Database Info

[ROOT] Coolad Modena 2 / Sky 2 (E502)

Recently, I successfully ported TWRP from Coolpad Note 3 Lite to Modena 2. After testing, everything works fine, on both devices. Since this device has locked bootloader, we need to bypass this by enabling fastmmi mode and factory mode to enable temporary root access and make initial backup and flashing. So, let´s get started.
Remember to read this post carefully. I am not resposible for any damage to your device. If you brick your device while flashing the TWRP you can *almost* always recover it using SP Flash Tool and YGDP Tool
IF YOU ACCIDENTALY BRICK YOUR DEVICE AND YOU WANT TO FLASH IT VIA SPFT, DO NOT FORMAT THE DEVICE IN SPFT!!! If you´ll format partitions in TWRP, that´s fine, but don´t do FORMAT ALL + DOWNLOAD or FIRMWARE UPGRADE! This will brick your device, like mine This tutorial will not (hopefully) brick it, but just in case something goes wrong, now you know what not to do.
Preparing the environment on your computer
Windows
Download ADB and Fastboot from this link
Open it
Install it system-wide
Also, install the drivers
GNU/Linux (Ubuntu / Debian based distros)
Open terminal
Type "sudo apt install adb fastboot libusb-dev" without the quotes (")
Other things, that are required
Since the file size of the recovery exceeds the maximum 8MB of allowed upload size, you can download it from DataFileHost.
Preparing the device
First, you need to remeber that this could render your device unbootable and will void warranty.
Enable developer options
Go to Settings -> About phone
Tap the build number 7 times
Go back
Go to Developer options
Make sure OEM unlocking and USB Debugging is enabled
Enabling factory mode
Open dialer app
Dial *#9527*#
Click on "DM"
You will be prompted to insert RD personnel password. Enter: 54321
Click cancel button
DM button should change colour to RED
Exit the app by clicking home button
Installing and setting up openrp app
Open terminal / command prompt
Type:
Code:
adb start-server
Type:
Code:
adb devices
Now, click on your phone allow debugging and make sure to tick the radiobutton to remember / always trust this computer
Type:
Code:
adb install
Press spacebar after the install word and drag and drop the downloaded openrp.apk file to terminal
Hit enter
After it´s done, type:
Code:
adb shell monkey -p com.yulong.openrp -v 500
Now, the fun part. ROOTING the device
But before that, BACKUP
Now, keep your phone plugged in, and do a normal reboot by pressing and holding the power button and clicking reboot
When it vibrates, press and hold the Volume down key (Vol-)
You will see these lines on the screen:
Code:
=>[Factory mode]
Code:
=>VolumeDown key is pressed
Code:
=>[fastmmi mode]
After that, you´ll see the LED turns green and "Up Down" text on the screen
Now, back to your computer, type in the command prompt
Code:
adb devices
You should see XXXXXXXXXXXXXX device listed (where XXXX... is the serial number)
Type in the command prompt:
Code:
adb shell dd if=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/recovery of=/storage/self/primary/stock_recovery.img
and
Code:
adb shell dd if=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/boot of=/storage/self/primary/stock_bootimg.img
Flashing the TWRP Image
Type in the command prompt:
Code:
adb push (drag and drop the recovery image file here, like you did with the openrp.apk file) /storage/self/primary/
Type:
Code:
adb reboot
Press and hold VolumeDown key (Vol-) to boot to fastmmi mode
Type:
Code:
adb shell dd if=/storage/self/primary/recovery_twrp_e502.img of=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/recovery
Type
Code:
adb reboot
Press and hold the VolumeUp key (Vol+) to boot into recovery. If you see white screen with "Recovery" text in it, congrats. Everything is working. If not, try again.
Flashing the SuperSU package
Download the zip from SuperSU website
Copy the zip over to the device, with TWRP running
In TWRP, click install, click the zip and confirm the installation.
Factory reset is not required, but you should at least wipe the cache
If this post was useful for you, hit the thanks button

RESERVED

Hi i have a problem here. at the part to drag and drop the openrp file. When i have downloaded the file a drag it and drop it after the install word. The problem is that if I want to drop it there it will do nothing, nothing there shows or anything. Please respond.

I guess you can type the path to the installation file instead of dragging.

Hello,
Very helpful thread, my coolpad Modena 2 (E502) is now rooted.
Don't forget to disable the factory mode once everything is done, or you won't be able to access the storage to usb anymore.
Thanks.

helo, can i get help, when i try to install openrp on abd and fastboot, it printed this message "Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE]"
can anyone help me on that step, so i can root my e502

TCRakt said:
Hello,
Very helpful thread, my coolpad Modena 2 (E502) is now rooted.
Don't forget to disable the factory mode once everything is done, or you won't be able to access the storage to usb anymore.
Thanks.
Click to expand...
Click to collapse
how to disable the factory mode ?? :crying:

Firefa23 said:
how to disable the factory mode ?? :crying:
Click to expand...
Click to collapse
Hello,
If I recall correctly (I don't have the phone anymore, just touched it once to root it at the time), you basically undo the "Enabling factory mode" step.
I think if you dial the number, you'll be back in the menu where you have the option to disable the factory mode.
Factory mode should be disabled when 'DM' is green.
Good luck

very good

Need Custom rom please
nougat / pie

Hello, could you resend the twrp recovery file for this phone again?. old links not work!.
(sorry for my bad english)

[HOW-TO] Temporary Root on BNTV460

Easy way to get root access on BNTV460 (Nook Tablet 7" with Android Oreo)
This is a simple way of getting temporary root access on the Nook Tablet 7"(8.1.0 Go edition).
Needed materials:
The Nook you want temporary root on
A usb cable
A computer with ADB installed (I suggest using a Linux Distro for this because it doesn't require you to install drivers)
Big Note:
Any thing you do to mess up your device is on you. I am not responsible for your own actions. Modifying certain partitions while you have root may result in a device that needs to be reflashed.
Pre-setup:
1. Go to Settings < System < About tablet < Continuously tap on Build Number until it says you are now a developer
2. Exit Settings
3. Go to Settings < System < Developer options < Scroll down to USB Debugging and tap it so it is turned on.
1. First thing to do is to download the release file from https://forum.xda-developers.com/android/development/amazing-temp-root-mediatek-armv8-t3922213 under current version.
2. After that, extract the zip file you downloaded.
3. In a terminal, cd into the location of the mtk-su_rXX/arm (replace XX with the revision number of the file you downloaded).
Example cd command:
Code:
cd /home/yourusername/Downloads/mtk-su_r18/arm/
3.5. Plug in the Nook Tablet 7" into your computer and go into the notifications (swipe down from top). You should see something that says "Android System: USB charging this device. Tap it twice and choose Transfer Files. (If you don't do this, ADB won't work)
4. After that, follow the commands from the XDA page that you downloaded the file from except on the first one, replace path/to/mtk-su with mtk-su
5. If you follow the commands correctly, you should get
Code:
UID: 0 cap: 3fffffffff selinux: permissive
Uses for this:
If you know what you are doing having root is very useful. Big things you can do is backup your partitions to an external SD card so you can be assured you have them backed up in case you have to reflash them.
Issues with this method:
1. It goes away after every reboot
2. It sometimes gives permission denied
- This goes away if you restart the device and rerun mtk-su
Give all of your thanks to diplomatic on the thread about mtk-su, as he deserves any thanks he can receive for his amazing work.

