Related
For those who use any official MIUI release (be it Global or Chinese, Stable or Dev):
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot reboot
The device should reboot to your freshly installed GSI.
For those who use xiaomi.eu ROM: (YMMV, it worked for me so I put it here, see below if it doesn't work for you)
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
Download vendor.img from here to your PC. You can also use any official vendor.img provided in official Xiaomi fastboot firmware packages if you know what you’re doing.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot flash vendor path_to_your_vendor.img (you can drag and drop as well)
Type: fastboot reboot
Alternate, easier (and preferred) way:
Download and flash any official MIUI release like this one here
Follow instructions for official MIUI releases above
The device should reboot to your freshly installed GSI.
How to pass SafetyNet on GSI:
Download the latest Magisk 16.6 and flash it through TWRP
Reboot
In Magisk Manager app, open the side menu and tap Download
Download MagiskHide Props Config, install it and reboot
After reboot, go to Setting and Developer Options and enable Terminal app, right under ADB debugging option
A Terminal app should appear in your apps list. If not, you can also use any terminal emulator app from Play Store
Type „su”, hit enter and grant root permissions
Type „props” and hit enter
Type „1”, hit enter
Type „f”, hit enter
Type „11”, hit enter
Type „7”, hit enter
Type „y”, hit enter
Type „y”, hit enter and your device will reboot
If you care about auto-brightness (which i bet you do), you can also set the module manually to Mi MIX 2S fingerprint:
Follow steps 1-9 from above
Type:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
and hit enter (thanks @cnrd for the tip!)
Type "y", hit enter
Type "y", hit enter and your device will reboot
After booting successfully, your device will pass SafetyNet, you can check it in Magisk Manager. Tested on my Chinese (XE model) device with the latest Resurrection Remix official GSI, Google Pay is working fine.
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
cnrd said:
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
Click to expand...
Click to collapse
Added, thanks!
Great tutorial, thank you very much!
Has anyone tried this with the latest pixel experience gsi? Resurrection Remix is running fine but pixel experience always reboots to the fastboot screen.
I used the instructions from the pixel experience thread, but without success. I read the whole thread again and again and did it step by step as mentioned to be sure not to miss any important steps. Not luck.
Can you try it with the Mix2S and confirm that it works and how you it?
Don't want to capture this thread. I'm just desperately trying to get this done to boot.
Best regards
Kleinholzinferno
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
napes22 said:
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
Click to expand...
Click to collapse
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
russphil said:
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
Click to expand...
Click to collapse
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
marcii-ec said:
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Click to expand...
Click to collapse
I've done it through Minimal ADB and Fastboot on Windows and through Fastboot on macOS and both work fine.
napes22 said:
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Click to expand...
Click to collapse
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
woofwoof75 said:
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
Click to expand...
Click to collapse
If your device is Treble-compatible, it should work with no problems, however keep in mind that should you run into any issues when using the provided fingerprint, you have to look up some from a stable MIUI for your device.
teddy74eva said:
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
Click to expand...
Click to collapse
Yeah, when I run "fastboot getvar anti" I get invalid variable. Which leads me to believe that I don't have any issues at the moment. I won't upgrade from 12, but I'd like to move to Treble at some point.
EDIT: Just checked the "flash_all.bat" file within the 8.7.12 file and saw the following
::set CURRENT_ANTI_VER=1
::for /f "tokens=2 delims=: " %%i in ('fastboot %* getvar anti 2^>^&1 ^| findstr /r /c:"anti:"') do (set version=%%i)
::if [%version%] EQU [] set version=0
::if %version% GTR %CURRENT_ANTI_VER% (
Click to expand...
Click to collapse
Looks like 8.7.12 for Mi Mix 2S is not screwed.
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
kleinholzinferno said:
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
Click to expand...
Click to collapse
Basically, setting your fingerprint to Mi6 8.0 fools Google's checks of your installed system's certification, telling them that you are currently running a certified and tested Mi6 firmware. Every firmware has to follow Google's standards and rules for it to be able to fully use Google Services.
Now, I've included Mi6 fingerprint in my guide because it's readily available in MagiskHide Props, thus making it easier to set everything up to a workable state. However, as one user mentioned, if you use Mi6 fingerprint on MIX 2S, it breaks autobrightness. So, in order to be fully certified and keep autobrightness working, you can manually enter a fingerprint provided in the first post, which comes from MIX 2S 8.0 firmware. The only downside is that you have to be careful not to make any mistake when typing, so it's a little bit harder.
If you can live without autobrightness (since, as of now, it's terribly slow), feel free to use the Mi6 preset fingerprint. If you care or if you want to do things as they should be done, go for the manual route. Both of them will make your device Google certified and both of them will allow you to pass SafetyNet checks.
