Note: This guide requires polishment, will do that soon.
Click to expand...
Click to collapse
Unlike the previous root guide written for Nokia 7 Plus, this guide requires to use MTK SP Flash Tool to dump stock boot.
Why I suddenly release this guide? Because I found the method to unlock the bootloader for Nokia X5 / 5.1 Plus, but the unlock guide is unsuitable to disclose here right now. Check my Twitter if you want to confirm. To apply this guide, you must have your phone bootloader unlocked. So in theory this guide will also work on Nokia 3.1, 3.1 Plus and 5.1 once stock firmware released.
Since it's a MediaTek-based device, you can easily dump the stock boot from your device by reading the partition table of scatter file.
Now let's begin.
Step 1: Check which slot is your phone currently using
You have few methods to check, but let me introduce two usually used methods. Pick one of them that you're familiar with.
1. Use USB Debugging method to check
Once you enable the USB debugging, execute following command in either terminal or command prompt. I assume you have installed Android Platform Tools.
Code:
.\adb shell getprop ro.boot.slot_suffix
Expected output would be either
Code:
[ro.boot.slot_suffix]: [_a]
Or:
Code:
[ro.boot.slot_suffix]: [_b]
2. Use Fastboot command to check
Same as above, I assume you have installed Android Platform Tools and you have enabled USB debugging.
Code:
.\adb reboot bootloader
Code:
.\fastboot getvar current-slot
Expected output would be either
Code:
current-slot: a
Or:
Code:
current-slot: b
Step 2: Dump your stock boot with MTK SP Flash Tool
If you already have stock boot extracted from stock firmware, skip this step, just copy the boot.img from stock firmware to the phone.
Click to expand...
Click to collapse
I assume that you already have MTK Port driver installed properly.
Check the MT6xxx_Android_scatter.txt from the stock firmware, and find either "boot_a" or "boot_b" on the whole text.
In this case, I used Nokia X5 CN PDA-0-102A-MT6771_Android_scatter.txt, and you'll find following info:
Code:
- partition_index: SYS34
partition_name: boot_a
file_name: PDA-0-102A-00CN-boot.img
is_download: true
type: NORMAL_ROM
linear_start_addr: 0x22a00000
physical_start_addr: 0x22a00000
partition_size: 0x2000000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: UPDATE
is_upgradable: true
empty_boot_needed: false
reserve: 0x00
Code:
- partition_index: SYS52
partition_name: boot_b
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0xf4200000
physical_start_addr: 0xf4200000
partition_size: 0x2000000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: INVISIBLE
is_upgradable: true
empty_boot_needed: false
reserve: 0x00
Please write down the linear_start_addr and partition_size of your stock boot in your current active slot.
For example, if your current slot is B, then you need to use the start address and size of boot_b, which is started from 0xf4200000 and the length is 0x2000000.
You know what to use if your current slot is A, right?
Open MTK SP Flash Tool, load the Download Agent file and scatter file from the extracted stock firmware (older than your current firmware is OK).
Then switch to Readback tab.
Add a readback info, double click that, find a suitable location and save it as "PDA-XXXX-stock_boot.img" (depends on your current firmware revision, e.g. PDA-114A-stock_boot.img)
In this case, we need to dump stock boot from boot_b, now type 0xf4200000 in start address text box and 0x2000000 in length box.
After these info are typed, click OK, Readback - now connect your powered off phone with both volume keys pressed.
After readback OK popped up, close SP Flash Tool, disconnect your phone and power it on again.
Part 3: Patch this boot image
Download and install latest Magisk Manager from https://github.com/topjohnwu/Magisk/releases
Copy the stock boot to the Download directory of internal storage, then tap "Install" - "Install" - "Patch Boot Image", choose "PDA-XXXX-stock_boot.img" you just copied to the phone.
Now you need to wait 1-2 minutes for finish patched boot image.
Pull it out from your phone once finished:
Code:
.\adb pull /storage/emulated/0/Download/magisk_patched.img D:\PDA-XXXX-patched_boot.img
Part 4: Flash boot image
Unlike Qualcomm-based models, we can't perform temporarily boot.
Luckily, we have stock boot already, you should know what to do if you want to go back to stock.
Here's how:
Reboot to fastboot mode with your familiar method:
Code:
.\adb reboot bootloader
Flash patched boot with this command:
Code:
.\fastboot flash boot_(currentslot) D:\PDA-XXXX-patched_boot.img
Example:
Code:
.\fastboot flash boot_b D:\PDA-114A-patched_boot.img
Then reboot your phone:
Code:
.\fastboot reboot
Now all done. Enjoy your rooted Nokia X5 / 5.1 Plus.
Part 5: How to make OTA available with only your phone?
When a newer update released, you can follow this guide to install new updates and inherit root permission with OTA updates: https://github.com/topjohnwu/Magisk/blob/master/docs/tutorials.md
Hey, Bruh how to unlock bootloader
hikari_calyx said:
Unlike the previous root guide written for Nokia 7 Plus, this guide requires to use MTK SP Flash Tool to dump stock boot.
Why I suddenly release this guide? Because I found the method to unlock the bootloader for Nokia X5 / 5.1 Plus, but the unlock guide is unsuitable to disclose here right now. Check my Twitter if you want to confirm. To apply this guide, you must have your phone bootloader unlocked. So in theory this guide will also work on Nokia 3.1, 3.1 Plus and 5.1 once stock firmware released.
Since it's a MediaTek-based device, you can easily dump the stock boot from your device by reading the partition table of scatter file.
Now let's begin.
Step 1: Check which slot is your phone currently using
You have few methods to check, but let me introduce two usually used methods. Pick one of them that you're familiar with.
1. Use USB Debugging method to check
Once you enable the USB debugging, execute following command in either terminal or command prompt. I assume you have installed Android Platform Tools.
Code:
.\adb shell getprop ro.boot.slot_suffix
Expected output would be either
Code:
[ro.boot.slot_suffix]: [_a]
Or:
Code:
[ro.boot.slot_suffix]: [_b]
2. Use Fastboot command to check
Same as above, I assume you have installed Android Platform Tools and you have enabled USB debugging.
Code:
.\adb reboot bootloader
Code:
.\fastboot getvar current-slot
Expected output would be either
Code:
current-slot: a
Or:
Code:
current-slot: b
Step 2: Dump your stock boot with MTK SP Flash Tool
I assume that you already have MTK Port driver installed properly.
Check the MT6xxx_Android_scatter.txt from the stock firmware, and find either "boot_a" or "boot_b" on the whole text.
In this case, I used Nokia X5 CN PDA-0-102A-MT6771_Android_scatter.txt, and you'll find following info:
Code:
- partition_index: SYS34
partition_name: boot_a
file_name: PDA-0-102A-00CN-boot.img
is_download: true
type: NORMAL_ROM
linear_start_addr: 0x22a00000
physical_start_addr: 0x22a00000
partition_size: 0x2000000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: UPDATE
is_upgradable: true
empty_boot_needed: false
reserve: 0x00
Code:
- partition_index: SYS52
partition_name: boot_b
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0xf4200000
physical_start_addr: 0xf4200000
partition_size: 0x2000000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: INVISIBLE
is_upgradable: true
empty_boot_needed: false
reserve: 0x00
Please write down the linear_start_addr and partition_size of your stock boot in your current active slot.
For example, if your current slot is B, then you need to use the start address and size of boot_b, which is started from 0xf4200000 and the length is 0x2000000.
You know what to use if your current slot is A, right?
Open MTK SP Flash Tool, load the Download Agent file and scatter file from the extracted stock firmware (older than your current firmware is OK).
Then switch to Readback tab.
Add a readback info, double click that, find a suitable location and save it as "PDA-XXXX-stock_boot.img" (depends on your current firmware revision, e.g. PDA-114A-stock_boot.img)
In this case, we need to dump stock boot from boot_b, now type 0xf4200000 in start address text box and 0x2000000 in length box.
After these info are typed, click OK, Readback - now connect your powered off phone with both volume keys pressed.
After readback OK popped up, close SP Flash Tool, disconnect your phone and power it on again.
Part 3: Patch this boot image
Download and install latest Magisk Manager from https://github.com/topjohnwu/Magisk/releases
Copy the stock boot to the Download directory of internal storage, then tap "Install" - "Install" - "Patch Boot Image", choose "PDA-XXXX-stock_boot.img" you just copied to the phone.
Now you need to wait 1-2 minutes for finish patched boot image.
Pull it out from your phone once finished:
Code:
.\adb pull /storage/emulated/0/Download/patched_boot.img D:\PDA-XXXX-patched_boot.img
Part 4: Flash boot image
Unlike Qualcomm-based models, we can't perform temporarily boot.
Luckily, we have stock boot already, you should know what to do if you want to go back to stock.
Here's how:
Reboot to fastboot mode with your familiar method:
Code:
.\adb reboot bootloader
Flash patched boot with this command:
Code:
.\fastboot flash boot_(currentslot) D:\PDA-XXXX-patched_boot.img
Example:
Code:
.\fastboot flash boot_b D:\PDA-114A-patched_boot.img
Then reboot your phone:
Code:
.\fastboot reboot
Now all done. Enjoy your rooted Nokia X5 / 5.1 Plus.
