Here is a rooting method for the Plam Phone either the US variant or the Vodafone variant this has not been tested or confirmed working on any other device. This root method may break in the future because it is using a tool that isn't designed for the public i tried getting the firehose packaged with the tool to work in other edl flashing tools but was not able to get it working. So this is all we have for now. There is minimal risk in doing this it just has a lot of steps and it requires a pc running windows.
Note: This will wipe your device so anything stored on it will be lost please backup anything important like photos/contacts/etc
Download and install Sugar QCT from here (Be sure to install the usb drivers as well)
Included in the zip is the username and password that you will need to use to run the program please do not post it here.
Boot the device into recovery by turning the device off and then holding the power button until it restarts 3-4 times and boots to recovery
Select the option to go into emergency download mode
Now plug the device into your computer and open Sugar QCT
From the list select pepito/PVG100 (US) or pepito_vdf (Vodafone)
Now select Upgrade this will download the palms firmware package and flash it to the device
When it finishes do not close sugar
Unplug your device and hold the power button for a few minutes so it will restart out of EDL mode, use a rubber band or something to apply pressure to it so you don't have to hold it
Go to where Sugar QCT is installed (C:\Program Files (x86)\SUGAR QCT_SP_Gotu2\bin\)
In there you should see a folder called PVG100-xxxx (The x's are your serial number)
Copy that to your desktop or anywhere else that you like
In the folder, there should be some random looking mbn files these are actually the firmware files just names are randomized to make using them harder.
There should be a file called B1AMD0D0CV00.mbn if not look for a file that starts with a B it will be the boot.img
You will need to push that to an android device and patch it with magisk manager.
Once that is done replace the B1AMD0D0CV00.mbn in your copy of the firmware with the patched boot.img
Boot it back into emergency download mode as previously stated
Close and reopen sugar
Copy your firmware copy back into C:\Program Files (x86)\SUGAR QCT_SP_Gotu2\bin\ be sure it is the same folder structure
Now select your model again and then press the upgrade button in sugar this will now flash your modified firmware to the device.
Once it finishes hold the power button for a few minutes so it will restart out of EDL mode, use a rubber band or something to apply pressure to it so you don't have to hold it
When it restarts and powers up then go through setting the phone up and install magisk manager and you're rooted.
Thanks to @StormSeeker1 for telling me about holding the power button for a few minutes to get out of EDL previously you had to let the phone die to get out of it which is a pain.
Interesting, shall do it tomorrow.
Curious, this doesn't use the root exploit discussed in other threads? Where is (7) downloading from?
snoopy20 said:
Interesting, shall do it tomorrow.
Curious, this doesn't use the root exploit discussed in other threads? Where is (7) downloading from?
Click to expand...
Click to collapse
It doesn't use any root exploit, it's downloading the firmware directly from TCL servers, the tool used is designed for service centers.
If they are the same hardware, it should be possible to flash Vodaphone over the top?
snoopy20 said:
If they are the same hardware, it should be possible to flash Vodaphone over the top?
Click to expand...
Click to collapse
They are signed with different keys, so it will probably cause the device to boot loop and or not startup. I would not recommend trying it.
Is it possible to dump the radio files from an network unlocked device, and use these files to unlock Verizon network.
Any other ideas to unlock network?
Current findings:
1. Remove the Verizon sim warning.
Simply edit the /vendor/build.prop and modify line "ro.product.vzw=true" to false. However, it has a side effect, causing the contacts in dailer FC while browsering.
2. Enable diag, serial and QMI
One method is dialing "###2324#", another approach is launching "EngineerMode" through apps like quickshortcutmaker, then navigate to Connectivity - DiagProtector.
3. Boot animation path
/Vendor/JRD_custres/media/
4. Most garbage apps path
/Vendor /priv-app/
Every time I try to replace the MBN files after being patched the utility keeps redownloading the originals. Any advice?
xswxm said:
Is it possible to dump the radio files from an network unlocked device, and use these files to unlock Verizon network.
Any other ideas to unlock network?
Current findings:
1. Remove the Verizon sim warning.
Simply edit the /vendor/build.prop and modify line "ro.product.vzw=true" to false. However, it has a side effect, causing the contacts in dailer FC while browsering.
2. Enable diag, serial and QMI
One method is dialing "###2324#", another approach is launching "EngineerMode" through apps like quickshortcutmaker, then navigate to Connectivity - DiagProtector.
3. Boot animation path
/Vendor/JRD_custres/media/
4. Most garbage apps path
/Vendor /priv-app/
Click to expand...
Click to collapse
I put my t-mobile sim into mine and it worked fine no edits needed and mine is officially locked to verizon.
kotaKat said:
Every time I try to replace the MBN files after being patched the utility keeps redownloading the originals. Any advice?
Click to expand...
Click to collapse
Are you postive that the folder structure is the same?
deadman96385 said:
I put my t-mobile sim into mine and it worked fine no edits needed and mine is officially locked to verizon.
Are you postive that the folder structure is the same?
Click to expand...
Click to collapse
I am using another carrier, not USA ones, and it has problems with 4G network.
it works, thanks
Just began mind. So far it's stuck on 2%.
Regarding flashing Vodaphone over Verizon, if the ROM files are signed with different keys then modifying the boot.img will surely break the signage?
snoopy20 said:
Just began mind. So far it's stuck on 2%.
Regarding flashing Vodaphone over Verizon, if the ROM files are signed with different keys then modifying the boot.img will surely break the signage?
Click to expand...
Click to collapse
Are you still stuck at 2%? Of downloading, or of flashing?
deadman96385 said:
I put my t-mobile sim into mine and it worked fine no edits needed and mine is officially locked to verizon.
Are you postive that the folder structure is the same?
Click to expand...
Click to collapse
tapa_t said:
Are you still stuck at 2%? Of downloading, or of flashing?
Click to expand...
Click to collapse
Tried flash pvg100e over pvg100, it will stuck at the beginning and the program won't flash.
xswxm said:
Tried flash pvg100e over pvg100, it will stuck at the beginning and the program won't flash.
Click to expand...
Click to collapse
Doesn't that empirically prove that different versions have different signatures, or at least ROM's are different enough to prevent switching over? Maybe we are just so lucky that boot.img is not checked as rigorously.
Is pvg100e for Vodafone? Where did you get the ROM if your device is pvg100?
Does it finish flashing if you do pvg100 over pvg100?
tapa_t said:
Doesn't that empirically prove that different versions have different signatures, or at least ROM's are different enough to prevent switching over? Maybe we are just so lucky that boot.img is not checked as rigorously.
Is pvg100e for Vodafone? Where did you get the ROM if your device is pvg100?
Does it finish flashing if you do pvg100 over pvg100?
Click to expand...
Click to collapse
The tool deadman provided definitely works if u follow the instruction and choose the right version.
For the signature issue, maybe u can find the answer in another thread about temporary root.
As to the version problems, pvg100 is for Verizon.
To my knowledge, the pvg100e is for many other vendors, such as Vodafone, and the UK version maybe share the same model name. There is another version pvg100eu, for European. U can find more evidence in the temporary root thread.
So far the following:
Windows 10 64 - goes to 2% then after a few seconds a 5002 error.
Windows 7 64 inside Virtualbox - goes to 2% and then doesn't move.
I've tried the drivers and others on the web although the latest is around 2014/15.
xswxm said:
The tool deadman provided definitely works if u follow the instruction and choose the right version.
For the signature issue, maybe u can find the answer in another thread about temporary root.
As to the version problems, pvg100 is for Verizon.
To my knowledge, the pvg100e is for many other vendors, such as Vodafone, and the UK version maybe share the same model name. There is another version pvg100eu, for European. U can find more evidence in the temporary root thread.
Click to expand...
Click to collapse
Checked last night, mine, pvg100, is snapdragon 430, and the China mainland version is pvg100c with snapdragon 435.
deadman96385 said:
It doesn't use any root exploit, it's downloading the firmware directly from TCL servers, the tool used is designed for service centers.
Click to expand...
Click to collapse
I'm not looking to root right now, but if I'm understanding this correctly this should mean that I can use SugarQCT to pull the latest version (1AMD) firmware for my Palm that doesn't show any OTA's available and is still on the original 1AGL firmware. Is that correct?
Thanks for making this happen, deadman96385!
tapa_t said:
Doesn't that empirically prove that different versions have different signatures, or at least ROM's are different enough to prevent switching over? Maybe we are just so lucky that boot.img is not checked as rigorously.
Click to expand...
Click to collapse
No need for empirical proof, I did the analysis here.
The difference is: the early part of boot is Qualcomm code using Qualcomm security. These are the "pbl", "sbl/edl" and "aboot/fastboot" programs (and also "modem", "tz" and other bits). These were the parts that I was looking at in the link above.