[GUIDE][MAGISK][PIE][MSD6683] How to root MSTAR Smart TV

Hi all,
It's been a long time since I released my root guide for Xperia XA and I'm back for the same reasons: I didn't find a way to root my new Smart TV so I worked hard to find the way and now I want to share the answer with you.
## Background
I bough a cheap Smart TV as a replacement of my 15 years old LG TV used as a monitor for my PC.
It's a 32" TV, manufactured by STRONG, model is SRT 32HC4432, Soc is MSD6683 and codename is "komagome"
The TV have Android TV 9 with only 1GB RAM so it's slooooow and the sound is awfull, I thinked "OK let's root it and tweak it a little". After a long search I found nothing easy and usable for my TV: No "one click" root solution, no factory firmware to extract boot.img and patch it, no TWRP and all guides are outdated for my TV. So I started from scratch (or near).
This guide should works for a lot of TV with MSTAR Soc and Android TV 9.
## Rooting MSTAR TV on Android TV 9 (PIE)
Before proceeding a word of caution (or why you wouldn't like to root your TV):
1. Unlocking your BootLoader will void your warranty.
2. Unlocking your bootloader will wipe the device (factory reset) so make a backup !
3. Disabling dm-verity is a security flaw
3. If you have confidential files in your TV don't unlock your bootloader, as long as your TV is locked your data are officially secured.
4. Opening your TV will void your warranty too.
5. If you brick your TV and you don't have a factory firmware you will no be able to recover it.
6. This guide is not for noob and I will not answer questions like: How to enable ADB? What is UART? How to connect with Putty?
Edit: rooting will break videos on YouTube, Netflix,... Thanks to @dante_ov for the feedback, I will try to find why and fix the problem.
## Requirement
- Adb and Fastboot drivers on your PC
- An USB to serial adapter
- Some solder skills if you are not lucky like me
- Putty software or equivalent
- A USB key (or two)
- Magisk Manager apk
- A file manager app to install apk
- A brain (recommanded)
## Method
1) Unplug the power cord of the TV and remove the back cover of the TV.
2) Connect RX, TX and GND of your adapter on the UART port of the motherboard, DO NOT CONNECT VCC ! On my motherboard it's at the bottom near RCA connectors and I have to solder wires because there is no socket
3) Connect Putty with speed set to 115200
4) Plug the power cord and right after keep pressing Enter on your PC until you see the prompt in the terminal session. For me the prompt is <<M5621>>#
6) We need the partitions info, the command ismmc part
copy/paste the result in a text file on your PC and save it, now we can make a backup of all partitions.
7) Format your USB key in FAT32 and plug it on the USB port on the right of the TV, it will be USB 0, if you connect on the bottom USB port it will be USB 2 or 3. Given commands will be for USB 0.
8) Enter command usb reset 0 to initialize the key
9) For root we only need the recovery partition but to be safe make a backup of all partitions. Be carefull with userdata partition because of FAT32 limitations, size limit is 4GB. You can skip it if you don't care about your user data.
You have to backup partitions one by one because the commands with emmcbin without comments and mmc dd mmc2usb to make a full backup corrupt the dump or the USB key
The command looks like:
emmcbin [usbportnum] [pad] [binname] [offset/partitionname] [dumpsize]
For [offset/partitionname] we use the name of the partition and for [dumpsize] we use length, both values obtained at step 6. [binname] is the name of the created file on the USB key.
For sample:
emmcbin 0 0 recovery.bin recovery 65536
after the dump, if like me you have an error
** Bad Signature on 0:37: expected 0x5840, got 0x0000
[do_emmc_mkbin]: check bininfo of part 37 failed ignore it
10) Now that you have all partitions enter usb stop
Unplug the key and copy the content in a safe place
11) We have to unlock the bootloader by entering
avbab set_device_state 0
setenv devicestate unlock
saveenv
12) We have to disable dm-verity to avoid bootloop, command is
avbab disable-verity
13) Unplug/replug the tv and boot normally, you should see the annoying message " /!\ Your bootloader is unlocked ... " and the wipe data processing screen right after. Wait and follow the setup wizard, enable ABD on the TV then install Magisk Manager app.
13) Rename recovery.bin to recovery.img, copy it on the USB key and plug it on the bottom port of the TV.
14) Open Magisk Manager and patch recovery.img, don't uncheck recovery setting box.
15) On your computer, pull the patched recovery with ADB, it should be in /storage/emulated/0/Download/Magisk_patched_XXX.img
Then copy it on the USB key from the PC and rename it recovery2.bin
I have to do like this because I can't simply copy/paste from internal storage to USB (permission denied)
16) Plug the key on the right side of the tv and do step 4 again
17) We will flash the patched recovery on the recovery partition and on boot too !
(I will explain why later)
Commands are:
usb reset 0
usb_partial_upgrade_to_emmc recovery2.bin recovery
usb_partial_upgrade_to_emmc recovery2.bin boot
18) unplug/plug the power cord and boot normally
19) YOU ARE ROOTED !
20) Hit the thank button on this post
## Unroot
You can unroot the device by flashing the stock boot and recovery with commands from step 17.
You can enable dm-verity again with avbab enable-verity command
You can relock the bootloader with avbab set_device_state 1 command
## Conclusions and comments
If you are familiar with MSTAR devices you noticed that I didn't used special tools and keys, all ways used before are not working anymore, upgrade packages are differents too. Now they are in pkg format so it's not possible to extract boot, recovery, system, ... like before (or I missed the way)
I found a factory firmware for the KIVI 32f710kw who is the copy of my TV but I wasn't able to unpack it.
SPI and TFTP ways are not possible on my TV (as I tried).
An other big change is that the TV uses "system as root" to work so the ramdisk is in system partition and not in the boot that's why I flashed the patched recovery on boot too on step 17.
You can flash only on recovery partition but each time you shutdown (not standby) the TV you will have to reboot to recovery to trigger the root as explained in Magisk documentation.
I don't know if UART through HDMI is working on power on to do the same without opening the TV, I can enable it in the factory menu within Android but I don't have the adapter to try.
## What next ?
Now that I have root and disabled dm-verity I'm free to edit factory configs to enable some features, add the missing HDCP2 key and tweak the firmware.
An other good thing will be to try firmwares from differents TV and GSI Roms
because YES my TV is "Treble enabled"
Have a nice day and good luck !