Part 5: How to make OTA available with only your phone?
Execute following command under either ADB shell or terminal emulator:
Code:
$ su
(Confim Root permission on your phone)
# dd if=/storage/emulated/0/Download/PDA-XXXX-stock_boot.img of=/dev/block/bootdevice/by-name/boot_(yourcurrentslot)
e.g.
Code:
# dd if=/storage/emulated/0/Download/PDA-114A-stock_boot.img of=/dev/block/bootdevice/by-name/boot_b
Then open Magisk Manager and reinstall Magisk directly.
Now when a newer update released, you can follow this guide to install new updates and inherit root permission with OTA updates: https://github.com/topjohnwu/Magisk/blob/master/docs/tutorials.md
Click to expand...
Click to collapse
This is the root way, do not need to unlock the bootloader ???
hoangkyo555 said:
This is the root way, do not need to unlock the bootloader ???
Click to expand...
Click to collapse
you must unlock the bootloader
CAN i use the Nokia 3.1 Unofficial TWRP recovery on The Nokia 3.1 plus?
Hi can you please make a custom recovery for it.
Unlock Bootloader
vickydrockz said:
Hey, Bruh how to unlock bootloader
Click to expand...
Click to collapse
its quite simple on pie (atleast thats where i have tested and worked it out)
just boot into fastboot mode and type in cmd
fastboot flashing unlock
that should do the trick (atleast that did for mr)
---------- Post added at 08:39 PM ---------- Previous post was at 08:37 PM ----------
hoangkyo555 said:
This is the root way, do not need to unlock the bootloader ???
Click to expand...
Click to collapse
Then how you gonna flash that patched boot image (if bootloader is locked you can't flash ****)
---------- Post added at 08:59 PM ---------- Previous post was at 08:39 PM ----------
can someone help me with scatterfile for TA-1105??
Recovery Partition
Hi @hikari_calyx
I have just received the Nokia 3.1 Plus (mt6765/2) which uses this AB Partition Scheme which is totally new to me.
Looking at the scatter.txt I can not see "Recovery" anywhere.
Did Nokia remove it or rename it maybe like Sony do (fotakernel = Recovery) ?
I would like to get TWRP on this device if that's possible.
I am still on the stock shipped out of the box 8.1.0 firmware version at moment. :fingers-crossed:
Thanks Again for your Great Work on these Nokia's :highfive:
bigrammy said:
Hi @hikari_calyx
I have just received the Nokia 3.1 Plus (mt6765/2) which uses this AB Partition Scheme which is totally new to me.
Looking at the scatter.txt I can not see "Recovery" anywhere.
Did Nokia remove it or rename it maybe like Sony do (fotakernel = Recovery) ?
I would like to get TWRP on this device if that's possible.
I am still on the stock shipped out of the box 8.1.0 firmware version at moment. :fingers-crossed:
Thanks Again for your Great Work on these Nokia's :highfive:
Click to expand...
Click to collapse
A/B devices no longer have a recovery partition. The recovery is embedded into boot partition. To get twrp you'll need to patch the ramdisk for boot_a and boot_b with TWRP files. That's the only way to get twrp. Recovery.img doesn't exist for a/b devices
BarrackaN said:
A/B devices no longer have a recovery partition. The recovery is embedded into boot partition. To get twrp you'll need to patch the ramdisk for boot_a and boot_b with TWRP files. That's the only way to get twrp. Recovery.img doesn't exist for a/b devices
Click to expand...
Click to collapse
Thanks for the reply BarrackaN :good:
I kinda worked that out now but clearly I will need to do some more reading on this new partitioning scheme
I actually thought I ordered the nokia 3.1 according to it's specs but was sent this 3.1 plus instead
I guess I need to keep up with times so this will force me to learn :laugh:
Thanks Again :highfive:
ROMs for Nokia 5.1 plus
thirakun said:
you must unlock the bootloader
Click to expand...
Click to collapse
Why this phone doesn't receive a custom ROM yet hmd global released the source kernel and the unlock method for all Nokia phone including Nokia 5.1 plus why developers doesn't make ROM for this phone source code is available means that mediatek processor doesn't a obstacle to make ROM for this phone please developers respond to my request
bigrammy said:
Thanks for the reply BarrackaN :good:
I kinda worked that out now but clearly I will need to do some more reading on this new partitioning scheme
I actually thought I ordered the nokia 3.1 according to it's specs but was sent this 3.1 plus instead
I guess I need to keep up with times so this will force me to learn :laugh:
Thanks Again :highfive:
Click to expand...
Click to collapse
One of my android one phones got updated to android 10. And google has once again changed how recovery works on a/b devices. Now ramdisk in boot.img is shared by both boot and recovery in linked libraries. So there's currently no way of patching the boot.img with twrp on android 10 because twrp uses the whole ramdisk to run but changing the ramdisk will make the device unbootable. It's frustrating, at least the twrp team said they are working on it.
The best place to learn about this is through google's android developer site. When they discuss in detail all the changes from oreo to pie to Q.
momenabdoz said:
Why this phone doesn't receive a custom ROM yet hmd global released the source kernel and the unlock method for all Nokia phone including Nokia 5.1 plus why developers doesn't make ROM for this phone source code is available means that mediatek processor doesn't a obstacle to make ROM for this phone please developers respond to my request
Click to expand...
Click to collapse
Can you send a link to the bootloader unlock method?
Related
Hi everyone,
First post here. I purchased a Cubot Kingkong. I liked the toughness and the price. Has Android Nougat, 2gb of Ram, 16gb ROM, MT 6580 quad core processor.
What I don't like is that it's slow, in my opinion. I tried to find a custom ROM, but couldn't find one.
Do you a custom ROM that can work? Thought about Android go, but it would need to be updated to Oreo first.
Thanks for your help.
Slow? I have this phone and I find it very reasonably snappy for its specs. The MT6580 is a 2016 entry-level processor. Not any great performer and no firmware will do miracles.
Besides, its Nougat Android is 100% bloat-free (a good surprise I must say). And the 2 Gb of RAM are enough to run it correctly. Don't think Android One would make much of a change here.
Your expectations might be too high for a sub-100€ phone.
does anyone have a scatter file or custom recovery for this phone? how did you root?
CUBOT KING KONG B-1 (X511) Android 7.0 quick TWRP + rooting guide
WARNING: You do a factory reset! all data lost! unlocking - warranty lost!
edit: With locked bootloader, you can not flash from fastboot. BUT - Yippee! - SP Flash Tool is able to flash twrp.img for encrypted device with locked bootloader (and FRP / OEM lock!) without data loss. TWRP is then able to decrypt data with default_password. Before you unlock bootloader, flash TWRP, Back up your /data from TWRP and manually copy Internal Storage (/data/media/0) via USB-MTP (not included in TWRP Backup). Backup is not described in this Tutorial, but feel free to ask
- first you need adb and fastboot, in Windows represented as adb.exe and fastboot.exe which run in command line terminal (cmd.exe) - (for adb and fastboot Windows XP click here)
- install MediaTek MT65xx USB VCOM Preloader USB Drivers for Windows
- this phone is locked. to unlock the bootloader, enable usb-debugging:
Settings -> About Phone -> tap Build number seven (7) times
Settings -> Developer options -> OEM unlocking -> Turn on
Settings -> Developer options -> USB debugging -> Ok
WARNING: You do a factory reset! all data lost!
- connect the phone to pc and type in command console:
- confirm with Yes (Volume UP)
Code:
adb reboot bootloader
fastboot oem unlock
Phone is now in Orange State - warranty lost!
(if you wanna get rid of the waiting time flash the 'Orange State disabler' see below)
- reboot the phone:
Code:
fastboot reboot
i have created a scatter file using this very cool program WwR MTK v2.30 from Ilya Aleksandrovich
then i have ported this TWRP v3.2.2-0 from S. M. Nahid Emon Generic TWRP v3.3.1-0 from Samad Segmane meanwhile
- on Phone, download SR3-SuperSU-v2.79-SR3-20170114223742.zip flashable zip
- on PC, download the scatter file and the twrp-3-3-1-0-recovery from this thread
flash recovery with MediaTek SP Flash Tool
- in SP Flash Tool, go to Download and select the following files:
Download-Agent: MTK_AllInOne_DA.bin
Scatter-loading File: MT6580_cubot_king_kong_7081c_scatter.txt
Flash Mode: Download Only
- uncheck all checkboxes
- double click on recovery.img and select twrp.img
- press Download
- type in command console:
Code:
adb reboot bootloader
(flashing starts as soon as phone is connected in download mode)
- after successfully flashing, press and hold Volume UP, disconnect the phone, connect again, wait until you see the Orange State message appears, then release the Volume UP Button
- you can start TWRP each time from command console:
Code:
adb reboot recovery
edit: Fixed! unfortunately, when flashed and booted from recovery, touch screen is not working unless someone will fix the kernel (Patryk did with IDA Pro but this tutorial drives me crazy) - at moment you can only boot as boot.img
- boot into TWRP recovery from fastboot without flashing recovery (working touch screen)
Code:
adb reboot bootloader
fastboot boot "C:\Download\twrp.img"
<-- see here
- from TWRP you can now install SuperSU.zip flashable zip
- if you want install Busybox binary, download Busybox-1.29.0-YDS-UNIVERSAL.zip from github and install this flashable zip from TWRP
- if you don't like SuperSU better use Magisk i have tested successfully too, it is easy to install, no TWRP required. MediaTek SP Flash Tool has a readback mode where you can make a backup of boot.img and copy to phone (or use the one attached). Then, all you have to do is install the Magisk Manager apk and patch the boot image, then flash the patched_boot.img and you are rooted
- this phone is encrypted by default - disable encryption may increase performance
WARNING: You do a factory reset! all data lost!