When "aboot" completes, it hands over to the late part of boot, which is Android code using Google security. These are the "boot.img/Linux kernel" programs, "recovery", "system", "vendor", "data", etc. They use a different security model. That's what this root method targets. You are correct when you say "Maybe we are just so lucky that boot.img is not checked as rigorously".
It does imply that you can mix the PVG100 Qualcomm partitions for "early boot" with the PVG100E Android partitions for "late boot" and vice-versa. But someone with motivation needs to test this... (No, you can't unlock cellular bands this way; the "modem" partition is from Qualcomm and must match your hardware.)
A good diagram is below; Source (and explanation): https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html -- I recommend studying this article.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ssuds said:
I'm not looking to root right now, but if I'm understanding this correctly this should mean that I can use SugarQCT to pull the latest version (1AMD) firmware for my Palm that doesn't show any OTA's available and is still on the original 1AGL firmware. Is that correct?
Click to expand...
Click to collapse
This should work. Keep in mind that whilst 1AMD seems to be fine, future versions may (permanently) close the vulnerabilities that allow you to get root, modify system partitions or use the current version of SugarQCT. I don't think this will happen but we should all keep the possibility in mind.
Which Windows version are people using? I've tried W10 and also W7 through a virtualbox but with the above errors.
Related
Stock firmware
Rogers B05 Firmware
https://www.androidfilehost.com/?fid=1395089523397891291
Separate Firehose download
https://www.androidfilehost.com/?fid=1395089523397891292
ZTE Kernel source mirror (We are codenamed Helen)
https://www.androidfilehost.com/?fid=1395089523397891289
Here is a step by step guide on how to flash the stock rom with QFIL and by extension any image.
Download and install the Qualcomm drivers from here
Download the firmware from above
Extract the firmware to a folder that you can easily access them from like your desktop
Download and install QPST from here
Open the QFIL application (Find it in your start menu)
In the "Select Build Type" field select Flat Build
In the "Select Programmer" field navigate to the folder you extracted the firmware and support files to and select the prog_emmc_firehose_8909.mbn file
Select the "Load XML" button and navigate to the folder you extracted the firmware and support files to and select the rawprogram0.xml and then the patch0.xml when prompted.
Plug in your tablet
Run the following adb command "adb reboot edl" (Now the screen should be blank but the led light should be red)
If the text at the top of the QFIL application says "No Port Available" click the "Select Port..." option and pick your device. If your device isn't showing up there you didn't install the drivers properly.
Click the Download Button to begin flashing your device
So the above explains how to flash everything if you want to flash just boot or recovery use the tool in the 2nd post it is a lot easier
Warning
This is a dangerous tool. It can render your device permanently unusable. If you use it, your warranty will likely be void. You accept all responsibility for the consequences.
Acknowledgments
Special thanks to @tdm for taking the firehose I got and creating the k81tool with it!
Note Well
The first rule of intelligent tinkering is to save all the parts.
Always backup your partitions before writing new contents, so that you can get back to where you started.
Never write both boot and recovery in one session. Always make sure that you can boot into the other partition in case something fails.
Preparation
Download magisks patched boot.img from here.
Download k81tool from here.
Setup your computer.
Setup for Windows
Download zadig.
Boot your device in EDL mode (see below).
Windows will want to install the Qualcomm USB driver. We won't be using it so cancel.
Run zadig. Find device 05c6:9008 and install the WinUSB driver for it.
Reboot your device and rerun steps to go back to EDL mode
Booting in EDL mode
Code:
adb reboot edl
Usage
Code:
k81tool.exe <read|write> <boot|recovery> <filename>
Example:
Code:
k81tool.exe read boot stock-boot.img
Code:
k81tool.exe write boot patched_boot.img
Multiple Operations
This is a "one-shot" tool. After performing an operation, it will reset the device with a 5 second countdown. If you wish to perform multiple operations (eg. backup, flash), simply re-enter EDL mode.
Common Problems
Device was not found
First enter EDL mode, then run the tool.
Device is visible in device manager but cannot be found by the tool.
Connect directly to the PC, not through a hub.
Windows says bad file descriptor
The WinUSB driver is not installed.
Once you flash the patched_boot.img all you need to do is install the magisks manager and you will have root enjoy!
Proof of root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Place Holder for TWRP
bad links??
Hi
First, thank-you, thank-you, thank-you x 100. I've been looking for a method to root this device from the day I got it as an add on to my cell plan. Not sure if I am missing something but when I click on the androidfilehost links I get taken to a home page but there is no file to download for all three links. Initially I thought I might have to register so I did that but the links still just take you to the Home advert page Could you update the links when you get a chance - thanks !!
edit - I have a couple of questions -As you have been the first to root the device there are obviously no custom firmware builds available so we stick with stock, correct? We will be able to remove the bloatware on stock because it's rooted though, correct? I also use tasker and the AutoApps suite for automation and I need root for some of my tasks so this is a huge step in the right direction. Lastly in order to root the device do we need to do follow all steps in the first post and then complete the steps in the second post? Or is the second post just a different way to do what was done in post 1? I'm excited to root this so thanks for fixing those links! Thanks again for all your work.
ryanoc75 said:
Hi
First, thank-you, thank-you, thank-you x 100. I've been looking for a method to root this device from the day I got it as an add on to my cell plan. Not sure if I am missing something but when I click on the androidfilehost links I get taken to a home page but there is no file to download for all three links. Initially I thought I might have to register so I did that but the links still just take you to the Home advert page Could you update the links when you get a chance - thanks !!
Click to expand...
Click to collapse
Sorry about that somehow the links broke, I have updated them so now they are proper.
Hey guys. Having a little trouble. I keep on running into "Failed: unknown error" when I try to flash the patched boot.img that was provided. I managed to read the stock boot image with no problems, but writing just runs into this error.
Thoughts?
I am using the Bell variant so I hope that isn't the source of it
Post Root questions
Hi
I'm about to try to root the device, assuming it goes according to plan, can we then install SuperSU? Do we need a TWRP for the device if we want to install another ROM and are there generic ROMS out there that would work on this tablet? Sorry if these are noob questions, I've been an apple jailbreaker for years and just bought and rooted and installed a custom ROM on a Samsung Galaxy S4. I installed a new android tablet NAV in my BMW and I needed a device to act as a hotspot, so I use Tasker and AutoApps with it to automate the process and it works really well. When I rooted the Galaxy S4 there are a ton of ROMS available for every variant so it was easy to follow the instructions. However, this is totally new territory for me. This device isn't nearly as popular so I wondered what options are available to us once we have it rooted?
same issue failed unknown error
Hi
I am using the Rogers K81 and I am encountering the same failed unknown error when I try to write the patched boot file. I also was able to read the firmware file without issue. I rebooted into edl mode and then tried to write the patched file -
NB - for those who have yet to try, move the k81tool.exe and the patched boot file to your c drive and make sure your at the root of c and then remove the B05 in the patch file name so that it can find the file if you are just cutting and pasting the command line instructions above, otherwise you'll get an error that it can't find the file. If the k81tool.exe isn't in the current directory you are in you will get an error saying k81tool.exe is not a known command ..etc.etc. This might seem obvious to some but for those with little command line experience, it will save you from having to post questions about your errors.
There is a product ZTE primetime K92 which is a successor of a ZTE K81.
Do you plan to support root for ZTE Primetime K92?
huaji2333 said:
There is a product ZTE primetime K92 which is a successor of a ZTE K81.
Do you plan to support root for ZTE Primetime K92?
Click to expand...
Click to collapse
A friend of mine has the k92, and currently it has a locked bootloader even with the firehose and all. So he is working to find an exploit to allow it to be unlocked. But no ETA at this time.
Sent from my iPhone using Tapatalk
Thank you for providing this. I have the Virgin Mobile device currently. Just a question before I try this. My past experience with a tablet from Rogers a few years ago was that whenever you put a different sim card in, it would force you to reset the entire device. To get around this, I was lucky that there were other generic firmware available for that device. Does the Rogers firmware that you provide force a reset if you change the sim? I'd ideally like to have the option to change sims when traveling. Thanks.
I own a Virgin Mobile Canada ZTE K81 tablet. As much as I like a rooted device, my goal, if possible, is to replace the Bell firmware with the Rogers firmware. The reason I would want to do this is because Bell has done some nasty things with this tablet. The SIM card is IMEI locked to this tablet, I cannot use the SIM card on anything else. So I decided this tablet could be used as a wifi hotspot. Unfortunately, Bell did something to the firmware to make wifi and bluetooth tethering impossible.
I guess the other question I have is will the IMEI lock still work on this Bell tablet after the Rogers firmware is installed?
wow i didn't think development for this device would've gotten this far already. we're gonna need our own device forum soon
---------- Post added at 12:20 PM ---------- Previous post was at 12:19 PM ----------
bridonca said:
I own a Virgin Mobile Canada ZTE K81 tablet. As much as I like a rooted device, my goal, if possible, is to replace the Bell firmware with the Rogers firmware. The reason I would want to do this is because Bell has done some nasty things with this tablet. The SIM card is IMEI locked to this tablet, I cannot use the SIM card on anything else. So I decided this tablet could be used as a wifi hotspot. Unfortunately, Bell did something to the firmware to make wifi and bluetooth tethering impossible.
