Mate9 9.1.0.252 (C432E7R1P8) firmware with patch 3 - Huawei Mate 9 Questions & Answers

Hello,
I have Mate9 9.1.0.252 (C432E7R1P8) with Magisk installed via RECOVERY_RAMDIS.img patching method. I tried to download via Firmware Finder the latest version with this number and patched RECOVERY_RAMDIS.img for installation of Magisk.
Since some time, my phone started to ask to install an important patch. When I flash back stoc RECOVERY_RAMDIS.img, system downloads and installs the patch and in software update page I see Mate9 9.1.0.252 (C432E7R1P8) (Patch 3) . When I flash from Firmware Finder after that, the patch goes away and my phone asks me repeatedly to install this patch, at night automatically tries it etc. It's quite annoying.
Is there any way to extract RECOVERY_RAMDIS.img from device or any location of firmware with patch 3 included? I wouldn't like to switch updates off btw.
Thanks in advance.

Some ideas (experiment on your own responsibility):
- Do OTA update (b252 Patch03), then flash your Magisk patched Recovery (made from b252 without Patch03) but to eRecovery, then boot to the rooted system via eRecovery
Then
a) Enable ADB, run the following commands from PC:
Code:
adb shell
su
dd if=/dev/block/bootdevice/by-name/recovery_ramdisk of=/sdcard/RECOVERY_RAMDISK.img
After the su command you have to grant root privilege on the phone, to ADB.
It should dump Recovery image to Internal memory
Or
b) From Terminal Emulator app, run the following commands:
Code:
su
dd if=/dev/block/bootdevice/by-name/recovery_ramdisk of=/sdcard/RECOVERY_RAMDISK.img
After the su command you have to grant root privilege to the Terminal Emulator.
It should also dump Recovery image to Internal memory
Comments:
(a) and (b) should disk dump Recovery image on the rooted phone (!) but I think the pre-step will fail: Fastboot will fail to flash to eRecovery.
Another option would be to flash TWRP but to eRecovery and then to execute from Advanced/Terminal in TWRP:
Code:
dd if=/dev/block/bootdevice/by-name/recovery_ramdisk of=/external_sd/RECOVERY_RAMDISK.img
However, Fastboot will again fail to flash (TWRP) to eRecovery, and TWRP would fail to dump to Internal memory (because of encryption)
So no use, sorry - just ideas, but there is always some catch 22 ;-(
Likewise, you cannot disk dump Recovery image directly either from the not rooted b252 Patch03, because (a) or (b) would require root privileges for ADB or Terminal Emulator, respectively
And if you flash the Magisk patched Recovery to Recovery partition n(as usual), you will have root and you could disk dump - but the OTA Recovery b252 Patch03 would be already gone (flashed over)

Related

Can't flash latest TWRP, and lost my old install of it. Help?

Hi all,
I was running LineageOS 14.1 on my H830 with TWRP 3.2.1.0. Installed the newest nightly release via the OTA updater, which screwed up. System wouldn't boot, but I could get into TWRP. I ended up having to install it via the TWRP install option, and then had to run this code in TWRP's terminal:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
to get out of the boot loop that I had.
Now I have the latest LineageOS, but I cannot boot into TWRP recovery. I have the TWRP app and have root from Magisk. I tried flashing via the app, and it gives me a success message, but when I try to boot into recovery either via the app or using power + volume, it takes me to fastboot mode. I tried flashing via adb, but this still didn't work (was getting Failed: remote: unknown command). Really need TWRP back, as I want to switch to XenonHD. Any help?
Update:
Solved thanks to @autoprime
Method (flash via dd):
dl latest twrp from h830 page on twrp.me
rename to twrp.img
place in same folder as install location for adb client (i use Minimal ADB + Fastboot)
push to /sdcard using adb client (adb push twrp.img /sdcard/twrp.img)
open adb shell (type adb shell)
type su
type appropriate dd command found on install guide on device page on twrp.me (in this case: dd if=/sdcard/twrp.img of=/dev/block/platform/soc/624000.ufshc/by-name/recovery)
if permissions denied even if you have root:
go to developer settings
enable local terminal app
open and type su
grant super user permissions
type dd if=/sdcard/twrp.img of=/dev/block/platform/soc/624000.ufshc/by-name/recovery
reboot into recovery via adb (adb reboot recovery) or via key combo (turn off, then hold power + volume down till lg logo, then let go of power for a second and then hold again until twrp appears)
and you're good to go!

[UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas)

Read this whole guide before starting.
This is for the 7th gen Fire HD8 (douglas).
Current version: amonet-douglas-v1.2.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-douglas-v1.1.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If you are on a firmware newer than 5.6.4.0, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
WARNING: Do not use bootrom-step-minimal.sh if you bricked using brick(-9820).sh!
You will need to use bootrom-step.sh.
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-douglas-return-to-stock.zip" into the same folder where you extracted "amonet-douglas-v1.0.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
sudo fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.4.0 or newer, otherwise you may brick your device)
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @t0x1cSH and @breakfastofsecrets for testing.
Reserved #1
Changelog
Version 1.2 (15.10.2019)
Increase boot.hdr size to avoid crashes with leftovers of boot.img
Version 1.1 (02.09.2019)
Add system_image to TWRP
Add serialno to GPT-folder to avoid mixups between 16G and 32G
Add scripts to fix GPT
Features.
Hacked fastboot mode lets you use all fastboot commands (flash etc).
Boots custom/unsigned kernel-images (no patching needed)
TWRP protects from downgrading PL/TZ/LK
NOTE: Hacked fastboot can be reached via TWRP.
NOTE: Hacked fastboot doesn't remap partition names, so you can easily go back to stock
Reserved #3
Awesome!
if you can't get in the recovery by long pressing the volume buttons and power button simultaneously, during the boot keep both the volume buttons and fastly tap the power button
i had some problems getting by long pressing in the recovery and this worked every time
ty k4y0z
Works perfectly. Thank you very very much!
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
MontysEvilTwin said:
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
Click to expand...
Click to collapse
I think that you can. TWRP supports flashfire backups but as you say don't restore boot.img neither recovery.img.
MontysEvilTwin said:
On a rooted device with a locked bootloader, if I back up system and data only with Flashfire, will I be able to restore these partitions with TWRP after unlocking? Presumably I wouldn't restore the boot partition?
Click to expand...
Click to collapse
Rortiz2 said:
I think that you can. TWRP supports flashfire backups but as you say don't restore boot.img neither recovery.img.
Click to expand...
Click to collapse
Haven't tested, but should work fine, also boot.img should give no issues when restoring.
Only userdata is erased during unlocking, so it should be enough to restore userdata.
k4y0z said:
Haven't tested, but should work fine, also boot.img should give no issues when restoring.
Only userdata is erased during unlocking, so it should be enough to restore userdata.
Click to expand...
Click to collapse
Doesn't the unlock procedure include a factory reset which will wipe settings and apps? By 'userdata' do you mean 'data' or data plus internal storage (user files and photos etc.) or just internal storage?
MontysEvilTwin said:
Doesn't the unlock procedure include a factory reset which will wipe settings and apps? By 'userdata' do you mean 'data' or data plus internal storage (user files and photos etc.) or just internal storage?
Click to expand...
Click to collapse
Yes it does wipe data/userdata including the internal storage.
But it doesn't touch the system-partition.
Everything went super smooth. Many thanks for this, and all your unlocks.
Also, I was able to flash my flashfire system and usedata backups in TWRP with no issues.
Kctucka said:
Everything went super smooth. Many thanks for this, and all your unlocks.
Also, I was able to flash my flashfire system and usedata backups in TWRP with no issues.
Click to expand...
Click to collapse
How do you flash Flashfire backups? I now am unlocked and have TWRP installed, but when I try to restore, TWRP can see the backup folders but does not see any backed-up partitions.