first install adb and fastboot, connect the phone and unlock the bootloader,
then follow instructions for disable encryption (do everything in TWRP):
- on Phone, download Disable Force Encrypt zip and SuperSU zip files
- boot into TWRP recovery from fastboot without flashing recovery (see above)
- copy Disable Force Encrypt zip to cache partition
Advanced -> File Manager
navigate to /data/media/0/Download
select file Disable_Dm-Verity_ForceEncrypt_v1.4.zip
press Copy File
navigate to /cache
confirm blue check mark on the right bottom
Swipe to Confirm
- repeat this copy SR3-SuperSU-v2.79-SR3-20170114223742.zip to /cache
go back to main menu
- Wipe -> Format Data -> type yes
if Format Data fails, reboot TWRP and try again:
go back to main menu
- Reboot -> Bootloader
- boot into TWRP recovery from fastboot without flashing recovery (see above)
- Wipe -> Format Data -> type yes
go back to main menu
- flash Disable Force Encrypt zip and SuperSU zip files
Install -> (Up A Level) -> /cache
select file Disable_Dm-Verity_ForceEncrypt_v1.4.zip
uncheck all checkboxes
Swipe to confirm Flash
go back
select file SR3-SuperSU-v2.79-SR3-20170114223742.zip
uncheck all checkboxes
Swipe to confirm Flash
Reboot System
- finish the initial android setup assistant
- enable usb-debugging (see above unlock bootloader)
- boot into TWRP recovery from fastboot without flashing recovery (see above)
- clear cache partition
Wipe -> Advanced Wipe -> Cache -> Swipe to Wipe
instead of SuperSU you can flash Magisk after Disable Force Encrypt. The SuperSU v2.79 is the latest release from Chainfire and it is Pro-Version. Do not update to V2.82 from Coding Code (it is the same version)
- new: 'Orange State' disabler
if you wanna get rid of the waiting time flash the 'Orange State disabler'
WARNING: experts only! do not try this if you don't know how to unbrick your device
- make a backup of lk.bin (bootloader)
- install orange_state_disabler_v0.3.zip from TWRP
- flash lk.bin from SP Flash Tool (in case you bricked your device)
--- 'Orange State' disabler v0.3 ---
##### Created by XopmoH97 : ) #####
source: orange_state_disabler_v0.3.zip
aIecxs said:
Patryk did with IDA Pro but this tutorial drives me crazy
Click to expand...
Click to collapse
Please post here:
Result of:
Code:
echo 0 > /proc/sys/kernel/kptr_restrict
cat /proc/kallsyms | grep tpd_i2c_probe
Dump of:
Code:
cat /proc/kallsyms
Code:
CUBOT_KING_KONG:/ # echo 0 > /proc/sys/kernel/kptr_restrict
CUBOT_KING_KONG:/ # cat /proc/sys/kernel/kptr_restrict
0
CUBOT_KING_KONG:/ # cat /proc/kallsyms | grep tpd_i2c_probe
c07d2970 t tpd_i2c_probe
CUBOT_KING_KONG:/ #
see attachment
https://drive.google.com/file/d/1YmOF9IRJhOEHLFHXgjBcBi74kvKrna0s
What is the kernel architecture? (you can check that in CPU-Z) nevermind
Try this:
twrp-3.2.2.0-cubot_king_kong_7081c-20180831-2340.img (updated)
If it'll not work then this:
twrp-3.2.2.0-cubot_king_kong_7081c-20180831-2356.img
i have tested, both not booting. i think we should just give up. maybe this method does not working for MT6580. i have requested kernel source code from Cubot but they denied
Lannig said:
Besides, its Nougat Android is 100% bloat-free (a good surprise I must say).
Click to expand...
Click to collapse
Cubot King Kong has data mining spy app in OTA updater
https://www.xda-developers.com/report-android-phones-transmit-data-to-adups-a-chinese-firm
dont expect any firmware updates (they wont provide Oreo for sure) - better disable OTA updater instead:
Code:
pm disable --user 0 com.adups.fota
pm disable --user 0 com.adups.fota.sysoper
edit: do not update to V24 battery drain increases dramatically. Just stay at V16
Whats the touch driver here?
1. *#*#3646633#*#*
2. Other extra
3. Device info <-- result
LosTigeros said:
Whats the touch driver here?
1. *#*#3646633#*#*
2. Other extra
3. Device info <-- result
Click to expand...
Click to collapse
the code in dialer did not work, but i could enter Service Mode with MTK Engineering Mode apk. unfortunately there is no device info in Others. is there another way to check, maybe dump some file?
Use an app from google play called Device Info HW
Hey,
thanks for your support and time! I have downloaded this app and this are the results. it shows Touchscreen gt1x (i2c 1-005d)
Will it boot up after just decompressing and compressing it again? Try: twrp-3.2.2.0-cubot_king_kong_7081c-20180902-2017.img (not patched).
Thanks a lot for providing a usable TWRP, even if only one you can boot from fastboot and not flash. It serves its purpose of installing SuperSU or Magisk, good enough for me.
I'm no Android kernel wizard but I fail to see how booting from a flashed partition or in-memory through fastboot makes a difference as far as the touch driver is concerned?
EDIT : wanted to provide the requested information but it's been done already.
In gt1x its because of this:
So get_boot_mode() returns a different value depending on how TWRP was started, from the recovery partition or in-memory from fastboot? and the touchscreen driver basically disables itself in the former case? I've learned something new today, thanks for enlightening us (and I'm impressed by your knowledge of this source code BTW).
EDIT: @aIecxs: unfortunately you're right. Dr. Web has spotted them as the infamous Downloader adware. Guess I'll have to take care of these once I have root.
And what about custom ROMs? Is it possible to build Lineage OS for this device?
I'm thinking of buying one, but if there won't be any OS updates it'll be much worse than I expected.
aIecxs said:
CUBOT KING KONG B-1 (X511) Android 7.0 quick TWRP + rooting guide
- boot into TWRP recovery from fastboot without flashing recovery (working touch screen)
Code:
adb reboot bootloader
fastboot boot "C:\Android\Backup\Cubot King Kong\twrp-3-2-2-0-recovery-for-MT6580_cubot_king_kong_7081c.img"
Click to expand...
Click to collapse
I unlocked the bootloader and tried booting the recovery using this method, but the TWRP logo shows up and the phone is stuck in a bootloop (TWRP logo shows up and disappears over and over again) .
I have tried flashing with SPFlash tool with no results. Every other recovery in this thread simply does not boot at all. What can I do to debug it? I have tried every possible method to root this phone with no success (neither TWRP nor "one click root" apps work). If anyone knows something, please help. I really want to root this phone in order to remove the malware that is preinstalled on it (adups fota). Note that I am not a developer and don't know much about these things beyond flashing custom ROMs. Thank you in advance
please do a read back for boot.img and recovery.img with SP Flash Tool
Unlike previously released Qualcomm based Nokia phones, Nokia X5 uses MediaTek Helio P60 processor.
However, unlike Nokia 3, it no longer uses authentication file, this will make unbrick easier.
After you read the full guide, you should understand how to unbrick your phone.
This guide should work on both 64-bit Linux distro and Windows operating system.
And this guide is simplified than previous guide to ensure your phone will get newer updates.
中文版教程请看这里:https://hikaricalyx.com/2018/10/25/how-to-convert-nokia-x5-to-global-and-unbrick/
Click to expand...
Click to collapse
What you need to have:
- MTK Smart Phone Flash Tool, which you can download from https://spflashtool.com/download/
- Android Platform Tools
- For Windows users, patched OST LA: https://drive.google.com/open?id=1n91aYT9Di6_v4F3Wjlv8TjfeLc64AcYA and MediaTek USB Port driver, which is easy to find
- Nokia X5 Chinese firmware and Global conversion firmware: https://fih-firmware.hikaricalyx.com/fihsw_en.html
Part 1: DO FULL BACKUP
Because few critical partitions are included in this backup, this will ensure you can restore them.
Download "PDA-114A-0-00WW-B01" and extract it.
Open Smart Phone Flash Tool, choose the Download Agent file and Scatter File in the unpacked PDA-1100 firmware.
DO NOT USE DOWNLOAD AGENT FROM THE FLASH TOOL ITSELF!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Then pick "Readback" tab, add a category.
