for it (found here att XDA).
The reason we need the custom recovery is for cloning the unit which works good in CWM or TWRP.
The problem now is that Lenovo have stopped selling Tab2 so we are now stuck with a unit we cant clone.
Have somebody successfully created a custom recovery for the unit? If not or if you have we are offering payments/devices to get this working asap. Are you interested please PM us? When we have it we can share it to the world here no problems for us.
If you need to root the device KingoRoot latest APK works.
So hope somebody can help us.
Click to expand...
Click to collapse
Did u manage to get TWRP or CWM for TB3-710F ?

zwirc said:
Did u manage to get TWRP or CWM for TB3-710F ?
Click to expand...
Click to collapse
Yes, I built it for them. Download here

@Tzul @gogetrd We are trying to achieve something similar, configure about 700 tablets of this model. I have played with custom ROMs in the past, but mostly as a consumer (e.g. Cyanogen on personal devices).
It is my understanding that installation using the files provided by @Tzul would require to;
0. create a custom ROM.
Then for each device
1. root device (e.g. Developper mode, allow "Unknown source"s, adb install one rooting apk, run it, etc).
2. install custom recovery on device
3. flash custom ROM
Am I right?
If so do we agree that the time spent doing these operations might be about similar than the time spent e.g. manually installing / configuring the device? Or is there a way to automate the steps above?

You can configure 1 tablet, then extract the ROM and flash it with the "download mode". You don't even need to boot the tablet!
If you want more info let me know, back from holiday in a few days

@lacostej You can certainly automate some steps, and you do not always need root. (And the best way to root is to install the latest SuperSU via TWRP; no need for questionable apps that are doing who knows what...)
There are three ways to install another firmware:
The MediaTek SmartPhone Flash Tool (SPFT). This is a PC program (Windows and Linux) that allows reading and writing of the entire internal storage (on a partition granularity). Via USB, while the device is powered down. Only for devices based on MediaTek chips, of course (this tablet is MediaTek-based).
Fastboot. This is a little USB protocol implemented by the bootloader. A Fastboot client on PC can communicate with the bootloader via USB and execute certain commands, e.g. "fastboot flash" for flashing partitions. However, there are a few drawbacks with this:
First, you need to boot the device into fastboot mode. Some devices have a boot menu that allows you to do this, but this device doesn't. Starting the tablet via power+volumeUP takes you directly to the recovery instead of a boot menu. But in the recovery, whether stock or TWRP, there's a reboot to bootloader option. Using ADB (adb reboot bootloader) should also take you there.
Second, the "fastboot flash" command is restricted on this tablet. If you were to use "fastboot flash recovery <recoveryfilename_here>", for example, it would abort with an error message. I have patched the bootloader to allow the flash command, but you'd first need to install this patched version on your tablet(s), of course, via SPFT or other means.
Third, the "fastboot flash" command has a size limit - the bootloader needs to buffer the USB data in RAM before it can be written, and since the tablet has only 1 GB of RAM, you obviously can't flash a 1 GB system image this way. The buffer is actually a lot smaller: just 128 MiB. Meaning whatever file you send to the tablet via "fastboot flash", it cannot be larger than 128 MiB. So, how do you flash the system or userdata partition then, which are much, much larger? By splitting their image file into many smaller "sparse" image files, each of which is below the size limit. There's probably a tool for doing this, but I don't know any details.
TWRP, or another custom recovery. They allow you to create and restore backups. TWRP has some automation support via OpenRecoveryScript.
So, if you have 700 tablets to configure, you can configure just one, then save its state via SPFT or TWRP, then restore that on each other tablet.
What is its "state"? Well, the system, cache, and data partitions. The system partition is normally read-only and won't change, therefore you do not need to clone it. Unless you install root and modify stuff on the system partition, of course. The cache partition is quite irrelevant. It is the data partition that has all the app settings.
However, if you clone the data partition from one tablet to others, then you're causing each tablet to use the same Android ID (a long number identifying an Android device, usually randomly generated when Android is first booted after a factory reset), the same Bluetooth and WiFi MAC addresses, and some other IDs that should be unique on each device (the tablet's Lenovo serial number might be in some cloned files as well, e.g. the WiFi settings).
You can at least avoid cloning the MAC addresses by deleting the entire directory /data/nvram/ before you create your backup. MediaTek devices have a dedicated NVRAM partition that contains the MAC addresses and some other stuff, and this data gets unpacked to /data/nvram/ when Android boots. Unless the files there already exist. So, by deleting /data/nvram/ before you clone, you force each tablet to extract its unique MAC addresses again at the next boot...

Thanks a lot for the feedback. Really appreciated.
Tzul said:
@lacostej And the best way to root is to install the latest SuperSU via TWRP; no need for questionable apps that are doing who knows what...
Click to expand...
Click to collapse
Doesn't SuperSU already requires root? (http://forum.xda-developers.com/showthread.php?t=1538053)
How did you get root on your Lenovo device? (I assume you had one to dump the image)
However, if you clone the data partition from one tablet to others, then you're causing each tablet to use the same Android ID (a long number identifying an Android device, usually randomly generated when Android is first booted after a factory reset), the same Bluetooth and WiFi MAC addresses, and some other IDs that should be unique on each device (the tablet's Lenovo serial number might be in some cloned files as well, e.g. the WiFi settings).
.
Click to expand...
Click to collapse
That's exactly the thing I was worried about when it comes to cloning. Those problems might arise later during QA, and I probably don't have the time required to do it properly this time.

lacostej said:
Doesn't SuperSU already requires root? (http://forum.xda-developers.com/showthread.php?t=1538053)
How did you get root on your Lenovo device? (I assume you had one to dump the image)
Click to expand...
Click to collapse
SuperSU is just like any other root manager. It provides the actual "su" (superuser) binary that other programs rely on to obtain root privileges, plus an Android app for managing permissions and settings. The su binary needs to be installed on the system partition (at least traditionally), but in order to get write access there, you need root privileges. Therefore, this is a chicken and egg problem: SuperSU provides root, but it also needs root in order to be installed. Other root manager are no different - except that some try to exploit security flaws in Android in order to temporarily obtain root and install their su binary.
Anyway, the classic solution to this conundrum is the (custom) recovery: it basically has root built-in. It can write to the system partition by default, after all one of its jobs is to install firmware updates.
TWRP includes a SuperSU stub. If you leave TWRP via the Reboot menu, it checks whether or not the su binary is installed (at least in Android 4 and 5), and if it isn't, it asks if you'd like to install the SuperSU stub. Which you can then use in Android to update to the latest SuperSU via Play Store. But you can also install SuperSU's latest "update zip" in TWRP to immediately install the full version.
lacostej said:
That's exactly the thing I was worried about when it comes to cloning. Those problems might arise later during QA, and I probably don't have the time required to do it properly this time.
Click to expand...
Click to collapse
Yeah, it is annoying. MediaTek apparently wisened up a bit. Newer platforms they produce do not unpack the NVRAM partition to the data partition anymore. Instead, they use a dedicated "nvdata" partition for that purpose. That way, if you clone the data partition, you at least won't include the unpacked NVRAM data (MAC addresses and IMEI). But still, some other IDs such as the Android ID, references to the serial number, etc. will very likely be referenced by some other files on the data partition.
I created a little "update zip" that can be "installed" via TWRP, which is just a shell script that tries to delete all the files on the data partition that contain unique or sensitive info. I use it to "clean" a data partition before publishing it. But it's not perfect yet...