---------- Post added at 10:49 AM ---------- Previous post was at 10:36 AM ----------
OK. I've got it figured out. You have to install the relevant 'twrp.zip' archives from the Flashfire backups.
dear friends
I make backup with twrp ( just system ) and transfer it to other device but when restore system the device stock on amazon i try to flash system by hacked BL flash success but when reboot also stock on amazon logo
deathlessster said:
dear friends
I make backup with twrp ( just system ) and transfer it to other device but when restore system the device stock on amazon i try to flash system by hacked BL flash success but when reboot also stock on amazon logo
Click to expand...
Click to collapse
Maybe you need to do a wipe of userdata and flash the latest boot.img.
thank you Rortiz2 i will try
---------- Post added at 03:36 PM ---------- Previous post was at 03:30 PM ----------
k4y0z said:
Read this whole guide before starting.
This is for the 7th gen Fire HD8 (douglas).
Current version: amonet-douglas-v1.0.zip
NOTE: This process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: This process will modify the partition-table (GPT) of your device.
NOTE: Your device will be reset to factory defaults (including internal storage) during this process.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-douglas-v1.0.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./step-1.sh
Your device will now reboot into recovery and perform a factory reset.
NOTE: If you are on a firmware newer than 5.6.4.0, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
If you chose the brick option, you don't need to run step-2.sh below:
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step-minimal.sh
Then plug the device back in.
It will then boot into "hacked fastboot" mode.
Then run
Code:
sudo ./fastboot-step.sh
NOTE: When you are back at initial setup, you can skip registration by selecting a WiFi-Network, then pressing "Cancel" and then "Not Now"
NOTE: Make sure you re-enable ADB after Factory Reset.
4. Start the script:
Code:
sudo ./step-2.sh
The exploit will now be flashed and your device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-douglas-return-to-stock.zip" into the same folder where you extracted "amonet-douglas-v1.0.zip" and open a terminal in that directory.
You can go back to stock without restoring the original partition-table, so you can go back to unlocked without wiping data.
Just use hacked fastboot to
Code:
fastboot flash recovery bin/recovery.img
If you want to go back completely (including restoring your GPT):
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 5.6.4.0 or newer, otherwise you may brick your device)
Important information
In the new partitioning scheme your boot/recovery-images will be in boot_x/recovery_x respectively, while boot/recovery will hold the exploit.
TWRP takes care of remapping these for you, so installing zips/images from TWRP will work as expected.
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.) (If you do anyway, make sure you flash them to boot_x/recovery_x)
Should you accidentally overwrite the wrong boot, but your TWRP is still working, rebooting into TWRP will fix that automatically.
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @t0x1cSH and @breakfastofsecrets for testing.
Click to expand...
Click to collapse
I do this method on windows 10 with linux shell and i get success thank you very much
I have unlocked three tablets now. It is very easy, thanks @k4y0z for making it that way. The only problem I had was with my first try on step 1, but that was because my adb and fastboot drivers needed updating.
Is a similar unlock planned for the HD 8, 2016/ 6th gen. Giza?
I still have problem in twrp restore my device now stock on amazon logo please help me
[email protected]:/mnt/c/Users/aimya/Downloads/Compressed/amonet-douglas-v1.0_2/amonet$ sudo ./step-1.sh
[sudo] password for aimyafi:
* daemon not running; starting now at tcp:5037
* daemon started successfully
Stuck at there! What's the problem?