I guess the other question I have is will the IMEI lock still work on this Bell tablet after the Rogers firmware is installed?
Click to expand...
Click to collapse
imei locks are independent of the device itself. you need to get the carrier to give you an unlock code
Online Gravy said:
wow i didn't think development for this device would've gotten this far already. we're gonna need our own device forum soon
---------- Post added at 12:20 PM ---------- Previous post was at 12:19 PM ----------
imei locks are independent of the device itself. you need to get the carrier to give you an unlock code
Click to expand...
Click to collapse
I got Bell to IMEI lock the SIM to another, better tablet, a LG G Pad IV 8.0 FHD (LGV533) from Fido. The SIM works perfectly, I can now wifi tether!
That makes it an easier choice to hack at the Bell K81, now that the IMEI lock is not tied to this K81 tablet anymore. If the Bell K81 works with the Rogers firmware, bonus. If it bricks, not the end of the world. My data plan will still work. I just need to find the time to do the hack!
bridonca said:
I got Bell to IMEI lock the SIM to another, better tablet, a LG G Pad IV 8.0 FHD (LGV533) from Fido. The SIM works perfectly, I can now wifi tether!
That makes it an easier choice to hack at the Bell K81, now that the IMEI lock is not tied to this K81 tablet anymore. If the Bell K81 works with the Rogers firmware, bonus. If it bricks, not the end of the world. My data plan will still work. I just need to find the time to do the hack!
Click to expand...
Click to collapse
I have flashed my Bell k81 with Rogers firmware and it works properly.
Sent from my iPhone using Tapatalk
any chance of getting Pie GO installed on this thing, mine lags to even tap and the stock settings leave only 400mb free of ram
I can't successfully flash the rogers firmware on the VM (Bell) device. When the flashing process gets to 'reading through the sparse file' for the userdata.img file, I get an error. The log reads:
{ERROR: sparse_open:1939 Didn't properly read the sparse_header!
If I delete this file as a test (not sure if that was a good idea), it continues on to reading the ddr.img file, but halts again and the error refers to this file being 0 bytes.
I may have missed a step. When is the kernel file used? Is the Rogers firmware file complete?
s_021 said:
I can't successfully flash the rogers firmware on the VM (Bell) device. When the flashing process gets to 'reading through the sparse file' for the userdata.img file, I get an error. The log reads:
{ERROR: sparse_open:1939 Didn't properly read the sparse_header!
If I delete this file as a test (not sure if that was a good idea), it continues on to reading the ddr.img file, but halts again and the error refers to this file being 0 bytes.
I may have missed a step. When is the kernel file used? Is the Rogers firmware file complete?
Click to expand...
Click to collapse
Delete DDR as well and any of the ones it complains about that are empty. When I have sometime I'll upload a new package with those removed.
Decided to try the k81tool to just root instead, but I'm getting the same Failed:unknown error as others have posted.
(Using VM stock firmware)
---------- Post added at 11:20 PM ---------- Previous post was at 11:14 PM ----------
If you put in a Rogers sim, does it attempt to do a hard reset or just the usual reboot?
thanks
deadman96385 said:
I have flashed my Bell k81 with Rogers firmware and it works properly.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
deadman96385 said:
Delete DDR as well and any of the ones it complains about that are empty. When I have sometime I'll upload a new package with those removed.
Click to expand...
Click to collapse
Deleting the files also fails. The error is {ERROR: handleProgram:8615 'ddr.img' not found. You could possibly try --notfiles=ddr.img,OtherFileToSkip.bin (note, exiting since you specified --noprompt)
Adding back ddr.img, the error is
{ERROR: handleProgram:8666 Filesize is 0 bytes. This is usually a mistake!! Please check 'C:\ZTE\rogers\ddr.img'
TWRP 331 Porting Thread for New UMIDIGI Power 4G
New thread for the new model UMIDIGI Power 4G Helio P35 Octa core Mtk 6765
Umidigi Power 4G MT6765 Octa Core 4G 4GB 64GB Android 9 Smartphone 6,3 inches
Everybody are Welcome!:good:
MANY THANKS TO OUR MODERATORS TO OPEN AGAIN THIS THREAD !
More attention to the Xda-developers Rules:
http://forum.xda-developers.com/announcement.php?f=256
Many thanks to "SUPER ADMIN" MR. MIKE
New twrp 331-test 1 for this device is builded!
Now need period of tests...
http://www.mediafire.com/file/cnqw8d2qkjqtp6k/Twrp_331_test1_Umi_Power.rar/file
reserved 1
Reserved 2
TWRP Not Working for Me
Finally received the phone today. Spent a few hours trying to get your TWRP port installed with no luck unfortunately. After flashing it via SP Flash Tool, I ran into an "Orange State" unlock warning (which I assume is normal). However it's followed by a bootloop. I can only get the phone to boot using the stock recovery.img. Any modifications to the recovery causes a loop.
On the other hand though, I was able to get root through Magisk (I'm using the latest 19.3 version), and patching the stock boot.img through the app, then flashing the patched boot.img to the phone with SP Flash Tool. I have Viper4Android working, which was my main reason for wanting root, so I'm satisfied for the most part. Can't wait to try this phone out as my daily driver!
SeekerofLight.iz said:
Finally received the phone today. Spent a few hours trying to get your TWRP port installed with no luck unfortunately. After flashing it via SP Flash Tool, I ran into an "Orange State" unlock warning (which I assume is normal). However it's followed by a bootloop. I can only get the phone to boot using the stock recovery.img. Any modifications to the recovery causes a loop.
On the other hand though, I was able to get root through Magisk (I'm using the latest 19.3 version), and patching the stock boot.img through the app, then flashing the patched boot.img to the phone with SP Flash Tool. I have Viper4Android working, which was my main reason for wanting root, so I'm satisfied for the most part. Can't wait to try this phone out as my daily driver!
Click to expand...
Click to collapse
I confirm the first part of this, same issue here... i'd like to flash a twrp for gsi purposes, but for now no luck
SeekerofLight.iz said:
On the other hand though, I was able to get root through Magisk (I'm using the latest 19.3 version), and patching the stock boot.img through the app, then flashing the patched boot.img to the phone with SP Flash Tool. I have Viper4Android working, which was my main reason for wanting root, so I'm satisfied for the most part. Can't wait to try this phone out as my daily driver!
Click to expand...
Click to collapse
Can you write how you got the root of the law? Instructions for inexperienced users.
Thank you in advance.
Root UMIDIGI Power with Magisk
mr A V said:
Can you write how you got the root of the law? Instructions for inexperienced users.
Thank you in advance.
Click to expand...
Click to collapse
Sure thing! Here's a Magisk root guide for anyone just getting started that I wrote up just now. (All mentioned files are provided in the zip.)
Step 0 - Download the Attached Zip File Below
Google Drive Mirror
Mediafire Mirror
MEGA Mirror
Step 1 - Drivers
Install the MediaTek drivers by running "DriverInstaller.exe". These are the drivers that worked for me. But if you have issues with them in Step 5, Google "Mediatek MT65xx USB VCOM Drivers" (or some variation of that) and try some others you can find.
-----------------------------------
Step 2 - Install ADB Interface
Install the Android SDK (ADB Interface). To do this drop the platform-tools folder (from the Step 2 folder) into your C:\ directory. Press the windows start button and search for "Environment Variables" and click on "Edit environment variables" from the results. Under SYSTEM VARIABLES on the bottom (not User variables above it) click on the "Path" variable, and click edit. In the new window that appears, hit "Browse..." and click on the "platform-tools" folder that you placed in your C:\ directory.
All this does is allows you to easily input adb commands into command prompt with no issues. This will be used to verify that the device is appearing properly and issue commands in case of emergency.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
-----------------------------------
Step 3 - Install Magisk
Copy the Magisk.apk to your phone and install it.
(This is where you can then copy the boot.img to your device and patch it via the Magisk app to create the "magisk_patched_boot.img" file, however I have included the already patched file in Step 6 for the UMIDIGI Power so you don't need to.)
Also, this is the Magisk v19.3 Beta, but you can install another version.
-----------------------------------
Step 4 - OEM Unlocking/USB Debugging Mode
On your phone, go to Settings >> System >> Developer Options. (If you haven't activated Developer Options yet, do that by going to About Phone >> Build number, and tap it a bunch of times, but I'm sure you already know this lol)
In Developer Options, turn on "OEM Unlocking" to unlock the bootloader, and USB Debugging.
