Related
*** This process can relock your bootloader if you chose, but it does NOT restore your warranty in any way, so don't ask ***
Be aware you do NOT have to lock the bootloader, have Status Code of 0, or have it show "Official" status to successfully accept and apply an OTA update, it will happily apply with an unlocked bootloader and unofficial software status, as long as you have a 100% pure stock ROM installed the update script doesn't care what the bootloader reports.
Preflash validation error? See notes at the bottom of this post.
Prerequisites:
1) Fastboot installed and working. I used Linux Mint 18, but the OS is not relevant. There are are various threads discussing how to get this working, I am not covering it.
2) You need a factory firmware image that is the same version or newer than what you have installed (see below for more info), for me with a Moto X Pure Edition (XT1575) and wanting the latest MPH24.49-18-4 firmware, I used the image from this thread and extracted it into it's own directory. In Windows it is best to place this in the same folder as fastboot (probably the platform-tools folder)
XT1572 Factory Images: http://dl.prazaar.de/?dir=Android/XT1572/Factory courtesy of @Prazaar
XT1575 Factory Images: http://forum.xda-developers.com/moto-x-style/development/pure-firmware-tuff-wip-t3224833 - UPDATE: Direct link to XT1575 for 24.49-18-8 (Sept 1, 2016 security update) uploaded on 1/27/2017 courtesy of Motorola Firmware Team. The December 2016 security update image is NOT available as of yet!
Alternate firmware source for Pure and Style: https://firmware.center/firmware/Motorola/
XT1575 OTA ZIP file to go from 18-8 to 18-16 ONLY is available in this post for sideloading thanks to @annoyingduck
NOUGAT FIRMWARE (XT1575 ONLY): https://forum.xda-developers.com/moto-x-style/general/xt1575-moto-x-pure-edition-factory-t3704142
OPTIONAL: 2a) Because when doing this procedure when you are done the logo when booting will still say your bootloader is unlocked, we can fix this by downloading the logo from this thread and extracting the bin file to the same folder as above.
Now, open a terminal or command window into the directory that contains the firmware files you extracted above, on Linux or Mac this could be anywhere, in my example I will use /home/acejavelin/Downloads/MXPE/18-4 as the directory, in Windows this will likely be the same as where your fastboot binary or platform-tools directory is, and follow these commands entering them ONE AT A TIME, do not just copy and paste the entire section. If you are using Linux, I recommend executing "sudo su" prior to beginning to prevent permission errors (this is shown in my sample attachment).
Code:
fastboot oem lock begin (see notes below if not wanting to lock)
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash system system.img_sparsechunk.9
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot flash bluetooth BTFM.bin
fastboot erase cache
fastboot erase userdata
fastboot erase customize
fastboot erase clogo
fastboot oem lock
fastboot reboot
Note that in place of "fastboot flash logo logo.bin" you can substitute "fastboot flash logo XT1575-logo-new-9-14-15.bin" and it will work and validate at the end, and you will NOT get the bootloader unlocked screen any longer... I tested this and verified it to work.
This will return your bootloader status to LOCKED, although STATUS will still show 2, and your software status to OFFICIAL... It will pass SafetyNet for Android Pay, Pokemon GO, and banking/financial apps.
Remember that you will get checked for FRP even with this procedure, so either remove your Google account prior to this or know your credentials. This procedure will not bypass Factory Reset Protection in any way.
If you are interested in returning to stock WITHOUT locking the bootloader, then follow the above commands, but the following commands in place of the "lock" commands in the list above:
fastboot oem fb_mode_set instead of fastboot oem lock begin
fastboot oem fb_mode_clear instead of fastboot oem lock
The procedure for other XT157x device like the Style would be identical, except substitute your appropriate factory image. Note that different firmwares may contain a different number of system.img_sparsechunk.X files, you must flash the number you have in your firmware image in order. From what I have seen, most 5.1.1 firmwares have ten (0-9), 6.0 has nine (0-8), 6.0.1 has twelve (0-11), and 7.0 has ten (0-9) sparsechunks, but always verify with the XML flash file contained within the firmware archive to verify if you are in question.
If you lock with this process, you can unlock the bootloader again and even use the same unlock token... subsequent unlocking will wipe data as well. Doing this procedure will set OEM Locking option in Developer options to disabled, although it is perfectly safe to leave it like this, I suggest turning it on immediately since your warranty is gone and if something does go wrong you have the ability to unlock again to fix it.
NOTE: You must use a factory firmware image that is the same version as what you have installed or newer to successfully relock the bootloader, you cannot just grab the old (shipped) version from Moto's site. If you attempt to use a firmware image that is older than what you have installed currently, you will receive a Preflash Validation Error indicating such when you attempt to flash the partition table (gpt.bin). At this point you can either continue the flash and NOT lock the bootloader at the end, or stop until you can find the most current image. Moto used to be quite willing to hand these out when they were requested, so if you have a very new firmware installed you may not find one that you can use to relock with on the Internet. Part of the requirements to lock the bootloader is you must successfully flash the partition table (gpt.bin) in order to complete the lock process, if you can't then the bootloader lock process cannot be finished.
Also, some users have noted that after completing this process the software status does NOT go back to "Official", if it does not, upon accepting the OTA it should go back to official after the OTA is successful. The Status Code will always show 2 (relocked) or 3 (unlocked), and it can never go back to 0 (locked).
A proper flash log is attached to this guide.
Just a blurb on Marshmallow software versions... To determine what you need look at version/build numbers, here is the Security update dates and release dates (actual, not tests) of all known public OTA releases of Marshmallow for the Moto X Pure (Style varies somewhat). The initial release was MPH24.49-18 (sometimes MPH24.49-18_18, we don't know why, but it is the SAME versions), and all others after that are MPHS24.49-XX-XX as shown below.
18 or 18_18 - The initial (shipped) Marshmallow release for Moto X Pure, November 2015 (release via OTA in late-December 2015, incorrectly dated on Moto's official website as 01-SEP-16 in the "official" recovery images section, it is NOT the newest or recommended image to use)
18-3 - February 2016 (released for OTA in mid-March 2016)
18-4 - May 2016 (released for OTA in late-June 2016)
18-8 - September 2016 (released for OTA in early-November 2016)
18-16 - December 2016 (release for OTA in mid-February 2017) *** Not available as a factory image***
Nougat:
NPH25.200-22 - September 2017 (released for OTA September~November 2017) Factory image available as of 11/12/2017
NPH25.200-23 - Little is know about this version, it appears to be slowing rolling out to Verizon users only as of mid-November 2017 (no firmware available as of yet)
To see what version your bootloader is now, go into fastboot and perform a "fastboot getvar ro.build.fingerprint" and look at the output, it should be pretty clear.
NOTE: I no longer own this device, but will help where I can and will keep this thread open to assist users where ever possible, but I no longer have a device to test/verify things with.
acejavelin said:
*** This will relock your bootloader, but it does NOT restore your warranty in any way, so don't ask ***
So with Nougat coming, several people have asked how to return to stock to get the update... well, I just did this so here is a quick guide.
Prerequisites:
1) Fastboot installed and working. I used Linux Mint 18, but the OS is not relevant. There are are various threads discussing how to get this working, I am not covering it.
2) You need a factory firmware image, for me with a Moto X Pure Edition (XT1575) and wanting the latest MPH24.49-18-4 firmware, I used the image from this thread and extracted it into it's own directory. In Windows it is best to place this in the same folder as fastboot (probably the platform-tools folder)
OPTIONAL: 2a) Because when doing this procedure when you are done the logo when booting will still say your bootloader is unlocked, we can fix this by downloading the logo from this thread and extracting the bin file to the same folder as above.
Now, open a terminal or command window into the directory that contains the firmware files you extracted above, on Linux or Mac this could be anywhere, in my example I will use /home/acejavelin/Downloads/MXPE/18-4 as the directory, in Windows this will likely be the same as where your fastboot binary or platform-tools directory is, and follow these commands entering them ONE AT A TIME, do not just copy and paste the entire section. If you are using Linux, I recommend executing "sudo su" prior to beginning to prevent permission errors (this is shown in my sample attachment).
Code:
fastboot oem lock begin
fastboot flash partition gpt.bin
fastboot reboot bootloader
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot flash bluetooth BTFM.bin
fastboot erase cache
fastboot erase userdata
fastboot oem lock
fastboot reboot
Note that in place of "fastboot flash logo logo.bin" you can substitute "fastboot flash logo XT1575-logo-new-9-14-15.bin" and it will work and validate at the end, and you will NOT get the bootloader unlocked screen any longer... I tested this and verified it to work.