@Tzul Your modified rom is great. But I have one problem with it.
When you connect your turned off device to the power supply there is a clock and charging animation. The clock is several hours ahead of the system clock. System clock and clock during the charging are connected (when I change the system time the 2nd clock also changes the hour).
I was trying to use hwclock but without success.
Is there some kind of file where I can set the correct time zone for the 2nd clock?
Sorry for my English.

@Yozen I didn't modify the ROM. I extracted and packaged it.
When the tablet is turned off and then connected to a power supply, it will usually start "off-mode charging" (can be disabled, so that Android will boot up instead). This is handled by the bootloader (LK, lk.bin), which also displays the battery animation and the clock that you see. Apparently the bootloader on this device doesn't handle time zones, because the clock shown uses China Standard Time (CST, UTC+08:00). This is the first MediaTek-based device I've seen which shows a clock in the off-mode charging screen at all. I guess they normally don't because they have no simple way to figure out the user's correct time zone at that stage.

Will this method and these files work for TB3-730F?

Sir, is there a custom ROM available for Lenovo tab3-710f ?

lacostej said:
@Tzul @gogetrd We are trying to achieve something similar, configure about 700 tablets of this model. I have played with custom ROMs in the past, but mostly as a consumer (e.g. Cyanogen on personal devices).
It is my understanding that installation using the files provided by @Tzul would require to;
0. create a custom ROM.
Then for each device
1. root device (e.g. Developper mode, allow "Unknown source"s, adb install one rooting apk, run it, etc).
2. install custom recovery on device
3. flash custom ROM
Am I right?
If so do we agree that the time spent doing these operations might be about similar than the time spent e.g. manually installing / configuring the device? Or is there a way to automate the steps above?
Click to expand...
Click to collapse
How did you do it in the end? I'm trying to do something similar here and am very curious!

.acy said:
How did you do it in the end? I'm trying to do something similar here and am very curious!
Click to expand...
Click to collapse
For us it is this "simple".
1. Manually configure a single device
2. Readback the ROM (get the ROM from the device and store it on your PC) using SP Flash Tool
3. Parse the ROM from a single file to multiple files using Mtk Droid Tool
4. (clear cache partition & remove stuff like serial number)
5. Load your ROM in SP Flash Tool
6. Click start
7. DO NOT START your new tablet
8. Connect it to USB
9. Wait (assuming you already have the preloader drivers installed)
10. Done, new ROM is flashed to your tab!
edit:
Oh and with 700 tablets it might be nice to look into compressing the file as the full 8gb dump we flash (and we don't do a lot these days) will take ~30-40 minutes

mattiemvs said:
3. Parse the ROM from a single file to multiple files using Mtk Droid Tool
Click to expand...
Click to collapse
That's unnecessary, because the SP Flash Tool can already read back partitions into separate files.
Also, you don't need to clone some partitions like cache, and you really should not clone nvram and parts of data, otherwise you'll end up with tablets sharing unique IDs such as MAC addresses, which will cause problems.

Tzul, you are absolutely right! I typed the items from my mind as it has been quite some time since I've created the ROM

tb3-710f s000028
Tzul said:
Yes, I built it for them.
Click to expand...
Click to collapse
Hello tzul,
Thanks for your jobs.
I want to install Lenovo_TB3-710F_S000027_TO_S000028_Patched_Tzul.zip
But i don't know how i do this when i try with SPFT i choose teh scatter-file and i have an error :
sp flash toll error : 5417
The load scatter file is invalid !
hint :
please check the scatter file and select again
Can you help me ? please

@siegheart73 That is a patched OTA update. It needs to be installed by the recovery (stock or TWRP). If a zip file contains a "META-INF" folder, then it's most likely intended for the recovery, and not for the SPFT.

Tzul said:
@siegheart73 That is a patched OTA update. It needs to be installed by the recovery (stock or TWRP). If a zip file contains a "META-INF" folder, then it's most likely intended for the recovery, and not for the SPFT.
Click to expand...
Click to collapse
Thanks for your answer.
I go to test it.
I want to root this kernel 000028 and i have difficult to do it ?
Do you have a easy solution ?
Thanks a lot for your help.

[How-To] Root (Ulefone Armor 6)