Thanks for sharing

rrvuhpg said:
We have to unlock the bootloader by entering
avbab set_device_state 0
Click to expand...
Click to collapse
avbab seems not exist on my MSD338 based TV. Upon entering the commands in the console (<< MStar >>#), it returns an error saying Unknown command 'avbab' - try 'help'. The command also doesn't appear in help
The other commands do work though
Do commands differ between devices? Is there any alternative command I can use on my TV, that also unlocks the bootloader? Is there some proper documentation for these commands, since the descriptions in help are really vague

sagnikpal2004 said:
avbab seems not exist on my MSD338 based TV. Upon entering the commands in the console (<< MStar >>#), it returns an error saying Unknown command 'avbab' - try 'help'. The command also doesn't appear in help
The other commands do work though
Do commands differ between devices? Is there any alternative command I can use on my TV, that also unlocks the bootloader? Is there some proper documentation for these commands, since the descriptions in help are really vague
Click to expand...
Click to collapse
Hi,
After a quick search it looks like MSD338 is an "old" Soc so all previous commands and tools should works. You will probably have better answers for MSD338 here: https://forum.xda-developers.com/t/tools-mstar-android-tv-firmware-tools.3559227/

rrvuhpg said:
Hi all,
It's been a long time since I released my root guide for Xperia XA and I'm back for the same reasons: I didn't find a way to root my new Smart TV so I worked hard to find the way and now I want to share the answer with you.
## Background
I bough a cheap Smart TV as a replacement of my 15 years old LG TV used as a monitor for my PC.
It's a 32" TV, manufactured by STRONG, model is SRT 32HC4432, Soc is MSD6683 and codename is "komagome"
The TV have Android TV 9 with only 1GB RAM so it's slooooow and the sound is awfull, I thinked "OK let's root it and tweak it a little". After a long search I found nothing easy and usable for my TV: No "one click" root solution, no factory firmware to extract boot.img and patch it, no TWRP and all guides are outdated for my TV. So I started from scratch (or near).
This guide should works for a lot of TV with MSTAR Soc and Android TV 9.
## Rooting MSTAR TV on Android TV 9 (PIE)
Before proceeding a word of caution (or why you wouldn't like to root your TV):
1. Unlocking your BootLoader will void your warranty.
2. Unlocking your bootloader will wipe the device (factory reset) so make a backup !
3. Disabling dm-verity is a security flaw
3. If you have confidential files in your TV don't unlock your bootloader, as long as your TV is locked your data are officially secured.
4. Opening your TV will void your warranty too.
5. If you brick your TV and you don't have a factory firmware you will no be able to recover it.
6. This guide is not for noob and I will not answer questions like: How to enable ADB? What is UART? How to connect with Putty?
Edit: rooting will break videos on YouTube, Netflix,... Thanks to @dante_ov for the feedback, I will try to find why and fix the problem.
## Requirement
- Adb and Fastboot drivers on your PC
- An USB to serial adapter
- Some solder skills if you are not lucky like me
- Putty software or equivalent
- A USB key (or two)
- Magisk Manager apk
- A file manager app to install apk
- A brain (recommanded)
## Method
1) Unplug the power cord of the TV and remove the back cover of the TV.
2) Connect RX, TX and GND of your adapter on the UART port of the motherboard, DO NOT CONNECT VCC ! On my motherboard it's at the bottom near RCA connectors and I have to solder wires because there is no socket
3) Connect Putty with speed set to 115200
4) Plug the power cord and right after keep pressing Enter on your PC until you see the prompt in the terminal session. For me the prompt is <<M5621>>#
6) We need the partitions info, the command ismmc part
copy/paste the result in a text file on your PC and save it, now we can make a backup of all partitions.
7) Format your USB key in FAT32 and plug it on the USB port on the right of the TV, it will be USB 0, if you connect on the bottom USB port it will be USB 2 or 3. Given commands will be for USB 0.
8) Enter command usb reset 0 to initialize the key
9) For root we only need the recovery partition but to be safe make a backup of all partitions. Be carefull with userdata partition because of FAT32 limitations, size limit is 4GB. You can skip it if you don't care about your user data.
You have to backup partitions one by one because the commands with emmcbin without comments and mmc dd mmc2usb to make a full backup corrupt the dump or the USB key
The command looks like:
emmcbin [usbportnum] [pad] [binname] [offset/partitionname] [dumpsize]
For [offset/partitionname] we use the name of the partition and for [dumpsize] we use length, both values obtained at step 6. [binname] is the name of the created file on the USB key.
For sample:
emmcbin 0 0 recovery.bin recovery 65536
after the dump, if like me you have an error
** Bad Signature on 0:37: expected 0x5840, got 0x0000
[do_emmc_mkbin]: check bininfo of part 37 failed ignore it
10) Now that you have all partitions enter usb stop
Unplug the key and copy the content in a safe place
11) We have to unlock the bootloader by entering
avbab set_device_state 0
setenv devicestate unlock
saveenv
12) We have to disable dm-verity to avoid bootloop, command is
avbab disable-verity
13) Unplug/replug the tv and boot normally, you should see the annoying message " /!\ Your bootloader is unlocked ... " and the wipe data processing screen right after. Wait and follow the setup wizard, enable ABD on the TV then install Magisk Manager app.
13) Rename recovery.bin to recovery.img, copy it on the USB key and plug it on the bottom port of the TV.
14) Open Magisk Manager and patch recovery.img, don't uncheck recovery setting box.
15) On your computer, pull the patched recovery with ADB, it should be in /storage/emulated/0/Download/Magisk_patched_XXX.img
Then copy it on the USB key from the PC and rename it recovery2.bin
I have to do like this because I can't simply copy/paste from internal storage to USB (permission denied)
16) Plug the key on the right side of the tv and do step 4 again
17) We will flash the patched recovery on the recovery partition and on boot too !
(I will explain why later)
Commands are:
usb reset 0
usb_partial_upgrade_to_emmc recovery2.bin recovery
usb_partial_upgrade_to_emmc recovery2.bin boot
18) unplug/plug the power cord and boot normally
19) YOU ARE ROOTED !
20) Hit the thank button on this post
## Unroot
You can unroot the device by flashing the stock boot and recovery with commands from step 17.
You can enable dm-verity again with avbab enable-verity command
You can relock the bootloader with avbab set_device_state 1 command
## Conclusions and comments
If you are familiar with MSTAR devices you noticed that I didn't used special tools and keys, all ways used before are not working anymore, upgrade packages are differents too. Now they are in pkg format so it's not possible to extract boot, recovery, system, ... like before (or I missed the way)
I found a factory firmware for the KIVI 32f710kw who is the copy of my TV but I wasn't able to unpack it.
SPI and TFTP ways are not possible on my TV (as I tried).
An other big change is that the TV uses "system as root" to work so the ramdisk is in system partition and not in the boot that's why I flashed the patched recovery on boot too on step 17.
You can flash only on recovery partition but each time you shutdown (not standby) the TV you will have to reboot to recovery to trigger the root as explained in Magisk documentation.
I don't know if UART through HDMI is working on power on to do the same without opening the TV, I can enable it in the factory menu within Android but I don't have the adapter to try.
## What next ?
Now that I have root and disabled dm-verity I'm free to edit factory configs to enable some features, add the missing HDCP2 key and tweak the firmware.
An other good thing will be to try firmwares from differents TV and GSI Roms
because YES my TV is "Treble enabled"
Have a nice day and good luck !
Click to expand...
Click to collapse
Hello,
Thanks you very much! Very useful guide, I was able to root my TV following the instructions, I have a JVC with mainboard 17MB170 (Produced by VESTEL). UART is over VGA, I connected through a RaspberryPi 3 B+ UART pins with PuTTY because I didn't have any USB to UART interface.
My questions is:
Is there any solution for the process not breaking YouTube and Netflix, I installed SafetyNet module and it showing to be compliant but still YouTube is not working. (Application opens up but throws an error when you try to play any video)
Best regards!