This will return your bootloader status to LOCKED, although STATUS will still show 2, and your software status to OFFICIAL... It will pass SafetyNet for Android Pay and Pokemon GO as well.
Remember that you will get checked for FRP even with this procedure, so either remove your Google account prior to this or know your credentials. This procedure will not bypass Factory Reset Protection in any way.
The procedure for other XT157x device like the Style would be identical, except substitute your appropriate factory image.
A proper flash log is attached to this guide.
Click to expand...
Click to collapse
So, flash command for partition gpt.bin does work? I've never been able to lock bootloader due to failure to execute this command. But, I've always thought of downgrading, rather than flashing the same stock build!
donrojo said:
So, flash command for partition gpt.bin does work? I've never been able to lock bootloader due to failure to execute this command. But, I've always thought of downgrading, rather than flashing the same stock build!
Click to expand...
Click to collapse
Yes, of course it does... You can clearly see in the log I attached from my flashing the device.
The key is you cannot downgrade to a lower gpt.bin, you can only flash the same or newer version of firmware. After having several Moto devices, I can attest that downgrading successfully while locking is almost impossible. I will update my guide to make it clearer.
And please do not quote the entire first post and embed your comments in it, on mobile I had a very difficult time trying to determine what you were asking. EDIT: Sorry, your previous post looked very different in the XDA app, looks fine on computer... weird.
What is the purpose of relocking your bootloader? The unlocked bootloader has never interfered with me taking an OTA.
Thank you for this guide.
I have a question.
I'm currently on a relatively recent nightly of CM13, which I believe is based on 6.0.1.
I don't think the XT1575 ever got 6.0.1, only 6.0.
Is there a way around this issue other than waiting for 7.0 to hit officially?
quakeaz said:
What is the purpose of relocking your bootloader? The unlocked bootloader has never interfered with me taking an OTA.
Click to expand...
Click to collapse
You are correct, and this as nothing to do with accepting OTA (that is just how this discussion came up), but the lock/unlock state of the bootloader has two distinct issues I can think of although there maybe more I am forgetting.
1. Security - If your bootloader is unlocked, anyone who gets access to your device can just fire up fastboot and boot TWRP and access any information on your device, even if it is encrypted since TWRP can read the encryption password.
2. SafetyNet API - Do to recent changes by Google, SafetyNet API checks to fail just because the bootloader is unlocked, even if everything else is perfectly stock... SafetyNet is a mandatory part of Play Services that auto-updates itself regardless of your settings, and it is used to see if your device has been modified (rooted) or tampered with in anyway, and applications can use SafetyNet to check the status of your device... Sounds harmless enough, but for example this means that even an unlocked bootloader will make it so you can't use Android Pay or many other financial apps or even play Pokemon Go. Until recently, SafetyNet could be fooled with apps like RootCloak or Suhide, but Google has updated it to detect these things and look far beyond simple rooting. UPDATE: This only seems to be enforced on devices that shipped with Nougat or newer, and does seem to effect any device upgraded to Nougat so far. Lollipop and Marshmallow devices are not effected.
acejavelin said:
Sounds harmless enough, but for example this means that even an unlocked bootloader will make it so you can't use Android Pay or many other financial apps or even play Pokemon Go. Until recently, SafetyNet could be fooled with apps like RootCloak or Suhide, but Google has updated it to detect these things and look far beyond simple rooting.
Click to expand...
Click to collapse
Interesting, I've used Android Pay with my bootloader unlocked on the MXPE (otherwise stock, no root).
If you decide to unlock the bootloader again, I assume the original code supplied by Motorola is required? I've never relocked/unlocked.
Also, just an observation, I assume once we do get the Nougat (or any other) OTA, the unlocked bootloader warning screen will return, since the unlocked flag has already been tripped and the OTA will write a new logo.bin.
---------- Post added at 08:25 AM ---------- Previous post was at 08:20 AM ----------
Mejilan said:
Thank you for this guide.
I have a question.
I'm currently on a relatively recent nightly of CM13, which I believe is based on 6.0.1.
I don't think the XT1575 ever got 6.0.1, only 6.0.
Is there a way around this issue other than waiting for 7.0 to hit officially?
Click to expand...
Click to collapse
You're fine to downgrade to the latest stock firmware you were running.
quakeaz said:
Interesting, I've used Android Pay with my bootloader unlocked on the MXPE (otherwise stock, no root).
If you decide to unlock the bootloader again, I assume the original code supplied by Motorola is required? I've never relocked/unlocked.
Click to expand...
Click to collapse
Have you used Android Pay since October 16-18, such as to add a payment method/card? Because that is when Google made the changes to the SafetyNet API, and has committed to aggressively maintaining it to detect and report all "tamper" situations.
Yes, the original code works... Tested it myself, locked, unlocked, and locked again, works perfectly, and if you wish you can request the code again from Motorola if you lost the email or something, but it will still be the same code.
quakeaz said:
You're fine to downgrade to the latest stock firmware you were running.
Click to expand...
Click to collapse
Ah hah! Good to know.
Thank you.
acejavelin said:
Have you used Android Pay since October 16-18, such as to add a payment method/card? Because that is when Google made the changes to the SafetyNet API, and has committed to aggressively maintaining it to detect and report all "tamper" situations.
Yes, the original code works... Tested it myself, locked, unlocked, and locked again, works perfectly, and if you wish you can request the code again from Motorola if you lost the email or something.
Click to expand...
Click to collapse
Thanks for confirming about the unlock/relock/unlock.
I just added a CC to check if it'd work. No issues here. Maybe it's only certain devices? Google Play Services 9.8.77.
Mejilan said:
Thank you for this guide.
I have a question.
I'm currently on a relatively recent nightly of CM13, which I believe is based on 6.0.1.
I don't think the XT1575 ever got 6.0.1, only 6.0.
Is there a way around this issue other than waiting for 7.0 to hit officially?
Click to expand...
Click to collapse
The issue isn't the aftermarket firmware or it's version, it could be Android 29 Gamma for all we care... You need to use an official Moto firmware that is at least the same version or newer than your bootloader and partition table (gpt.bin), if you are not a stock firmware you will need to do some investigating via the baseband version what actual version you have (unless you can remember the last official firmware version).
Safest bet is just use the current release, if you can't find it online you can always request it from Moto service but this may take several days (weeks in some areas I have heard). Be aware that the firmware posted on Moto's official is NOT the most current and is likely a downgrade if you have ever accepted an OTA since the device was released.
quakeaz said:
Thanks for confirming about the unlock/relock/unlock.
I just added a CC to check if it'd work. No issues here. Maybe it's only certain devices? Google Play Services 9.8.77.
Click to expand...
Click to collapse
All I know is it didn't work for me on BrokenOS anymore, neither did Pokemon Go (not that big deal though), so I figured go all in...
There are multiple articles on this online, here are just a few...
http://www.xda-developers.com/android-safetynet-now-reportedly-tripped-by-unlocked-bootloaders/
http://www.androidpolice.com/2016/1...unlocked-android-phones-android-pay-affected/
http://www.androidcentral.com/andro...u-unlock-your-bootloader-and-thats-good-thing
acejavelin said:
The issue isn't the aftermarket firmware or it's version, it could be Android 29 Gamma for all we care... You need to use an official Moto firmware that is at least the same version or newer than your bootloader and partition table (gpt.bin), if you are not a stock firmware you will need to do some investigating via the baseband version what actual version you have (unless you can remember the last official firmware version).
Safest bet is just use the current release, if you can't find it online you can always request it from Moto service but this may take several days (weeks in some areas I have heard). Be aware that the firmware posted on Moto's official is NOT the most current and is likely a downgrade if you have ever accepted an OTA since the device was released.
Click to expand...
Click to collapse
Understood, thank you.
I haven't been on stock since the first half of the year.
I honestly don't remember if my last stock build was 5.1.1 or 6.0, but regardless, I should be good to go if I just download the newest stock and attempt your tutorial.
Again, many thanks.
Does the relocking procedure wipe userdata like unlocking does? I am considering relocking as most of the Android Pay issues with unlocked bootloader seem to be with N. I'm already running stock so I was thinking I could just begin lock process, reflash same stock images, complete lock, skipping the erase userdata command.
quakeaz said:
Does the relocking procedure wipe userdata like unlocking does? I am considering relocking as most of the Android Pay issues with unlocked bootloader seem to be with N. I'm already running stock so I was thinking I could just begin lock process, reflash same stock images, complete lock, skipping the erase userdata command.
Click to expand...