Background:
So, I recently bought the, “Ulefone Armor 6” Android phone. I didn't do much research into rooting the phone before I bought it, however tonight I did and couldn't find any solution. So I made my own.
Disclaimer:
I am not responsible if you damage, brick, or willingly alter your phone in any way shape or form blah blah blah, you get the point.
Prerequisites:
Make sure you have drivers installed, here.
Rooting process:
1. Obtain a local copy of the, “boot.img” file from the stock rom archive, which can be found on the, “Ulefone” website.
2. Download the compressed file of your choice, "EU" or "Non-EU." (Ex. I downloaded the one for, "Non-EU" which is, "Armor_6_RF1_V01_user_20190329.tar.gz")
3. Extract the downloaded file in the location of your choice, using your favorite archive extractor (7-zip, winzip, winrar, etc...)
4. To begin the root process, Download the android app or .apk file "Magiskmanager.apk" from the Magisk Manager website, and install it in your, Armor 6 device. (Note: the Play Store does not have the, Magisk Manager app.)
5. Now pass the, "boot.img" file downloaded earlier from your computer to your Armor 6 device. Place the "boot.img" file preferably in the "downloads" folder of your Armor 6 device.
6. Open up the Magisk Manager app, and click, "install 19.3" (or what ever is the current version is) then click, "Select and Patch a File".
7. Locate your, "boot.img" file you placed in your downloads folder, and patch it with Magisk Manager. (Note: This step will create another file named, "Magisk_patched.img" in your device.)
8. After Magisk Manager has patched your file, pass the patched file from your downloads folder, back onto your computer. (Note: Not necessary but customary, to rename the patched file to, "boot.img")
9. Now, in your Armor 6 phone, go to your settings, scroll down to system click it, click on about phone, and then tap the crap out of build number, until you have become a developer.
10. Go back from about phone, click on developer options, and tick on "OEM unlocking." also scroll down and tick, "USB debugging."
11. Download ADB tools with fastboot from Android/Google.
12. With the phone connected to the computer, open up the folder where ADB is located in command prompt and type, "adb reboot bootloader"
13. Now that you are in fastboot mode, type the following prompts into the command. (NOTE: the following commands will WIPE your phone clean to stock, so backup any important files/documents before you wipe.)
fastboot oem unlock
OR (if the first one fails, try the second one)
fastboot flashing unlock
14. Once you have unlocked your bootloader, reboot the phone, "fastboot reboot", wait till the phone boots up, go through the setting up process, enable USB debugging again (Step 13), install magisk manager again, and "adb reboot bootloader" in adb command prompt.
15. Once in fastboot mode again, flash the patched, "boot.img" file. (Note: This command will not wipe your device.)
fastboot flash boot boot.img
16. Reboot the phone once more, open up magisk manager, and enjoy root.
A lot of steps yes, but simple easy to do.
Note: that the basis of my instructions on telling you what to do is my assumption of you the end user having basic if not full knowledge of what I am talking about. Because I wont be providing help for basic knowledge, if that makes sense. I do not plan on making a video as this tutorial is mainly meant for users who already know what of the majority they are doing with the tools they are using. If anyone wants to make a video feel free to share it here, I will added to the thread. thanks!
UPDATE 1.0:
I organized a thread on this link, with everything needed to root, twrp, and stock image.
UPDATE 1.2:
Re-organized this thread. Removed a few steps. Added more detail to this thread specifying a few things.

Extosis said:
Story:
I recently bought the, Ulefone Armor 6 Android phone. Didn't do much research into rooting before I bought it, however tonight I did and couldn't find any solution. So I made my own.
Disclaimer:
I am not responsible if you damage, brick, or willingly alter your phone in any way shape or form blah blah blah, you get the point.
Rooting procedure:
1. Get a local copy of the boot.img file from the Ulefone website (To make things simpler for you, Ulefone.com/index.html > Scroll down and click on "download" > Select your device model "Armor series" "Armor 6" > Scroll all the way down and click the download button for "The latest rom".)
2. Now you are at the google drive folder from Ulefone, with the files you need. Select EU if you have the EU version, or Non-EU for any other country.
3. Download the compressed file of your choice EU or Non-EU. (Ex. I downloaded the one for Non-EU which is, "Armor_6_RF1_V01_user_20190329.tar.gz")
4. Open the file in your favorite archiver software, 7-zip, winrar, etc.... open the first folder in the archive, and extract "boot.img"
5. Download, "Magiskmanager.apk" from their Magisk Manager, and install it in your, Armor 6 phone.
7. Pass the, "boot.img" file from your computer to your cellphone. Preferably the "downloads" folder.
8. Open up Magisk manager, and click install 19.3 (or what ever is the current version) then click "Select and Patch a File".
9. Find your "boot.img" file and patch it with magisk manager.
10. After magisk manager has patched your file, pass the patched file, back onto your computer.
11. Now, in your Armor 6 phone, go to settings, scroll down to system and click it, click on about phone, and then tap the crap out of build number, until you become a developer.
12. Go back from about phone, click on developer options, and tick on "OEM unlocking".
13. Scroll down and tick on USB debugging.
14. Download your ADB tools with fastboot from android/google.
15. With the phone connected to the computer, open up the folder where ADB is located in command prompt and type, "adb reboot bootloader"
16. Now that you are in fastboot mode, type the following prompts into the command. (NOTE: the following commands will WIPE your phone clean to stock, so backup any important files/documents.)
fastboot oem unlock
OR (if the first one fails, try the second one)
fastboot flashing unlock
17. Once you have unlocked your bootloader, reboot the phone "fastboot reboot", wait till the phone boots up, go through the set up process, enable USB debugging again (Step 13), install magisk manager again, adb reboot bootloader in adb command prompt.
18. Once in fastboot mode again, flash the patched boot.img file.
fastboot flash boot boot.img
19. Reboot the phone once more, open up magisk manager, and enjoy root.
A lot of steps yes, but simple easy to do.
Note: that the basis of my instructions on telling you what to do is my assumption of you the end user having basic if not full knowledge of what I am talking about. Because I wont be providing help for basic knowledge, if that makes sense.
Click to expand...
Click to collapse
Nice work around for a phone that doesn't have Twrp
([emoji813]9/[emoji725]/9[emoji813])

PoochyX said:
Nice work around for a phone that doesn't have Twrp
([emoji813]9/[emoji725]/9[emoji813])
Click to expand...
Click to collapse
Upon doing a bit more research, the phone actually has TWRP & a TWRP fork.

How do we know we can trust you? I'm a nubee as I've said.

SteeleB89 said:
How do we know we can trust you? I'm a nubee as I've said.
Click to expand...
Click to collapse
Then this isnt for you and stick with stock... Stock honestly works just certain people want greater freedom with thier phones only issue is with that you yourself at greater risk of breaking something and wouldn't know how to fix it and in situations like that factory restores wouldn't even save you because the system partition doesn't go back to the way it was with a factory restore
Sent from my SM-J327P using Tapatalk

I understand and accept the risk. I'm asking if this is a legit fix or some attempt to put malware on my phone.

SteeleB89 said:
I understand and accept the risk. I'm asking if this is a legit fix or some attempt to put malware on my phone.
Click to expand...
Click to collapse
Well to start with, I didn't attach anything in this thread, only photos.
1. You bought the phone, a phone that is made from a Chinese company, odds are that it already has malware, backdoors, or things you don't want on the OS.
2. Like I said, I didn't attach anything for you to download, so I am not infecting you with anything. Fastboot even comes with Google SDK.
3. Magisk is a wide known group who release root for the public to download/install. Just like TWRP, clockworkmod, cynaogenmod, etc...
4. If you don't feel comfortable doing this process, then like stated above, you should probably feel safer staying with stock & no root.
As I am sure, everyone who mod their devices are fully aware of the consequences of exploiting their devices. Brinking, killing, or messing something up.
Cheers.