ScorpionXII said:
Hello,
Thanks you very much! Very useful guide, I was able to root my TV following the instructions, I have a JVC with mainboard 17MB170 (Produced by VESTEL). UART is over VGA, I connected through a RaspberryPi 3 B+ UART pins with PuTTY because I didn't have any USB to UART interface.
My questions is:
Is there any solution for the process not breaking YouTube and Netflix, I installed SafetyNet module and it showing to be compliant but still YouTube is not working. (Application opens up but throws an error when you try to play any video)
Best regards!
Click to expand...
Click to collapse
Hi,
I'm happy to see that my guide worked for you
I never found how to fix the issue with YouTube and Netflix, sorry for that.
If you find the fix you can share it here

Very nice tutorial!
I managed to root my NOBLEX DM32X7000 TV (also MSD6683-based) thanks to your method and it works fine except for one huge issue...
While you all mention that YouTube and Netflix breaks for you, I didn't have that problem at all. Instead, my Live TV app breaks and it gets stuck on "Retrieving data..." for all inputs when the boot image is patched with Magisk.
Would you mind sharing your LiveTV and MtkTvInput apps so I can try mix and matching them?
Finding other firmwares for this SoC is quite difficult, I haven't been able to find one so far.

Seem hardcode for me

rrvuhpg said:
Hi all,
It's been a long time since I released my root guide for Xperia XA and I'm back for the same reasons: I didn't find a way to root my new Smart TV so I worked hard to find the way and now I want to share the answer with you.
## Background
I bough a cheap Smart TV as a replacement of my 15 years old LG TV used as a monitor for my PC.
It's a 32" TV, manufactured by STRONG, model is SRT 32HC4432, Soc is MSD6683 and codename is "komagome"
The TV have Android TV 9 with only 1GB RAM so it's slooooow and the sound is awfull, I thinked "OK let's root it and tweak it a little". After a long search I found nothing easy and usable for my TV: No "one click" root solution, no factory firmware to extract boot.img and patch it, no TWRP and all guides are outdated for my TV. So I started from scratch (or near).
This guide should works for a lot of TV with MSTAR Soc and Android TV 9.
## Rooting MSTAR TV on Android TV 9 (PIE)
Before proceeding a word of caution (or why you wouldn't like to root your TV):
1. Unlocking your BootLoader will void your warranty.
2. Unlocking your bootloader will wipe the device (factory reset) so make a backup !
3. Disabling dm-verity is a security flaw
3. If you have confidential files in your TV don't unlock your bootloader, as long as your TV is locked your data are officially secured.
4. Opening your TV will void your warranty too.
5. If you brick your TV and you don't have a factory firmware you will no be able to recover it.
6. This guide is not for noob and I will not answer questions like: How to enable ADB? What is UART? How to connect with Putty?
Edit: rooting will break videos on YouTube, Netflix,... Thanks to @dante_ov for the feedback, I will try to find why and fix the problem.
## Requirement
- Adb and Fastboot drivers on your PC
- An USB to serial adapter
- Some solder skills if you are not lucky like me
- Putty software or equivalent
- A USB key (or two)
- Magisk Manager apk
- A file manager app to install apk
- A brain (recommanded)
## Method
1) Unplug the power cord of the TV and remove the back cover of the TV.
2) Connect RX, TX and GND of your adapter on the UART port of the motherboard, DO NOT CONNECT VCC ! On my motherboard it's at the bottom near RCA connectors and I have to solder wires because there is no socket
3) Connect Putty with speed set to 115200
4) Plug the power cord and right after keep pressing Enter on your PC until you see the prompt in the terminal session. For me the prompt is <<M5621>>#
6) We need the partitions info, the command ismmc part
copy/paste the result in a text file on your PC and save it, now we can make a backup of all partitions.
7) Format your USB key in FAT32 and plug it on the USB port on the right of the TV, it will be USB 0, if you connect on the bottom USB port it will be USB 2 or 3. Given commands will be for USB 0.
8) Enter command usb reset 0 to initialize the key
9) For root we only need the recovery partition but to be safe make a backup of all partitions. Be carefull with userdata partition because of FAT32 limitations, size limit is 4GB. You can skip it if you don't care about your user data.
You have to backup partitions one by one because the commands with emmcbin without comments and mmc dd mmc2usb to make a full backup corrupt the dump or the USB key
The command looks like:
emmcbin [usbportnum] [pad] [binname] [offset/partitionname] [dumpsize]
For [offset/partitionname] we use the name of the partition and for [dumpsize] we use length, both values obtained at step 6. [binname] is the name of the created file on the USB key.
For sample:
emmcbin 0 0 recovery.bin recovery 65536
after the dump, if like me you have an error
** Bad Signature on 0:37: expected 0x5840, got 0x0000
[do_emmc_mkbin]: check bininfo of part 37 failed ignore it
10) Now that you have all partitions enter usb stop
Unplug the key and copy the content in a safe place
11) We have to unlock the bootloader by entering
avbab set_device_state 0
setenv devicestate unlock
saveenv
12) We have to disable dm-verity to avoid bootloop, command is
avbab disable-verity
13) Unplug/replug the tv and boot normally, you should see the annoying message " /!\ Your bootloader is unlocked ... " and the wipe data processing screen right after. Wait and follow the setup wizard, enable ABD on the TV then install Magisk Manager app.
13) Rename recovery.bin to recovery.img, copy it on the USB key and plug it on the bottom port of the TV.
14) Open Magisk Manager and patch recovery.img, don't uncheck recovery setting box.
15) On your computer, pull the patched recovery with ADB, it should be in /storage/emulated/0/Download/Magisk_patched_XXX.img
Then copy it on the USB key from the PC and rename it recovery2.bin
I have to do like this because I can't simply copy/paste from internal storage to USB (permission denied)
16) Plug the key on the right side of the tv and do step 4 again
17) We will flash the patched recovery on the recovery partition and on boot too !
(I will explain why later)
Commands are:
usb reset 0
usb_partial_upgrade_to_emmc recovery2.bin recovery
usb_partial_upgrade_to_emmc recovery2.bin boot
18) unplug/plug the power cord and boot normally
19) YOU ARE ROOTED !
20) Hit the thank button on this post
## Unroot
You can unroot the device by flashing the stock boot and recovery with commands from step 17.
You can enable dm-verity again with avbab enable-verity command
You can relock the bootloader with avbab set_device_state 1 command
## Conclusions and comments
If you are familiar with MSTAR devices you noticed that I didn't used special tools and keys, all ways used before are not working anymore, upgrade packages are differents too. Now they are in pkg format so it's not possible to extract boot, recovery, system, ... like before (or I missed the way)
I found a factory firmware for the KIVI 32f710kw who is the copy of my TV but I wasn't able to unpack it.
SPI and TFTP ways are not possible on my TV (as I tried).
An other big change is that the TV uses "system as root" to work so the ramdisk is in system partition and not in the boot that's why I flashed the patched recovery on boot too on step 17.
You can flash only on recovery partition but each time you shutdown (not standby) the TV you will have to reboot to recovery to trigger the root as explained in Magisk documentation.
I don't know if UART through HDMI is working on power on to do the same without opening the TV, I can enable it in the factory menu within Android but I don't have the adapter to try.
## What next ?
Now that I have root and disabled dm-verity I'm free to edit factory configs to enable some features, add the missing HDCP2 key and tweak the firmware.
An other good thing will be to try firmwares from differents TV and GSI Roms
because YES my TV is "Treble enabled"
Have a nice day and good luck !
Click to expand...
Click to collapse
Will this method work on my Hisense 50A71F, based on Board : MSD6886, platform M7322?