-----------------------------------
Step 5 - Verify That Your Phone is Detected with ADB
Connect your phone to your PC. Make sure you click "Allow USB debugging" on your phone. Then open up Command Prompt. (Protip: Type "color a" and press Enter if you want to feel like a REAL HACKERMAN.) Now, type in "adb devices" and verify that your phone is detected by your computer. If it's detected, then that's perfect you can move on to Step 6. If not, then uh... you may have to try and find some other MediaTek drivers mentioned in Step 1.
-----------------------------------
Step 6 - Set up SP Flash Tool
Open up SP Flash Tool on your computer by running "flash_tool.exe" in the SP Flash Tool Folder. (If at any time it shows a "Processing" window for some reason, just close and reopen the program if it doesn't go away on its own.)
On the first line choose "MTK_AllInOne_DA.bin". And the third line "Authentication File" can be left blank.
On the second line where it shows "Scatter-loading File", hit "choose" and find the "MT6765_Android_scatter.txt" file in the Step 6 folder. It'll load up and show a bunch of green/white rows in the space below.
Now this looked intimidating to me at first, but it's actually quite simple. As far as I understand (and I could be wrong but), the scatter file just tells the program where to place certain files, like a map for the program to follow. The scatter file I provided is for the UMIDIGI Power. The only thing we'll worry about for now is the boot.img file (but in the future, this is where you could also install a TWRP recovery once we get one that is confirmed to work.)
So in the white/green list, scroll down to where it says "boot" in the "Name" column, and click on the blank area in the "Location" column. It will bring up a window where you can browse to the "magisk_patched_boot.img" that I provided.
-----------------------------------
Step 7 - The Big Huzzah (Rooting)
Power off your phone and make sure it's UNPLUGGED. On SP Flash Tool, click "Download". This prepares the program to begin flashing your phone as soon as it is connected. Grab your phone with one hand, and with your other hand plug in the USB cable (if you only have one hand, use your mouth I guess). Your screen should not turn on at all throughout this process, but if it's successful, you should see that the program begins to flash your device after a second or two. Now just wait until it reaches 100% and says "Download Ok" with a green checkmark. And you're pretty much done!
You can then boot up your phone and check the Magisk app, as well as download a root checker from the Play Store to confirm that your phone has root access! Have fun!
Thank you, far-away friend from me, that you are such a sympathetic person! Thank you for writing everything so quickly and in detail. As soon as I receive my phone, I will definitely try to do everything as you wrote.
Tell me, do you plan to install any firmware on this device? For example, Miui. Or are you satisfied with the stock?
mr A V said:
Thank you, far-away friend from me, that you are such a sympathetic person! Thank you for writing everything so quickly and in detail. As soon as I receive my phone, I will definitely try to do everything as you wrote.
Tell me, do you plan to install any firmware on this device? For example, Miui. Or are you satisfied with the stock?
Click to expand...
Click to collapse
No problem! Unfortunately I don't see many custom ROMs coming to this phone, considering it's not a very popular device. I'd guess our best bet is to hope that the UMIDIGI F1 gets some support, and that anything on there can hopefully be ported over to this phone, but even that device isn't very popular either. For me though, that's not a huge issue because I'm actually quite satisfied with the stock firmware it has on board. It's basically stock Android Pie, and I've been able to add all the extra goodies I want into the phone through Magisk Manager and EdXposed with very minor issues. Most notably Viper4Android to fix the slightly tinny speakers and pump up the overall headphone experience too, and Gravity Box for some extra minor software customization.
Overall, I'd say the biggest downside to this device is the limited camera capabilities, and its somewhat limited performance for heavier tasks like 3D games / game streaming. But other than that, this feels like a very premium device. :good:
I thought about the fact that it is you who can transfer other firmware to this device. As a developer, let's say.
On the F1 already installing the firmware AOSP, LOS and other projects. But need to flash these firmware through TVRP recovery. For our device, there is no such recovery yet.
I have little understanding of the intricacies of the android. Sorry if my questions seem silly.
If we take the firmware for F1, for example AOSP, will it have to be somehow changed for our UD Power? Or can just take the archive, as it is, and flash it?
The processor of our smartphone is not very strong, so it is not for games. It is also not clear what RAM is installed. It looks like the manufacturer has installed a cheap part. Put single-channel LDDR 3. So he made a low price. At the expense of device performance.
mr A V said:
I thought about the fact that it is you who can transfer other firmware to this device. As a developer, let's say.
On the F1 already installing the firmware AOSP, LOS and other projects. But need to flash these firmware through TVRP recovery. For our device, there is no such recovery yet.
I have little understanding of the intricacies of the android. Sorry if my questions seem silly.
If we take the firmware for F1, for example AOSP, will it have to be somehow changed for our UD Power? Or can just take the archive, as it is, and flash it?
The processor of our smartphone is not very strong, so it is not for games. It is also not clear what RAM is installed. It looks like the manufacturer has installed a cheap part. Put single-channel LDDR 3. So he made a low price. At the expense of device performance.
Click to expand...
Click to collapse
I definitely consider myself to be a major noob with the more advanced Android development stuff. I only know enough to find my way around the internet and flash compatible software, haha. I've never looked into creating ports myself, but it's certainly something I think might be worth learning, especially with the limited device support on these phones.
And yeah, in terms of performance I don't expect much out of a phone at this price point, but for all the essentials - music, 1080p YouTube, web browsing, and mid to light gaming, it's surprisingly great considering the price. I haven't had any issues with the memory as of yet, so I wouldn't be too concerned, although you're definitely right in that they probably source some pretty cheap parts for these kind of phones.
SeekerofLight.iz said:
Sure thing! Here's a Magisk root guide for anyone just getting started that I wrote up just now. (All mentioned files are provided in the zip.)
"stubbed guide"
Click to expand...
Click to collapse
It works like a charm, thank you! by the way, were you able to boot that twrp or still nothing? and if you made it, were you able to flash a gsi over that too? i'm unable even to boot that twrp
---------- Post added at 09:30 AM ---------- Previous post was at 09:29 AM ----------
ghost45 said:
TWRP 331 Porting Thread for New UMIDIGI Power 4G
New thread for the new model UMIDIGI Power 4G Helio P35 Octa core Mtk 6765
Umidigi Power 4G MT6765 Octa Core 4G 4GB 64GB Android 9 Smartphone 6,3 inches
Everybody are Welcome!:good:
MANY THANKS TO OUR MODERATORS TO OPEN AGAIN THIS THREAD !
More attention to the Xda-developers Rules:
http://forum.xda-developers.com/announcement.php?f=256
Many thanks to "SUPER ADMIN" MR. MIKE
Click to expand...
Click to collapse
Can i ask you a guide on how were you able to boot it? i'm only getting a bootloop after flashing that from SPFlash
I will build one other version of recovery soon...
mg95tux said:
It works like a charm, thank you! by the way, were you able to boot that twrp or still nothing? and if you made it, were you able to flash a gsi over that too? i'm unable even to boot that twrp
Click to expand...
Click to collapse
Glad to hear it worked for you!
Still nothing. Unfortunately I haven't had any luck with booting into TWRP since I last tried it. Hoping ghost45 will be able to help us out with that when he gets the chance.
Bootloop - Secureboot
Nevermind, bootloader locked.
just type on CMD:
adb reboot bootloader
then
fastboot flashing unlock
Andre_Filho said:
Nevermind, bootloader locked.
just type on CMD:
adb reboot bootloader
then
fastboot flashing unlock
Click to expand...
Click to collapse
remember to allow oem unlock from developer settings in stock rom, otherwise it will fail!
SeekerofLight.iz said:
Finally received the phone today. Spent a few hours trying to get your TWRP port installed with no luck unfortunately. After flashing it via SP Flash Tool, I ran into an "Orange State" unlock warning (which I assume is normal). However it's followed by a bootloop. I can only get the phone to boot using the stock recovery.img. Any modifications to the recovery causes a loop.
On the other hand though, I was able to get root through Magisk (I'm using the latest 19.3 version), and patching the stock boot.img through the app, then flashing the patched boot.img to the phone with SP Flash Tool. I have Viper4Android working, which was my main reason for wanting root, so I'm satisfied for the most part. Can't wait to try this phone out as my daily driver!
Click to expand...
Click to collapse
How do you manage to work Viper.
Cause i'm having some problems, tested all versions and my Driver always stays on "Active: NO Format: Unsuported.... Abnormal"
BusyBox also don't seens to work.
:/
Some help?
Andre_Filho said:
How do you manage to work Viper.
Cause i'm having some problems, tested all versions and my Driver always stays on "Active: NO Format: Unsuported.... Abnormal"
BusyBox also don't seens to work.
:/
Some help?
Click to expand...
Click to collapse
The trick to getting Viper4Android to work is to make sure you have SELinux set to "PERMISSIVE" rather than "ENFORCING" on your phone. Here's a handy little app designed to automatically set it to permissive on boot!
https://forum.xda-developers.com/devdb/project/?id=1561#downloads
And for BusyBox, I was having issues too at first because I think with systemless root, BusyBox can only be installed in /sbin, which gets wiped after each boot. So I searched for "BusyBox" in the Magisk app and found a module called "BusyBox for Android NDK" which has worked perfectly for me.