Click to collapse
Probably, my assumption is you can't complete the process without erasing cache and userdata, as 'fastboot oem lock' will likely fail, but to be honest I did not test it. Basically to get it complete you must follow all steps of the flashing XML file in the firmware file.
acejavelin said:
Probably, my assumption is you can't complete the process without erasing cache and userdata, as 'fastboot oem lock' will likely fail, but to be honest I did not test it. Basically to get it complete you must follow all steps of the flashing XML file in the firmware file.
Click to expand...
Click to collapse
Interesting. I may give it a shot, if I do I'll report back here. The erase userdata and cache commands are optional according to Motorola.com factory image download page instructions. I've done normal stock reflash without them.
quakeaz said:
Interesting. I may give it a shot, if I do I'll report back here. The erase userdata and cache commands are optional according to Motorola.com factory image download page instructions. I've done normal stock reflash without them.
Click to expand...
Click to collapse
Good luck... Let me know how it goes, but I think that only works for developer models, on "normal" models you have to do oem lock begin before oem lock though, not the same process.
delete wrong thread
Can't seem to boot up
Hi, so I flashed using this guide, I'm using the XT1572 model in the UK and used the appropriate firmware etc, my issue is that after everything had finished and I rebooted, it was stuck booting for an hour, I know this phone can sometimes take a while to boot after a factory reset but I haven't experienced it this badly before, also, I flashed the moto splash screen image but the boot animation is still the one from AICP :/ any help would be appreciated guys
JIMMMEHHHH said:
Hi, so I flashed using this guide, I'm using the XT1572 model in the UK and used the appropriate firmware etc, my issue is that after everything had finished and I rebooted, it was stuck booting for an hour, I know this phone can sometimes take a while to boot after a factory reset but I haven't experienced it this badly before, also, I flashed the moto splash screen image but the boot animation is still the one from AICP :/ any help would be appreciated guys
Click to expand...
Click to collapse
Your flash didn't take... Do you have a log of flash attempt from the terminal?
Also, sometimes the firmware has different numbers of system sparse chunks, it's not always 8, and sometimes it only has "system.img" as a single file, you have to flash what it shows in the XML file contained within the firmware archive.
Device will be wiped if your bootloader isn't already unlocked.
Obviously, before doing this, you should enable OEM unlocking and ADB debugging in Developer Options. Also you should have ADB and Fastboot on your system (meaning they work on any directory). I use this version, just accept the installation of both the ADB/Fastboot drivers and the Google Device Drivers and you should be good to go.
Below you can find the untouched boot.img for the version you are on (or you can extract them yourselves, guide at the bottom of the thread):
2018:
March (V9.5.9.0.ODHMIFA) (OTA)
April (V9.5.10.0.ODHMIFA) (OTA)
May (V9.5.11.0.ODHMIFA) (OTA)
June (V9.6.2.0.ODHMIFE) (OTA)
June (V9.6.3.0.ODHMIFE) (OTA)
July (V9.6.4.0.ODHMIFE) (OTA)
August (V9.6.5.0.ODHMIFE) (OTA)
September (V9.6.6.0.ODHMIFE) (OTA)
October (V9.6.7.0.ODHMIFE) (OTA)
November (V9.6.8.0.ODHMIFE) (OTA)
December (V10.0.3.0.ODHMIFE) (OTA)
2019:
January (V10.0.4.0.ODHMIFE) (OTA)
January (V10.0.4.0.PDHMIXM) (OTA)
February (V10.0.5.0.PDHMIXM) (OTA)
March (V10.0.7.0.PDHMIXM) (OTA)
April (V10.0.8.0.PDHMIXM) (OTA)
May (V10.0.9.0.PDHMIXM) (OTA)
June (V10.0.10.0.PDHMIXM) (OTA)
July (V10.0.11.0.PDHMIXM) (OTA)
August (V10.0.12.0.PDHMIXM) (OTA)
September (V10.0.13.0.PDHMIXM) (OTA)
October (V10.0.14.0.PDHMIXM) (OTA)
November (V10.0.15.0.PDHMIXM) (OTA)
December (V10.0.16.0.PDHMIXM) (OTA)
Here we go:
GENERATING THE PATCHED BOOT.IMG
0. Download a suitable UNTOUCHED boot.img from above or extract one yourself by using the OTA links and dumping the image using the guide on the bottom of this thread.
To check which one is suitable for you go to Settings -> System -> About phone and check your build number. (e.g September 2019 one should be PKQ1.180917.001.V10.0.13.0.PDHMIXM)
1. Install Magisk Manager
2. Open the app and press Install on the prompt (It should prompt you to install the latest version).
3. Tap on Install on the prompt and then "Patch Boot Image File".
4. Select the untouched boot.img through your File Explorer. Wait for it to do its thing.
The patched_boot.img was created and it should be located at /storage/emulated/0/Download/patched_boot.img.
UNLOCKING THE BOOTLOADER
1. Move the patched_boot.img to your PC
2. Connect the device to your computer and open a Command Prompt
3. Check that ADB works with:
Code:
adb devices
Should say:
Code:
XXXXXXXXXXXX device
where the X's are a unique ID.
4. Boot into fastboot mode with:
Code:
adb reboot bootloader
(Yes you can obviously boot into bootloader by using Volume Down+Power Button etc)
5. You should be in fastboot mode. Check that it works properly:
Code:
fastboot devices
Should say:
Code:
XXXXXXXXXXXX fastboot
The device will be wiped after the next step.
6. Now we are going to unlock the device's bootloader with:
Code:
fastboot oem unlock
7. At this point the device is unlocked. Now do:
Code:
fastboot reboot
And let the phone boot
8. After booting, go into fastboot mode again with:
Code:
adb reboot bootloader
BOOTING INTO THE PATCHED IMAGE AND INSTALLATION
You should now be in fastboot mode from the last section.
1. Boot into the patched_boot.img that you generated earlier with:
Code:
fastboot boot patched_boot.img
The phone should boot normally and shouldn't take too long. For me it was the same boot time as always.
2. Now open Magisk Manager and press Install
3. When prompted tap onto Install and then choose "Direct Install (Recommended)"
Let it do its thing and then choose Reboot.
You should now have a rooted phone with Magisk without using TWRP.
Do not relock your bootloader or your device probably won't boot because you are rooted.
PAYLOAD DUMPING
Requirements: python3, protobuf (do python -m pip install protobuf after having installed python3)
1. Download the desired OTA (full OTA needed, not incremental ones, should probably be 1GB+)
2. Download the zip of the python script on github
3. Extract the script (both .py's) and inside the folder extract the payload.bin from the OTA archive
4. Now run:
Code:
python payload_dumper.py payload.bin
Wait for it to be done and you should have all the images in the same directory. With those, you can either just use the boot.img or even create a fastboot flashable OTA with a script.
Cheers!
Thank you very much, I just got my hands on the phone and wanted to root without wiping. Unfortunately when I try to patch the boot.img the resulting image is a zip file that cannot be used.
The only downside is that the first time the phone will go to recovery mode (stock or custom recovery) will be formatted and encrypted (data AND internal storage).
Update: I have done it, I could not generate my own patched image, so I had to use the one in the provided post. I still opted to install magisk beta instead of the normal one and there was no problem, now I'm rooted. Thanks again.
---------- Post added at 05:22 AM ---------- Previous post was at 05:21 AM ----------
sipollo said:
The only downside is that the first time the phone will go to recovery mode (stock or custom recovery) will be formatted and encrypted (data AND internal storage).
Click to expand...
Click to collapse
There shouldn't be a problem, by pressing down the Volume Down key you can bypass the wipes. I did it minutes ago, successfully.
---------- Post added at 05:23 AM ---------- Previous post was at 05:22 AM ----------
sipollo said:
The only downside is that the first time the phone will go to recovery mode (stock or custom recovery) will be formatted and encrypted (data AND internal storage).
Click to expand...
Click to collapse
There shouldn't be a problem, by pressing down the Volume Down key you can bypass the wipes. I did it minutes ago, successfully.
clau1996 said:
There shouldn't be a problem, by pressing down the Volume Down key you can bypass the wipes. I did it minutes ago, successfully.
Click to expand...
Click to collapse
With vol- trick wipes are only postponed. Don't boot in recovery mode and you'll be fine. If you boot pressing power and vol+ phone will be wiped.
If you boot temporary twrp phone will be wiped.
sipollo said:
With vol- trick wipes are only postponed. Don't boot in recovery mode and you'll be fine. If you boot pressing power and vol+ phone will be wiped.
If you boot temporary twrp phone will be wiped.
Click to expand...