I may generalized some things or not mention them due to my lack of knowledge. If anybody would like to correct something, please do so
P.S. I may completely delete the preset fingerprint guide, as I don't think it's that hard to enter the proper fingerprint manually and it would definitely make things clearer.
Thank you very much for this information, makes everything much clearer for me.
Regarding auto brightness: I don't mind if it works for now, I can live with the manual settings. Better than a laggy auto settings thingy that doesn't worm properly.
The only thing that bothers me is that the screen is much too bright at night (or with night light activated) even in the lowest setting. Is there any possibility to change the minimum value?
Could you explain how to enter the proper fingerprint manually?
Best regards
Edit: nevermind the last question, I found it. In the newer version there's an entry for the mi mix 2s. Xiaomi devices are now listed under number 12, not 11 and the mi mix 2s is listed as own device. Works perfectly fine! Safety net passed, all green now!
ULTIMATE GUIDE TO FIX ROM FROM FAKE UNLOCK BOOTLOADER
Device: Redmi Note 5/Pro (Whyred)
Anti: 3 (required)
Initial Rom: Global/China with ARB v3
Method: Test Point
As we know that buying whyred from a distributor with a red box has a strange rom and also mi account that can't be binded. this is very troublesome when we want to unlock the bootloader..
This method is to really lock the Bootloader again, can bind Mi account and can be used for Unlock bootloader officially.
And finally, this method doesn't need to edit the script anymore, I upload patch scripts and loaders specifically for ROM 9.5.17 below.
It has been tested and the results are successful.
Let's start and DWYOR!
Step:
1. Download ROM 1 and ROM 2 below then extract.
2. Download the Patch then copy and replace it in ROM 1 which has been extracted (in the images folder).
3. Open back cover of the phone carefully and connect to the PC via Test Point (HS-USB QDLoader 9008)
4. Flash ROM 1 that has been patched with MiFlash (I use MiFlash 2017.4.25.0 and PC 64bit during flashing).
5. After success, close the miflash, unplug the cable, and turn it on. Wait a few moments until stuck in recovery mode (pict 1)
6. Connect Whyred to PC again via Test Point and Flash ROM 2 with MiFlash.
7. Wait for the first boot, after entering the system, check unlock status in developer mode and tadaaaa.. it's completely locked now... (pict 2)
8. Bind Mi account, continued unlock bootloader officially.
9. Done! ready to go to custom ROM
Note:
1. Patch is only used for ROM 1 (Global 9.5.17).
2. ROM 2 can use all China ROMs as long as still ARB v3.
Picture:
Pict 1
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Pict 2
War Equipment:
ROM 1. (Global 9.5.17): LINK
ROM 2. (China 9.5.21): LINK
Patch: LINK
Just Hit THANKS Button for Supporting me..
Any chance this guide can be updated for ARB4? At least the patch file?
Edit:
Nevermind, I see it cannot be done.
poncespr said:
Any chance this guide can be updated for ARB4? At least the patch file?
Edit:
Nevermind, I see it cannot be done.
Click to expand...
Click to collapse
The same mistake is also available
poncespr said:
Any chance this guide can be updated for ARB4? At least the patch file?
Edit:
Nevermind, I see it cannot be done.
Click to expand...
Click to collapse
UtkuAblak said:
The same mistake is also available
Click to expand...
Click to collapse
sorry bro, currently only available for arb 3. refers to the difficulty of flashing if it has arb 4. coz the test point method in arb 4 must use an authorized account.
there is a guide to bypass this authorized account, but there are some reports that still fail.
this weirdness has been made xiaomi itself..
octodellin said:
sorry bro, currently only available for arb 3. refers to the difficulty of flashing if it has arb 4. coz the test point method in arb 4 must use an authorized account.
there is a guide to bypass this authorized account, but there are some reports that still fail.
this weirdness has been made xiaomi itself..
Click to expand...
Click to collapse
Stupid me that updated my RMN5Pro before reading these guides. Still is a great phone. Just wanted a taste of pie.
Mi phone deat
Sir, my nead mi authorized account please help me this my id 1813003637
---------- Post added at 05:50 PM ---------- Previous post was at 05:39 PM ----------
Sir my need mi authorized account please help me
This is my id 1813003637 sorry for my bad english
I have ARB3 device with fake ubl. I want to try this method, but I can not fully understand what we do with battery while short circuit the test points(5th step).
After writing 1st ROM, we connect the battery, then open device and stuck with recovery. After this (6th step), will I disconnect the battery again, while test point?