One thing to note...
Sometimes SELinux doesn't always get changed automatically everytime you boot up. It's pretty consistent, but every once in awhile you may need to manually set it to permissive mode again if things don't seem to be working. But it's literally just pressing a single button, so not a big deal.
The other thing is with Viper itself- At times when I launch the app, the driver status says "abnormal" even after I've toggled SELinux to permissive. If you go into settings and toggle "compatibility mode" or "attach audio effects" on and then off that seems to refresh the driver status. Not sure why, but it works.
Let me know if you have any issues.
TWRP for UMIDIGI POWER
I ask for help in creating TWRP for UMIDIGI POWER firmaware ROM v1.5
Please make for this model TWRP
I am very grateful to you - I unlocked the phone and got the rights Root rights.
It remains only to create a TWRP for UMIDIGI POWER
At this forum, competent specialists and for other models everything is already done.
Maybe there is a website where you can make an order to create a TWRP?
Unfortunately, I do not know English and I do not know how to apply.
I would be very grateful and ready to test your work.
Hello everyone ...
I hope you all are fine...
Merry Christmas and Happy New Year in Advance, like really really in advance lol ...
First, I'd like to say God Bless @Dr.Ketan, @geiti94 & @ianmacd as a Samsung Device owner, I've always rooted my device through their hard efforts in making guides and flashables and God Bless @topjohnwu for Magisk...
God bless all developers contributing to XDA Forum too...
Right, so after getting the root on the phone, especially in the new Android OS or the majority of Android devices or so,
The boot-up screen wasn't like what we were used to,
There are many warnings which kind of screams ROOTED device aside from not being beautiful...
I decided on my Samsung Galaxy Note 10 to fix that, experimented and I loved it, but one thing happened...
Just like I did with the SoundMod to enable Duel Speaker on my previous phone, Many members posted asking if it can be done for their device...
So here I am, Opening another tutorial thread that hopefully would be helpful to many of you on how to handle the problem of removing the annoying boot warning...
So let's get started but first:
Important Notice (Hijack not intended):
I did search in XDA thread for different devices (randomly selected) and some had a thread and some did not for fixing the warning...
What I want to say is, I am sharing my own experience and experiment from my Galaxy Note 10 Plus and Galaxy Note 20 Ultra...
My Intentions are to simply support all Devices with a solution as much as I can (I sadly don't have time to check the Snapdragon but I did try with @louforgiveno & I thank him for experimenting with me, forgive me for not being able to help snappy users, if I get the time, I will defiantly look into making it possible)...
Click to expand...
Click to collapse
ok now, next is getting your files ready, you will need:
7-Zip Zstandard Edition credits go to Tino Reichardt...
Your Original ROM (You mainly need the BL aka Bootloader file but it's good to have the original ROM), get it from the website or XDA, if you just want to remove the boot warning and don't want to download the entire ROM then regardless of the CSC version, make sure the ROM or the BL you will grab has the exact boot screen of yours, again, you only need the BL (Bootloader) file which would look like BL_****_****_****_***_***_why_so_long_name.tar.md5 or so...
Now the instructions, LET'S GO:
BACKUP YOUR PHONE BEFORE FLASHING ANYTHING, ok sorry for yelling, I just don't want to see any of you go through the hustle of going into boot loops or anything else...
Install the 7zip Zs edition...
now right-click on the BL file and to 7-Zip ZS -> open archive...
Drag the file up_param.bin.lz4 outside anywhere you want...
now right-click on the up_param.bin.lz4 and 7-Zip ZS -> extract here, you will have up_param.bin...
now right-click on the up_param.bin file and 7-Zip ZS -> open archive...
Inside 2 images are important, 1 is the warning in red font and the other is the logo if you wish to customize your boot screen, make it cool or keep it as it is stock...
So drag the following "logo.jpg" and "booting_warning.jpg" to anywhere you want and minimize the window...
Some of you may ask & wonder about "svb_orange.jpg" as this is the bootloader warning , yes true, but there is no need for it if you wish to have a normal boot screen
Click to expand...
Click to collapse
Edit with paint "booting_warning.jpg" and make it completely black...
Now for "logo.jpg" you have 2 options:
If you want to show the stock logo instead of bootloader warning, rename "logo.jpg" to "svb_orange.jpg" and you're done...
If you want a custom logo, edit the logo without resizing or changing its dimensions, make a duplicate, one will be "logo.jpg" and the other is "svb_orange.jpg"...
Now open the minimized window or if you closed the window then right-click on the up_param.bin file and to 7-Zip ZS -> open archive...
Drag the images back into the up_param.bin and close the window...
Now right-click on up_param.bin and 7-Zip ZS -> Add to archive...
Change Archive format to tar, change nothing else, and hit ok...
Feel free to change the name from up_param.tar to whatever you want like "I_am_cool_I_fix_bl_warning.tar" in my case I would write the device name and version with meaningful description "STOCK_NOTE_20_ULTRA_OS10_FIX_BL.tar", IT IS VERY IMPORTANT TO NOT USE SPACE, DOTS OR SPECIAL CHARACTERS WHEN NAMING THE FILE, ok ok, I am calm now...
Now Flash the tar file treating it as a BL file when flashing (NOT RECOVERY FLASHABLE)...
I think I said "now" a lot but don't worry we are done lol ...
Enjoy looking at your phone, no more warning or annoying press to continue, it will boot up like it used to ...
Here is an example of before and after for Samsung Galaxy Note 10 plus 5G, you should be able to tell which is before and which is after and what I mean by stock (10.1) and center (custom) (10.2)...
Spoiler: Show Example
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
<-- Before & After -->
Don't Forget to Smash the THANKS Button
and
if you're very happy, support or buy me a cup of coffee through a donation, that would be nice ...
... Happy Modification ...
F.A.Q
Q. Is it safe?
A. If you follow my instructions, yes, very safe, you are simply replacing images, of the bootloader, you just need to flash it as BL and not somewhere else...
Q. Do I need to backup?
A. ALWAYS BACKUP, ALWAYS BACKUP, ehm, ok ok I am calm, you always must have a backup when you want to flash anything...
Never experiment without backing up...
Q. What could go wrong?
A. Probably boot loop and you might need to reflash the stock and go through the process of rooting everything again unless you have a backup you can restore through your custom recovery...
Q. Can I have a custom boot screen?
A. Absolutely, you can have anything, just use the same dimensions of the image and don't make it heavy sized (seriously don't make it big, stick to its range like 200 Kbs is fair)...
Q. While I am there changing images, can I change other images?
A. You can but don't be surprised if you can't read anything written on the screen later lol...
Q. What is the impact of this on my Device?
A. Nothing, you just replaced your phone boot images...
Q. If I reflash the ROM, will it reset and go away?
A. Yes it will go and it will show you the bootscreen of the flashed ROM (stock or custom)...
Changelog:
-- 14th December 2020 - Written the instructions...
To be Done in the Future:
-- Video Tutorial...
Thank you man for the detailed steps… really appreciated…
me7tarfeek said:
Thank you man for the detailed steps… really appreciated…
Click to expand...
Click to collapse
You're most welcome...
I have a snapdragon N20 Ultra, to test it should I follow the same steps or there is something else?
Oni-X said:
I have a snapdragon N20 Ultra, to test it should I follow the same steps or there is something else?
Click to expand...
Click to collapse
This is Exynos solution...
I didn't have time for Snapdragon...
I'm trying to find some time and then I'll find a Snapdragon volunteer and work on finding a solution...
Dante63 said:
This is Exynos solution...
I didn't have time for Snapdragon...
I'm trying to find some time and then I'll find a Snapdragon volunteer and work on finding a solution...
Click to expand...
Click to collapse
I can help
Oni-X said:
I can help
Click to expand...
Click to collapse
Please DM me, and when i have time, i will message you with potential ideas on how to locate the boot images, keep in mind that you may have to reinstall the ROM or restore nandroid backup in case of any flashing failure or something goes wrong after successful flashing...
Would it be the same on the snapdragon USA version if its rooted and I am able to odin?
t2noob said:
Would it be the same on the snapdragon USA version if its rooted and I am able to odin?
Click to expand...
Click to collapse
No, as I mentioned, this is only for Exynos, I still didn't find any snapdragon user that wish to test with me and find a way to remove the annoying warning...
Dante63 said:
No, as I mentioned, this is only for Exynos, I still didn't find any snapdragon user that wish to test with me and find a way to remove the annoying warning...
Click to expand...
Click to collapse
I'm willing to you just need a boot from my device? It's a n9750u VZW note 10 +
t2noob said:
I'm willing to you just need a boot from my device? It's a n9750u VZW note 10 +
Click to expand...