rrvuhpg said:
4) Enchufe el cable de alimentación y luego siga presionando Enter en su PC hasta que vea el mensaje en la sesión de terminal. Para mí, el aviso es <<M5621>>#
Click to expand...
Click to collapse
Hola . Tengo en mi taller un tv con micro MSD6683BQHT... Obtengo el log en consola sin problemas pero no puedo entrar a modo super usuario de ninguna manera como demás tv . He usado enter, esc hasta botón de power presionado etc etc . Alguien me ayuda ?

Thank you, I have successfully rooted my device following the tutorial.

V60 Bootloader Unlock and Magisk Root

Earlier today I was alerted to https://www.cnblogs.com/yanhua-tj/p/15525593.html which has the actual firehose and steps to unlock! However it seems to be in Simplified Chinese so I'll translate it here for you.
The firehose is attached below.
DISCLAIMER: I am not responsible for any damages this may cause as I am merely translating the guide, I am not responsible for you bricking your device because of a missed step so read carefully,
Also, Please backup your data beforehand as this does wipe the phone. Also please note that if you are on android 11 LG Backup will not work after unlocking, neither does the LG Bridge tool.
***IF YOU WANT ANDROID 12, UPDATE BEFORE ROOTING, I HAVE CONFIRMED IT WORKS FINE***
Requirements:
Get QPST Here
Get the FIrehose Here
Engineering Bootloader Here
Adb and Fastboot Here
Qualcomm Drivers Here (When installing make sure to select wwan)
Frp with oem unlock bit set for Verizon Here Not for demo units!
Slight knowledge of the command line
A Brain
Steps:
If you already have it unhidden go to Developer Options under Settings -> System and enable OEM Unlock as well as USB Debugging. If you don't see Developer Options go to Settings => System => About Phone => Software Information and tap Build Number until it either asks you for your password or says you are a developer at the bottom. Verizon Users: You will not see the oem unlock option, we will fix this later in this guide.
2) Get it into 9008 Mode: (This may take several tries)
Make sure you are connected to your computer via USB.
Hold Volume Down and Power until it shuts off
Now here's the tricky part, as soon as the screen turns off, immediately start tapping volume up quickly, but do not let go of volume down and power, if you did it successfully you will see your screen is off but it appears either in Device Manager or Windows plays the Device Connected sound.
Open and Configure QFIL as shown below:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
After that click Browse and select the Firehose you downloaded earlier
Next go to the Tools menu at the top then select Partition Manager (If this errors please reboot back into edl using the steps mentioned above!)
After that wait for QFIL to connect then a new window will pop up. FInd abl_a and abl_b, right click on each and click Manage Partition. First thing you want to do for each is click Read Data. This will back them up in case of anything going wrong. QFIl will tell you where it stores them. Then for each click Load Image and select the Engineering Bootloader you downloaded from before.
Once you get that done for both abl_a and abl_b click close on both the Raw Data Manager and Partition Manager and wait for QFIL to say Finish Reset to EDL in the logs at the bottom.
Now it's time to get into Fastboot.
Press and Hold Power and Volume Down for 9 seconds
Once you either see it disappear from QFIL or you hear it disconnect from your PC, let go of power, until you see Fastboot Mode on your Phone's screen.
Open the command prompt on your computer.
Once it's in fastboot verify if fastboot can see it by doing fastboot devices, if it can't see it troubleshoot here:
Check your USB Connection
Double check you installed the adb and fastboot stuff from earlier in the post
There may be a chance WIndows doesn't recognize it properly. So follow these steps:
Open Device Manager by doing Windows + X and clicking Device Manager
There may be an already open row that says Unknown Devies
Right click on android and select Update Drivers
Select Browse my computer for drivers
Select Let me pick from a list of available drivers
Select Android Device
Select Android Bootloader Interface
Click Ok on the pop up
Once that finishes double check the phone can be seen in fastboot devices
Now here comes the fun part, unlocking! Please make sure you have your data backed up.
If you are on verizon (and it's not a demo unit)
Make sure you downloaded the file from above for the unlocked frp
Do fastboot flash frp frp.img
Do fastboot reboot and let it boot into android once, no need to set it up
Reboot back to Fastboot using step 9
Do fastboot oem unlock
Select Unlock the Bootloader using volume down and power, your phone will wipe and reboot
On any other variant
Do fastboot oem unlock
Select Unlock the Bootloader, your phone will wipe and reboot
And that's it! Rooting guide will be on post 3.
If you have any questions or feel like this is too complicated, please don't hesitate to contact us {Mod edit}

Rooting with Magisk:
You need to have already done the unlock mentioned above
Go back to the guide and go all the way to the Partition Manager part, but don't flash anything.
Now find and right click boot_a, click Manage Partition Data, and click Read Data do the same for boot_b.
Wait for that to finish, when it does QFIL will tell you where it stored it.
Grab the file and place it somewhere as a backup.
Rename it to something like boot_a.img and boot_b.img
Either use an existing device with Magisk or restart your device and install the magisk app from Here (make sure to download the Magisk-v2x.x.apk)
Transfer the images you got to your phone in whatever method you'd like.
In the Magisk App where it says Magisk, click Install, then choose Select and Patch a File. Make sure to patch both boot images separately!
Wait for that to finish, after that transfer the modified image back to wherever you want to keep it. To make it easier rename it to something like MagiskPatchedBoot_a.img and MagiskPatchedBoot_b.img
Get into fastboot by Either:
Shutting the phone off, and holding volume down while plugging in the usb cable
Do adb reboot bootloader if you have adb debugging setup.
Now in the directory of your patched image do fastboot flash boot_a MagiskPatchedBoot_a.img and fastboot flash boot_b MagiskPatchedImage_b.img
Now do fastboot reboot and you're golden!