Click to collapse
this is correct, I learned the hard way
I honestly don't understand all this patched boot img nonsense
ffs if you want root just BOOT into custom recovery via fastboot and then flash/install the beta magisk zip 16.7 in said custom recovery, that's it
Sent from my Nexus 6 using Tapatalk
I guess I should have included that if you boot into any recovery after doing the "bypass" procedure, the device will get wiped, as mentioned by the rest of you guys.
This "guide" is only if you don't intend to ever use TWRP or something similar. Anyway, will add it to the OP, sorry if anyone got screwed up because I didn't mention it.
sgloki77 said:
this is correct, I learned the hard way
I honestly don't understand all this patched boot img nonsense
ffs if you want root just BOOT into custom recovery via fastboot and then flash/install the beta magisk zip 16.7 in said custom recovery, that's it
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
I guess if someone wants to start off with a new install it's better and faster to just boot into TWRP and flash Magisk as you just said.
Guide is mainly targetted to people who don't want to wipe for whatever reason (whether that is data or anything).
clau1996 said:
Thank you very much, I just got my hands on the phone and wanted to root without wiping. Unfortunately when I try to patch the boot.img the resulting image is a zip file that cannot be used.
Click to expand...
Click to collapse
The resulting image should actually be a .img (or a .img.tar if you choose so in the settings) ?
Maybe you didn't look in the correct directory for the image (?)
Double check, because I did this procedure twice on my device and it worked that way.
Thanks for using the guide btw!
EDIT: whoops, should have merged with the other reply..
Thanks for the guide. Is it possible to update via OTA once we have the new update monthly and repeat the same process for rooting?
fernoct said:
Thanks for the guide. Is it possible to update via OTA once we have the new update monthly and repeat the same process for rooting?
Click to expand...
Click to collapse
I suppose it should be possible but I guess I will have to test it on the next OTA we get just to be sure.
hi, I have V.9.5.10.0 and I want to flash V9.6.4.0 with Mi Flash Tool. Do I have to follow this guide to avoid losing data after unlocking the bootloader?
thanks
lord bim said:
hi, I have V.9.5.10.0 and I want to flash V9.6.4.0 with Mi Flash Tool. Do I have to follow this guide to avoid losing data after unlocking the bootloader?
thanks
Click to expand...
Click to collapse
I don't think there's a way to bypass the wipe from Mi Flash tool, at least not that I know about.
michkost858 said:
I don't think there's a way to bypass the wipe from Mi Flash tool, at least not that I know about.
Click to expand...
Click to collapse
I mean if the full ROM of July has the same problem as in May when I unlock the bootloader
lord bim said:
I mean if the full ROM of July has the same problem as in May when I unlock the bootloader
Click to expand...
Click to collapse
Oh, yes it does. By the way, just to clarify; it's not a problem, it's a safety measure which Xiaomi implemented on the May Update and on. Otherwise your data would be at risk and easy to steal.
Thanks for your help.
this patch boot it is ok?
https://forum.xda-developers.com/showpost.php?p=77137193&postcount=1368
lord bim said:
Thanks for your help.
this patch boot it is ok?
https://forum.xda-developers.com/showpost.php?p=77137193&postcount=1368
Click to expand...
Click to collapse
Yes, nothing special about it
lord bim said:
hi, I have V.9.5.10.0 and I want to flash V9.6.4.0 with Mi Flash Tool. Do I have to follow this guide to avoid losing data after unlocking the bootloader?
thanks
Click to expand...
Click to collapse
After unlocking bootloader with vol- trick, if you want i uploaded last Fastboot Rom with a modified script.
You won't lose data and your bootloader will remain unlocked.
A Backup is strongly recommended (just in case).
Use Miflash.
https://1drv.ms/u/s!AnNVEh3KeCSVj94TW6xkP6Xj-CDeRg
lord bim said:
Thanks for your help.
this patch boot it is ok?
https://forum.xda-developers.com/showpost.php?p=77137193&postcount=1368
Click to expand...
Click to collapse
ProchyGaming said:
Yes, nothing special about it
Click to expand...
Click to collapse
I would recommend generating your own if possible.
Not sure if there's a difference tbh, however I think that, that one was patched for 16.0 and not 16.7 which makes it freeze up sometimes during boot.
thanks to all the valuable inputs the op and other have given here, so conclusion in you can install magisk without wiping data by this method, but your data will be erased the next time you boot into recovery. Also, one cannot be sure about otas as ota might trigger recovery for some stuff and then the data will be wiped. The only viable option is to just backup your data, either by titanium backup after installing magisk like mentioned in the op or just manually save necessary stuff somewhere, permanently unlock, flash twrp and then flash magisk.
One question though, why do we need to update Magisk into the beta version? Now that we have 17.0 is it necessary?
Links to Firmware & OTA & TWRP & Magisk & Bootloader - Z3 PLAY BECKHAM (All Variants)
Firmwares
the latest firmware as of time of writing is February's 2020 OTA (BECKHAM_RETAIL_9.0_PPWS29.131-27-1-18_subsidy-DEFAULT_regulatory-DEFAULT_CFC) = https://mirrors.lolinet.com/firmwar...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
previous OTAs RETAIL variant can be found here = https://mirrors.lolinet.com/firmware/moto/beckham/official/RETAIL/
future OTAs possibly here = https://androidfilehost.com/?w=search&s=beckham
other variants = https://mirrors.lolinet.com/firmware/moto/beckham/official/
Unlock Bootloader
first you need to install Motorola Drivers = https://support.motorola.com/us/en/solution/MS88481
- ATTENTION - use the most up-to-date ADB Drivers otherwise will brick if older version is used; instead of downloading ADB elsewhere which is often old version, get it directly from GOOGLE, here = https://dl.google.com/android/repository/platform-tools-latest-windows.zip
now you can proceed to unlock bootloader = https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a
TWRP
get the official TWRP here = https://dl.twrp.me/beckham/
- ATTENTION - if you just want root access, then there's no need to install TWRP, just boot from the .img once using the latest version
use TWRP to make a backup of EFS partition before installing anything, store the backup files outside of the device
if you want custom ROMs or GSI, then you will need to install TWRP installer .zip into the recovery partition. To install the .zip, boot using a .img for example the 3.3.1-0, then use it to install the latest .zip version in the recovery partition. Unfortunately the only official installable version of TWRP that exists is bugged, and the TWRP developers haven't fixed it yet, go talk to them ask for some love, be respectful = https://github.com/TeamWin/android_device_motorola_beckham/issues
Magisk
install Magisk using the new&correct method AKA "Boot Image Patching Method" to be able to install OTA later = https://topjohnwu.github.io/Magisk/install.html#boot-image-patching
when OTA arrives, you may manually install it whilst retaining Magisk by carefully following these instructions = https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation
- ATTENTION - you won't be able to install stock OTAs if you use older method or if system partition is modified, be really careful to not alter the hash of the partitions
Another mirror for the latest ROM with May 1st patches, uploaded by me you can find here:
https://forum.xda-developers.com/showpost.php?p=79122632&postcount=45
@heynando, what is the difference between "retail" and "retus"? Also, does anyone know the numbering system? All the uploads on lolinet.com for Pie have 131 as the first three numbers, but the few posted about here have 183. Maybe 183 is an ota number?
ritchea said:
@heynando, what is the difference between "retail" and "retus"?
Click to expand...
Click to collapse
RETUS is short for Retail + US.
The difference between RETUS and RETAIL is, I imagine, cannot confirm, the same RETAIL firmware with some US regional modifications such as bloatware or CSC thing
you can check which model is yours in SETTINGS > SYSTEM > ABOUT PHONE > SOFTWARE CHANNEL. Or in the bootloader by running the command
Code:
fastboot getvar product
you can find the entire list of product codes here = https://mirrors.lolinet.com/firmware/moto/readme-en.html#listone
XT1929-4(Canada, SS, 4+32GB) XT1929-3(NA/Sprint, SS, 4+32GB)
XT1929-4(NA/AMZ/BWACA/RETCA/RETUS/USC, SS, 4+64GB)
XT1929-5(BRAZIL/RETBR/TIMBR/TEFBR, DS, 4+64GB / 6+128GB)
XT1929-6(LATAM/AMXLA/NIIPE/ATTMX//TEFCL/TEFPE/RETLA/RETAR/RETMX/RETCL/AMXMX, DS, 4+64GB)
XT1929-6(LATAM/RETLA/TEFCO/TIGCO, DS, 6+128GB)
XT1929-8(EMEA_APAC/RETEU/DTEU, DS, 4+32GB / 4+64GB)
ritchea said:
Also, does anyone know the numbering system? All the uploads on lolinet.com for Pie have 131 as the first three numbers, but the few posted about here have 183. Maybe 183 is an ota number?