Click to collapse
You need to pull a file from your phone, because snapdragon ROM is not easy to navigate through, files are uncompressed and installed by the device itself, unlike Exynos, we can extract and view files... the risks are when pushing back the file (that is if the file was found), will it boot normally, or will it end up in bootloop or make the system no longer functional, hence why I said take a backup and nandroid, it might be a long journey...
Dante63 said:
You need to pull a file from your phone, because snapdragon ROM is not easy to navigate through, files are uncompressed and installed by the device itself, unlike Exynos, we can extract and view files... the risks are when pushing back the file (that is if the file was found), will it boot normally, or will it end up in bootloop or make the system no longer functional, hence why I said take a backup and nandroid, it might be a long journey...
Click to expand...
Click to collapse
I have a backup from today I was messing with weta mod earlier. If your willing to give it a go I'll try my best
t2noob said:
I have a backup from today I was messing with weta mod earlier. If your willing to give it a go I'll try my best
Click to expand...
Click to collapse
Alright then, DM me please...
Let me know if I can help in any way I have US Galaxy Note 10+ (SM-N975U)
New Note 20 Ultra Firmware - N985FXXU1DUB6 Causes a boot loop. Could you have a look to check what has been changed ?
I did it successfully on the CU firmwares, but this has some sort of an issue..
Does it work on galaxy note 10 lite?
I'll take a chance on my note 10 lite.
It didn't work on the Galaxy Note 10 Lite, it looped infinitely, so I put the original images back in their proper locations and reinstalled the file up_param.tar, so the phone went back to work without needing to reinstall the Stock Rom.
hy sir iam using galaxy s20 fe exynos version with one ui 3.1 but iam not able unlock bootloader and oem unlock is disable as oem lock = lock(L) in download mode ,frp lock is off when ever i try to flash rom through odin it stucks and i get warning on download mode stating that ,custom binary blocked ,and kg state is = normal , what to do ?
NEW: Install official Global ROM on Chinese TB132FU running ZUI 14 or Fake globalDISCLAMER: Flashing on TB132FU is pretty much safe and a hard brick has not occured yet, but do it at your own risk. If anything goes wrong you can return to ZUI 14 using one of the restoration methods listed on the FAQ thread. ALL YOUR FILES WILL BE DELETED. Make a backup of your personal files before proceeding.
Did my work help you? Be free to buy me a coffee. PayPal me at @alsbvg
Current version: TB132FU_S000094_221117_ROW
To see what works and what doesn't check below.
To flash this version you will need:
1 - A computer running Windows
2 - Flashtool (attached to the thread)
3 - ADB drivers or UsbDk drives & MTK drivers
4 - ZUI 14 installed on your TB132FU. If you have fake global you can flash as well, but having ZUI is recommended.
5 - Firmware file
6 - Attention to the really detailed tutorial below.
How to flash
Preparation:
1 - Download and install the drivers provided above. If you already have them installed skip this step.
2 - On your computer create a folder on your Desktop. Name it LENOVO.
3 - Download the firmware file (download link provided above) and un-zip it inside the LENOVO folder on your desktop. So inside your LENOVO folder now you should have a folder called TB132FU_S000094 Global.
4 - Download the attached flash tool and un-zip it inside the LENOVO folder on your desktop. Now you have a folder called TB132FU_S000094 Global and a folder called MTK_Flashtool.
5 - Power off your TB132FU and disconnect it from your computer in case you have it connected.
Flashing:
1 - Go to the LENOVO folder, and open the folder MTK-Flashtool. Inside this folder find flash_tool and double-click to open it.
2 - Once it opens click the TAB download. Do not click the green arrow.
3 - For the Download agent click Choose. Navigate to your Desktop > Lenovo > MT_Flashtool and select the file MTK_AllInOne_DA_onyx_signed
4- For Scatter-loading file click Choose. Navigate to your Desktop > Lenovo > TB132FU_S000094 Global and select MT6893_Android_scatter.txt. You will see two files with the same name. Click the one with the paper with lines icon. Wait for it to load.
5 - For Authentication File click Choose. Navigate to your Desktop > Lenovo > MT_Flashtool and select the file auth_sv5
6 - You will see white and green lines below. Scroll down and find the line that starts with lk_a and UNMARK it. All the other options should be marked, only lk_a should be unmarked.
Ex:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
7 - Click the green arrow DOWNLOAD and plug in your tablet. Wait until it completes flashing the firmware.
And done. Once it is finished you can unplug your tablet and turn it on. You now should be running the latest global rom on your TB132FU;
What works:
Google Sync
HDR with true black
Productivity mode (PC mode)
And almost everything else. I'm still testing it.
What doesn't work:
OTA - once a new update is available it will be needed to be flashed manually losing all data. OTA did not work on a previous version.
Ultra-fast charging. It has Rapid charge but not the super fast charging available on ZUI
Some users reported L1 when flashing this global.
For users who lost L1 status, no solution to get it back from L3 yet. :/
"Scroll to the left" on the home screen to access the media center will not turn off even if you try manually setting it as off.
Time-zone issue: Factory reset it after the first boot to get it fixed.
You tell me what else is not working.
Thanks for the detailed explanation.
Some cuestions that you may have an answer for:
1. Has the bootloader to be unlock? What happens if I have the bootloader lock? (I lock mine with zui 14 in order to get L1)
2. Is there a way to change region code like in others lenovo models? Will it have any impact on OTAs?
3. Can you rollback to zui 14?
Thanks in advance. I think that will be able to have a full working rom with OTAs and L1 eventually. This is a huge step forward
als_bvg said:
What doesn't work:
Ultra fast charging. It has Rapidy charge but not the super fast charging available on ZUI
Click to expand...
Click to collapse
Out of curiosity, does the Chinese model have an Ultra fast charging?
My Global P11 Pro gen 2 does Rapid charge and my cable display caps out at 10w which I wouldn't say is rapid...
Same cable and charger gives me much faster speeds on my Galaxy S22U.
Pawnty said:
Out of curiosity, does the Chinese model have an Ultra fast charging?
My Global P11 Pro gen 2 does Rapid charge and my cable display caps out at 10w which I wouldn't say is rapid...
Same cable and charger gives me much faster speeds on my Galaxy S22U.
Click to expand...
Click to collapse
It does. The Chinese running ZUI has Ultra-fast charging with the original cable and charger.
tylerdanarg said:
Thanks for the detailed explanation.
Some cuestions that you may have an answer for:
1. Has the bootloader to be unlock? What happens if I have the bootloader lock? (I lock mine with zui 14 in order to get L1)
2. Is there a way to change region code like in others lenovo models? Will it have any impact on OTAs?
3. Can you rollback to zui 14?
Thanks in advance. I think that will be able to have a full working rom with OTAs and L1 eventually. This is a huge step forward
Click to expand...
Click to collapse
1 - You don't need the bootloader to be unlocked to flash this global version. I had Zui 14 with a locked bootloader and OEM locked, and the flashing worked. The OEM toggle will not be available once you use this version. It says you need to connect to the internet or contact your carrier.
2 - No way to change the region code so far. OTA will not work as described. It was tested on an older version. It will download and try to install but will fail. This is the latest rom so no OTA updates so far, we will have to wait to see if it will be the same.
3 - Yes, you can roll back to Zui 14. I did that quite a few times during my tests. Bricked the device more than 20 times and was always able to roll back to ZUI.
Thank you so much!
Generating User Accounts is working too? Wanted to use the tablet for the family, but ZUI doesn't offer accounts and Google Family doesn't work.
Hi. Thank you very much for the excellent work! Testing, so far so good. Do I have an L1 or am I misunderstanding something? Screenshot attached.
Thanks for the great work you do.
We have successfully implemented the global implementation.
My tablet is formatted with the SP Flash Tool. The serial number was lost at that time. (When I looked in the settings, the serial number was 0123456789ABCDEF.)
The serial number itself was recovered by rewriting the proinfo.bin. I think this formatting probably caused the Widevine-related settings to disappear and become L3.
I ask other L3 users, did you format with SP Flash Tool or python?
Flash mine today from ZUI 14 with bootloader lock, L1 and Google Play Certified to Global ROM and I kept L1, Google Certified Device and everything Is working. Even fast charging.
Thanks a lot! Let's see what happens when an OTA Will be available.
Hanswurstistda said:
Thank you so much!
Generating User Accounts is working too? Wanted to use the tablet for the family, but ZUI doesn't offer accounts and Google Family doesn't work.
Click to expand...
Click to collapse
I bought it for my daughter to use and have Family link for her Google Account and its all kinds of wonky (it shows my daughters account under Accounts then it vanishes. the only way I can add it back in is by signing into the Play store but then after an hour or so it goes. Works fine with my google account. Damn Family Link!)
(its on 14.0.413, and has an update pending for 14.0.640 ST). Not a clue how to check if its a modified ROM or what, but was going to try the above and see how it gets on.