For the life of me I cannot get the drivers to install. I've tried on Windows 10 and 7, but can't get fastboot to recognize the device. ADB works just fine, but Windows won't recognize the device when in recovery. I tried the official Ulefone drivers for Windows 10 and 7, as well as the MTK/VCOM usb drivers through manual installation.. How did you get it working? What other drivers are you using?

A.Fitz said:
For the life of me I cannot get the drivers to install. I've tried on Windows 10 and 7, but can't get fastboot to recognize the device. ADB works just fine, but Windows won't recognize the device when in recovery. I tried the official Ulefone drivers for Windows 10 and 7, as well as the MTK/VCOM usb drivers through manual installation.. How did you get it working? What other drivers are you using?
Click to expand...
Click to collapse
I have literally used the "driver installer" from the Ulefone website. Install the MTK/VCOM Drivers.
Adb gets detected in TWRP & Fastboot is found on my computer just fine.
My suggestion would be to check if your anti-virus (if you have one) if it's blocking the drivers from being installed.
Ps: I have the latest Windows 10 1903 x64 Edu and the drivers work perfectly.

Will try at end of month and tell you guys the result later.

Hi!!!
Thanks for the tutorial. I managed to root my Ulefone Armor 6.
Just one thing, maybe it will be nice to add in the tutorial (suggestion): Magisk generates another boot.img file, called magisk_patched. That is the one to be used on step 17 (rename it before).
One question. If I do a factory reset, will the phone remain rooted? Can't remember for the life of me from past roots I've done.

Stabys said:
Hi!!!
Thanks for the tutorial. I managed to root my Ulefone Armor 6.
Just one thing, maybe it will be nice to add in the tutorial (suggestion): Magisk generates another boot.img file, called magisk_patched. That is the one to be used on step 17 (rename it before).
One question. If I do a factory reset, will the phone remain rooted? Can't remember for the life of me from past roots I've done.
Click to expand...
Click to collapse
Oh most definitely. I am actually going to add more detail to this tutorial once I have the free time to do so. This tutorial was mainly supposed to be like a rough idea on how to do it. However yes, I did a factory reset not to long ago and root was maintained.
Update:
Added more information and cleaned the thread up.

Well, IDK if that's a common understanding or even if it's going to happen to everybody but.. Ulefone released an software update that undid the root and reinstalled every single native app that I had uninstalled. I tried rooting again, buuut they did not put the new rom in their website yet, so my phone got stuck in boot XD. So I reinstalled the ROM available using SP Flash Tool (thank god that worked, lost some information but that's fine).
I'm not sure if I'm going to root it again when they release the ROM in the website.. I wanted root so I could make Cerberus an native app, but even though I can do it, if the phone is reset Cerberus loses my account information, so it is no use to me.
English is not my native language, but I guess that's pretty understandable
@edit: They did not release the new rom in the official website.. I did not look into the Mega or Drive link actually.

Stabys said:
Well, IDK if that's a common understanding or even if it's going to happen to everybody but.. Ulefone released an software update that undid the root and reinstalled every single native app that I had uninstalled. I tried rooting again, buuut they did not put the new rom in their website yet, so my phone got stuck in boot XD. So I reinstalled the ROM available using SP Flash Tool (thank god that worked, lost some information but that's fine).
I'm not sure if I'm going to root it again when they release the ROM in the website.. I wanted root so I could make Cerberus an native app, but even though I can do it, if the phone is reset Cerberus loses my account information, so it is no use to me.
English is not my native language, but I guess that's pretty understandable
@edit: They did not release the new rom in the official website.. I did not look into the Mega or Drive link actually.
Click to expand...
Click to collapse
Yeah, I think their new rom has a few security updates as well as other updates.
I haven't updated as of yet, because I fear I will lose root. However if I ever do, I'll update everyone if successful.
I understand you very well too.

Hello again..
I've decided to stay on 2019.03.29 update.. Just to be able to uninstall those da** native apps..
I'd appreciate if you post here if or when you have any news about root in the latest wireless update.
Then again, can't say thanks enough.
Cheers.

Stabys said:
Hello again..
I've decided to stay on 2019.03.29 update.. Just to be able to uninstall those da** native apps..
I'd appreciate if you post here if or when you have any news about root in the latest wireless update.
Then again, can't say thanks enough.
Cheers.
Click to expand...
Click to collapse
Hello it's been a while.
I have updated to the latest version by Ulefone for our Armor 6's.
Version: 2019.06.05.
I was able to root it again, using the same method in this thread.
As for the native apps, I haven't tried to remove them, however I am sure it is possible to.

HELP!
Guys, I need some help here. For some reason I'm not able to find the file in the downloads folder. When i go to Magisk, the file is there, however I cannot find it with any file explorer or through the PC. Any help here??
Extosis said:
Background:
So, I recently bought the, “Ulefone Armor 6” Android phone. I didn't do much research into rooting the phone before I bought it, however tonight I did and couldn't find any solution. So I made my own.
Disclaimer:
I am not responsible if you damage, brick, or willingly alter your phone in any way shape or form blah blah blah, you get the point.
Prerequisites:
Make sure you have drivers installed, here.
Rooting process:
1. Obtain a local copy of the, “boot.img” file from the stock rom archive, which can be found on the, “Ulefone” website.
2. Download the compressed file of your choice, "EU" or "Non-EU." (Ex. I downloaded the one for, "Non-EU" which is, "Armor_6_RF1_V01_user_20190329.tar.gz")
3. Extract the downloaded file in the location of your choice, using your favorite archive extractor (7-zip, winzip, winrar, etc...)
4. To begin the root process, Download the android app or .apk file "Magiskmanager.apk" from the Magisk Manager website, and install it in your, Armor 6 device. (Note: the Play Store does not have the, Magisk Manager app.)
5. Now pass the, "boot.img" file downloaded earlier from your computer to your Armor 6 device. Place the "boot.img" file preferably in the "downloads" folder of your Armor 6 device.
6. Open up the Magisk Manager app, and click, "install 19.3" (or what ever is the current version is) then click, "Select and Patch a File".
7. Locate your, "boot.img" file you placed in your downloads folder, and patch it with Magisk Manager. (Note: This step will create another file named, "Magisk_patched.img" in your device.)
8. After Magisk Manager has patched your file, pass the patched file from your downloads folder, back onto your computer. (Note: Not necessary but customary, to rename the patched file to, "boot.img")
9. Now, in your Armor 6 phone, go to your settings, scroll down to system click it, click on about phone, and then tap the crap out of build number, until you have become a developer.
10. Go back from about phone, click on developer options, and tick on "OEM unlocking." also scroll down and tick, "USB debugging."
11. Download ADB tools with fastboot from Android/Google.
12. With the phone connected to the computer, open up the folder where ADB is located in command prompt and type, "adb reboot bootloader"
13. Now that you are in fastboot mode, type the following prompts into the command. (NOTE: the following commands will WIPE your phone clean to stock, so backup any important files/documents before you wipe.)
fastboot oem unlock
OR (if the first one fails, try the second one)
fastboot flashing unlock
14. Once you have unlocked your bootloader, reboot the phone, "fastboot reboot", wait till the phone boots up, go through the setting up process, enable USB debugging again (Step 13), install magisk manager again, and "adb reboot bootloader" in adb command prompt.
15. Once in fastboot mode again, flash the patched, "boot.img" file. (Note: This command will not wipe your device.)
fastboot flash boot boot.img
16. Reboot the phone once more, open up magisk manager, and enjoy root.
A lot of steps yes, but simple easy to do.
Note: that the basis of my instructions on telling you what to do is my assumption of you the end user having basic if not full knowledge of what I am talking about. Because I wont be providing help for basic knowledge, if that makes sense. I do not plan on making a video as this tutorial is mainly meant for users who already know what of the majority they are doing with the tools they are using. If anyone wants to make a video feel free to share it here, I will added to the thread. thanks!
UPDATE 1.0:
I organized a thread on this link, with everything needed to root, twrp, and stock image.
UPDATE 1.2:
Re-organized this thread. Removed a few steps. Added more detail to this thread specifying a few things.
Click to expand...
Click to collapse