Click to expand...
Click to collapse
I believe that's the internal version of the software. If the number changes that emphasizes there has been software changes and/or tweaks in the system and/or firmware. If the number doesn't change, then it's just a regular security patch with no further modifications in system and/or firmware.
Thanks for that info. Yeah, I know mine has the retus software channel. I just couldn't find or figure out if Retail was actually one word or if it was a combo of ret+ail. That version has a LOT of software posted.
I flashed retail on an EU model. And after it the software channel say Reteu just like the original. Also the model number is as it should be. In my opinion you can flash retail firmware on us and EU models.
confirmed that this firmware is working on XT1929-4
these are the steps I took:
downloads and setup
install moto drivers (in windows, not needed for linux)
install android tools (adb and fastboot)
downloaded official TWRP
downlaoded and extracted the firmware
backup of partitions (including efs)
Code:
adb reboot bootloader
fastboot boot twrp_recovery.img
backed up lots of partitions
rebooted system
copied the TWRP backup files to my pc for safe keeping
set the fastboot slot (i did this because many of teh fastboot commands below were failing)
Code:
adb reboot bootloader
fastboot --set-active=a
rebooted back into bootloader
installed the firmware
Code:
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash bluetooth BTFM.bin
fastboot flash dsp dspso.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system_b system_other.img
fastboot flash oem oem.img
fastboot flash oem_b oem_other.img
fastboot flash vendor vendor.img_sparsechunk.0
fastboot flash vendor vendor.img_sparsechunk.1
fastboot erase carrier
fastboot erase cache
fastboot erase userdata
fastboot erase ddr
fastboot reboot
installed magisk the new good way
did the initial device setup
installed magisk manager
copied the boot.img from the extracted firmware above to the phone.
followed these steps for boot img patching and install of magisk https://topjohnwu.github.io/Magisk/install.html#boot-image-patching
sirkuttin,
Thanks for the detail how to. That worked perfectly for me, and my moto z3 play, same model as yours. I could not get the ota or even lenovo smart assistant to work on my phone. It basically had it locked up, stuck on the boot logo. I'm assuming its the old way of install magisk that caused that. This got me on the latest firmware release, and then installed magisk the new way. Lenovo smart assistant was useful in downloading the firmware.
Thanks.
Hi I tried the new magisk install way. I'm on XT1929-4_BECKHAM_RETUS_9.0_PPW29.183-29-1, copy boot.img and patched it to magisk_patched.img. Then after fastboot flash boot /path/to/magisk_patched.img and a reboot, i'm not stuck on the motorola powered by android screen. Verity mode is set to disabled.
I tried holding down the power button to simulate a battery pull but no luck, the screen just stays on. Can anybody give me any advise? I think now I have to just wait till the device is out of juice. Never experience this before.
---------- Post added at 02:16 PM ---------- Previous post was at 01:31 PM ----------
So the battery pull is "Power + Vol Down". I was able to flash the PPW29.183-29-1 firmware and get it going again. I noticed it tried to upgrade me to PPW29.183-29-1-2 so I must have been on newer firmware. I flashed the magisk_patched and am rooted now.
It seems there is TWRP 3.3.1-1 with an Installer. Does it mean it can be flashed to recovery partition? Tried booting it, but got stuck on TWRP logo (3.3.1-0 boots fine).
ch3mn3y said:
It seems there is TWRP 3.3.1-1 with an Installer. Does it mean it can be flashed to recovery partition? Tried booting it, but got stuck on TWRP logo (3.3.1-0 boots fine).
Click to expand...
Click to collapse
I haven't tested it myself, though you're correct, the installer .zip can be installed on recovery partition. To install the .zip, boot using a .img for example the 3.3.1-0, then use it to install the .zip in the recovery partition.
PS only do it if you have a reason to, I'm not sure if the firmware OTA checks the hashing of the recovery partition so altering it could potentially prevent you from installing OTAs of the official ROM.
heynando said:
I haven't tested it myself, though you're correct, the installer .zip can be installed on recovery partition. To install the .zip, boot using a .img for example the 3.3.1-0, then use it to install the .zip in the recovery partition.
PS only do it if you have a reason to, I'm not sure if the firmware OTA checks the hashing of the recovery partition so altering it could potentially prevent you from installing OTAs of the official ROM.
Click to expand...
Click to collapse
It, unfortunately, does... However I csnnot update (continous update unsuccesful) :f Have to check if Xposed module is not a reason.
And You probably could use Installer to flash stock recovery? If not TWTP itself however I've never checked if one for Play has access to recovery partiotion to flash images. It should gave if it can be done using the installer...
Sent from my Moto Z3 Play using Tapatalk
ch3mn3y said:
However I csnnot update (continous update unsuccesful)
Click to expand...
Click to collapse
Me too and it drove me nuts, I did patch the /boot partition with the original file, but the OTA app still failed to install, even after reboot. And there's no useful data in the logcat to debug the app. So I gave up and had to use Titanium to freeze the OTA app otherwise it would keep trying to download and install infinitely.
ch3mn3y said:
:f Have to check if Xposed module is not a reason.
Click to expand...
Click to collapse
It's probably not because I don't use it and the OTA method didn't work me either
ch3mn3y said:
And You probably could use Installer to flash stock recovery?
Click to expand...
Click to collapse
Yes you're right, I agree there..
heynando said:
Yes you're right, I agree there..
Click to expand...
Click to collapse
Just checked the inside of the installer zip file and it won't work. Still once every 3 months it wouldn't be a problem to connect device to PC and flash recovery.img with fastboot.
Is there a list with a commands and order how to flash Z3 Play images of official firmware? I want July patches and have some problems, so clean reflash is what I need.
Additional question is if I have to use "-u" when flashing second and other system images? Remember I had to do it with my X Play coz of unlocked bootloader and here I have one in the same state as well. If yes than could someone tell me where to put it, coz I'm not sure...
tb110188 said:
Another mirror for the latest ROM with May 1st patches, uploaded by me you can find here:
https://forum.xda-developers.com/showpost.php?p=79122632&postcount=45
Click to expand...
Click to collapse
Hi. How are you doing. My software channel says: US Retail. and my build number is 183-19-1-2. What would be the firmware?
tb110188 said:
Another mirror for the latest ROM with May 1st patches, uploaded by me you can find here:
https://forum.xda-developers.com/showpost.php?p=79122632&postcount=45
Click to expand...
Click to collapse
Hi. How are you doing. My software channel says: US Retail. and my build number is 183-19-1-2. What would be the firmware?
Ramble2k said:
Hi. How are you doing. My software channel says: US Retail. and my build number is 183-19-1-2. What would be the firmware?
Click to expand...
Click to collapse
This one, make sure to get the latest. https://mirrors.lolinet.com/firmware/moto/beckham/official/RETUS/
Hi, I'm trying to unlock my Moto Z3 Play bootloader, but I don't get the code on CMD, but only a few numbers ... The version of my device is PPW29.131-27-1-11, channel RETBR software.
Someone went through this, can you tell how to reverse this situation?
I couldn't get the bootloader unlocked for xt1929-4. I tried different computers, Linux and win. Have latest adb and fastboot. When fastboot OEM get_unlock_data is given, I says counttas slot not found etc., can someone help?
It may seem obvious, but you
checked OEM unlocking and USB Debugging?
I followed this guide exactly: https://topjohnwu.github.io/Magisk/ota.html
Before starting the guide, I had a pretty new Pixel 7 Pro with the latest version of Magisk successfully installed (with bootloader UNLOCKED) and some small Magisk modules to tweak things (iOS emojis). I made sure to restore boot images and got the "restoration complete" toast message.
I saw the notification for the November update, downloaded and installed it. I did NOT reboot after that. I then went into the Magisk app and tapped "install to inactive slot (after OTA)" and rebooted from within the Magisk app.
My device rebooted, and showed me the bootloader unlocked screen, then showed me the "your device is corrupt" warning and said "press power button to continue". I pressed the power button and my device is now stuck on the Google logo.
Has this happened to anyone else? And is there any way to fix this (preferably without data loss)?
Pritster5 said:
I followed this guide exactly: https://topjohnwu.github.io/Magisk/ota.html
Before starting the guide, I had a pretty new Pixel 7 Pro with the latest version of Magisk successfully installed (with bootloader UNLOCKED) and some small Magisk modules to tweak things (iOS emojis). I made sure to restore boot images and got the "restoration complete" toast message.