Just to clarify fast charging Is shown on the screen but I don't if it's 10w ir 30w. I Will do some measures today and keep you posted
tylerdanarg said:
Just to clarify fast charging Is shown on the screen but I don't if it's 10w ir 30w. I Will do some measures today and keep you posted
Click to expand...
Click to collapse
Try the AccuBattery app, it may not be accurate, but it shows the charging current. I don't want to charge it yet. I will first discharge it and then install this app and start charging. It's convenient because it shows time to charge up to 100%.
daybreak7456 said:
Thanks for the great work you do.
We have successfully implemented the global implementation.
My tablet is formatted with the SP Flash Tool. The serial number was lost at that time. (When I looked in the settings, the serial number was 0123456789ABCDEF.)
The serial number itself was recovered by rewriting the proinfo.bin. I think this formatting probably caused the Widevine-related settings to disappear and become L3.
I ask other L3 users, did you format with SP Flash Tool or python?
Click to expand...
Click to collapse
Thanks for your input. I formated it before using the option "format + download" and serial number is now 012345678ABCDEF. I can try doing what you did with the file proinfo.bin. Any specific tutorial you used?
GeesRiK said:
I bought it for my daughter to use and have Family link for her Google Account and its all kinds of wonky (it shows my daughters account under Accounts then it vanishes. the only way I can add it back in is by signing into the Play store but then after an hour or so it goes. Works fine with my google account. Damn Family Link!)
(its on 14.0.413, and has an update pending for 14.0.640 ST). Not a clue how to check if its a modified ROM or what, but was going to try the above and see how it gets on.
Click to expand...
Click to collapse
Go to your settings menu. If you see the word ZUI anywhere, it's the Chinese model and you can flash the global if you want.
als_bvg said:
Go to your settings menu. If you see the word ZUI anywhere, it's the Chinese model and you can flash the global if you want.
Click to expand...
Click to collapse
Thanks! Yep, I have ZUI! I think its the family link attached to my daughters Google account that makes it annoying, but can't see any down sides in going to the Global to be honest. Can't get any worse... can it?!
GeesRiK said:
Thanks! Yep, I have ZUI! I think its the family link attached to my daughters Google account that makes it annoying, but can't see any down sides in going to the Global to be honest. Can't get any worse... can it?!
Click to expand...
Click to collapse
It shouldn't get any worse lol, but if your daughter is a kid you might benefit of a global rom, it has Kids space and the possibility of creating multiple users.
Awesome! Big thanks.
als_bvg said:
Thanks for your input. I formated it before using the option "format + download" and serial number is now 012345678ABCDEF. I can try doing what you did with the file proinfo.bin. Any specific tutorial you used?
Click to expand...
Click to collapse
What I did.
Install Python and mtkclient on a windows 10 computer.
python mtk rl --skip userdata "Destination path"
Backup everything but the user data with the above command
Open the backed up proinfo.bin with HxD and rewrite the serial number at the beginning.
python mtk wl "Destination path"
Flash the rewritten proinfo.bin with the above command.
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Please check the commands and other information on the website.
I used to be able to do this, but I just tried it with a globalised tablet and it didn't work: the BROM mode (press power and volume plus simultaneously to connect the cable) is difficult to connect and even if it does, an error message appears and the process stops. When I get more time, I will switch back to zui14 and give it a try.
daybreak7456 said:
What I did.
Install Python and mtkclient on a windows 10 computer.
python mtk rl --skip userdata "Destination path"
Backup everything but the user data with the above command
Open the backed up proinfo.bin with HxD and rewrite the serial number at the beginning.
python mtk wl "Destination path"
Flash the rewritten proinfo.bin with the above command.
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Please check the commands and other information on the website.
I used to be able to do this, but I just tried it with a globalised tablet and it didn't work: the BROM mode (press power and volume plus simultaneously to connect the cable) is difficult to connect and even if it does, an error message appears and the process stops. When I get more time, I will switch back to zui14 and give it a try.
Click to expand...
Click to collapse
Nice one! I can test it tomorrow. It's actually easier to pull the proinfo.bin file using MTK META Utility by using option Dump NV region. I was able to get and edit the file. Not sure how to flash it again on ZUI with a unlocked bootloader. But that's a start. I managed to get another Serial number by flashing another user's backup, but I still have L3, so might not be connected. I'll keep trying.
als_bvg said:
Nice one! I can test it tomorrow. It's actually easier to pull the proinfo.bin file using MTK META Utility by using option Dump NV region. I was able to get and edit the file. Not sure how to flash it again on ZUI with a unlocked bootloader. But that's a start. I managed to get another Serial number by flashing another user's backup, but I still have L3, so might not be connected. I'll keep trying.
Click to expand...
Click to collapse
I actually managed to get it back by flashing the edited proinfo.bin file using this command on ZUI with unlocked bootloader and OEM unlocked: fastboot flash proinfo proinfo.bin
Now let's see if it impacts or not L3. Testing...
Assurance Wireless
KonnectONE Moxee m2160
4G-LTE Smartphone
Model No. MH-T6000
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Unbricking & Factory
Firmware Restoration Guide
OVERVIEW:
This guide outlines detailed instructions on restoring the KonnectONE Moxee MH-T6000 smartphone to its stock factory state by flashing firmware via the Qualcomm Flash Image Loader (QFIL) software for Windows. The firmware provided is official and signed by the manufacturer. This procedure can be used to restore either a soft or hard bricked device. In addition, this guide would benefit device owners who are rooted or running a custom OS who wish to revert to an unmodified stock state. This firmware will remove any root binaries, custom recoveries, custom kernels, system-level mods, and will restore your smartphone with the unmodified stock Android OS.
DISCLAIMER:
Due to the invasive nature of this procedure, there is an inherent risk that you could damage or otherwise render your device inoperable. By proceeding further, you are assuming sole responsibility for the integrity and operability of your smartphone, thus absolving me of any civil liability in the event things go bad. The steps in this guide have been thoroughly tested. Follow the instructions carefully, pay attention to detail, and things should go smoothly. Nevertheless, you have been cautioned. In the event you are attempting to recover from a hard brick, your device is already unresponsive and inoperable. Thus, the risk involved in such a scenario is virtually inconsequential.
PREREQUISITES:
First and foremost, you will need a PC or laptop running Windows 7/8.1/10/11; the Qualcomm USB device drivers (link provided below); the factory supplied or a quality equivalent USB-A to USB-C charging/syncing cable; the Qualcomm Flash Image Loader (QFIL) v2.0.0.0 software (link provided below); and a factory firmware package for the Assurance Wireless KonnectONE Moxee MH-T6000 smartphone (link provided below). This procedure can be carried out regardless of the locked/unlocked state of your bootloader. Moreover, if your bootloader is in an unlocked state, it will remain in an unlocked state once the factory firmware is installed. Likewise, if your bootloader is locked, flashing the factory firmware will not alter its locked state.
FIRMWARE INFO:
OS/Version: Android 11 (Go Edition)
Build No. MH-T6000V1.0.0B010
Build Date: February 20, 2023
Build Type: User
API Level: 30
Security Patch: March 5, 2023
Radio Version:
MPSS.JO.3.4-00044-SDM439_GENNS_PACK-1
Kernel Version: 4.19.157-perf
Partition Scheme: Dynamic (Non-A/B)
Project Treble: Supported
Arch: armv7l (32-bit)
Java VM: ART 2.1.0
Widevine Version: 16.0.0
Widevine Security Level: L3
LTE Band Support: 2/4/5/12/25/26/41
LTE HPUE Bands: 66/71
QUALCOMM FLASH IMAGE LOADER:
For those members unfamiliar, the Qualcomm Flash Image Loader, or QFIL, is a portable software application used for flashing factory firmware to devices powered by Qualcomm chipsets. QFIL is a proprietary flashing protocol, developed by Qualcomm Technologies, Inc., and is also an inbuilt application to the Qualcomm Program Support Tool (QPST). The flashing protocol utilizes Qualcomm's proprietary Emergency Download Mode (EDL), one of the only solutions capable of fully restoring a completely hard bricked mobile device. This flashing method can restore a device in which the partition table has been corrupted or is missing entirely. It is also worth noting that QFIL is integrated with a QCN (Qualcomm Calibration Network) backup and restore feature. The QCN is a binary file which encompasses all calibration data for the various hardware components and sensors within the device. It also stores the baseband radio and network configuration settings, including unique identifiers such as your IMEI/MEID numbers. This valuable feature can be used to restore these settings and values if they become corrupted or lost due to a system-level issue or a botched user-end system modification.
For purposes of simplicity and efficiency, and because this procedure does not require the entire QPST software suite (which includes service programming tools, port configuration monitor, baseband radio diagnostic tools, and QFIL), we will be using the portable standalone version of the QFIL software application.