And another question;
while writing 1st or 2nd ROM which option we select with MiFlash Tool? "Clean_all" or "Clean_all and Lock" ?
How can I check for Fake UBL to be sure for 100% that I need this ?
netlogger said:
I have ARB3 device with fake ubl. I want to try this method, but I can not fully understand what we do with battery while short circuit the test points(5th step).
After writing 1st ROM, we connect the battery, then open device and stuck with recovery. After this (6th step), will I disconnect the battery again, while test point?
Click to expand...
Click to collapse
yes, like the first..
netlogger said:
And another question;
while writing 1st or 2nd ROM which option we select with MiFlash Tool? "Clean_all" or "Clean_all and Lock" ?
Click to expand...
Click to collapse
both can be used, coz basically our whyred is in locked bootloader.
but for sure, you can choose Clean_all and Lock
The4anoni said:
How can I check for Fake UBL to be sure for 100% that I need this ?
Click to expand...
Click to collapse
go to fastboot mode and run fastboot command:
Code:
fastboot getvar anti
if the displayed output is 3, is good. that means you can use this method.
if the displayed output is 4, you can not use this method.
octodellin said:
go to fastboot mode and run fastboot command:
Code:
fastboot getvar anti
if the displayed output is 3, is good. that means you can use this method.
if the displayed output is 4, you can not use this method.
Click to expand...
Click to collapse
I know how to check anti rollback... I want to check does my bootloader is fake unlocked or not
I copied the patch files to the ROM1 images folder.
I open miflash, selected the ROM1 folder.
I made the testpoint method, and I see driver 9008.
then clicked the refresh button then Flash button on miflash program. It writes "flashing".
Flashing process starts, but after that, it stucks while writing keymaster.mbn file. I waited over 20 minutes but nothing happened.
I tried another miflash from may 2018, but same situation.
I tried other USB ports, nothing changed.
I checked the log file. At begining it seems everything normal, but when it came to write keymaster.mbn file(this is the first file to flash)
The log file looks like this:
...
: Write file C:\RN5... ....\images\keymaster.mbn to partition[keymaster] sector 65536
: write file legnth 357392 to partition 65536
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
...
And gooes on like this for over 80000 lines. I closed the miflash.
I checked the phone, nothing happened, It opens normally, old rom still there...
what can be the situation?
The4anoni said:
I know how to check anti rollback... I want to check does my bootloader is fake unlocked or not
Click to expand...
Click to collapse
1. check in mi unlock status from developer mode
2. check from fastboot command: fastboot oem device-info
3. test to unlock bootloader
if you face unlocked in mi unlock status but in fastboot showing "Device unlocked: false" even more you can't bind account, thats mean you unlocked is fake.
netlogger said:
I copied the patch files to the ROM1 images folder.
I open miflash, selected the ROM1 folder.
I made the testpoint method, and I see driver 9008.
then clicked the refresh button then Flash button on miflash program. It writes "flashing".
Flashing process starts, but after that, it stucks while writing keymaster.mbn file. I waited over 20 minutes but nothing happened.
I tried another miflash from may 2018, but same situation.
I tried other USB ports, nothing changed.
I checked the log file. At begining it seems everything normal, but when it came to write keymaster.mbn file(this is the first file to flash)
The log file looks like this:
...
: Write file C:\RN5... ....\images\keymaster.mbn to partition[keymaster] sector 65536
: write file legnth 357392 to partition 65536
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
: WriteFile position 0, size 0
...
And gooes on like this for over 80000 lines. I closed the miflash.
I checked the phone, nothing happened, It opens normally, old rom still there...
what can be the situation?
Click to expand...
Click to collapse
1. make sure that you have extracted the patch. there are 3 files that must be replaced to the images folder in ROM 1 (Global 9.5.17)
2. use the miflash that I use
3. try to change clean all or clean all and lock, with flash_all.bat
hope it works for you ..
I allready tried that all of you wrote. But in windows command prompt mode, I tried to execute flash_all.bat with admin rights. It didn't work.
---------- Post added at 10:45 AM ---------- Previous post was at 10:42 AM ----------
I allready tried all. Nothing changes.
I tried to run flash_all.bat from command prompt with admin rights, but that does not work.
Bruh. Thanks a lot. This is the ONLY guide that has helped me fix my Note 5 Pro.
I was on global rom from the seller... I'm flashing a bunch of ARB 3 or lower MIUI roms... I accidently flashed with lock the bootloader...
That bricked my phone. No other roms would work. No china ones, no global. Tried so many patches until this guide which worked for me.
Thanks
Update - September 7th, 2019.