I saw the notification for the November update, downloaded and installed it. I did NOT reboot after that. I then went into the Magisk app and tapped "install to inactive slot (after OTA)" and rebooted from within the Magisk app.
My device rebooted, and showed me the bootloader unlocked screen, then showed me the "your device is corrupt" warning and said "press power button to continue". I pressed the power button and my device is now stuck on the Google logo.
Has this happened to anyone else? And is there any way to fix this (preferably without data loss)?
Click to expand...
Click to collapse
That´s a bug within AVB. Unfortunately it can happen on Pixel 6 and 7 devices.
There´s one thing that can clear it:
I know this sounds a bit counter intuitive, but download october factory image, extract init_boot.img, flash it via fastboot on your device with nov firmware.
fastboot flash init_boot init_boot.img
Try to let it boot, if it fails or crashes go back to bootloader via long press power and volume down. (can take up to 30 seconds on p7pro)
If it boots already don´t forgot to flash init_boot from november firmware still.
Then download november factory image, extract init_boot.img, flash it via fastboot as well. This might get you out of the loop.
If you want you can use a magisk_patched init_boot.img as well so you´re rooted.
That last step should get you out of the corruption loop, as flashing outdated init_boot and then correct init_boot will somehow clear avb.
I´ll attach patched init_boot.img from november firmware TD1A.221105.001, Nov 2022 for you.
I see. Thank you so much for this info. I will try and report back my results. Has this bug been fixed in newer versions of Magisk or Android? I feel like it's a high priority bug given that it soft-bricks peoples devices.
EDIT: And does this process result in data loss?
Freak07 said:
That´s a bug within AVB. Unfortunately it can happen on Pixel 6 and 7 devices.
There´s one thing that can clear it:
I know this sounds a bit counter intuitive, but download october factory image, extract init_boot.img, flash it via fastboot on your device with nov firmware.
fastboot flash init_boot init_boot.img
Try to let it boot, if it fails or crashes go back to bootloader via long press power and volume down. (can take up to 30 seconds on p7pro)
If it boots already don´t forgot to flash init_boot from november firmware still.
Then download november factory image, extract init_boot.img, flash it via fastboot as well. This might get you out of the loop.
If you want you can use a magisk_patched init_boot.img as well so you´re rooted.
That last step should get you out of the corruption loop, as flashing outdated init_boot and then correct init_boot will somehow clear avb.
I´ll attach patched init_boot.img from november firmware TD1A.221105.001, Nov 2022 for you.
Click to expand...
Click to collapse
Glad you're on our forum Freak!
Pritster5 said:
I see. Thank you so much for this info. I will try and report back my results. Has this bug been fixed in newer versions of Magisk or Android? I feel like it's a high priority bug given that it soft-bricks peoples devices.
EDIT: And does this process result in data loss?
Click to expand...
Click to collapse
Remove "-w" from the flashall.bat, I believe that ensures you keep data.
I'm also a bit confused by this step: "flash it via fastboot on your device with nov firmware." Are you saying that I should flash october init_boot.img onto my phone, which already has the Nov firmware installed? Or do I have to merge the Oct init_boot.img into the Nov firmware (full factory image TD1A.221105.001)
Pritster5 said:
I'm also a bit confused by this step: "flash it via fastboot on your device with nov firmware." Are you saying that I should flash october init_boot.img onto my phone, which already has the Nov firmware installed? Or do I have to merge the Oct init_boot.img into the Nov firmware (full factory image TD1A.221105.001)
Click to expand...
Click to collapse
yes, you flash the old outdated init_boot via fastboot on november firmware.
afterwards you flash back the correct one for november. that will hopefully clear the avb bug you´re experiencing.
You flash only this img, not anything else. do precisely the steps I described. you don´t have to flash the full firmware, as you already updated to november if I read your initial post correctly and OTA to november was successful.
Pritster5 said:
I see. Thank you so much for this info. I will try and report back my results. Has this bug been fixed in newer versions of Magisk or Android? I feel like it's a high priority bug given that it soft-bricks peoples devices.
EDIT: And does this process result in data loss?
Click to expand...
Click to collapse
no it has not been fixed.
no, with the steps detailed there´s no data loss.
I wouldn´t recommend updating your phone with the magisk flash to inactive slot method. That´s not working for most people on p6 and p7 devices.
Pain-N-Panic said:
Remove "-w" from the flashall.bat, I believe that ensures you keep data.
Click to expand...
Click to collapse
the method I described doesn´t involve using that script. no data will be lost.
I then went into the Magisk app and tapped "install to inactive slot (after OTA)" and rebooted from within the Magisk app.
Click to expand...
Click to collapse
How do you expect this to work for p7p? The Magisk code has not been updated yet to flash init_boot partition instead of boot partition on p7p. Of course, it will corrupt your boot partition.
Update Magisk using the method outlined in the main thread for OTA and Magisk: https://forum.xda-developers.com/t/...-safetynet-all-relevant-links.4502805/page-61
Freak07 said:
yes, you flash the old outdated init_boot via fastboot on november firmware.
afterwards you flash back the correct one for november. that will hopefully clear the avb bug you´re experiencing.
You flash only this img, not anything else. do precisely the steps I described. you don´t have to flash the full firmware, as you already updated to november if I read your initial post correctly and OTA to november was successful.
no it has not been fixed.
no, with the steps detailed there´s no data loss.
I wouldn´t recommend updating your phone with the magisk flash to inactive slot method. That´s not working for most people on p6 and p7 devices.
the method I described doesn´t involve using that script. no data will be lost.
Click to expand...
Click to collapse
devsk said:
How do you expect this to work for p7p? The Magisk code has not been updated yet to flash init_boot partition instead of boot partition on p7p. Of course, it will corrupt your boot partition.
Update Magisk using the method outlined in the main thread for OTA and Magisk: https://forum.xda-developers.com/t/...-safetynet-all-relevant-links.4502805/page-61
Click to expand...
Click to collapse
If what @devsk states is true, you also need to flash back stock boot.img from november firmware via fastboot @Pritster5.
fastboot flash boot boot.img
Since magisk can patch init_boot.img´s, I assumed it would account for pixel 7 pro, having ramdisk inside init_boot instead of boot.img. It´s a bad design choice by magisk app to show this option to users on Pixel 7 pro in that case. :/ but even on pixel 6, the forums are full of people running into issues with that method.
devsk said:
How do you expect this to work for p7p? The Magisk code has not been updated yet to flash init_boot partition instead of boot partition on p7p. Of course, it will corrupt your boot partition.
Update Magisk using the method outlined in the main thread for OTA and Magisk: https://forum.xda-developers.com/t/...-safetynet-all-relevant-links.4502805/page-61
Click to expand...
Click to collapse
Where can I see what devices are supported for that method? I assumed that the guide worked for anyone with A/B partitioning. It would be helpful if there was a notice of this somewhere on the guide or any other obvious place.
The easiest way to recover is to follow that guide and flash the whole ROM (it will fix both the boot and init_boot partitions). *Make sure* to remove -w from the flash-all.bat or flash-all.sh, whichever one you are using. This part is important. "-w" command line argument wipes your data and you don't want that.
I just updated my p7p using this method this afternoon and it worked fine.
Pritster5 said:
Where can I see what devices are supported for that method? I assumed that the guide worked for anyone with A/B partitioning. It would be helpful if there was a notice of this somewhere on the guide or any other obvious place.
Click to expand...
Click to collapse
That link is specifically for p7p
devsk said:
That link is specifically for p7p
Click to expand...
Click to collapse
Oh I meant where can I see what devices support the Magisk "Install to inactive slot" guide.
You said "The Magisk code has not been updated yet to flash init_boot partition instead of boot partition on p7p. Of course, it will corrupt your boot partition."
How are you aware of this? Did you find this out by reading the code itself or was there a notice of this somewhere?
Pritster5 said:
Oh I meant where can I see what devices support the Magisk "Install to inactive slot" guide.
You said "The Magisk code has not been updated yet to flash init_boot partition instead of boot partition on p7p. Of course, it will corrupt your boot partition."
How are you aware of this? Did you find this out by reading the code itself or was there a notice of this somewhere?
Click to expand...
Click to collapse
Actually, this got me thinking and I looked at the code. Looks like the magisk code (the bash function find_boot_image) seems to be doing the right thing by treating init_boot ahead of boot partition.
Do you have the logs from that run of "Install to inactive slot"?
devsk said:
Actually, this got me thinking and I looked at the code. Looks like the magisk code (the bash function find_boot_image) seems to be doing the right thing by treating init_boot ahead of boot partition.
Do you have the logs from that run of "Install to inactive slot"?
Click to expand...