INSTRUCTIONS:
Download the Qualcomm USB drivers installer from the below link and save it to a convenient location on your PC or laptop. Double click on the .exe installer and follow the prompts for installation. On the Setup Type window, select the first option for WWAN-DHCP then select Next. Now accept the terms of the license agreement and compete the installation. Once completed, reboot your computer;
Download QFIL v2.0.0.0 and extract the contents of the archive to a folder on your desktop, or to another convenient directory on your PC or laptop;
Download the Moxee MH-T6000 firmware from the below link and extract the contents of the archive to a folder on your desktop, or to another convenient directory on your PC or laptop;
Double click QFIL.exe inside the QFIL folder (referenced in Step 2) to open the flashing utility. In the upper-left area of the QFIL interface, select the Flat Build option. Next click the Build tab, which will open the Windows File Explorer. Navigate to the extracted firmware folder you created in Step 3. Select the firmware file named prog_emmc_firehose_8917_ddr.mbn, then click Open. Next, click the Load XML... tab which will once again launch Windows File Explorer. Select the file named rawprogram_unsparse.xml, then click Open. On the next screen select patch.0.xml and select Open once more. The firmware package is now loaded and ready to flash;
Now you must initiate Emergency Download Mode (EDL) on your phone. EDL mode is a Qualcomm proprietary firmware flashing & diagnostic protocol To do this, first ensure your device is powered off (unless, of course, your device is hard bricked, in which case it will be completely unresponsive and, for all intents and purposes, is already in a powered off state). Connect one end of your data syncing cable to your PC or laptop, but not yet to your phone. On your smartphone, hold Volume Up and Volume Down simultaneously while connecting the Type-C end of the data syncing cable to your phone. If your phone is being properly recognized, you will see Qualcomm HS USB QLOADER 9008 at the top of the QFIL interface, followed by your active port number. If you do not see this indicator on the QFIL interface, try using another data syncing cable, change USB ports, and/or reinstall the Qualcomm USB device drivers by repeating Step 1;
Once a proper connection is verified, click on the blue Download tab to commence the flashing process. A progress bar on the interface will indicate the status of the flashing process. This can take a few minutes, so just remain patient until the Status window indicates flashing success;
Now simply power up your device. It may be necessary to briefly remove and reinsert the battery to exit EDL mode. That's it. Your device should now be reverted to its factory stock state.
DOWNLOADS:
• Qualcomm USB Drivers Installer
• QFIL v2.0.0.0
• MH-T6000V1.0.0B010 Firmware
• OTA MH-T6000V1.0.OB011
THANKS & MENTIONS:
Thanks to @omb714.1980 for donating the device that made this guide possible. Thanks also to KonnectONE Support representative, Faith Flores, for providing me with the factory signed firmware for this phone.
I ended up removing various system apks by using some ro2rw magisk module etc but upon rebooting it kept going to fastboot. I flashed stock super img with fastboot then reflashed patched boot img and restored firmware that way. Lol I'm trying to recreate what I did idk maybe I needed to disable dfe. I had other magisk modules installed like an overlay to make ro rw partition for read only devices etc so idk yet
I need to try disable avb dm verity. Can someone upload the file I need to fastboot flash disable verity etc please? I successfully edited a super.img and just deleted various apps like outlook, fb installer, my account etc but left the folders etc. I used that ro2rw magisk. Pretty cool but after flashing the edited super.img it boots to fastboot mode. I'd like to try disabling verity.
Argonon said:
I need to try disable avb dm verity. Can someone upload the file I need to fastboot flash disable verity etc please? I successfully edited a super.img and just deleted various apps like outlook, fb installer, my account etc but left the folders etc. I used that ro2rw magisk. Pretty cool but after flashing the edited super.img it boots to fastboot mode. I'd like to try disabling verity.
Click to expand...
Click to collapse
You need vbmeta.img. You'll find it in the firmware package. To flash vbmeta.img and disable verity/AVB, use this command:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
You can copy and paste this command to make it easier. All the hyphens are a bit tricky.
Thanks. Now just boots to black screen. Lol. I'll keep playing
Argonon said:
Thanks. Now just boots to black screen. Lol. I'll keep playing
Click to expand...
Click to collapse
I finally got super.img rw and was able to debloat directly from the booted device! I used a magisk module called RO2RW test version. It uses android terminal like termux to pull the super.img then extract it. Once Product, System etc are extracted you use the mount script that makes it able to edit the imgs from MT file manager. Then terminal prompt recompiles it along with a new boot.img. its hard to explain as im not a pro lol. Here's the xda link where I got the ro2rw magisk module. https://forum.xda-developers.com/t/...system-partitions-to-read-write-mode.4521131/
Argonon said:
I finally got super.img rw and was able to debloat directly from the booted device! I used a magisk module called RO2RW test version. It uses android terminal like termux to pull the super.img then extract it. Once Product, System etc are extracted you use the mount script that makes it able to edit the imgs from MT file manager. Then terminal prompt recompiles it along with a new boot.img. its hard to explain as im not a pro lol. Here's the xda link where I got the ro2rw magisk module. https://forum.xda-developers.com/t/...system-partitions-to-read-write-mode.4521131/
Click to expand...
Click to collapse
Nice work. I have the CRB Kitcen for Windows which performs similar operations to super.img. My only dilemma has been a lack of free time. I'll check out the method you linked. I'm not familiar with that Magisk module and I will definitely check it out. Again, nice work. I admire your persistence and determination.
Latest OTA update package
MH-T6000V1.0.0B011
Viva La Android said:
Latest OTA update package
MH-T6000V1.0.0B011
Click to expand...
Click to collapse
Does this change the Security Patch? What have you noticed different?
Argonon said:
Does this change the Security Patch? What have you noticed different?
Click to expand...
Click to collapse
It bumps the security patch level and fixes a couple of bugs in the cellular radio firmware resulting in dropped calls during node switching.
To install it, the simplest way is to revert to an unmodified stock state by flashing the factory firmware in my restoration guide. Once restored, you can install the update.zip via stock recovery mode.
Awesome. Oh btw firmware is now available for the mtk blu view 3 android 11 now!!
Argonon said:
Awesome. Oh btw firmware is now available for the mtk blu view 3 android 11 now!!
Click to expand...
Click to collapse
This is excellent news.
I need to unlock sim for this phone . what is the unlock method pleassss?
Mohammed Alqadri said:
I need to unlock sim for this phone . what is the unlock method pleassss?
Click to expand...
Click to collapse
I unlocked mine simply by flashing the factory firmware via QFIL, using the exact steps outlined in this guide. After initial setup following firmware restoration, the preinstalled network unlock app indicated that my device was permanently unlocked for use with other carriers.
I'm not exactly sure as to the reason why this worked, nor have I researched the possible mechanics behind the occurrence.
Viva La Android said:
I unlocked mine simply by flashing the factory firmware via QFIL, using the exact steps outlined in this guide. After initial setup following firmware restoration, the preibstakked network unlock app indicated that my device was permanently unlocked for use with other carriers.
I'm not exactly sure as to the reason why this worked, nor have I researched the possible mechanics behind the occurrence.
Click to expand...
Click to collapse
When flashing the firmware, is it necessary to have the lock status of the bootloader unlocked or not ?
Mohammed Alqadri said:
When flashing the firmware, is it necessary to have the lock status of the bootloader unlocked or not ?
Click to expand...
Click to collapse
The state of the bootloader has no relevance to firmware restoration. The firmware will be installed in exactly the same manner regardless of whether the device is bootloader locked or unlocked.
For any members interested, my modified stock ROM for this device is complete. The full installation guide can be found here https://forum.xda-developers.com/t/...e-moxee-m2160-mh-t6000-4g-lte.4596393//unread
Viva La Android said:
For any members interested, my modified stock ROM for this device is complete. The full installation guide can be found here https://forum.xda-developers.com/t/...e-moxee-m2160-mh-t6000-4g-lte.4596393//unread
Click to expand...
Click to collapse
I have a question, why when I insert the sim card into the phone, it appears that there is no service, since the service is available on any other device. will the modified ROM solve the problem or the official ROM? please answer......
Mohammed Alqadri said:
I have a question, why when I insert the sim card into the phone, it appears that there is no service, since the service is available on any other device. will the modified ROM solve the problem or the official ROM? please answer......
Click to expand...
Click to collapse
This ROM does not have any effect on the network locked or unlocked state of the device. You may need to configure your network settings or APN configuration for the carrier of the SIM card. But, out of curiosity, what carrier is linked to your SIM card, and has your Moxee phone been network unlocked? By default, the Moxee m2160 is locked to Assurance Wireless and, as such, will only work on their network.
I
Viva La Android said:
This ROM does not have any effect on the network locked or unlocked state of the device. You may need to configure your network settings or APN configuration for the carrier of the SIM card. But, out of curiosity, what carrier is linked to your SIM card, and has your Moxee phone been network unlocked? By default, the Moxee m2160 is locked to Assurance Wireless and, as such, will only work on their network.
Click to expand...
Click to collapse
I use the carrier of GSM. the coverage towers do not appear on the phone. there is no service that has nothing to do with settings or APN