There is a more convenient method now by @k4y0z that can achieve the same unlocking objectives with fewer user commands. Please head over to this thread to achieve unlocking.
Thanks again to all who used the original method below, and hopefully you are enjoying your unlocked device!
The original post using lots of terminal commands in order to unlock
We are there! We have several fully successful attempts by @glate and @daymz (in addition to 3 partial successes earlier - thanks to @leakcheck, @spdqbr, @ShayBox). I have updated the instructions for further clarity. Please report back if there are issues. Still, be prepared to remove the back cover as described in this link in the rather unlikely case things go wrong.
First of all, full credit to @xyz` and @diplomatic, since the approach here 100% relies on their great work!
Motivation for this post: make obtaining root on Fire HD8 2018 simpler, without removing the back cover of your tablet. You will also preserve your current FireOS version, and all your user apps and settings (meaning, no Factory Reset).
Skill level required: moderate - since you will need to work with Linux and Python. HD8 2018 has Android version 7, and therefore will use Magisk for root management.
Legalese, or the standard disclaimer: While every effort had been made to ensure the instructions accuracy, any and all risk you take with this procedure is entirely yours. Please pay attention, and proceed with care! Happy unlocking!!!
Notice. If you already have a working TWRP from a prior effort, you should start at Step 11 or 12 depending on what you need to do! With TWRP, the tablet is already under your full control! Unlocking is a one time thing! Post on XDA what you are trying to do, and you will be helped!
Here we go:
Get access to Linux, install Linux tools required as per the original work by @xyz` in this link (click Thanks there!!!). Specifically, on Debian/Ubuntu do this "sudo apt install python3 python3-serial android-tools-adb android-tools-fastboot". Download attached amonet-lite.zip to Linux.
Download attached unlock_images.zip, unpack it, place the individual image files into /sdcard/00 folder on your tablet (create /sdcard/00 folder on your tablet if it does not exist - "adb shell mkdir /sdcard/00")
Download attached finalize_no_ota.zip to /sdcard/00 on your tablet
Download Magisk to /sdcard/00 from here: Magisk-v18.0.zip If you like to live on the bleeding edge, and will be itching to upgrade, also download the latest and greatest Magisk zip - link (at present -version 18.1).
Noob protection: drain tablet battery to some low number, ~3% (this is a safety measure, in case you later get a freeze while in BootRom). Use Fast Discharge app from the Google Play Store if you are impatient. If you do get a freeze in BootRom, your Fire will discharge about ~1% per hour. The battery has to discharge to 0% for the device to exit the BootRom mode. So for battery at 50% you will be waiting ~2 days.
Get an adb root shell via mtk-su (arm version, not arm64), follow this method by @diplomatic (click Thanks there while you are doing it!!!) You may not get a proper full root on the very first try. Specifically, if ls command fails, exit shell via exit command, and run mtk-su again.
In this root shell, obtained in the previous step, first, and foremost, please verify that your prompt looks something like this : [karnak:/data/local/tmp #]. Specifically, that your device is really a karnak (i.e., HD8 2018). If you have a different device, MISSION ABORT, and do refer to the original rooting thread for instructions on how to permanently root YOUR type of device. If you do have a karnak, proceed to do the following operations.
Run the following commands
Code:
dd if=/dev/block/platform/soc/11230000.mmc/by-name/boot of=/sdcard/00/boot_orig.img
dd if=/dev/block/platform/soc/11230000.mmc/by-name/lk of=/sdcard/00/orig_lk.bin
dd if=/dev/block/platform/soc/11230000.mmc/by-name/tee1 of=/sdcard/00/orig_tz.bin
dd if=/dev/block/mmcblk0boot0 of=/sdcard/00/orig_boot0.bin
dd if=/dev/zero of=/dev/block/platform/soc/11230000.mmc/by-name/recovery
dd if=/sdcard/00/unlock_recovery-inj.img of=/dev/block/platform/soc/11230000.mmc/by-name/recovery
md5sum /sdcard/00/unlock_lk.bin; md5sum /sdcard/00/unlock_tz.bin; md5sum /dev/block/platform/soc/11230000.mmc/by-name/recovery
Make sure the above commands run without any errors!!! If there are errors, check if you perhaps did not put the image files into /sdcard/00. Below in red are the checksums you should see, take a moment to ensure that they match!!! If the checksums don't match, mission ABORT! Come back here and paste your output. You can disconnect your tablet for the time being.