babyboy_legolas said:
Guys, I need some help here. For some reason I'm not able to find the file in the downloads folder. When i go to Magisk, the file is there, however I cannot find it with any file explorer or through the PC. Any help here??
Click to expand...
Click to collapse
After I did the last flash with the boot.img, the phone keeps rebooting and rebooting. its like something on that image is wrong. the thins is, giving the fact the phone is continuing booting. How can i put it again to flash the original boot.img?

babyboy_legolas said:
After I did the last flash with the boot.img, the phone keeps rebooting and rebooting. its like something on that image is wrong. the thins is, giving the fact the phone is continuing booting. How can i put it again to flash the original boot.img?
Click to expand...
Click to collapse
To put the phone in manual fastboot mode, you have to power off your device first. By pressing both, "power button + volume down button" until you feel the phone vibrate.
Once the phone vibrates, quickly press, "Power button + volume up button" to view the fastboot/recovery/normal boot menu options. To select fastboot use the volume buttons.
Volume up = select
Volume down = move down through options.

Hi!
Oh I tried it once more now and managed to do it.
I did it with the ROM from Mega (20190605).
Thanks again!

[UPDATE/KEEP ROOT GUIDE] FEB 2021 (RQ1A.210205.004) "CORAL" Magisk/Stock Boot Images

IMPORTANT!! THESE FILES / THIS THREAD IS FOR PIXEL 4 XL "CORAL" ONLY, NOT PIXEL 4 "FLAME"!!
**IT IS HIGHLY RECOMMENDED TO PATCH THE STOCK BOOT IMAGE YOURSELF, FROM YOUR OWN DEVICE, USING MAGISK MANAGER. WHILE THERE'S A GOOD CHANCE THE FILE I PROVIDED BELOW WILL BE IDENTICAL (USE A FILE HASH CHECKSUM TOOL IF YOU'RE CURIOUS), THERE IS ALSO A CHANCE THEY MAY HAVE SMALL, BUT SIGNIFICANT, VARIANCES**
Thanks for the info and link, @wrongway213
Link to @topjohnwu's post: twitter dot com /topjohnwu/status/1272136975022084097?s=19 (until I figure out how to stop new XDA from forcing the URL to embed a giant twitter posting in the middle of the post...)
ALL FILES BELOW ARE FOR "RQ1A.210205.004, Feb 2021"!
Magisk v21.4 Patched Boot Image: https://www.androidfilehost.com/?fid=17248734326145727319
Factory Untouched Boot Image: https://www.androidfilehost.com/?fid=17248734326145727317
Factory Untouched DTBO Image: https://www.androidfilehost.com/?fid=17248734326145727318
----------------------------------------------
-------------UPDATE PROCESS BELOW-------------
----------------------------------------------​
EASY UPDATE / SEAMLESS KEEP-ROOT UPDATE PROCESS (using a PC - a very intuitive, effective, and relatively safe method).
** You can only follow this guide verbatim if coming EXACTLY from build "11.0.0 (RQ1A.210105.003, Jan 2021)". But the general idea is the same for other builds, you just need the correct files for your device.
coral-rq1a.210105.003-factory-dtbo.img: https://www.androidfilehost.com/?fid=17248734326145709335
coral-rq1a.210105.003-factory-boot.img: https://www.androidfilehost.com/?fid=17248734326145709334
February 2021 sideload OTA zip: https://dl.google.com/dl/android/aosp/coral-ota-rq1a.210205.004-8fe8685c.zip
DO NOT BOOT BACK INTO O/S UNTIL ALL STEPS ARE COMPLETED - THIS ENSURES EVERYTHING BOOTS BACK UP WITH MAGISK / EDXPOSED ALL RUNNING PROPERLY RIGHT AWAY
1. boot into bootloader
----------------
** I was on custom kernel, so I needed to flash BOTH the stock boot and dtbo images
2. fastboot flash boot coral-rq1a.210105.003-factory-boot.img
3. fastboot flash dtbo coral-rq1a.210105.003-factory-dtbo.img
......* these steps to restore stock recovery; dtbo.img also necessary for some kernel installations.
......* won't hurt to flash both anyway, so if you're unsure, go ahead and do both.
-----------------
4. use volume keys to change selection to boot to Recovery Mode
......- when you reach the android symbol with No Command, hold power button, tap volume up, in case you've forgotten
5. choose option "Apply update from ADB"
6. adb sideload coral-ota-rq1a.210205.004-8fe8685c.zip
7. Once the OTA sideload is done, Reboot to bootloader (you'll also notice it's now on the other slot after OTA flashed)
8. fastboot flash boot coral-rq1a.210205.004-magisk_patched-21.4.img
9. done, start the phone
(Optional - Flash custom kernel. If you had a custom kernel, you need to re-flash it)
This is a 100% seamless update that requires no additional / re-setup of any of my Magisk or EdXposed setups. All of the factory files can be found here https://developers.google.com/android/images. boot.img and dtbo.img are in their corresponding full Factory Image zips, and the ota zip is under Full OTA Images.
-------------------------------------------------
-------------------TROUBLESHOOTING-------------------
-------------------------------------------------​
Issues after updating?
If you end up unable to boot or bootlooping afterwards, you most likely have an old Magisk module that isn't playing nice with the new build. There are 2 main things you can do:
1. Flash the new factory untouched boot image. You will of course lose root, and all modules will be disabled. However, it should at least get you able to boot back up quickly and have a working phone if you're in a bind.
2. I would recommend checking Tulsadiver's thread: https://forum.xda-developers.com/pixel-4-xl/how-to/magisk-modules-disabler-booting-magisk-t3990557
Instead of reverting to stock boot image, fastboot boot (NOT FLASH) Tulsadiver's boot image. This will boot your phone in Magisk Core-Only Mode, with all modules disabled but root retained. From here you can open Magisk Manager and disable suspect modules. Before rebooting, go to Magisk Manager's settings and disable Magisk Core-Only Mode. Once you disable the incompatible module, the phone should boot back up.
- See this post (or thread) for more tips / context / an example: https://forum.xda-developers.com/showpost.php?p=82509691&postcount=16
** As of newer Magisk builds, you can just try booting up in safe mode, which should disable Magisk and allow you to disable whatever needs to be disabled. Haven't needed to try it yet, so I can't go into more detail, but I would recommend trying that instead.