20e semi stock fastboo/twrp flashable images

Hey guys,
This is for people who already unlocked the bootloader!!
Since there hasn't been any flashable images via twrp or fastboot, I have decided to create one for the stock 20e. Now it's semi stock because the twrp is included with the boot image I uploaded. I'm doing just 20e because im too lazy to go back and forth firmwares just to upload different versions of fw of stock.
You can flash them via fastboot or twrp.
To access fastboot you need to be rooted in your custom rom or stock:
1. Use terminal or adb shell and do these commands
Code:
Su
dd if=/dev/zero of=/dev/block/bootdevice/by-name/laf_a
Then reboot and hold the vol+ button while it's plugged into the PC
Don't worry about losing download mode on slot_a cause the other slot will still have it and you can switch to the other slot via fastboot or twrp then you can have download mode
To flash via fastboot:
Code:
Fastboot flash boot_a twrpboot_a.img
Fastboot flash system_a system_a.img
Fastboot flash vendor_a vendor_a.img
To flash via twrp:
1. Move these files to your internal sd or external.
2. Get into recovery mode and then hit install
3. Tap on select image and find the image files
4. Then flash them one by one.
5. Format data and reboot.
https://drive.google.com/folderview?id=1-1tRMeDK7sVzta9kKhAvfVF2B9XZu2ki
If you want to help out and upload the other firmwares, here are the steps:
1. Be on the firmware you want to make the image files for.
2. Make sure you are rooted!!
3. Use terminal from the play store or use adb shell
4. And do the following for each partition.
A. First SU in shell then
For system-
Code:
dd if=/dev/block/bootdevice/by-name/system_a of=/sdcard/system_a.img
For boot:
Code:
dd if=/dev/block/bootdevice/by-name/boot_a of=/sdcard/boot_a.img
For vendor:
Code:
dd if=/dev/block/bootdevice/by-name/vendor_a of=/sdcard/vendor_a.img
Then upload them to Google drive or wherever and share them if you can.
Does it work on G710EM?
Resync said:
Does it work on G710EM?
Click to expand...
Click to collapse
In theory it should.
can you upload the twrpboot for ulm21d?
Can you make the v35 twrp , thanks