Code:
[COLOR="Red"]
90ee125c08abc999f78325d30e26a388 /sdcard/00/unlock_lk.bin
982513e70d6de114ed4a9058a86de848 /sdcard/00/unlock_tz.bin
faae811e229f0a7780fd130a286d3c47 /dev/block/platform/soc/11230000.mmc/by-name/recovery
[/COLOR]
If everything looks good, proceed with updating the rest, and wiping the preloader which will enable the BootRom mode:
Code:
dd if=/sdcard/00/unlock_lk.bin of=/dev/block/platform/soc/11230000.mmc/by-name/lk
dd if=/sdcard/00/unlock_tz.bin of=/dev/block/platform/soc/11230000.mmc/by-name/tee1
dd if=/sdcard/00/unlock_tz.bin of=/dev/block/platform/soc/11230000.mmc/by-name/tee2
dd if=/sdcard/00/unlock_recovery-inj.img of=/dev/block/platform/soc/11230000.mmc/by-name/boot
dd if=/sdcard/00/unlock_recovery-inj.img of=/dev/block/platform/soc/11230000.mmc/by-name/recovery
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/block/mmcblk0boot0
echo 'EMMC_BOOT' > /dev/block/mmcblk0boot0
md5sum /dev/block/mmcblk0boot0
(Thanks to @k4y0z, @Rortiz2, @retyre, @hwmod for figuring out the last step!!!)
You are now in a properly bricked state. Disconnect the USB cable, turn off your tablet. It's a nice brick
On Linux, you will now finish all the work required to unlock your tablet.
First make sure to uninstall/disable ModemManager (very mission critical!!!) [on Ubuntu: "sudo apt-get remove modemmanager"]. Next, run these commands:
Code:
unzip amonet-lite.zip
cd amonet-lite
chmod 755 ./bootrom-step.sh
sudo su
./bootrom-step.sh
Attach your properly bricked tablet to your Linux computer with a USB cable, do try to use a pure USB2 port on your PC (if you have it). Your tablet should come up in the BootRom mode, and start interacting with the bootrom-step.sh script above (watch the output in the Linux terminal). The tablet screen will be off and you won't see anything. Follow the bootrom-step.sh script instructions. When the script prompts "Remove the short and press Enter", just press Enter (there is no short in this method!). Hopefully, everything works. If it freezes before finishing, disconnect the tablet, and let it sit for few hours (please report back if you had to wait for battery to drain here - mainly for statistics). The battery should drain, and the tablet will leave the BootRom mode. Try again in a few hours by re-running bootrom-step.sh, and connecting your bricked tablet to your Linux computer.
Here your tablet should have rebooted to TWRP. The screen might be blank, try to hit Power button twice to wake TWRP up. If you still don't see anything, try to turn the tablet off by holding the Power button. If nothing works, wait for the battery to drain, and then re-try.
Once TWRP comes up, go to "Install/Install Image", and install /sdcard/00/boot_orig.img to boot partition (here we are returning your original boot image to it's proper partition)
In TWRP, go to "Install", select Magisk zip from /sdcard/00, and install. Version 18.0 is known to be rock solid, the newer 18.1 may or may not work OK. If you do flash 18.1, please watch for TWRP installation errors.
In TWRP, go to "Install", select finalize_no_ota.zip from /sdcard/00,and install. You only need to do this once per new system image, to make sure OTA is disabled. Don't need to repeat this if you did not upgrade/sideload a fresh ROM. It will give an error message if it was already run before - in such a case ignore the error.
In TWRP, reboot
You should now be back in FireOS, but with Magisk for root. If you don't see Magisk Manager in your app list, install it via apk downloaded from this link. If you are bootlooping due to Magisk, reboot to TWRP using Pwr+Vol buttons, and start at Step 11 but using 18.0 Magisk this time.
If you would like to install Xposed, proceed to this post #2.
If your FireOS is not the latest version (6.3.0.1 at present), use instructions in post #3 to upgrade.
Notice. If you modify your tablet to the point of an unrecoverable bootloop, check if you can still boot TWRP. If you can, then you are still unlocked, and have simple ways to recover!!! Do not rush into doing a Factory Reset, reloading your OS, sideloading the stock Amazon ROM, repeating the full above procedure, etc. Come back here, ask questions, and wait for a competent answer. If TWRP is available, everything is relatively easy to fix!!!
TWRP system restore warning: Avoid backing up & restoring your system via TWRP. Unless you fully understand the current HD8 unlocking hack, unpleasant bricks may result! You are better off re-loading the fresh stock back (/system + /boot only) via TWRP, and then immediately re-applying Magisk and finalize zip. This way if you get into a bootloop, your TWRP is still there.
Q&A :
Q: How is this different from the approach by @xyz`? A: No need to remove the back cover. Also, the modified amonet script writes only ~4% of the data in the BootRom mode compared to the original method, thus reducing the chances of a freeze in case BootRom access is flaky. Finally, the battery pre-drain should enable BootRom to die reasonably quickly if it does freeze.