thank you for prompt updates! I use your guide and files every time

Used your files and it worked without a problem. Thank you very much

this method no longer works after i use a new windows installation. All seems normal except phone gets stuck in "Phone is starting" and i have to format userdata for it to work again.
It was working previously and i use the same magisk modules. Ill try from ubuntu next month
Maybe someone could know whats causing the issue because i did not missflash anything and all files were downloaded properly. Im pretty sure its windows but who knows lol

fuarkgl3 said:
this method no longer works after i use a new windows installation. All seems normal except phone gets stuck in "Phone is starting" and i have to format userdata for it to work again.
It was working previously and i use the same magisk modules. Ill try from ubuntu next month
Maybe someone could know whats causing the issue because i did not missflash anything and all files were downloaded properly. Im pretty sure its windows but who knows lol
Click to expand...
Click to collapse
I would check that you're using latest adb / fastboot (Google's Android SDK platform tools) and Google USB drivers, and that when your phone is in bootloader mode and plugged in, Windows' Device Manager shows it as the correct type of device (Portable Devices -> Pixel 4 XL). You may need to update drivers and manually install the Google USB driver package over that device.
Also, maybe bad download, try another cable, etc the usual stuff. And sorry for the late response. =)
edit: oh, and also you can get conflicts if you have other adb / fastboot sets installed. For example, the "minimal adb fastboot" package, or HTC Sync Manager, they may install their own adb / fastboot binaries and set their paths into your environment variables. I know you said new Windows installation, but I figured it was worth mentioning anyway.

So I can do all this just fine, my issue is I can't pass safetynet and I feel like I'm missing something simple. Anyone care to writeup or point me in the direction explaining to a 5 year old (well, one born 40 years ago) how to do the magiskhide deal today? My bank apps and everything work - except for hulu (so even just a modded apk would do.

No need for MagiskHidePropsConfig anymore. Just flash this: https://github.com/kdrag0n/safetynet-fix/releases/tag/v1.1.1
If you have Xposed installed, you'll have to make sure to enable pass safetynet mode (basically just blacklists certain Google apps from Xposed hooking).

Thanks again @i5lee8bit for this guide!
I updated to the latest February patch alllll the way from Android 10, August 2020 security patch!
It took a couple of hours but everything went smoothly.