Click to collapse
I don't believe so, as I can only connect to my phone via PC over fastboot mode right now, so I'll have to check for logs after fixing my device.
One other question though, the guide you linked mentioned disabling magisk modules before flashing the factory image. I was never able to do that because I used the inactive slot guide which made no mention of it. Will the enabled magisk modules prevent me from using the guide you linked?
I am also unable to do this step as I can't transfer files from my pc to my p7p when I cant access the phone aside from fastboot mode: "Copy the init_boot.img from the PC to the phone's internal storage." Can I skip this step?
EDIT: Should I just use the Android flash tool instead if I don't have access to ADB? Or should I instead just follow Freak07's steps since his steps don't require adb access?
Pritster5 said:
I don't believe so, as I can only connect to my phone via PC over fastboot mode right now, so I'll have to check for logs after fixing my device.
One other question though, the guide you linked mentioned disabling magisk modules before flashing the factory image. I was never able to do that because I used the inactive slot guide which made no mention of it. Will the enabled magisk modules prevent me from using the guide you linked?
I am also unable to do this step as I can't transfer files from my pc to my p7p when I cant access the phone aside from fastboot mode: "Copy the init_boot.img from the PC to the phone's internal storage." Can I skip this step?
Click to expand...
Click to collapse
Just restore your device by flashing the whole ROM. This will get rid of magisk and you should have no problem booting back into the system. You will have lost the root at that point. Once inside, transfer the init_boot.img into /sdcard and run magisk and ask it to patch that. Bring the patched file to your PC, and flash it to init_boot partition like the guide says. At that point, you should be able to boot back into the system and root should be good.
I did not disable Magisk modules and it worked fine. I have magiskhide props, shmiko, systemless hosts, zygisk - lsposed, universal safety net fix.
If you have trouble with Magisk modules, you can recover by booting into Safe Mode (restart and press down volume and keep it pressed). Magisk detects the Safe Mode and disables the modules. Done that many times.
Pritster5 said:
I don't believe so, as I can only connect to my phone via PC over fastboot mode right now, so I'll have to check for logs after fixing my device.
One other question though, the guide you linked mentioned disabling magisk modules before flashing the factory image. I was never able to do that because I used the inactive slot guide which made no mention of it. Will the enabled magisk modules prevent me from using the guide you linked?
I am also unable to do this step as I can't transfer files from my pc to my p7p when I cant access the phone aside from fastboot mode: "Copy the init_boot.img from the PC to the phone's internal storage." Can I skip this step?
EDIT: Should I just use the Android flash tool instead if I don't have access to ADB? Or should I instead just follow Freak07's steps since his steps don't require adb access?
Click to expand...
Click to collapse
in the end it doesn´t matter how you do it.
Flashing the complete firmware with -w removed or using the web flasher might be easier as it´s kind of a one click solution.
However simply flashing entire november firmware, might not get you out of the avb corruption loop. It might but, but it might not depending on what went wrong. If it´s the bug that I think it is, avb gets cleared when flashing an older outdated init_boot.img.
You can try to just flash the entire nov firmware with any of the methods suggested. If it doesn´t clear the avb corruption bug, flash back older init_boot from oct firmware, followed by current init boot as I originally suggested.
Freak07 said:
That´s a bug within AVB. Unfortunately it can happen on Pixel 6 and 7 devices.
There´s one thing that can clear it:
I know this sounds a bit counter intuitive, but download october factory image, extract init_boot.img, flash it via fastboot on your device with nov firmware.
fastboot flash init_boot init_boot.img
Try to let it boot, if it fails or crashes go back to bootloader via long press power and volume down. (can take up to 30 seconds on p7pro)
If it boots already don´t forgot to flash init_boot from november firmware still.
Then download november factory image, extract init_boot.img, flash it via fastboot as well. This might get you out of the loop.
If you want you can use a magisk_patched init_boot.img as well so you´re rooted.
That last step should get you out of the corruption loop, as flashing outdated init_boot and then correct init_boot will somehow clear avb.
I´ll attach patched init_boot.img from november firmware TD1A.221105.001, Nov 2022 for you.
Click to expand...
Click to collapse
Ok so I did this part:
"I know this sounds a bit counter intuitive, but download october factory image, extract init_boot.img, flash it via fastboot on your device with nov firmware.
fastboot flash init_boot init_boot.img
Try to let it boot, if it fails or crashes go back to bootloader via long press power and volume down. (can take up to 30 seconds on p7pro)
If it boots already don´t forgot to flash init_boot from november firmware still."
And it works, however when I go to "About Phone" the build number is still the October version. Is this expected, given that I flashed the october init_boot.img onto a phone with November firmware? Or did my phone perhaps reboot into the older partition which the phone ran before switching to the inactive slot?
EDIT: Even after flashing the november init_boot.img after temporarily reverting to the october init_boot.img, it's still showing that I have build TD1A.220804.031 installed.
"followed by current init boot as I originally suggested."
Should I reboot back into fastboot mode again to do this?
Thank you guys so much for the help so far btw, I'm already back up and running and just need to finish the steps you mentioned.
@devsk Here are the logs you wanted:
It was posted about 2 hours ago on Asus website, here is the direct link: https://dlcdnets.asus.com/pub/ASUS/...300-2304-user.zip?model=rog phone 5 (zs673ks)
I just updated and phone runs smooth, no data loss during upgrade, magisk and lsposed works.
MarekPietrzak said:
It was posted about 2 hours ago on Asus website, here is the direct link: https://dlcdnets.asus.com/pub/ASUS/ZenFone/ZS673KS/UL-ASUS_I005_1-ASUS-33.0210.0210.200-1.1.300-2304-user.zip?model=rog phone 5 (zs673ks)
I just updated and phone runs smooth, no data loss during upgrade, magisk and lsposed works.
Click to expand...
Click to collapse
hey Marek, i was on android 12, i flashed twrp recovery then i relocked the bootloader!
so i was stuck in bootloader infinity loop, then i downgraded my phone to an very old firmware it is begin with 18 and ends with .raw archive format and mine was beginn 31 and ends wtih zip archive format (it has payload.bin) inside.
so i get failed flashing manuelly the last update of android 12 also the last update (android 13). OTA can nothing getting. what should i do now if you don't mind!?
Edit: the phone doesnt charging and loops now at logo
Hello, you should incrementally update from your version by downloading each upgrade package from Asus site which is newer then your current version and flash them one by one. Or you can find the newest package which you are able to install and repeat this procedure until you can flash the newest Android 13 package. Your current old firmware cannot unpack newest package so you need update by steps.
Check this post: https://forum.xda-developers.com/t/warning-read-before-locking-bootloader.4327977/post-87808387
Other method (untested): Extract latest payload.bin and flash all partitions to inactive slot than change it to active using fastboot
rami88436 said:
hey Marek, i was on android 12, i flashed twrp recovery then i relocked the bootloader!
so i was stuck in bootloader infinity loop, then i downgraded my phone to an very old firmware it is begin with 18 and ends with .raw archive format and mine was beginn 31 and ends wtih zip archive format (it has payload.bin) inside.
so i get failed flashing manuelly the last update of android 12 also the last update (android 13). OTA can nothing getting. what should i do now if you don't mind!?
Edit: the phone doesnt charging and loops now at logo
Click to expand...
Click to collapse
MarekPietrzak said:
Hello, you should incrementally update from your version by downloading each upgrade package from Asus site which is newer then your current version and flash them one by one. Or you can find the newest package which you are able to install and repeat this procedure until you can flash the newest Android 13 package. Your current old firmware cannot unpack newest package so you need update by steps.
Check this post: https://forum.xda-developers.com/t/warning-read-before-locking-bootloader.4327977/post-87808387
Other method (untested): Extract latest payload.bin and flash all partitions to inactive slot than change it to active using fastboot
Click to expand...
Click to collapse
MarekPietrzak said:
Hello, you should incrementally update from your version by downloading each upgrade package from Asus site which is newer then your current version and flash them one by one. Or you can find the newest package which you are able to install and repeat this procedure until you can flash the newest Android 13 package. Your current old firmware cannot unpack newest package so you need update by steps.
Check this post: https://forum.xda-developers.com/t/warning-read-before-locking-bootloader.4327977/post-87808387
Other method (untested): Extract latest payload.bin and flash all partitions to inactive slot than change it to active using fastboot
Click to expand...
Click to collapse
hey, Thanks for replay, i am facing now another messeges.
1- the phone does not charging at all
2- when i plug in into chrage its reboot again and again.