Misc Fixes:
Spoiler: Getting back the Fingerprint scanner after unlock NOT REQUIRED ON ANDROID 12 (Credits to Leronex_1)
Open the dialer and dial: ` *#546368#*600# ` | Verizon (V600VM): ##228378 (+ send)
SVC Menu > Handprint > HandID Logging = ON | ON VERIZON SKIP THIS STEP
Device Test > SAAT > Service Menu – Manual test > Optical Fingerprint test Complete the test and when a green circle shows tap it, when you see a button “pass” click it. At the end it should fail so just click the “fail” button when there is no “pass” button anymore. Start the test by clicking "start", then hold the green circle with your finger till the test finishes. On the last test it will fail so just click on "fail".
Repeat 3 times and try adding a fingerprint, if fingerprint still does not work just restart and retry again.
Spoiler: Making /system RW (Credits to Leronex_1 and lebigmac)
Download system systemrw_1.31d_BUNDLE.zip from https://forum.xda-developers.com/t/script-android-10-universal-mount-system-read-write-r-w.4247311/
Place folder systemrw_1.31d in /data/local/tmp on the phone
Place sysrw_repair_v1.31d on your linux machine
Go to adb shell, su and then do "chmod +x /data/local/tmp/systemrw_1.31d/systemrw.sh"
Then in adb shell do cd /data/local/tmp/systemrw_1.31d and do ./systemrw.sh size=15 or 20 and wait till its done
Go to the linux machine and cd to sysrw_repair_v1.31d from step 3
Connect adb with your phone and make sure to not accidentally disconnect it (This will take a while)
In the sysrw_repair_v1.31d directory, do sudo ./sysrw_repair.sh and make sure your Linux machine has at least 25gb Storage space, this process will take more or less 30 mins depending on how fast the machine is
When its done it should start flashing in fastboot automatically.
Spoiler: Enabling VoWifi on V600EA (Credits to Leronex_1)
Make sure to follow the guide to make /system rw or else you will end up in a non bootable system!
1. Add these lines below to your build.prop (First set permissions on the build.prop so you can write it)
Code:
Debug Options
persist.dbg.ims_volte_enable=1
persist.dbg.volte_avail_ovr=1
persist.dbg.vt_avail_ovr=1
persist.dbg.wfc_avail_ovr=1
# Radio Options
persist.radio.rat_on=combine
persist.radio.data_ltd_sys_ind=1
persist.radio.data_con_rprt=1
persist.radio.calls.on.ims=1
Make sure to set the Permissions back to chmod 600
2. Reboot, go to settings > Networks > Calls > Enable WIFI Calling
3. If it won't turn on by itself you might need to enter the Service menu and go to SVC Menu > VoWIFI > WIFI Calling Toggle = 1
Credit: Leronex (Discord), Leronex_1 (XDA)
Spoiler: Disabling rct (Credits to null-dev)
You must make /system RW using the guide above
1. adb shell, pm uninstall -k --user 0 com.lge.rctprovider
2. adb reboot bootloader, fastboot erase rct, Reboot to System
3. adb shell, pm uninstall -k --user 0 com.lge.srtc
4. Download and install the Magisk module: https://github.com/null-dev/lg-v60-rct-disable-magisk/raw/master/lg-v60-rct-disable-magisk.zip, then reboot the phone.
5. Delete /mnt/product/persist-lg/rct folder
Done, how to check if it is disabled? "Adb shell", "su" and "getprop | grep rct". If it shows nothing as output that means the service is not running. After that check the service menu *#546368#*600# > SVC Menu > LG RCT (Has to say Disabled)
Spoiler: Disable OTA Updates (Credits to Leronex_1)
Code:
adb shell pm uninstall -k --user 0 com.lge.lgdmsclient
On TMO After 20j:
Code:
adb shell pm uninstall -k --user 0 com.lge.android.atservice
adb shell pm uninstall -k --user 0 com.lge.gdec.client
adb shell pm uninstall -k --user 0 com.lge.lgfota.permission
adb shell pm disable --user 0 com.lge.pickme
Spoiler: Disable Smart doctor to save battery (Credits to Leronex_1)
Code:
adb shell pm disable --user 0 com.lge.phonemanagement
Spoiler: Crossflashing Guide (Credits to Leronex_1)
1. Download and install QPST, when installed launch it and select the firehose and Nand type e.g. UFS.
2. Download and install this LGUP from here: https://drive.google.com/file/d/1VxecFNYK2Lr7w1HVg-mNIGEoVa8CSHFt/view?usp=sharing . In the installer select "Install LG Drivers"
3. Put phone into edl mode, here is how: Hold Vol- and pwr, when the screen turns black keep holding them and Repeatedly press vol+ You will see "Qualcomm HS-USB QDLoader 9008" under "Ports (COM & LPT)" in device manager when it is in edl. If the screen shows anything after reboot, instantly retry again.
4. When it is in EDL Mode, open partition manager and make a backup of these partitions "FTM, OP_A OP_B, MODEM_A MODEM_B, SID_A SID_B.
5. After backing up, erase the same partitions "FTM, OP_A OP_B, MODEM_A MODEM_B, SID_A SID_B.
6. Now after erasing it is sort of important to not let it boot to android, and instead boot to download mode. Here is how: force reboot with vol- and pwr button. As soon as it disconnects from windows, Release the Vol- and Power buttons and hold Vol+ to get into Download Mode.
7. When it enters Download mode, open LGUP and select partition DL. Select your favourite V60 KDZ too.
8. Click on start, then it will prompt you to select partitions that can be flashed, select every partition EXCEPT "SID_A SID_B AND ABL_A ABL_B" then confirm. (NOTE: DO NOT CLICK "SELECT ALL" IT IS BUGGED AND WILL FLASH ALL PARTITIONS, EVEN IF UNSELECTED AFTER)
9. Let it install, after that you should be done, hidden menu won't work but you can install this apk to be able to enter hidden menu and fix the fingerprint on an unlocked bootloader. https://drive.google.com/file/d/1g-7BQ_Jlmi-5tpbMg383LaiYr5YjTmqQ/view?usp=drivesdk

Reserved Post #3

looks good

v60 demo unlock boot and root
THX!