Want to say thanks by clicking the "Thanks" button ?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Magisk modules, and, Xposed in particular
In this post I shall cover the installation of Magisk modules and Xposed since this operation had presented certain challenges in the past.
Once you have Magisk up and running, install a couple of useful modules first.
Busybox-1.29.2-YDS-ARM.zip. You can flash it either via Magisk, or in TWRP. It does limited modifications to the system, and is very benign, in terms of potentially causing any bootloop issues (pretty much unheard of!).
Magisk Manager for Recovery Mode (mm). Please download this zip to /sdcard/00, and flash via TWRP. Run it in TWRP, and familiarize yourself fully with its features. Specifically, try to disable the above Busybox module, reboot to OS, and observe that the Busybox module is disabled. This module is your ticket out of any bootloop when you try to install more aggressive Magisk modules!
Now that you are familiar with ways to disable bootloop-y Magisk modules via TWRP, proceed to install Xposed. Thanks to @delessio100 (link) for helping me to sort things out on my first attempt!
Download the attached Xposed_Framework_(SDK_25)-89.3_(Systemless).zip to /sdcard/00
Reboot to TWRP, and flash it
Reboot to OS, and be prepared to wait good 10-15 minutes. The first boot is unusually long, where it looks like things are in bootloop. Things may be fine, just slow, wait!!! Most likely, you shall boot into FireOS, just have patience.
If the bootloop is continuing for more than 20 minutes, turn the tablet off via the long Power button press, and reboot to TWRP (Vol buttons + Power together). Run the above mm module (in TWRP terminal, type either mm, or /data/media/mm). Disable Xposed, and reboot to OS. You should boot back into OS without issues. Report your failure back to XDA, and wait for advice.
Install XposedInstaller_3.1.5-Magisk.apk from this link, and verify that the Xposed framework (Systemless) is active.
Install some modules from the list below, activate them in Xposed Installer/Modules, and reboot
In case you get into bootloop while installing other Magisk modules, simply disable those via mm. Then search for solutions on XDA
My favourite Xposed modules
App Settings, version 1.15. This module helps to control misc per app settings. My main use - make Chrome tabs look like those on cell phone, without tabs on top, see this link for examples. AppSettings for Chrome on HD8 to trigger the cell phone look: DPI 240, screen(dp) - 320x480.
Gravity Box - add a network traffic indicator to the status bar, I like to see how much data is coming in/leaving. Also, change battery color.
No Play Games. This will stop bugging you about Google Play Games installation for certain games
Per App Hacking - more options to change settings for a single app
XVolume30 - improve volume control, with more steps
How to upgrade FireOS version:
At this moment 6.3.0.1 is the latest version. If you have something older, just flash the 6301 zip file from this link in TWRP. After the flash, re-apply Magisk and its modules. Clear cache & dalvik in TWRP before reboot.
#4 - reserved
Is it required to create the sdcard/00 ? I cant seem to find the folder at least in the internal storage when connected over usb to it.
leakcheck said:
Is it required to create the sdcard/00 ? I cant seem to find the folder at least in the internal storage when connected over usb to it.
Click to expand...
Click to collapse
Yes, just create yourself!
So far so good I am at reboot to unlock fastboot!
---------- Post added 03-03-2019 at 12:01 AM ---------- Previous post was 02-03-2019 at 11:56 PM ----------
Hmm things looked good but now darkness lol
It had finished and said reboot to unlock fastboot but now nothing, power button does nothing.
leakcheck said:
So far so good I am at reboot to unlock fastboot!
---------- Post added 03-03-2019 at 12:01 AM ---------- Previous post was 02-03-2019 at 11:56 PM ----------
Hmm things looked good but now darkness lol
It had finished and said reboot to unlock fastboot but now nothing, power button does nothing.
Click to expand...
Click to collapse
OK. It may be still stuck in BootRom? If the cover is removed, could you disconnect the battery? Could you post the Linux log here?
bibikalka said:
OK. It may be still stuck in BootRom? If the cover is removed, could you disconnect the battery? Could you post the Linux log here?
Click to expand...