3- the bootloader is open, but when i try to flash any files through bootloader i get:
FAILED (Status read failed (Too many links))
or
FAILED (remote: 'Warning: battery's capacity is very low
to recovery mode i am unable to go there
i tried boot or flash the twrp.img also only boot.img also flash_raw_and_wipe_data.cmd
nothing helps me!!!
Hello, can you try to keep phone on charger for a few hours? Maybe it will charge enough to enter recovery mode. You should never flash twrp by fastboot on a/b devices as they don't have recovery partition. Please restore stock boot.img extracted from payload.bin and after this try booting into fastbootD, not fastboot and then attempt flashing complete firmware package (raw). To boot into fastbootD, keep holding volume keys, when you see a bootloader screen use volume keys to select option "recovery mode". You should now enter stock recovery. Ussing vol keys select option "enter fastboot". You should be now in fastbootD. This is possible only with boot.img without twrp installed as fastbootD is a part of stock recovery, magisk is fine.
Remember to perform all flashing operations with usb port on the left side, the bottom one does not work in bootloader. And make sure you are using latest adb/fastboot binaries, these from popular auto-installers are usually outdated and may cause errors during flashing.
MarekPietrzak said:
Hello, can you try to keep phone on charger for a few hours? Maybe it will charge enough to enter recovery mode. You should never flash twrp by fastboot on a/b devices as they don't have recovery partition. Please restore stock boot.img extracted from payload.bin and after this try booting into fastbootD, not fastboot and then attempt flashing complete firmware package (raw). To boot into fastbootD, keep holding volume keys, when you see a bootloader screen use volume keys to select option "recovery mode". You should now enter stock recovery. Ussing vol keys select option "enter fastboot". You should be now in fastbootD. This is possible only with boot.img without twrp installed as fastbootD is a part of stock recovery, magisk is fine.
Remember to perform all flashing operations with usb port on the left side, the bottom one does not work in bootloader. And make sure you are using latest adb/fastboot binaries, these from popular auto-installers are usually outdated and may cause errors during flashing.
Click to expand...
Click to collapse
I've tried leaving it on overnight and it never charges, there's even no charging lights.
Yesterday I tried flashing via Bugjeager and it didn't work either (betwenn to android devices)
Although the bootloader is unlocked, it gives me a Not Allowed In Lock State message!
the current version of the installed firmware is that old that i flashed WW_ZS673KS_18.0810.2101.95_M2.13.24.9-ASUS_1.1.46_Phone-user.raw, it is non extractable so i cant get the boot.img of it!
I am attaching here the matching boot.img for your 2101.95 firmware. Your phone boots to bootloader as I can see on the video but cannot enter recovery as you have corrupted your boot partition. Can you pm me output of fastboot getvar all command? Please do not post it publicly as it may contain private data such as serial numbers. Good luck!
Are you sure that you have unlocked bootloader? I understand that you have relocked your bootloader and since then your phone never booted into working system. It is not possible to unlock bl with fastboot, only with asus app which requires working Android system
MarekPietrzak said:
I am attaching here the matching boot.img for your 2101.95 firmware. Your phone boots to bootloader as I can see on the video but cannot enter recovery as you have corrupted your boot partition. Can you pm me output of fastboot getvar all command? Please do not post it publicly as it may contain private data such as serial numbers. Good luck!
Are you sure that you have unlocked bootloader? I understand that you have relocked your bootloader and since then your phone never booted into working system. It is not possible to unlock bl with fastboot, only with asus app which requires working Android system
Click to expand...
Click to collapse
wow you are alive haha i thought you not gonna answer me again. ok just 1 second
rami88436 said:
wow you are alive haha i thought you not gonna answer me again. ok just 1 second
Click to expand...
Click to collapse
Sometimes I can be a bit slow to respond as I am on the university during day. Hopefully your issue seems to be possible to be solved just by flashing raw firmware and wiping data partition.
so i was rooted on 12 when update was done i did the usual and hit "later" went into magisk did thr ota to keep root once it booted i was stuck on logo forever, so i flashed original boot.img and booted up good with no root. so then i patched boot in magisk and flashed it and stuck on logo again unless i flash original boot.img. this never happened before. how did you keep root?
rami88436 said:
hey Marek, i was on android 12, i flashed twrp recovery then i relocked the bootloader!
so i was stuck in bootloader infinity loop, then i downgraded my phone to an very old firmware it is begin with 18 and ends with .raw archive format and mine was beginn 31 and ends wtih zip archive format (it has payload.bin) inside.
so i get failed flashing manuelly the last update of android 12 also the last update (android 13). OTA can nothing getting. what should i do now if you don't mind!?
Edit: the phone doesnt charging and loops now at logo
Click to expand...
Click to collapse
if youre still stuck, try to fastboot flash raw firmware and reroot and re update again. twrp only works for me with the magisk twrp installer but then you'll have to re flash patched image as it will remove root
chairman011 said:
so i was rooted on 12 when update was done i did the usual and hit "later" went into magisk did thr ota to keep root once it booted i was stuck on logo forever, so i flashed original boot.img and booted up good with no root. so then i patched boot in magisk and flashed it and stuck on logo again unless i flash original boot.img. this never happened before. how did you keep root?
Click to expand...
Click to collapse
try root your phone through kirnal su
chairman011 said:
if youre still stuck, try to fastboot flash raw firmware and reroot and re update again. twrp only works for me with the magisk twrp installer but then you'll have to re flash patched image as it will remove root
Click to expand...
Click to collapse
hahaha, the owner of this thread had helps me a lot but no way and yesterday i have been lost my imei and isn and the rest.., that was because i tried using miflash.
I did it in the same way as you, just after OTA i installed magisk to inactive slot and rebooted. Maybe you have some incompatible magisk modules which caused bootloop on A13.
chairman011 said:
so i was rooted on 12 when update was done i did the usual and hit "later" went into magisk did thr ota to keep root once it booted i was stuck on logo forever, so i flashed original boot.img and booted up good with no root. so then i patched boot in magisk and flashed it and stuck on logo again unless i flash original boot.img. this never happened before. how did you keep root?
Click to expand...
Click to collapse
MarekPietrzak said:
I did it in the same way as you, just after OTA i installed magisk to inactive slot and rebooted. Maybe you have some incompatible magisk modules which caused bootloop on A13.
Click to expand...
Click to collapse
Oh ok ok makes sense. I had curl module installed. I loved android 13 but I'ma stay on 12 cause the modified read/write script only works on Android 12 and 11 and I need it to uninstall bloatware. Disabling them isn't good enough for me lol I gotta uninstall them completely. I can only do that if system is read/write and this script flashed through two works great to have read/write system. Thank you though
rami88436 said:
hahaha, the owner of this thread had helps me a lot but no way and yesterday i have been lost my imei and isn and the rest.., that was because i tried using miflash.
Click to expand...
Click to collapse
Oh ok ok makes sense. Usually when I face a brick problem I just flash raw firmware fastboot
Actually you can debloat fully systemless, just create magisk module which replaces bloatware directories with empty folders. Or even better use this: https://forum.xda-developers.com/t/module-terminal-debloater-v17-3-2-debloat-systemlessly.3584163/
It is an automated way to make packages fully disappear without remounting system as rw. This module replaces them with empty folders, just like in the manual solution. The packages disappear from system completely and if you install any debloated app from play store or apk it will be installed as user (non-system) app.
chairman011 said:
Oh ok ok makes sense. I had curl module installed. I loved android 13 but I'ma stay on 12 cause the modified read/write script only works on Android 12 and 11 and I need it to uninstall bloatware. Disabling them isn't good enough for me lol I gotta uninstall them completely. I can only do that if system is read/write and this script flashed through two works great to have read/write system. Thank you though
Click to expand...
Click to collapse
MarekPietrzak said:
Actually you can debloat fully systemless, just create magisk module which replaces bloatware directories with empty folders. Or even better use this: https://forum.xda-developers.com/t/module-terminal-debloater-v17-3-2-debloat-systemlessly.3584163/
It is an automated way to make packages fully disappear without remounting system as rw. This module replaces them with empty folders, just like in the manual solution. The packages disappear from system completely and if you install any debloated app from play store or apk it will be installed as user (non-system) app.
Click to expand...
Click to collapse
Oh wow thank you man I'll give it a shot.
I found a gui-based app on github to systemlessly debloat, it is easier to use than this script I posted link to. Here is the link: https://github.com/sunilpaulmathew/De-Bloater
Does anyone have the full RAW firmware, flashed via fastboot? Thank you all
ThienAn2023 said:
Does anyone have the full RAW firmware, flashed via fastboot? Thank you all
Click to expand...
Click to collapse
Mod. edit: private link removed. alecxs