[ Guide ] (external link) Flashing Guide and Terminology for Pixel Devices

Pixel Device Flashing Guide
I wrote a tutorial on my small blog site a while ago, and the couple people I've referenced to it have suggested I post it here for everyone. I recommend reading on the desktop, so you can see the table of contents to jump around. I describe flashing processes as well as some terminology commly used.
Let me know if you think I should add anything or anything should be changed
Edit: I suppose, since I wrote the tutorial in markdown I'll post it here, but I still highly suggest reading it on DivNectar. You'll get better formatting and a TOC on desktop.
Spoiler: Show XDA Markdown
# Definitive Guide to Pixel 5 Rooting / Custom Roms
I've been a pretty active member of the custom-android scene as of late. I've also been seeing alot of users getting into, or sometimes **back*** into custom ROMs, and generally having no clue as lots of things have changed since the olden day of Cyanogenmod, ParanoidAndroid, Dirty Unicorns, etc...if those names make you feel lost, they are just some old, popular ROMs people used a few years ago.
With the release of Android 12, I thought it would be helpful to people to compile a list of common terms, and procedures to achieve different goals on your Android device.
**TLDR;**
- See [Rooting Steps](#rooting-steps)
- See [Custom ROMs](#custom-roms)
- See [Updating While Rooted](#updating-steps)
## Who is this guide for?
This guide is for anyone who wants to learn more about the Android customization scene. I will admit, it's mostly geared twards Pixel owners, as these devices are very close to stock android. Other devices, like the OnePlus phones, as well as Samsung phones, contain many many tweaks and customizations from the manufacturers, and tend to cause issues when using the methods listed here. This guide can still be useful to you in understanding the broader picture, however.
## Platform tools
Before you can think of doing anything to your phone, you need to set up your pc to work on it first. To make changes to our Android phones, we need whats called the "Platform Tools". So, I figure before we do anything else, let's make sure that we can connect to the phone though ADB and Fastboot.
### Installing the tools
#### Linux
The installation method varies between linux distros.
**Debian/Ubuntu/POP OS/ Zorin/ (most) Users**
```shell
sudo apt-get install android-sdk-platform-tools-common
```
**Fedora / Opensuse Users**
```shell
sudo dnf install android-tools
```
**Arch Linux Users**
```shell
pacaur -S android-sdk-platform-tools
```
If you are having permission issues when trying to detect your device on Linux, you probably need to fix your [uDev Rules](https://github.com/M0Rf30/android-udev-rules)
#### Windows
1. Download the [latest version of the android SDK platform tools](https://dl.google.com/android/repository/platform-tools-latest-windows.zip)
2. Extract the zip folder somewhere easy to get too (e.x. C:\platform-tools)
3. open your windows start menu and type "env" and select the change env variables options
4. find the entry called PATH, and double click it. A new window will open with multiple entries
5. click add new entry on the right hand side and enter the folder path where you extracted the files (e.x. C:\platform-tools)
6. open a terminal window (i reccomend Windows terminal over cmd prompt) and type adb to make sure the command is recognized
Adding the tools to your path variable makes it much easier to use, as this allows you to call adb or fastboot from any directory.
## Terminology
### Rooting
Rooting is referring to having complete access to your phone. Normally, certian portions of the system are kept inaccessible to average users because there is the potential to break or even brick your system if these files are messed with. Being rooted means that some apps, or "modules" as Magisk refers to them, can now edit these system files to change how your operating system works on a lower level than your average app can. Take the Tasker app, for example. Without root, what you can do with the app is limited. Such is the case with other apps, such as the popular third-party launcher, Nova Launcher. Having root permissions means the app can do extra things, such as hiding the system clock at the top of the screen when on the launcher home.
### Magisk
Magisk is the currently accepted rooting method for Android. Back in the day we used an app called SuperSU, but it's not really supported anymore.
Currently, Magisk is in a strange state. It's undergoing lots of changes, due to it's maintainer, TopJonWu, being hired at Google as a security specialist. The project is in some sense a conflict of interest for him and his job, and is undergoing changes. With the latest version of Magisk Canary (the bleeding edge build of Magisk) the ability to hide magisk from system apps (such as google play services or banking apps) has been removed, and the underlying system providing a framework to make modules is changing to a new one called Zygisk. Already, modules are being updated to use Zygisk, and a new form of Magisk Hide is out called deny-list. We still have the same functionality that we've always had, just in a slightly different way. Don't panic people...
### Bootloader
Your hard drive (or more accuratley, SSD) in your phone consists of multiple partitions, or parts...just the same as your desktop PC. These partitions all come together to make the entire system. One of these partitions is called the bootlaoder, and it has the very important job of finding the starting point of your system and booting into it, so that the graphical enviorment can start up. Often times, phones are shipped with locked bootloaders and therefore cannot be modified. However, certian phones some with unlockable bootloaders. Pixel devices for the most part are all bootloader-unlocked, meaning we can toggle a setting that will allow us to unlock the bootloader, allowing us to potentially boot into a different system than came with the phone. Unlocking the bootloader is fairly simple, but in most cases will wipe all data on the phone. Sorry folks.
### Safteynet
Safteynet is the big G's way to ensure device compatibility and security. It's job is basically to allow apps to check the integrity of the system's security to protect sensitive apps on your device such as banking apps and the tap-to-pay service. We are able to pass safteynet in most cases using the Magisk-Hide module located in the Magisk app in combination with a Safteynet fix module by the awesome platform dev Kdrag0n. Be sure to go support him on Patreon (you'll also recieve early access to new module and ROM releases).
### Custom ROM
A custom ROM is entirely different base system than your phone came with. Often times these custom ROMs have performance increases, custom settings/features, UI tweaks for a more beautiful system, custom default apps, and much, much more. These operating systems are generally pulled from a more general base operating system, 99% of the time pulled from either AOSP itself, or Lineage OS base. Using these custom ROMs are usually a give-and-take scenario. You will (most likley) no longer recieve OTA Updates and security patches. You will have to go through special procedures to update your device. Sometimes ROMs cannot support safteynet, and you can no longer use your tap and pay methods or banking apps, and even some play store games will detect you running a custom OS and refuse to let you play for fear of having a hack client. These are things that you must weigh out for yourself and decide if flashing a cusrom ROM is for **YOU**.
### ADB & Fastboot
ADB & Fastboot are the tunnels to our phones internal software. Using ADB & Fastboot we can flash img files to certian partitions (disk sectors) on the operating system, or flash multiple images and replace the operating system as a whole (i.e. flash a custom ROM) without ADB and Fastboot, you will not be able to root or flash a custom ROM. Let's dive a little into what each of these things are:
#### ADB
ADB stands for Android Debug Bridge. It allows us to do a plethora of things, including (but not limited to) installing and uninstalling apps, accesing hidden developer features, sending and pushing files, rebooting into recovery, fastboot, or the bootloader, and many many more things. In order to use ADB, you must first enable the developer tools in your settings.
#### Fastboot
Fastboot is a diagnostic tool which allows you to modify the file system of your Android device via your computer. It allows us to install custom firmware, recoveries, or modify existing ones. Fastboot will also allow us to boot into some .img files from the bootloader (such as a tempoary custom recovery)
### VBmeta.img and Veritity
The VBmeta.img file in your ROM is a cryptographically signed file that contains verification data for verifying the systems boot.img, system.img, and other things in the operating system. In short, to modify your bootloader or flash a custom kernel, this needs to be disabled. Disabling vbmeta is as follows:
#### VBMeta Steps
1. Extract down into the ROM you are using's zip file, and locate the vbmeta.img file.
2. Open a terminal / powershell window into the same directory as the vbmeta.img
3. Run ```adb reboot bootloader```
4. Once it's in bootloader mode, run ```sh fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img``
5. That's it! All done. You're now free to flash your Magisk patched boot.img, or a custom kernel. Whatever you'd like!