Repeated update failure AND HOW TO FIX IT OnePlus 8t

I was in the process of rooting when the update was trying to run. Now I keep getting an install failure and can't seem to get any way to fix it.
Where is this update stored so I can delete it or can I get some advice on how to clear it so I can get it to try again?
I can't find the update for download anywhere :/
Not thing about file/cache. Incremental OTA need unroot frist.
Looking for the full installer package file for
11.0.8.12.KB05AA.​
rezapatel said:
Looking for the full installer package file for
11.0.8.12.KB05AA.​
Click to expand...
Click to collapse
Same let me know if you find it lol
OK good news I got myself sorted!
1. What I did was use "Oxygen OS updater" (can be found on playstore) with advanced mode enabled and downloaded the latest OS (11.0.8.11.)
2. Use local upgrade under settings to install 11.0.8.11 and restart. This will remove root but not user data or settings.
3. Check for and install update 11.0.8.12 under settings and it should install fine no issues.
4. Re root using your chosen method.
5. Done!
Interesting. How did you get the boot file for x.12? Isn't that required for rooting..
rezapatel said:
Interesting. How did you get the boot file for x.12? Isn't that required for rooting..
Click to expand...
Click to collapse
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.
ULTRAJC said:
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.
Click to expand...
Click to collapse
What they said
ULTRAJC said:
Boot modified recovery with ADB function, dump boot_a or boot_b, Magisk patch.
Click to expand...
Click to collapse
Any guide for this?
DroidFreak32 said:
Since we don't have TWRP yet for our 8T, having ADB enabled on the stock recovery can be really helpful if you are unlocked and rooted.
For example, removing problematic magisk modules.
I tried to install the EdExposed module and ended with a boot loop. To get back I had to flash the stock boot.img again and reconfigure all my modules again.
Having ADB enabled in OOS recovery will let us delete the problematic module at /data/adb/modules without having to delete the working modules.
Credit goes to @s3axel for the Post in Oneplus 8 forums
Quoting the procedure to create the modified recovery.img :
Installation Procedure:
Pre-patched files for the lazy (upto 11.0.4.5):
To find your model and build:
Code:
adb shell getprop ro.product.model
KB2001
adb shell getprop ro.build.version.ota
OnePlus8TOxygen_15.I.16_GLO_0160_2010150110
KB2000 / KB05?? - Chinese Variant
11.0.1.2 Hydrogen_15.H.16_OTA_0160_all_2010150101_4101
STOCK recovery.img
adb patched recovery
KB2001 / KB05DA - Indian Variant
11.0.1.2 - OnePlus8TOxygen_15.I.16_GLO_0160_2010150110
STOCK recovery.img
adb patched recovery
11.0.2.3 - OnePlus8TOxygen_15.I.17_OTA_0170_all_2010240047
STOCK recovery.img
adb patched recovery
11.0.3.4 - OnePlus8TOxygen_15.I.18_OTA_0180_all_2011010208
STOCK recovery.img
adb patched recovery
11.0.4.5 - OnePlus8TOxygen_15.I.19_OTA_0190_all_2011101438_3032f.zip
STOCK recovery.img
adb patched recovery
KB2003 / KB05BA - EU Variant
11.0.1.2 - OnePlus8TOxygen_15.E.17_GLO_0170_2010150108
STOCK recovery.img
adb patched recovery
11.0.2.3 - OnePlus8TOxygen_15.E.18_OTA_0180_all_2010240038
STOCK recovery.img
adb patched recovery
11.0.3.4 - OnePlus8TOxygen_15.E.19_OTA_0190_all_2011010157
STOCK recovery.img
adb patched recovery
11.0.4.5 - OnePlus8TOxygen_15.E.20_OTA_0200_all_2011101442_ed5dc.zip
STOCK recovery.img
adb patched recovery
KB2005 / KB05AA - International Variant thanks to @card13
https://drive.google.com/drive/folders/1-i4P8sWPfyqwgYvBsKWAAftQW7m66Z70?usp=sharing
KB2007 / KB05CB - T-Mobile Variant
¯\_(ツ)_/¯
Code:
❯ adb devices
List of devices attached
75317573 recovery
❯ adb shell
# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 3648448 40396 3608052 2% /
tmpfs 3837328 1160 3836168 1% /dev
tmpfs 3837328 0 3837328 0% /mnt
tmpfs 3837328 0 3837328 0% /apex
tmpfs 3837328 4 3837324 1% /linkerconfig
tmpfs 3837328 24 3837304 1% /tmp
/dev/block/sda11 491464 140484 350980 29% /mnt/vendor/op2
/dev/block/sda20 11760 164 11596 2% /metadata
/dev/block/dm-3 1516540 1511956 4584 100% /vendor
/dev/block/sda2 27632 10452 17180 38% /mnt/vendor/persist
/dev/block/dm-7 110397292 6627020 103770272 7% /data
Click to expand...
Click to collapse
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFO​The basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).​
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone. ​
Updating with OTAs should be the same process as the other guides here.​
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.​
Prerequisites:
ADB and Fastboot installed.​
An unlocked bootloader and USB debugging enabled.​