Double click this category, and choose the location you want to save the backup.
Use any text editor to open the scatter file, and find "userdata". You'll need the start address of userdata as the length of the full backup.
After it properly set, click "Read Back", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
Disconnect your phone when procedure completed.
Part 2: Flash PDA-1100 global firmware
Return to download tab, choose "Firmware Upgrade" in the download options, click "Download", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
If you just want to unbrick it as Chinese firmware, double click the Location of "lk_a", and choose "PDA-0-102A-00CN-lk.img" before you "Download", or you will unable to install later OTA updates.
Because it flashes service lk by default.
Click to expand...
Click to collapse
Part 3: Modify SKUID and flash lk
Trigger your phone to Fastboot mode.
You can type this command then connect your powered off phone:
Note: If you're using fastboot included in OST LA, use .\fastboot-android instead of .\fastboot
Click to expand...
Click to collapse
Code:
.\fastboot reboot-bootloader
Type this command to confirm your phone's Serial Number, in this example the serial number is PDAGAM0123456789:
Code:
PDAGAM0123456789 fastboot
Google a website to calculate the md5 checksum of the serial number, for example, the md5 checksum of PDAGAM0123456789 is bb1bfc95418f51dc906462554d71313a.
Now type following command to grant service permission:
Code:
.\fastboot --set-active=a
.\fastboot reboot-bootloader
.\fastboot oem dm-verity (your_md5_checksum)
In this example:
Code:
.\fastboot --set-active=a
.\fastboot reboot-bootloader
.\fastboot oem dm-verity bb1bfc95418f51dc906462554d71313a
Type following commands to confirm and modify SKUID. Following commands are case sensitive:
Code:
.\fastboot oem CustomerSKUID get
.\fastboot oem CustomerSKUID set 600WW
.\fastboot oem CustomerSKUID get
Type following commands to reflash stock lk and reboot:
Code:
.\fastboot flash lk_a G:\PDA-114A-0-00WW-B01_unpacked\PDA-0-114A-00WW-lk.img
.\fastboot reboot
Part 4: Install PDA-209B update manually.
Download this package, and rename it to "PDA-209B-0-00WW-B06-update.zip", place it to root directory of internal storage and dial *#*#874#*#* to update.
https://android.googleapis.com/pack.../b1ebc1be5c4b01109fc3c4dea515e8286904fad0.zip
Old ota packages:
https://tpedutw-my.sharepoint.com/:...hBsIjYfYvl9dsBMabfvVPHJU5mJloVo2qIKw?e=TexpIz
That's it.
Is it bootloader unlockable? Still finding out.
Special thanks to:
@blackpanther0582 for PDA-021G firmware
givemerom for PDA-1100 firmware
Someone for Nokia 5.1 Plus firmware dumping
Someone for Nokia X5 device testing
Thank you
Thank you for sharing this tutorial. But how to unlock Nokia x5 bootloader? It needs unlocked bootloader right?
Nokiyem said:
Thank you for sharing this tutorial. But how to unlock Nokia x5 bootloader? It needs unlocked bootloader right?
Click to expand...
Click to collapse
Nope, bootloader unlock is not required.
You can just convert your phone, that's it.
Thanks for your sharing! May I know if I want to convert back to Chinese firmware, only I need to do is finishing "Part 2: Reflash Chinese PDA-021G firmware“ correct?
the first, in step 1, the backup cannot complete and the message show "aborted".
The second, in step 2, I cannot extract the nb0 file. please extract and upload the zip file.
thanks very much!
I want too
wylwddjz said:
Thanks for your sharing! May I know if I want to convert back to Chinese firmware, only I need to do is finishing "Part 2: Reflash Chinese PDA-021G firmware“ correct?
Click to expand...
Click to collapse
I want too, does I need to choose firmware upgrade or download only on part 2?
hikari_calyx said:
Unlike previously released Qualcomm based Nokia phones, Nokia X5 uses MediaTek Helio P60 processor.
However, unlike Nokia 3, it no longer uses authentication file, this will make unbrick easier.
After you read the full guide, you should understand how to unbrick your phone.
This guide should work on both 64-bit Linux distro and Windows operating system.
What you need to have:
- MTK Smart Phone Flash Tool, which you can download from https://spflashtool.com/download/
- Android Platform Tools
- For Windows users, patched OST LA: https://drive.google.com/open?id=1n91aYT9Di6_v4F3Wjlv8TjfeLc64AcYA and MediaTek USB Port driver, which is easy to find
- Nokia X5 Chinese firmware and Global conversion firmware: https://hikaricalyx.box.com/s/z3s5alma4uhqftsbdo5pl072f0ec9t8z
Part 1: DO FULL BACKUP
Because few critical partitions are included in this backup, this will ensure you can restore them.
Download PDA-021G firmware and unpack it by using nb0 utils with this guide: https://forum.xda-developers.com/nokia-7-plus/how-to/workaround-flashing-oreo-firmware-t3793791
Open Smart Phone Flash Tool, choose the Download Agent file and Scatter File in the unpacked PDA-021G firmware.
DO NOT USE DOWNLOAD AGENT FROM THE FLASH TOOL ITSELF!
Then pick "Readback" tab, add a category.
Double click this category, and choose the location you want to save the backup.
Use any text editor to open the scatter file, and find "userdata". You'll need the start address of userdata as the length of the full backup.
After it properly set, click "Read Back", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
Disconnect your phone when procedure completed.
Part 2: Reflash Chinese PDA-021G firmware
Return to download tab, choose "Firmware Upgrade" in the download options, click "Download", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
Part 3: Modify SKUID
Trigger your phone to Fastboot mode.
You can type this command then connect your powered off phone:
Code:
.\fastboot reboot-bootloader
Type this command to confirm your phone's Serial Number, in this example the serial number is PDAGAM0123456789:
Code:
PDAGAM0123456789 fastboot
Google a website to calculate the md5 checksum of the serial number, for example, the md5 checksum of PDAGAM0123456789 is bb1bfc95418f51dc906462554d71313a.
Now type following command to grant service permission:
Code:
.\fastboot oem dm-verity (your_md5_checksum)
In this example:
Code:
.\fastboot oem dm-verity bb1bfc95418f51dc906462554d71313a
Type following commands to confirm and modify SKUID. Following commands are case sensitive:
Code:
.\fastboot oem CustomerSKUID get
.\fastboot oem CustomerSKUID set 600WW
.\fastboot oem CustomerSKUID get
Type following command and disconnect your phone to power off your phone:
Code:
.\fastboot oem HALT
Part 4: Flash Global PDA-101D firmware I provided
Download PDA-101D firmware and extract it.
Open Smart Phone Flash Tool, choose Download Agent and Scatter file in PDA-101D firmware, choose "Firmware Upgrade" in the download options, click "Download", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
That's it.
Is it bootloader unlockable? Still finding out.
Special thanks to:
@blackpanther0582 for PDA-021G firmware
Someone for Nokia 5.1 Plus firmware dumping
Someone for Nokia X5 device testing
Click to expand...
Click to collapse
Android oen is error Update OTA
How to fix pl.thank
I tried.
The same problem.
Android oen is error Update OTA
How to fix pl.thank
4GB RAM/64GB storage
will this work with 4GB/64GB version?
anyone success ?
hi.. i had global version Nokia 5.1 Plus, can i flash it with chinese rom ?
Android Platform Tools Link??? How to install??
please update newer version.. i cant update it with OTA update... :/ i dont know why but its working fine last update is sept.5 2018
hikari_calyx said:
Unlike previously released Qualcomm based Nokia phones, Nokia X5 uses MediaTek Helio P60 processor.
However, unlike Nokia 3, it no longer uses authentication file, this will make unbrick easier.
After you read the full guide, you should understand how to unbrick your phone.
This guide should work on both 64-bit Linux distro and Windows operating system.
And this guide is simplified than previous guide to ensure your phone will get newer updates.
What you need to have:
- MTK Smart Phone Flash Tool, which you can download from https://spflashtool.com/download/
- Android Platform Tools
- For Windows users, patched OST LA: https://drive.google.com/open?id=1n91aYT9Di6_v4F3Wjlv8TjfeLc64AcYA and MediaTek USB Port driver, which is easy to find
- Nokia X5 Chinese firmware and Global conversion firmware: https://tpedutw-my.sharepoint.com/:...dFks--5G6V4vYBGTwLw1BsthbtIuJqMUN3tQ?e=wOfytH
Part 1: DO FULL BACKUP
Because few critical partitions are included in this backup, this will ensure you can restore them.
Download "PDA-1100-0-00WW-B01_unpacked.7z" and extract it.
Open Smart Phone Flash Tool, choose the Download Agent file and Scatter File in the unpacked PDA-1100 firmware.
DO NOT USE DOWNLOAD AGENT FROM THE FLASH TOOL ITSELF!
Then pick "Readback" tab, add a category.
Double click this category, and choose the location you want to save the backup.
Use any text editor to open the scatter file, and find "userdata". You'll need the start address of userdata as the length of the full backup.
After it properly set, click "Read Back", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
Disconnect your phone when procedure completed.