Keep in mind, however, you'll need to re-do this step each time you update / re-flash your device! Also, not having this option enabled IS a potential security risk. I guess...if you work at the NSA or something. Specifically, your phone can no longer detect if your bootloader and a couple other things are verified (ie. has someone/something changed them) and COULD lead to code being executed on your device that you are un-aware of. Just a fair warning...the likeleyhood of this ever happening is very small.
## Unlocking the bootloader
### The steps
1. Ensure you've installed and checked your ADB & Fastboot are working correctly and detecting your device.
2. Enter your developer settings (or go to settings and type bootloader for the same result)
3. Tick the checkbox to enable OEM unlocking
4. Plug your device into your computer
5. open a terminal and enter ```sh adb reboot bootloader```
6. When the phone boots into the bootloader, enter ```sh fastboot flashing unlock```
7. Confirm on the phone using the indicated volume key that you would indeed, like to unlock the bootloader
8. That's it! Your phone will in all likleyhood reboot and now display a warning that the phone is unlocked during boot. The message will stay for about 5 seconds and then boot as Normally
Congratulations! You now have an unlocked bootloader!
## Rooting Steps
Small steps first! Let's talk about how to root the stock ROM on the pixel 5. The steps are the same for any other pixel device as far as I know, but I cannot attest to that as the only other Pixel I'v ever owned was a bootloader-locked 3XL.
### Rooting FAQ
#### What will rooting do to my phone?
Upon first rooting your phone, it will operate exactly the same as it does without root. Often times, root is an unneccessary feature that many people don't need. Only root if you have a theme/mod/app that requires root permission, otherwise you will go through all the steps for basically no reason. Sometimes, people need root on thier device in order to flash Magisk modules that allow for passing safteynet as well, so keep that in mind. But I can't recomend anyone root "just to be rooted".
#### What about updates?
Updates become somewhat of a hassle after rooting. Any OTA update that you take will write over the boot partition where the Magisk patch lives. So what do we do? In order to update, it's reccomended to update using fastboot as opposed to updating through the system update section. The whole goal when updating is to re-patch the boot.img and flash it before the first boot after an update, so none of your modules will break and you will still retain root before and after the update. So, like I said...a little more headache, but not too awful bad. I will detail the steps for updating below.
### The steps
1. Download the .zip file for your particular rom (for stock Google images, look here)
2. Extract the files somewhere simple (i.e. Downloads folder)
3. Open the extracted file, and you will see a couple of .img files, and another .zip file inside
4. Extract the nested .zip file into the containing folder as well
5. Inside this file you will find what we need, the boot.img and the vbmeta.img
6. I like to place the two files we need into a different folder, for simplicity. Create a new folder called "patching" and copy/paste the two files in it
7. Download the latest Magisk release from it's GitHub, and install it on your phone
8. Take the boot.img file from your "patching" folder and place it into your phones Downloads folder
9. Open the app, and click the install button
10. Tap "select and patch file" and select the boot.img file you put on your phone in step 8
11. Un-plug and re-plug your phone (otherwise the files won't update)
12. copy the new magisk-patched file to your "patching" folder.
13. Ensure you've followed the section about installing the [platform-tools](#platform-tools), and then plug your phone to your PC
14. Make sure ADB is detecting your device by running ```sh adb devices```. You should see your device listed.
15. enter ```sh adb reboot bootloader```
16. Your phone will reboot to a rather scary-looking screen with a warning shown
17. Enter ```sh fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img``` in the terminal from the same directory as where you palced the vbmeta.img (in the patching folder if you're following everything)
18. Enter ```sh fastboot flash boot mag``` and press the tab key, and it should auto-complete the rest of the file name
19. Press enter on your keyboard and you should recieve a confirmation that the file was flashed correctly after a couple of minutes
20. Reboot your phone back into the system, and go check the magisk app. You should see in the status section that we are indeed rooted now!!!
## Custom ROMs
Custom ROMs bring a plethora of different things to our phones. Some have custom software pre-installed (see Calyx OS custom Firewall app, or Lineage stock apps) and some ROMs have custom tweaks under the hood (see ProtonAOSPs performace fixes) and some offer heavy customization options (see crDroid). However, the steps for installing each are generally the same. I'm going to teach you the big-boy way of flashing ROMs, using your terminal/powershell. Don't be detered! It's very simple, I promise.
### Quick Run Down
So, what we're gonna do here is as follows:
1. Flash all data on the device
2. Use the .zip files flash-all script to install the system
3. flash addons / custom kernel (if need be, this is entirely optional)
4. reboot into our new system
see? I told you, it really is as simple as that. We will also cover how to properly update your system and maintain root status without your Magisk modules breaking during the update. Let's move forward!
### Flashing Steps
1. Download your preferred ROMs .zip file
2. Extract the folder (or use the same folder you extracted for patching the boot.img file)
3. Navigate into the extracted folder and locate the flash-all.sh (or flash-all.bat for Windows)
4. reboot your phone into bootloader mode using ```adb reboot bootloader```
5. Once the phone has re-booted, run ```fastboot -w``` to **wipe** the phone's data
6. Run ```./flash-all.sh``` **do not touch the phone during this process**
7. Once the flash is done, the phone will return to bootloader mode. Now is the time to flash any addons or modifications (i.e. Google Apps, patched boot.img, or custom kernel). So, flash any additional files you need now. For example, if you want to root the ROM, flash the VBmeta.img file and flash the patched boot.img.
See [VB Meta](#vbmetaimg-and-veritity) for info about disabling Veritity
See [Rooting Steps](#rooting-steps) for info about patching boo.img and flashing Magisk
## Updating While Rooted
So, you're enjoying your new, customized system...and then, an update is released. How in the world do you go about updating this thing?? No worries, it isn't too complicated! Let's run over the general idea of what we're doing, and then we'll cover each update step, one by one.
### The Rundown;
1. We pre-patch the new boot.img using our current system/Magisk install
2. Place the patched boot.img somewhere on our PC (I reccomend making a "patching" folder inside your extracted ROM folder)
3. Flash the new ROM using the flash-all.sh
4. Flash the pre-patched boot.img file (to install Magisk)
5. Re-flash any addons we need for the OS (such as Google Apps or a custom kernel)
6. Reboot into the system, and you're done!
See? Really simple. A bit of a headache as compared to just clicking update from the settings app, but it's the price we pay for custom software! Anyways, let's get on to the actual steps now:
### Updating Steps
1. Download your new ROM version from it's website
2. Extract the ROM somewhere easy to access (like your downloads or desktop)
3. Extract the zip file inside the ROM, enter that folder, and copy both the boot.img as well as the vbmeta.img
4. Create a new folder in your ROM folder called "patching" and paste the two .img files into it
5. Follow the [rooting steps](#rooting-steps) to patch the boot.img with Magisk
6. Move the patched boot.img file to your pc's "patching" folder we created in step 4
7. Navigate to your extracted ROM folder using your terminals ```cd``` command
8. Test adb by running ```adb devices``` to ensure it's detecting it correctly
9. Start the update by running `./flash-all.sh` and wait until the terminal reports completed
10. (optional) if you'd like to maintain root, keep following these steps
11. Disable veritity per the instructions [here](#vbmeta-steps) and procced
12. Once the device has rebooted back into bootloader mode (with the warning sign) flash the patched Magisk file uisng ```fastboot flash boot magisk-patched``` and press the tab key to auto-complete the long file name, and press enter
13. Once again, flash any Google apps or custom kernel that you'd like, per the package instructions
And now you're all done and updated! Congrats!

Sewdohe said:
Pixel Device Flashing Guide
I wrote a tutorial on my small blog site a while ago, and the couple people I've referenced to it have suggested I post it here for everyone. I recommend reading on the desktop, so you can see the table of contents to jump around. I describe flashing processes as well as some terminology commly used.
Let me know if you think I should add anything or anything should be changed
Click to expand...
Click to collapse
Thank you for creating this guide for the community.

It sure has been useful to myself....I refer to it all the time when flashing lol