________________________________________________________
STEPS:​
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktop​for Mac, type cd desktop or cd /Users/yourname/Desktop​
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/b​b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device. ​​
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.​b. Use Select and Patch a File on boot_a.img​
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.​b. Use Direct Install (Recommended) to root your internal boot.img​
10. Reboot and verify it worked.
Click to expand...
Click to collapse
Are you guys aware of the zip file @osm0sis created that lets you add ADB to the stock recovery? You'll need to be rooted to use it.
[TWRP][3.4.0-14][instantnoodle]Unofficial TWRP for OnePlus 8/8 Pro Unified(Stable)
Team Win Recovery Project 3.x, or twrp3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and...
forum.xda-developers.com
It works really well - I've used it on 11.0.8.11 and .12
Thank you sir. I took the plunge and have been rewarded. Appreciate it!
shadowtuy said:
OK good news I got myself sorted!
1. What I did was use "Oxygen OS updater" (can be found on playstore) with advanced mode enabled and downloaded the latest OS (11.0.8.11.)
2. Use local upgrade under settings to install 11.0.8.11 and restart. This will remove root but not user data or settings.
3. Check for and install update 11.0.8.12 under settings and it should install fine no issues.
4. Re root using your chosen method.
5. Done!
Click to expand...
Click to collapse
This looks like a great app but it won't work if you need to downgrade. The current release (11.0.8.12.KB05AA) is so bad (look at OnePlus forums) that OnePlus has even taken it down and is no longer available for download. The current one is the previous one (11.0.8.11.KB05AA). Because I have already installed the "12" release, the OxygenOS System Update will not let me downgrade to the "11" release. It gives a "to avoid booting up failure, downgrading is not allowed" message.
Can I sideload/flash this "11" zip file via ADB and accomplish my goal of downgrading? Or could I change the active slot to the inactive one, reboot and get back to "11" that way?
zzjea said:
This looks like a great app but it won't work if you need to downgrade. The current release (11.0.8.12.KB05AA) is so bad (look at OnePlus forums) that OnePlus has even taken it down and is no longer available for download. The current one is the previous one (11.0.8.11.KB05AA). Because I have already installed the "12" release, the OxygenOS System Update will not let me downgrade to the "11" release. It gives a "to avoid booting up failure, downgrading is not allowed" message.
Can I sideload/flash this "11" zip file via ADB and accomplish my goal of downgrading? Or could I change the active slot to the inactive one, reboot and get back to "11" that way?
Click to expand...
Click to collapse
Well I tried switching slots but the inactive slot was corrupted from earlier. So I do not have an "11" in the other slot.
zzjea said:
Well I tried switching slots but the inactive slot was corrupted from earlier. So I do not have an "11" in the other slot.
Click to expand...
Click to collapse
Since OP 8T OxygenOS does not have a recovery, ADB sideload will not work.
Now that 11.0.8.13 is out and I'm on 11.0.8.12 right now, and so far I haven't come across a full zip for 13 yet. Not sure, if this will work .. but I'm thinking, I will uninstall magisk via the app. Restart to ensure, I'm unrooted and then do an OTA to 13. After the OS has been upgraded, follow the steps to root the boot dump file. Anyone tried this method and if would work? The 2 things I'm worried about are - 1) if I uninstall Magisk via the app, does it fully unroot and allows OTA, 2) will the broken twrp shared above work on the latest OOS x.13?
Thanks!
rezapatel said:
Now that 11.0.8.13 is out and I'm on 11.0.8.12 right now, and so far I haven't come across a full zip for 13 yet. Not sure, if this will work .. but I'm thinking, I will uninstall magisk via the app. Restart to ensure, I'm unrooted and then do an OTA to 13. After the OS has been upgraded, follow the steps to root the boot dump file. Anyone tried this method and if would work? The 2 things I'm worried about are - 1) if I uninstall Magisk via the app, does it fully unroot and allows OTA, 2) will the broken twrp shared above work on the latest OOS x.13?
Thanks!
Click to expand...
Click to collapse
For anyone who's interested. This worked!
Hey little bit of an add in! Keep a backup of your non Rooted boot.img!! It is actually easier to flash the non rooted and update just to reroot again.