Part 2: Flash PDA-1100 global firmware
Return to download tab, choose "Firmware Upgrade" in the download options, click "Download", then power off your phone and connect your phone to PC with both volume keys pressed and holded.
When you see a progress bar moving, you can release both keys and wait for the procedure complete.
Part 3: Modify SKUID and flash lk
Trigger your phone to Fastboot mode.
You can type this command then connect your powered off phone:
Code:
.\fastboot reboot-bootloader
Type this command to confirm your phone's Serial Number, in this example the serial number is PDAGAM0123456789:
Code:
PDAGAM0123456789 fastboot
Google a website to calculate the md5 checksum of the serial number, for example, the md5 checksum of PDAGAM0123456789 is bb1bfc95418f51dc906462554d71313a.
Now type following command to grant service permission:
Code:
.\fastboot oem dm-verity (your_md5_checksum)
In this example:
Code:
.\fastboot oem dm-verity bb1bfc95418f51dc906462554d71313a
Type following commands to confirm and modify SKUID. Following commands are case sensitive:
Code:
.\fastboot oem CustomerSKUID get
.\fastboot oem CustomerSKUID set 600WW
.\fastboot oem CustomerSKUID get
Type following commands to reflash stock lk and reboot:
Code:
.\fastboot flash lk_a G:\PDA-1100-0-00WW-B01_unpacked\PDA-0-1100-00WW-lk.img
.\fastboot reboot
Part 4: Install PDA-114A update manually.
Download the update package "PDA-114A-0-00WW-B03-1100-0-00WW-B01-update.zip", copy it to root directory of internal storage, then dial *#*#874#*#* to update.
This can be downloaded from here:
https://tpedutw-my.sharepoint.com/:...hBsIjYfYvl9dsBMabfvVPHJU5mJloVo2qIKw?e=TexpIz
That's it.
Is it bootloader unlockable? Still finding out.
Special thanks to:
@blackpanther0582 for PDA-021G firmware
givemerom for PDA-1100 firmware
Someone for Nokia 5.1 Plus firmware dumping
Someone for Nokia X5 device testing
Click to expand...
Click to collapse
how to go back to nokia x5
taovanluc said:
Android oen is error Update OTA
How to fix pl.thank
Click to expand...
Click to collapse
eprot12 said:
please update newer version.. i cant update it with OTA update... :/ i dont know why but its working fine last update is sept.5 2018
Click to expand...
Click to collapse
I've updated the new guide.
Now PDA-1100 build should be able to install newer updates.
hoangkyo555 said:
how to go back to nokia x5
Click to expand...
Click to collapse
Download an unpack the PDA-102A-0-00CN-B07 firmware with nb0 tools developed by @heineken78
When you change the SKUID, change it to 600CN instead of 600WW, and the lk filename is different from global PDA-1100 as you will find out.
hoangkyo555 said:
Android Platform Tools Link??? How to install??
Click to expand...
Click to collapse
This should be the basis of working on Android phones.
https://developer.android.com/studio/releases/platform-tools
thirakun said:
hi.. i had global version Nokia 5.1 Plus, can i flash it with chinese rom ?
Click to expand...
Click to collapse
Yes you can, but you need to unpack PDA-102A-0-00CN-B07.nb0 and follow the guide, but change the SKUID to 600CN instead of 600WW.
And you need to flash a different lk file which you'll find out.
Use this tool to unpack nb0: https://forum.xda-developers.com/android/general/nb0-unpacker-packer-tool-t3699464
hikari_calyx said:
Yes you can, but you need to unpack PDA-102A-0-00CN-B07.nb0 and follow the guide, but change the SKUID to 600CN instead of 600WW.
And you need to flash a different lk file which you'll find out.
Use this tool to unpack nb0: https://forum.xda-developers.com/android/general/nb0-unpacker-packer-tool-t3699464
Click to expand...
Click to collapse
.\fastboot oem dm-verity bb1bfc95418f51dc906462554d71313a
When run command above will show error message in below...
FAILED (remote: unknown command)
Finished. Total time: 0.002s
Is this command required? or I can skip it?
hikari_calyx said:
Yes you can, but you need to unpack PDA-102A-0-00CN-B07.nb0 and follow the guide, but change the SKUID to 600CN instead of 600WW.
And you need to flash a different lk file which you'll find out.
Use this tool to unpack nb0: https://forum.xda-developers.com/android/general/nb0-unpacker-packer-tool-t3699464
Click to expand...
Click to collapse
this one right?
PDA-0-102A-00CN-lk.img
EDIT :
yess it worked!!!
thanks for tutorial.
but...after i try......
i dont like chinese rom lol
i revert back to WW....
can you please tell me how to use fastboot mode... i have already make my phone into fastboot mode but i dont know whats next to do.. its just says fastboot mode on my phone with nothing else
great work
my X5 is running on global rom now thanks very much
Hi guys,
Note: I am not responsible to the brick device if you will not follow the guide step by step, this is very important to do each and every step, never think to skip any step or may be you will have a total loss, but this guide is tested and working for those who accidentally selected (format + download) while converting from X5 to 5.1 or while re-flashing.
Nokia X5 to 5.1 Plus convert Guide Link: https://forum.xda-developers.com/nokia-x5/how-to/guide-how-to-convert-nokia-x5-to-global-t3858253
Note: The only thing i want to tell you that if you followed the guide in Link above of converting Nokia X5 to 5.1 Plus, than you must have a file from step 1 that is Backup_0, and that file is the only hope to save your device Base band/IEMEI/Serial Number.
So keep in mind please always read follow step 1 and backup your current firmware that have very important partitions, and can save your bricked Nokia X5 device:
BTW I HAVE UPLOADED REQUIRE FILES FROM MY BACKUP HERE BELOW ON REQUEST BECAUSE EVERYONE MAY NOT HAVE PREVIOUS BACKUP, BECAUSE BASE BAND FILES FOR NOKIA X5 ARE SAME FOR ALL PHONES
At Special Request:
I Have added a link required files from my backup here, you can use these if you did not made the backup:
If you are using windows-10 than please follow this guide to disable drivers Signature Verification or your will be unable to connect phone in fastboot mode, you will hear sound connect/disconnect again and again if Driver signature Verification will be enabled in Win-10,
Link Guide: https://www.howtogeek.com/167723/ho...8.1-so-that-you-can-install-unsigned-drivers/
I will try my bests to make the guide as simple as i can:
So let' Start:
First of all What you need before starting the process to restore Base Band/IEMI/Serial Number
1: SP flash tool: please download latest version from this Link: https://spflashtool.com/download/
2: 7-zip: Please download 7-zip from the link: https://www.7-zip.org/download.html
3: Global Firmware: Please download (PDA-1100-0-00WW-B01_unpacked.7z) from this Link: https://tpedutw-my.sharepoint.com/:f...UN3tQ?e=wOfytH
4: Md5Chcker: Please download Md5 checker from this link: http://getmd5checker.com/
5: Adb Platform tools : Please download from this Link: https://mega.nz/#!4rR0AAZI!N3l0FuPDrtej2GwU4VXmehBbLs2TvIlADYXcQv_Nf1Q
That's all, now please create a folder Nokia X5 in any PC disk and please copy all above files there this i am only guiding that you can open everything from one folder, not to move in multiple folders.
Now we are starting the to Restore Base Band/IEMI/Serial Number: (Follow each step carefully)
1: Extract downloaded firmware (PDA-1100-0-00WW-B01_unpacked.7z) in same Nokia X5 folder.
2: Go to Extracted folder and make a copy of " MT6771_Android_scatter.txt" separately and rename it to "proinfo_MT6771_Android_scatter.txt" (make sure do not write .txt because obviously this is .txt file.)
3: Now copy the "proinfo_MT6771_Android_scatter.txt" back to firmware folder (PDA-1100-0-00WW-B01_unpacked)
Now the very important part need to perform carefully:
3: Now right click on "proinfo_MT6771_Android_scatter.txt" and open with word pad that is normally available in windows or you can use any text editor to edit the file.
4: Once you opened the file please follow below edits in file:
4.1: Press ctrl+f and search (partition_index: SYS15) make it look like below:
- partition_index: SYS15
partition_name: proinfo
file_name: proinfo.img
is_download: true
4.2: Press ctrl+f and search (partition_index: SYS6) make it look like below:
- partition_index: SYS6
partition_name: nvcfg
file_name: nvcfg.img
is_download: true
4.3: Press ctrl+f and search (partition_index: SYS10) make it look like below:
- partition_index: SYS10
partition_name: protect1
file_name: protect1.img
is_download: true
4.4: Press ctrl+f and search (partition_index: SYS11) make it look like below:
- partition_index: SYS11
partition_name: protect2
file_name: protect2.img
is_download: true
After edit just save file by pressing ctrl+s, and close the file
5: Now go the the Backup_0 file that you saved earlier via "Readback" process in SP Flash Tool.
5.1: Right Click on file and open with 7-zip and you will see your backed up files in 7-zip.
5.2: Now press "ctrl" on your pc keyboard and select
"proinfo.img" "nvcfg.img" "nvram.img" "protect1.img" "protect2.img" "elabel.img"
5.3: Now right click on selected files and copy to extracted formware where you edited the scatter file.