Raify4 said:
v60 demo unlock boot and root
THX!
Click to expand...
Click to collapse
This doesn't work for the demo I should have clarified

crimsonrommer said:
This doesn't work for the demo I should have clarified
Click to expand...
Click to collapse
I tried on my demo unit and it worked

Is that the 601?
Raify4 said:
I tried on my demo unit and it worked
Click to expand...
Click to collapse

Note that the verizon variant has removed the OEM unlock option from developer options, so you'll need to flash an FRP partition with the OEM unlock bit already set.
Leronex and I kinda puzzled that one out.

manywelps said:
Note that the verizon variant has removed the OEM unlock option from developer options, so you'll need to flash an FRP partition with the OEM unlock bit already set.
Leronex and I kinda puzzled that one out.
Click to expand...
Click to collapse
Yeah issue is qfil doesn't see frp so we're trying to find a workaround

crimsonrommer said:
¿Ese es el 601?
Click to expand...
Click to collapse
back cover shows lm v601u

Leronex flashed a different V60's FRP (with the bit set) on my verizon phone and then the unlock worked smoothly.
He used Medusa which can flash the FRP partition independently though.

manywelps said:
Leronex flashed a different V60's FRP (with the bit set) on my verizon phone and then the unlock worked smoothly.
He used Medusa which can flash the FRP partition independently though.
Click to expand...
Click to collapse
Yeah I know, the issue is qfil doesn't see it

Would it still be possible to update after bootloader unlock, even if it's by LGUP?
Other than that, you guys rock! Thank you for providing the translations for us mere mortals to understand

vitalez06 said:
Would it still be possible to update after bootloader unlock, even if it's by LGUP?
Click to expand...
Click to collapse
Yep! Just make sure to use partition dl and uncheck abl_a and abl_b that way fastboot remains, and you can still extract your boot partition and root again

i get this error , help

kiory01 said:
i get this error , help
Click to expand...
Click to collapse
i dont see an error

crimsonrommer said:
i dont see an error
Click to expand...
Click to collapse
same for me, actually no error but after clicked on portion manager, there is popup window appeared saying make sure correct firehose file selected, clicked ok, then screen stuck there no partition manager window appeared yet nothing in log folder as well.

OnePlus 7 Mclaren, Nethunter, TWRP, Magisk Everything you need to Root.