Oneplus 8T Rooted issues with reboot

I'm on 8T latest OOS 11.0.8.13 and rooted with magisk.
Something I've lately noticed is every time I restart it ends up on a long wait on the initial bootloader unlocked disclaimer and ends up in recovery mode. Removing cache generally reboots back into the OS.
This happens on every restart. Pretty irritating.
Are other rooted users facing the same?
CarvedArt said:
Quick and concise how to for obtaining a Stock Boot Image from your Oneplus 8, 8T or 8 Pro device and patching with Magisk to create a fastboot flashable patched boot.img.
DISCLAIMER:
Code:
#include <std_disclaimer.h>
/*
*
* We are not responsible for bricked, broken or dead devices. This is a high-level
* how to for users with a basic knowledge of ADB and Fastboot. YOU alone are
* choosing to make these modifications, and you are solely responsible for your
* device's fit for use and wellbeing.
*
* Backup your data!
*
*/
PREREQUISITS:
An unpatched Stock Boot.img running on your device
General knowledge and understanding of ADB and Fastboot
Download latest op8, op8p, or op8t Horizon Kernel img from [e.g., op8p_7.img]:
https://dl.akr-developers.com/?dir=oneplus/horizon_kernel/R/images
Download latest Magisk Canary build from Github [e.g., app-debug.apk]:
https://raw.githubusercontent.com/topjohnwu/magisk_files/canary/app-debug.apk
DEVICE/PC OPERATIONS:
→ ADB
Enumerate devices
Code:
adb devices
Boot into Fastboot
Code:
reboot bootloader
→ FASTBOOT
Enumerate devices
Code:
fastboot devices
Determine the current slot (A/B), whichever slot you're on should be the "good" img
Code:
fastboot getvar current-slot
Boot with the custom kernel downloaded from Horizon to use root [NOTE: Include the full path of the img if not in the same directory]
e.g., fastboot boot "C:\Users\User\Downloads\op8p_R7.img"​
Code:
fastboot boot xxxxxxx.img
→ ADB
Copy the boot.img from each slot to the root of the device
Code:
adb shell
su
dd if=/dev/block/sde11 of=/sdcard/boot_a.img
dd if=/dev/block/sde35 of=/sdcard/boot_b.img
→ Android Device [NOTE: Some Android 11 devices experience patching issues on the Beta Channel like bootloop] [NOTE: Some users experience issues on Canary like no SIM detected; if so switch to Beta]
Install Magisk app-debug.apk (Canary)
Go to Settings → Update Channel → Canary
Go to Home → Install → Install → Select and Patch A File
Navigate to internal storage and select the stock boot.img [choose the img from whichever slot you're on]
When it’s done patching copy the file, named magisk_patched.img, from the root → Downloads of your device to PC
→ ADB
Code:
reboot bootloader
→ FASTBOOT
Test to ensure it boots before flashing; if not you'll need to patch the other img
Code:
fastboot boot magisk_patched.img
→ Android Device
If the device boots and you have root in the Magisk Manager app, reboot the device into Fastboot then flash the active slot [NOTE: Both slots do not need to be flashed; just the current active slot]
→ FASTBOOT
Flash the patched image file [NOTE: Include the full path of the img if not in the same directory]
e.g., fastboot flash boot_b "C:\Users\User\Downloads\magisk_patched.img"
Code:
fastboot flash boot magisk_patched.img
fastboot reboot
- OR -​
Code:
fastboot flash boot_a magisk_patched.img
fastboot reboot
- OR -​
Code:
fastboot flash boot_b magisk_patched.img
fastboot reboot
ADDITIONAL RESOURSES:
→ FASTBOOT
If you need to set the other slot to be the active slot use:
Code:
fastboot --set-active=a
- OR -​
Code:
fastboot --set-active=b
→ ADB
ADB Magisk Bootloop Fix
Code:
adb shell
magisk --remove-modules
→ OTA Help
Magisk stock boot.img missing fix [NOTE: Android 11 onwards, the /sbin folder might not exist, so Magisk will randomly create a folder under /dev and use it as the base folder]
Rename to: stock_boot_0.img
Compress with gzip = stock_boot_0.img.gz
Copy stock_boot_0.img.gz file to the root of: /data
Edit the config file: /dev/xxxxxxx/.magisk/config → Change SHA1= to 0
Magisk Manager → Uninstall Magisk → Restore Images
→ ADB
Determine the random folder name generated by Magisk on Android 11+
Code:
ls -laR /dev | grep '.magisk/rootdir'
→ ADB
Determine the Boot Image partition location [NOTE: Will list all partitions; look for boot_a and boot_b]
Code:
ls /dev/block/bootdevice/by-name/ -all
Click to expand...
Click to collapse
Root with this method probably because of something wrong with the installation or smth.
Kenora_I said:
Root with this method probably because of something wrong with the installation or smth.
Click to expand...
Click to collapse
Rooted using the same guide.. Use the same after each upgrade (full package).
huh, have you updated the kernel and stuff. There are newer releases.
Might be your problem
Kenora_I said:
huh, have you updated the kernel and stuff. There are newer releases.
Might be your problem
Click to expand...
Click to collapse
Adaway and Ktweaks apps, but both execute after boot.
Systemlesshosts (to run Adaway) and Oneplus phone dialer modules on Magisk.
Checked, no newer version for any mentioned.
Use full update.zip update again, see if it can be fix
ULTRAJC said:
Use full update.zip update again, see if it can be fix
Click to expand...
Click to collapse
Will try.

Categories

Resources