6: Now open SP Flash tool and load " proinfo_MT6771_Android_scatter"
6.1: In SP Flash tool uploaded list scroll down to "Ik_a" partition and click on the loded file, change the file to "Ik_service.img"
6.2: Now Un-check all files in loaded list and just check "proinfo, nvcfg, protect1, protect2, and lk"
6.3 Now at SP flash tool select "Download only" and press download button to start. (make sure again you selected download only)
6.4: Now turn off you device and press "volume up and volume down" together and connect your device,
6.5: Process will be start at SP flash tool and after finish it will pop up download OK
7: Now reboot your device in "fastboot mode" and execute below commands:
Before executing below commands please copy nvram.img and elabel.img" in your adb platform tools folder
-Open adb platform tools folder press "Shift+Right Click" open command prompt here.
7.1 : "fastboot oem dm-verity 85BC0D743F935BA9078DCB290FAD2194" (This is Random md5 you have to calculate by Md5 tool as you downloaded above)
7.3: "fastboot flash nvram nvram.img"
7.4: "fastboot flash elabel elabel.img"
7.5: "fastboot oem HALT"
Never write "fastboot reboot", diconnect cable and long press power button to reboot phone.
8: Now open SP Flash tool again and load "MT6771_Android_scatter"
8.1: Select "Firmware Upgrade" and press download button at SP Flash tool.
8.2: Power off your Phone and press "volume up and volume down' Buttons together and connect.
8.3: Wait Process end and SP Flash will show "Download complete' or "OK"
Now disconnect cable and power up and check.
Your Base Band/IEMEI/Serial Number restore, Now you are good to go, and never try again Format + download if you don't know when and why to use that.
Thanks.
If you have any questions ask anytime at my hangouts or XDA.
Cheers :good:
"IF THIS GUIDE HELPS YOU PLEASE HIT THANKS" or it does not matter i am just here to help
Reserved and Tips:
You can also contact us at https://t.me/VictaraUni
This group is for multiple devices ROMs, Debrick Help and many more
Tip-1: To generate your Md5 Checksum you can read the serial number at your box, or back of your phone and enter manually to generate Md5 Checksum.
Tip-2: If somehow your phone is off from long time please turn it on and then power off before flashing nvram. Or may be in Windows-10 it will not be recognized
Tip-3: It's much better to use Windows-7 to do this process because installation of drivers is typical and sometimes SP Flash tool stop responding suddenly.
Okay, I'm ready to be called a complete moron, but I want to check before I give up.
Due to an unfortunate series of events, the original backup I had is gone. I do know the original IMEI and I think I know the original serial number. So, is it possible to manually change it in the backup that was made after I lost them?
Side note, where exactly is the serial number on the box, since I couldn't find it there?
NickBastardly said:
Okay, I'm ready to be called a complete moron, but I want to check before I give up.
Due to an unfortunate series of events, the original backup I had is gone. I do know the original IMEI and I think I know the original serial number. So, is it possible to manually change it in the backup that was made after I lost them?
Side note, where exactly is the serial number on the box, since I couldn't find it there?
Click to expand...
Click to collapse
You can use my backup, may be it works for you, because you need 4 important files from backup..
I will upload link of my backup files, those only required to restore baseband/imei/serial, in Post#1, i think it will work because all Nokia x5 have same baseband
NickBastardly said:
Okay, I'm ready to be called a complete moron, but I want to check before I give up.
Due to an unfortunate series of events, the original backup I had is gone. I do know the original IMEI and I think I know the original serial number. So, is it possible to manually change it in the backup that was made after I lost them?
Side note, where exactly is the serial number on the box, since I couldn't find it there?
Click to expand...
Click to collapse
Currently i am away from PC, once i will be there i will upload files, and post link....
Sent from my Nokia 5.1 Plus using Tapatalk, Owned (Victara, Clark, Athene, Orprey)
zahidm said:
Currently i am away from PC, once i will be there i will upload files, and post link....
Sent from my Nokia 5.1 Plus using Tapatalk, Owned (Victara, Clark, Athene, Orprey)
Click to expand...
Click to collapse
Thank you so much, it means a lot to me
NickBastardly said:
Thank you so much, it means a lot to me
Click to expand...
Click to collapse
No worries i am uploading and sending link
Sent from my Nokia 5.1 Plus using Tapatalk, Owned (Victara, Clark, Athene, Orprey)
Edit: removed link
zahidm said:
Link for files uploaded in Post one: also here for you: https://mega.nz/#!03oRSALQ!3VaCFaCNvX4vI5WvW4AvdoL7SIi_gExElc4xBk5AfYU
Please follow each and every step strictly and all now you have to do is use your own serial number:
Click to expand...
Click to collapse
Thanks, I'm currently busy due to a deadline breathing down my neck, so I won't be able to try it right now. I'll be sure to report on how it goes when I do.
On a side note, the serial number is something that has confused me for years, some people use it as a synonym for IMEI, while others don't. So do I use my IMEI or do I go back to trying to find my serial which I can't actually find on the box...
NickBastardly said:
Thanks, I'm currently busy due to a deadline breathing down my neck, so I won't be able to try it right now. I'll be sure to report on how it goes when I do.
On a side note, the serial number is something that has confused me for years, some people use it as a synonym for IMEI, while others don't. So do I use my IMEI or do I go back to trying to find my serial which I can't actually find on the box...
Click to expand...
Click to collapse
Have good rest,
And you need serial number for sure to generate Md5 Checksum, that is must
Sent from my Nokia 5.1 Plus using Tapatalk, Owned (Victara, Clark, Athene, Orprey)
zahidm said:
Have good rest,
And you need serial number for sure to generate Md5 Checksum, that is must
Sent from my Nokia 5.1 Plus using Tapatalk, Owned (Victara, Clark, Athene, Orprey)
Click to expand...
Click to collapse
I'm pretty sure it's obvious at this point that I'm not the type of person that should have messed with this, so final question. Is the serial number the last 6 digits of the IMEI, without the check digit?
(I'm really sorry if I'm being a pain)
NickBastardly said:
I'm pretty sure it's obvious at this point that I'm not the type of person that should have messed with this, so final question. Is the serial number the last 6 digits of the IMEI, without the check digit?
(I'm really sorry if I'm being a pain)
Click to expand...
Click to collapse
No man, serial number is different and will be different , and starts with PDA , if you are unable to find the serial number and you know the IMEI, there are many websites can search serial number from IMEI, you can ask help.
great, you saved me, thanks
@zahidm Thanks very much, your post was very helpful, restored my imei
redweaver said:
@zahidm Thanks very much, your post was very helpful, restored my imei
Click to expand...
Click to collapse
My pleasure
Abdullah
I tried but when I try to flash nvram it fails and say the target device is locked, I tried unlocking bootloader but it also fails whenever I entered the command, initially it tells me that unlocking bootloader is not allowed so I turned OEM unlocking on from developer options but now if I enter the command it fails and say unknown command, please I don't know what else to do I can't make calls with the phone because the IMEI is missing
Abdulmng said:
I tried but when I try to flash nvram it fails and say the target device is locked, I tried unlocking bootloader but it also fails whenever I entered the command, initially it tells me that unlocking bootloader is not allowed so I turned OEM unlocking on from developer options but now if I enter the command it fails and say unknown command, please I don't know what else to do I can't make calls with the phone because the IMEI is missing
Click to expand...
Click to collapse
I sent you PM, check and contact I'll help you restore
Edit: Restored another device via TeamViewer i feel happy when dead devices become alive.
My phones serial number is lost my phone is Nokia 5.1 plus and i don't have readback file can you please send me these 4 files for nokia 5.1 plus?
Ranjhag said:
My phones serial number is lost my phone is Nokia 5.1 plus and i don't have readback file can you please send me these 4 files for nokia 5.1 plus?
Click to expand...
Click to collapse
Do you have your phone actual serial number?
zahidm said:
Do you have your phone actual serial number?
Click to expand...
Click to collapse
yes sir i have my original serial number and sir it is also not installing the ota through adb or recovery?
---------- Post added at 06:56 AM ---------- Previous post was at 06:48 AM ----------
And sir my phones Wifi mac address, Bluetooth address and IMEI numbers were also changed but i fixed the IMEI through SN writer Tool?
The bootloader unlock for Nokia 5.1 Plus X5 is available for paid service that you find online (sorry, cannot disclose where to request or it will violate the rules here).
However, the bootloader unlock flag can be backed up, once we did readback right after bootloader unlocked remotely. Using SP Flash Tool to flash the phone with "Format All + Download" or "Firmware upgrade" mode will cause the unlock state being lost, thus this guide is written for the case.
If you want to repost this guide to other forums or websites, please ask me for permission.
Code:
PLEASE DISABLE YOUR TRANSLATOR TO PREVENT THE COMMANDS BEING MISTAKENLY TRANSLATED!
针对中国用户的中文版教程正在编写中。
The readback should have been done by the unlock service provider. If the service provider didn't made readback for you, you should do yourself before you mess up everything.