Click to collapse
[email protected]:~$ cd /home/admin/Downloads
[email protected]:~/Downloads$ cd /home/admin/Downloads/amonet-lite
[email protected]:~/Downloads/amonet-lite$ chmod 755 ./[email protected]:~/Downloads/amonet-lite$ sudo su
[email protected]:/home/admin/Downloads/amonet-lite# .bootrom-step.sh
.bootrom-step.sh: command not found
[email protected]:/home/admin/Downloads/amonet-lite# ./bootrom-step.sh
[2019-03-02 17:54:19.837131] Waiting for bootrom
[2019-03-02 17:54:34.187944] Found port = /dev/ttyACM0
[2019-03-02 17:54:34.188213] Handshake
[2019-03-02 17:54:34.188569] Disable watchdog
* * * Remove the short and press Enter * * *
[2019-03-02 17:55:56.007937] Init crypto engine
[2019-03-02 17:55:56.029801] Disable caches
[2019-03-02 17:55:56.030372] Disable bootrom range checks
[2019-03-02 17:55:56.044687] Load payload from ../brom-payload/build/payload.bin = 0x4690 bytes
[2019-03-02 17:55:56.049490] Send payload
[2019-03-02 17:55:56.588729] Let's rock
[2019-03-02 17:55:56.589343] Wait for the payload to come online...
[2019-03-02 17:55:57.321067] all good
[2019-03-02 17:55:57.321628] Check GPT
[2019-03-02 17:55:57.660554] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216), 'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), 'tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (124928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 40960), 'system': (215040, 6354944), 'vendor': (6569984, 460800), 'cache': (7030784, 1024000), 'userdata': (8054784, 22722527)}
[2019-03-02 17:55:57.660890] Check boot0
[2019-03-02 17:55:57.906247] Check rpmb
[2019-03-02 17:55:58.115712] Downgrade rpmb
[2019-03-02 17:55:58.117623] Recheck rpmb
[2019-03-02 17:55:59.012188] rpmb downgrade ok
[2019-03-02 17:55:59.012691] Inject microloader
[4 / 4]
[2019-03-02 17:55:59.343207] Flash lk-payload
[4 / 4]
[2019-03-02 17:55:59.709695] Flash preloader
[288 / 288]
[2019-03-02 17:56:11.854171] Reboot to unlocked fastboot
---------- Post added at 12:24 AM ---------- Previous post was at 12:17 AM ----------
I tried pulling the battery and now I get this when I try to connect via bootrom-step
[email protected]3:/home/admin/Downloads/amonet-lite# sudo ./bootrom-step.sh
[2019-03-02 18:12:58.394533] Waiting for bootrom
^[[B[2019-03-02 18:13:06.513079] Found port = /dev/ttyACM0
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 265, in open
self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
FileNotFoundError: [Errno 2] No such file or directory: '/dev/ttyACM0'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "main.py", line 123, in <module>
main()
File "main.py", line 51, in main
dev.find_device()
File "/home/admin/Downloads/amonet-lite/modules/common.py", line 80, in find_device
self.dev = serial.Serial(port, BAUD, timeout=TIMEOUT)
File "/usr/lib/python3/dist-packages/serial/serialutil.py", line 240, in __init__
self.open()
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 268, in open
raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 2] could not open port /dev/ttyACM0: [Errno 2] No such file or directory: '/dev/ttyACM0'
leakcheck said:
...
Click to expand...
Click to collapse
OK. Thank you for your valuable service!!! I will carefully check my procedure.
I think you are now coming up in the preloader mode, since preloader is now appears to be working fine. Disconnect the battery, and attempt to short the contacts, following the original procedure here: https://forum.xda-developers.com/hd...fire-hd-8-2018-downgrade-unlock-root-t3894256
My procedure is a one shot option, once the preloader is restored, you are back to shorting contacts.
Awesome ok now the shorting contact method worked, however I am not sure what I am suppose to do from here, the directions say I can use fastboot devices to check to see if its good to start( alledgedly should see an amazon logo) the fastboo-stept.sh process. I am not seeing the logo, do you know if this is a long process ?
I think I have it! Took me several tries and many reboots! Thanks for all the help!
leakcheck said:
I think I have it! Took me several tries and many reboots! Thanks for all the help!
Click to expand...
Click to collapse
Great! I've updated instructions to have some quality control along the way as to avoid some critical user errors. I have also kept amonet script as close to the original as possible. Will be asking for more volunteers
Nice guide, @bibikalka!
Although I can't help but think this could be made easier. If you guys update the LK exploit for the latest FW, then you won't need to reboot to the bootrom. If I understand correctly, the only reason that's necessary is to downgrade. Otherwise, everything could be flashed from the OS. And even if there is no way around clearing the RPMB, I'm pretty sure the crypto stuff could be done from the OS as root too.
diplomatic said:
Nice guide, @bibikalka!
Although I can't help but think this could be made easier. If you guys update the LK exploit for the latest FW, then you won't need to reboot to the bootrom. If I understand correctly, the only reason that's necessary is to downgrade. Otherwise, everything could be flashed from the OS. And even if there is no way around clearing the RPMB, I'm pretty sure the crypto stuff could be done from the OS as root too.