The OnePlus 7 Pro Mclaren EU HD1913 edition is perfect for Nethunter and PenTesters, 256GB storage, 12GB RAM, 2 sim cards, 48MP camera, etc. Here is everything you need to get a fully functional Nethunter Mclaren, with all wifi modules compiled in the kernel for external wifi cards.
Spoiler
The Nethunter Kernel included in the .tar file is for Android OS 10 & will work on the OnePlus 7 Pro, OP 7 Pro Mclaren & OP 7T. Packet wifi injection works also. but be sure you download these drivers after kernel install & reboot: apt install realtek-rtl88xxau-dkms, realtek-rtl8188eus-dkms, realtek-rtl8814au-dkms. So if you just need a kernel compiled with external wifi & usb modules, you can download the .tar file & just use the kernel. Flash it in TWRP per install button. You're welcome.
Some say you must get an "unlock token" from oneplus to unlock bootloader BUT I did not have this issue, it was straight without any token.​Here is the download link: This one contains all files except MSM tool. The MSM link is after. MSM is not needed unless you brick the phone.
Also NOTE: Some of the files have been compressed with "xz".
You must decompress them first, then use the "zip" version of the file for the installation instructions. To decompress these "xz" files do this command:
xz -d name_of_file.zip.xz
THE ONLY FILE TO NOT DECOMPRESS is the Kalifs-arm64-full.tar.xz. You will use the whole file as is, with the "xz" to install the kali chroot. The below download is for the Nethunter bundle not the MSM tool.
Mclaren_Nethunter
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Open: tar -xvf Mclaren_Nethunter.tar
The following download is the MSM tool with the stock Android 10 version. This is in case you brick the phone, this will reset it.
In case you brick your phone, but are still able to boot into TWRP, the MSM tool included can reinstall the Oxygen Os
On windows computer, transfer & extract the MSM tool.
Click on MSM tool, click "run as administrator" it'll open up the dialog.
In upper left, choose EU version then set your cursor over the "start" button
Have a usb cable connected to the Windows machine ready to connect the Mclaren
On Mclaren, in TWRP mode, choose Reboot option, then click EDL
Plug phone in immediately to Windows, it'l recognize it, click Start
The phone will then reinstall the OS, & wipe it clean. Then you must repeat all the steps to reinstall TWRP, Nethunter, Magisk, etc.
MSM_Oneplus7_AndroidOS_10.0.13
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
The files are:
1. TWRP -> for the EU version
2. Dm-verity -> disable Dm-verity encryption.
3. System_rwBundle zip -> Make read/write System, Product, Vendor.
4. NetHunter Kernel -> Compiled with all the wifi modules for external wifi cards, Alfa cards.
5. Magisk -> Root manager
6. Nethunter Apps -> Nethunter GUI, Terminal, Kex-client, Store.
7. MSM download tool -> In case you brick your phone, restore it thru MSM. This needs a windows computer tho.
Starting on the Mclaren:
1. Settings -> About Phone:
a....tap "Build Number" 7 times to enable "Developer Mode".
2. Settings -> System -> Developer Options:
a.Turn on "OEM unlocking", "USB debugging" & turn off "Automatic system Updates"
b. Scroll to "Default USB configuration", select "File Transfer"
c. You can also turn off "Verify apps over USB"
3. Once those are set, plug in phone to Linux computer, "allow usb debugging"
a. Type without quotes "adb reboot bootloader"
b. This will put phone in "Fastboot mode", then in fastboot mode..
c. Type "fastboot flashing unlock"
d. Agree to unlock the bootloader, phone WIPES YOUR DATA then reboots.
4. Go thru motions to set up phone, then REPEAT steps 1 & 2.
5. Now, we are gonna boot into TWRP to install it.
6. Plug phone back into Linux, type again "adb reboot bootloader"
7. This will put you in "Fastboot mode" again:
a. Make sure your in the TWRP directory on Linux: Type "fastboot boot twrp.img" //This boots the image to the Mclaren
b. Now push the "twrp.zip" onto the Mclaren: Type "adb push twrp.zip sdcard/"
c. In TWRP app, go to install, choose "twrp.zip", install.
d. IMPORTANT!!!! AFTER TWRP INSTALL, BOOT BACK INTO RECOVERY not into system.
e. TWRP is installed, now you can boot into system
8. Next, power off phone, boot into TRWP recovery by holding volume down & power key till you see TRWP logo.
9. Plug phone into laptop, push Disable-DM-verity to phone.
adb push Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip /sdcard/
In TWRP, choose install Disable-Dm-verity.
Reboot into system.
10. Next, we make the "vendor, product & system" directories writable. You need this bcuz by default they are read only"
a. In TWRP, push the systemrw_1.32_BUNDLE_proper.zip onto the Mclaren to /data/local/tmp directory.
b. In TWRP, choose "Advanced->Terminal" navigate to /data/local/tmp
c. Unzip the bundle, then -> unzip systemrw_1.32_flashable.zip -> cd to the systemrw_1.32 dir
d. Make file executable: type "chmod +x systemrw.sh"
e. You can specify a size for each directory, the programs op says 15mb is good, but I chose 150MB which works.
Type " ./systemrw.sh size=150 "
f. This will automatically make all the directories read/write... Make sure you got battery on your phone
g. Reboot into system
11. Now we'll install the Nethunter Kernel. It has the wifi modules already compiled.
a. Be in TWRP recovery mode:
b. Push the kernel onto Mclaren: -> adb push anykernel-NetHunter.zip /sdcard/
c. Click install & install the zip, then reboot to system.
d. Go to Settings->About Phone->Android Version to check the Nethunter kernel install
12. Next, reboot into TRWP to install Magisk
a. Push Magisk to Mclaren: "adb push Magisk-v23.0.zip /sdcard/
b. Install Magisk.
c. After Magisk is installed, still in TWRP, go to "Wipe" -> Format Data -> type "yes", then reboot into system.
13. At this point, you'll need to set up the phone again. I refuse all the analytics, & unset all the Google options in the phone.
a. Important!! BEFORE YOU CONNECT TO WIFI to update Magisk, you have to disable "Automatic Updates" on the Mclaren.
I also disable "Find my Device" & all of the Google features including Google Play Scanner.
b. Settings -> System -> System Updates -> Uncheck the "Automatic Updates over wifi" button.
c. Repeat steps 1 & 2 again, especially uncheck the "automatic updates" in "developer options"
d. Turn off "Find my Device" -> Settings -> Google -> Find my Device check to off
e. In Settings, search for Google play, Turn off Google scan.
f. I turn off all the Google features in Settings->Google. Its all spyware crap
14. Once that is done, connect to wifi, and click Magisk app to update. It'll update the app, then in Magisk, click Install-> Direct Install -> Reboot.
15. Now you have Magisk ready, & can install Nethunter.
a. Push "update-nethunter" file to Mclaren in system mode, not TWRP.
adb push update-nethunter-20220211_172614-oneplus7-oos-ten.zip /sdcard/
b. Open Magisk->Modules->Install from Storage-> choose "update-nethunter" file, and done.
16. Nethunter & the Nethunter apps will be installed, but you must update Nethunter thru the Nethunter Store first
a. Open Nethunter Store app -> Updates -> Refresh till update appears, Update then reboot.
17. Nethunter is installed but the chroot kali is not.
a. Push the kalifs-arm64-full.tar.xz onto the Mclaren to the /storage/emulated/0/ directory
adb push kalifs-arm64-full.tar.xz storage/emulated/0/
b. Go to Nethunter GUI -> Kali Chroot Manager -> Install chroot, -> choose to install from backup.
c. The file that shows up is not the one you just pushed so backspace & change the name to "kalifs-arm64-full.tar.xz
d. Click install. Once its done, ready to go.
18. There will be some issues at first, but easy to solve following these instructions. The Nethunter terminal may throw an error for kali term
because of some 'security key' function.
a. Open Nethunter terminal, select "AndroidSU".
b. Type "bootkali_bash" //this will put you into Kali linux shell inside Android shell.
c. To fix the perms, navigate to /etc/pam.d/ & Comment out the following line in each of these files
# session optional pam_keyinit.so force revoke
Files: su-l, login, runuser-l, and sshd. This will solve the Kali terminal issue.
19. Next, lets fix the permissions on the Postgresql directories. Use the following command on all of the directoris
chown -R postgresostgres postgresql/
Directories: "/var/lib/postgresql", "/etc/postgresql", & "/usr/lib/postgresql" Now postgresql will work.
20. Lets fix the iptables legacy error to have iptables working: In Kali shell type:
update-alternatives --config iptables
Choose the iptables-legacy option
Same for ipv6
update-alternatives --config ip6tables
The android firewalls are complex, check them: iptables -n -v -L
I delete all default android firewalls, up to you. iptables -F; iptables -Z; iptables -X //do same with ipv6
21. IMPORTANT there is a program that uses high CPU usage that has to be disabled immediately. Its the @brain-service. You can use "top" process monitor to check this. Don't panic, use the command below to stop it.
a. Lets make this command start at boot. Navigate to NetHunter GUI -> Custom Commands -> ADD
Name: whatever, can be "stop_brain".
Command: su -c resetprop ctl.stop oneplus_brain_service
Send to: android
Exec: background
Run on boot: yes
b. That command will bring the cpu down to 2%. There are more program/services to stop, based on not wanting oneplus spy stuff. here are a few. Use the same command above:
soter-1-0
oneplus.engineer-1-0
opdiagnose
22. There are many programs to uninstall, some are mandatory, others optional. There are numerous lists of bloatware to uninstall, located on the Internet, one link at end of post.
But, think before you uninstall, you may want or still need the package. But the following programs you have to uninstall-> spyware
a. The way to uninstall these is in the AndroidSu shell. Don't use the '-k' flag, bcuz it keeps cache & data of uninstalled pkges.
b. Some commands:
pm list packages // lists pkges. Tack a "-d" to the end to see disabled pkges.
pm uninstall --user 0 com.package.name //uninstalls the package
pm clear --user 0 com.package.name //clears data left from package
c. Necessary uninstall:
net.oneplus.odm
net.oneplus.odm.provider
com.oneplus.ses
d. Necessary Disable: // You can disable or uninstall, but must disable to avoid being updated by Oneplus
Command: pm disable --user 0 com.oneplus.backup
com.oneplus.backup
cn.oneplus.nvbackup
23. After all that, you can go to Nethunter GUI, -> chroot Manager -> Add Metapackage
Choose "kali-linux-nethunter" & "kali-linux-default" to update to base installation. After install all you want.
24. Here is a link to remove some bloatware:
OnePlus Bloatware List | Remove Bloatware on OnePlus
Using our bloatware list you can safely remove OnePlus bloatware. You can also use Oxygen OS Debloater to uninstall system apps on OnePlus devices.
technastic.com

Does Kali NetHunter also work well for OnePlus 7T Pro? I used Google and tried to find on different web pages Installation Guides for this Phone but I only found 7, 7 Pro, 7T but not a ****ing OnePlus 7T Pro!
Can´t believe nothing was posted about 7T Pro since its launch years ago.

Thank you for this detailed guide. Worked like a charm <3 .

botsec said:
Thank you for this detailed guide. Worked like a charm <3 .
Click to expand...
Click to collapse
Hey can you share your experience with nethunter, Im tempted to buy this device only for this