In theory it could be applied on Nokia 3.1, 3.1 Plus and 5.1 as well, but for the situation of Nokia 3.1 Plus (FDP implemented), it will be much complicated, will talk about that later.
It's known there're 3 partitions (efuse, sec1 and seccfg) stored the unlock status signature flag to ensure the bootloader is unlocked, which could only match your phone's hardware ID.
We didn't test if the unlock flag backup can be applied to other devices, but you shouldn't try that or it might not be applicable.
To protect your personal information's safety, don't share your backup to public! It could contain your IMEI!
Back then, we didn't have MediaTek-SU exploit to allow us gain temporarily root permission without unlocked bootloader, but now the MediaTek-SU exploit made the bootloader unlock status restoration possible.
So our idea is:
- Flash the phone with SP flash tool (you must use 5.1824 version, any other newer versions cannot be used), format all + download mode
Use following firmware if you're not sure:
(International Users) Nokia 5.1 Plus: PDA-216A-0-00WW-B01
(Chinese Users) Nokia X5: PDA-209B-0-00CN-B06
These builds are known vulnerable to MediaTek-SU expoit. You can download them from https://fih-firmware.hikaricalyx.com/hmd_en.html#pda .
If you downloaded the firmware with ".nb0" extension, discard it. It's not supported.
- extract following partitions from the readback backup:
efuse, nvram, nvcfg, proinfo, protect1, protect2, sec1, seccfg.
- flash proinfo, protect1 and protect2 partition back to the phone with SP flash tool to allow us use few fastboot commands
- gain root permission with MediaTek-SU exploit
- flash efuse, sec1 and seccfg partitions back to the phone under root permission
- reboot to bootloader mode and check if bootloader unlocked
- if unlocked, flash nvram and nvcfg partition back, and format nvdata partition
DO NOT USE Minimal ADB and Fastboot, always use Google official Android Platform tools from here
Here's how to do.
WARNING: Nokia 3.1 Plus users shouldn't follow this guide! A device specific guide will be introduced later.
Click to expand...
Click to collapse
1. We assume you have the readback right after bootloader unlocked and necessary. Use 7-Zip to extract these files:
efuse.img, nvram.img, nvcfg.img, proinfo.img, protect1.img, protect2.img, sec1.img, seccfg.img.
2. Copy all these 8 files into the same directory where the firmware placed.
3. Make a copy of PDA-0-xxxx-MT6771_Android_scatter.txt at same directory, and rename it to proinfo-MT6771_Android_scatter.txt .
4. Open proinfo-MT6771_Android_scatter.txt with some advanced text editor (e.g. Visual Studio Code), find "proinfo" and change the entry into this:
Code:
- partition_index: SYS15
partition_name: proinfo
file_name: proinfo.img
is_download: true
5. Use the same method to change "protect1" and "protect2" entries:
Code:
- partition_index: SYS10
partition_name: protect1
file_name: protect1.img
is_download: true
Code:
- partition_index: SYS11
partition_name: protect2
file_name: protect2.img
is_download: true
6. Use SP flash tool to load your modified proinfo-MT6771_Android_scatter.txt, and only tick "proinfo", "protect1" and "protect2" partitions, flash them with "Download only" mode.
7. Boot the phone to normal OS and root it with MediaTek-SU by this guide.
https://forum.xda-developers.com/nokia-x5/how-to/temp-root-solution-nokia-5-1-plus-t3948577
8. Now copy efuse.img, sec1.img and seccfg.img to root directory of internal storage.
9. Enable USB debugging, execute these commands under adb shell or terminal emulator on the phone:
Code:
su
(confirm root permission on the phone)
dd if=/storage/emulated/0/efuse.img of=/dev/block/bootdevice/by-name/efuse
dd if=/storage/emulated/0/sec1.img of=/dev/block/bootdevice/by-name/sec1
dd if=/storage/emulated/0/seccfg.img of=/dev/block/bootdevice/by-name/seccfg
reboot bootloader
10. Your phone should now booted to fastboot mode. Use this command to check if bootloader unlocked:
Code:
fastboot getvar unlocked
Expected response should be:
Code:
unlocked: yes
11. Now flash nvram back to the phone to restore IMEI:
Code:
fastboot flash nvram /path/to/firmware/directory/nvram.img
fastboot flash nvcfg /path/to/firmware/directory/nvcfg.img
fastboot format nvdata
12. Alright, your phone is now restored back to normal and most importantly, bootloader is fully unlocked - you can install Magisk permanently and use latest Magisk build.
Even if this guide is written, flashing the phone with SP Flash Tool is still not encouraged, although it looks easier. Need to note that Android 10 is not rootable yet, even if bootloader unlocked - waiting for @topjohnwu 's news as I donated him a Nokia X5 with unlocked bootloader
hikari_calyx said:
The bootloader unlock for Nokia 5.1 Plus X5 is available for paid service that you find online (sorry, cannot disclose where to request or it will violate the rules here).
However, the bootloader unlock flag can be backed up, once we did readback right after bootloader unlocked remotely. Using SP Flash Tool to flash the phone with "Format All + Download" or "Firmware upgrade" mode will cause the unlock state being lost, thus this guide is written for the case.
If you want to repost this guide to other forums or websites, please ask me for permission.
Code:
PLEASE DISABLE YOUR TRANSLATOR TO PREVENT THE COMMANDS BEING MISTAKENLY TRANSLATED!
针对中国用户的中文版教程正在编写中。
The readback should have been done by the unlock service provider. If the service provider didn't made readback for you, you should do yourself before you mess up everything.
In theory it could be applied on Nokia 3.1, 3.1 Plus and 5.1 as well, but for the situation of Nokia 3.1 Plus (FDP implemented), it will be much complicated, will talk about that later.
It's known there're 3 partitions (efuse, sec1 and seccfg) stored the unlock status signature flag to ensure the bootloader is unlocked, which could only match your phone's hardware ID.
We didn't test if the unlock flag backup can be applied to other devices, but you shouldn't try that or it might not be applicable.
To protect your personal information's safety, don't share your backup to public! It could contain your IMEI!
Back then, we didn't have MediaTek-SU exploit to allow us gain temporarily root permission without unlocked bootloader, but now the MediaTek-SU exploit made the bootloader unlock status restoration possible.
So our idea is:
- Flash the phone with SP flash tool (you must use 5.1824 version, any other newer versions cannot be used), format all + download mode
Use following firmware if you're not sure:
(International Users) Nokia 5.1 Plus: PDA-216A-0-00WW-B01
(Chinese Users) Nokia X5: PDA-209B-0-00CN-B06
These builds are known vulnerable to MediaTek-SU expoit. You can download them from https://fih-firmware.hikaricalyx.com/hmd_en.html#pda .
If you downloaded the firmware with ".nb0" extension, discard it. It's not supported.
- extract following partitions from the readback backup:
efuse, nvram, nvcfg, proinfo, protect1, protect2, sec1, seccfg.
- flash proinfo, protect1 and protect2 partition back to the phone with SP flash tool to allow us use few fastboot commands
- gain root permission with MediaTek-SU exploit
- flash efuse, sec1 and seccfg partitions back to the phone under root permission
- reboot to bootloader mode and check if bootloader unlocked
- if unlocked, flash nvram and nvcfg partition back, and format nvdata partition
DO NOT USE Minimal ADB and Fastboot, always use Google official Android Platform tools from here
Here's how to do.
1. We assume you have the readback right after bootloader unlocked and necessary. Use 7-Zip to extract these files:
efuse.img, nvram.img, nvcfg.img, proinfo.img, protect1.img, protect2.img, sec1.img, seccfg.img.
2. Copy all these 8 files into the same directory where the firmware placed.
3. Make a copy of PDA-0-xxxx-MT6771_Android_scatter.txt at same directory, and rename it to proinfo-MT6771_Android_scatter.txt .
4. Open proinfo-MT6771_Android_scatter.txt with some advanced text editor (e.g. Visual Studio Code), find "proinfo" and change the entry into this:
Code:
- partition_index: SYS15
partition_name: proinfo
file_name: proinfo.img
is_download: true
5. Use the same method to change "protect1" and "protect2" entries:
Code:
- partition_index: SYS10
partition_name: protect1
file_name: protect1.img
is_download: true
Code:
- partition_index: SYS11
partition_name: protect2
file_name: protect2.img
is_download: true
6. Use SP flash tool to load your modified proinfo-MT6771_Android_scatter.txt, and only tick "proinfo", "protect1" and "protect2" partitions, flash them with "Download only" mode.
7. Boot the phone to normal OS and root it with MediaTek-SU by this guide.
https://forum.xda-developers.com/nokia-x5/how-to/temp-root-solution-nokia-5-1-plus-t3948577
8. Now copy efuse.img, sec1.img and seccfg.img to root directory of internal storage.
9. Enable USB debugging, execute these commands under adb shell or terminal emulator on the phone:
Code:
su
(confirm root permission on the phone)
dd if=/storage/emulated/0/efuse.img of=/dev/block/bootdevice/by-name/efuse
dd if=/storage/emulated/0/sec1.img of=/dev/block/bootdevice/by-name/sec1
dd if=/storage/emulated/0/seccfg.img of=/dev/block/bootdevice/by-name/seccfg
reboot bootloader
10. Your phone should now booted to fastboot mode. Use this command to check if bootloader unlocked:
Code:
fastboot getvar unlocked
Expected response should be:
Code:
unlocked: yes
11. Now flash nvram back to the phone to restore IMEI:
Code:
fastboot flash nvram /path/to/firmware/directory/nvram.img
fastboot flash nvcfg /path/to/firmware/directory/nvcfg.img
fastboot format nvdata
12. Alright, your phone is now restored back to normal and most importantly, bootloader is fully unlocked - you can install Magisk permanently and use latest Magisk build.
Even if this guide is written, flashing the phone with SP Flash Tool is still not encouraged, although it looks easier. Need to note that Android 10 is not rootable yet, even if bootloader unlocked - waiting for @topjohnwu 's news as I donated him a Nokia X5 with unlocked bootloader
Click to expand...
Click to collapse
It worked perfectly on Xiaomi device.
Thank you very much
VD171 said:
It worked perfectly on Xiaomi device.
Thank you very much
Click to expand...
Click to collapse
I didn't find efuse.img on redmi note 9 can u help me for xiaom MTK phones
akbarshoxdedamirzayev said:
I didn't find efuse.img on redmi note 9 can u help me for xiaom MTK phones
Click to expand...
Click to collapse
The thread is not specific for Redmi Note 9.
You can only manage the "SECCFG" partition.
@hikari_calyx
I have a Realme C12.
I have some small doubts.
Why efuse, sec1, seccfg not simply flashed by SPFlashTool?(nvram, nvcfg too)
Why proinfo, protect1, protect2 flashed before flashing seccfg?
Thanks
Hello all, so long story short I had bought a BLU G9 Pro which came with Android 9 Pie. The only device-specific guide I could find online about obtaining root was: https://www.getdroidtips.com/root-blu-g9-pro/
The information on that guide is trivial and can be applicable to almost any device. The root method worked, however, there was an OTA update to Android 10 (and then later a security update) which I took. I then attempted to re-root the device utilizing the same method. However, now it seems that everytime I flash a Magisk modded boot.img my device gets stuck in a bootloop and will not go past the bootloader. I believe that this device may be uncharted territory but it is a great phone and I would love to have both Magisk root and the latest Android 10 firmware. I have found that Magisk supports both Android 10 and A-only devices so I do not see what is causing the problem. Additionally, I attempted to flash an AOSP GSI of Android 10 which refused to boot before I even installed Magisk. I am new to modern Android devices with Project Treble so please forgive me if there is something obvious I am missing. Any help is appreciated, thanks in advance!
@eLatErbI
Try flashing GSI like said in https://source.android.com/setup/build/gsi#flashing-gsis
May be vbmeta flashing is required for your device.
You can get vbmeta.img from your stock firmware.
It seems that Verified Boot could definitely be getting in the way. Could this possibly explain why Magisk is working on the Android 9.0 version of the stock ROM but not Android 10? However, I thought Magisk disabled verified boot in the kernel (boot.img) also I do not have a vbmeta.img in any stock firmware for this phone. Any other means of disabling verified boot? Thanks in advance!
Hi, I have the same problem with my G9 PRO, I tried to boot all kinds of GSI roms with and without magisk and it doesn't work (bootloop). I cannot find the vbmeta partition anywhere so I am hesitant to try to flash it without a backup. There is a mention of it in the fstab of the boot partition, however it is not in the stock firmware or in my own backups. Magisk did also work for me before the Android 10 update. Does anyone have an idea of how AVB works without a vbmeta partition or a verity file?
You can extract the boot.img from your phone if you updated to 10. I updated and used SP Flash to read the boot.img and WwR_MTK to get the partition length and starting value for the boot.img and patched it using Magisk and reflashed it over fastboot. I know this thread is a bit old but if anyone is interested, reply and I will post the link that explains. I have Android 10 running on my Blu G9 pro rooted.
tuffasagong said:
You can extract the boot.img from your phone if you updated to 10. I updated and used SP Flash to read the boot.img and WwR_MTK to get the partition length and starting value for the boot.img and patched it using Magisk and reflashed it over fastboot. I know this thread is a bit old but if anyone is interested, reply and I will post the link that explains. I have Android 10 running on my Blu G9 pro rooted.
Click to expand...
Click to collapse
Hi. Please post the link. It will be very helpful for me. I have the BLU_G0231WW android 10.
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
Thank tuffasagong.
I now have my blu g9 pro magisk rooted on Android 10. I added viper4Android, Adaway and more tweaks.
Have you noticed the desktop mode when screen casting to second display? I wonder if there is a way to reduce lag when using bluetooth mous.
&oot4peace said:
Thank tuffasagong.
I now have my blu g9 pro magisk rooted on Android 10. I added viper4Android, Adaway and more tweaks.
Have you noticed the desktop mode when screen casting to second display? I wonder if there is a way to reduce lag when using bluetooth mous.
Click to expand...
Click to collapse
flashed magisk but bricked phone Does anyone happen to have g9 pro v10 firmware G0230WW or G0231WW readback rom? please i need to unbrick and firmware on web wont work. Please help..
Tesh3180 said:
flashed magisk but bricked phone Does anyone happen to have g9 pro v10 firmware G0230WW or G0231WW readback rom? please i need to unbrick and firmware on web wont work. Please help..
Click to expand...
Click to collapse
Search here: BLU Stock Firmware Repository (Mediafire)
lopestom said:
Search here: BLU Stock Firmware Repository (Mediafire)
Click to expand...
Click to collapse
thanks but already tried that file and wont work..
Tesh3180 said:
thanks but already tried that file and wont work..
Click to expand...
Click to collapse
Which version were you on? The latest at the time? A little more info did you flash a Magisk patched boot image?
Blu pushed out a new update 10.0.04.08 a couple weeks ago. Reflash the stock Boot image to update. Boot image has the same length and start addresses. I just reflashed the magisk Boot image I made with 10.0.04.07 and works fine.
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
I've followed this and have gotten quite far but I can't seem to find any working fastboot drivers for the G9 pro, I have tried several different ones and with every one I get absolutely no hits on "fastboot devices" and upon any attempts to flash, it leaves me at "waiting for device" I just want to know if you had a specific driver or if it's different issue
Cathedralruins said:
I've followed this and have gotten quite far but I can't seem to find any working fastboot drivers for the G9 pro, I have tried several different ones and with every one I get absolutely no hits on "fastboot devices" and upon any attempts to flash, it leaves me at "waiting for device" I just want to know if you had a specific driver or if it's different issue
Click to expand...
Click to collapse
Use the Platform Tools for A9 or A10.
Downloads - Read and accept the terms.: platform-tools-latest-windows.zip
Device need OEM Unlock & USB Debugging enable.
Maybe your PC need USB Drivers: drivers USB OEM
Maybe need MTK USB driver: MTK Driver
lopestom said:
Use the Platform Tools for A9 or A10.
Downloads - Read and accept the terms.: platform-tools-latest-windows.zip
Device need OEM Unlock & USB Debugging enable.
Maybe your PC need USB Drivers: drivers USB OEM
Maybe need MTK USB driver: MTK Driver
Click to expand...
Click to collapse
First off, thank you for your really speedy assistance with this, I appreciate it.
A couple things, to note, the device has already had OEM unlocking and usb debugging enabled, it works with adb, but is not recognized at all by fastboot itself, I'm definitely going to try those drivers and that version of the platform tools. Is there any log, device list, or any other info I can dump that would be useful in troubleshooting this?
Thanks again for your assistance, lopestom.
Cathedralruins said:
First off, thank you for your really speedy assistance with this, I appreciate it.
A couple things, to note, the device has already had OEM unlocking and usb debugging enabled, it works with adb, but is not recognized at all by fastboot itself, I'm definitely going to try those drivers and that version of the platform tools. Is there any log, device list, or any other info I can dump that would be useful in troubleshooting this?
Thanks again for your assistance, lopestom.
Click to expand...
Click to collapse
Bootloader unlocked?
Authorization PC vs device already has with USB debugging?
If yes so look drivers.
Hello there,
My technical skills when comes to android phones is next to zero, but I have been running linux (Fedora, Endeavour, currently Debian 11), I am not affraid of the terminal.
I have bought a Blu g9 pro, like 3 months ago, it came out of the box with android 9, then It updated to android 10.
It is very close to stock android, and I am ok with it, exept for a few creepy apps that I would like to remove,
I would like your input on what is the safest aproach, can I just 'debloat' the current system? or might as well replace it with something else?
Thank you.
I attempted to flash the patched boot image from Magisk but my G9 Pro started boot looping. I've tried to flash every firmware that I can find for this model but I keep getting an error message from the Flash tool.
Any guidance?
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
Saved me - TY. This worked for me for Mintt Ultramintt Y3 - basically an Aussie rebadged Blu G9 Pro. I used this method for it with Pie 9 (before allowing update to 10). Cheers