Click to expand...
Click to collapse
Excellent points! I raised them before. And, there are a few practical challenges to consider
Updating LK exploits is very time consuming. It's easier to have people install Linux, and clear RPMB, than to hack every new LK version.
For example, I could not convince @xyz` yet to even fix his current exploit. As is, it writes at 2Mb offset into boot0 which is only 1Mb in size. So no easy dd access to the exploit address for now ...
Also, the approach presented here is quite generic, if HD10 gained an unlock, one could again clear RPMB, and use whatever LK was hacked.I
A few people could get by without clearing rpmb, but these would always be in minority ... So the current foolproof method is more complex, but also more general as well. It's a compromise!
I made it to bootrom-step.sh, and that appears to have run successfully. However now when I try
Code:
fastboot reboot recovery
I get the usage message for fastboot:
Code:
# ./bootrom-step.sh
[2019-03-04 00:27:18.798732] Waiting for bootrom
[2019-03-04 00:27:26.336656] Found port = /dev/ttyACM0
[2019-03-04 00:27:26.336890] Handshake
[2019-03-04 00:27:26.337276] Disable watchdog
* * * Remove the short and press Enter * * *
[2019-03-04 00:27:56.377687] Init crypto engine
[2019-03-04 00:27:56.395798] Disable caches
[2019-03-04 00:27:56.399726] Disable bootrom range checks
[2019-03-04 00:27:56.410763] Load payload from ../brom-payload/build/payload.bin = 0x4690 bytes
[2019-03-04 00:27:56.412639] Send payload
[2019-03-04 00:27:57.074721] Let's rock
[2019-03-04 00:27:57.075569] Wait for the payload to come online...
[2019-03-04 00:27:57.807523] all good
[2019-03-04 00:27:57.807917] Check GPT
[2019-03-04 00:27:58.164678] gpt_parsed = {'proinfo': (1024, 6144), 'PMT': (7168, 9216), 'kb': (16384, 2048), 'dkb': (18432, 2048), 'lk': (20480, 2048), 'tee1': (22528, 10240), 'tee2': (32768, 10240), 'metadata': (43008, 80896), 'MISC': (123904, 1024), 'reserved': (124928, 16384), 'boot': (141312, 32768), 'recovery': (174080, 40960), 'system': (215040, 6354944), 'vendor': (6569984, 460800), 'cache': (7030784, 1024000), 'userdata': (8054784, 22480863)}
[2019-03-04 00:27:58.164880] Check boot0
[2019-03-04 00:27:58.410125] Check rpmb
[2019-03-04 00:27:58.619520] Downgrade rpmb
[2019-03-04 00:27:58.621743] Recheck rpmb
[2019-03-04 00:27:59.515990] rpmb downgrade ok
[2019-03-04 00:27:59.516232] Flash lk-payload
[4 / 4]
[2019-03-04 00:27:59.847318] Flash preloader
[288 / 288]
[2019-03-04 00:28:06.291277] Inject microloader
[4 / 4]
[2019-03-04 00:28:06.623363] Reboot to unlocked fastboot
[email protected]/amonet-lite# fastboot reboot recovery
usage: fastboot [ <option> ] <command>
commands:
update <filename> Reflash device from update.zip.
flashall Flash boot, system, vendor, and --
if found -- recovery.
flash <partition> [ <filename> ] Write a file to a flash partition.
flashing lock Locks the device. Prevents flashing.
...
A few things I was able to try:
At this point I have the amazon logo on a black screen:
Holding down the power button shuts off the tablet.
Issuing
Code:
fastboot reboot
reboots the tablet to the Amazon logo
Issuing
Code:
fastboot reboot-bootloader
reboots the table and I get a black screen with just
Code:
=> FASTBOOT mode...
at the bottom
If I shut down the tablet, and rerun the script, I get the following:
Code:
# ./bootrom-step.sh
[2019-03-04 00:39:41.574553] Waiting for bootrom
[2019-03-04 00:39:51.413047] Found port = /dev/ttyACM0
[2019-03-04 00:39:51.413639] Handshake
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 537, in write
n = os.write(self.fd, d)
OSError: [Errno 5] Input/output error
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "main.py", line 121, in <module>
main()
File "main.py", line 54, in main
handshake(dev)
File "/home/spdqbr/Fire HD 8 2018/amonet-lite/modules/handshake.py", line 9, in handshake
dev.handshake()
File "/home/spdqbr/Fire HD 8 2018/amonet-lite/modules/common.py", line 97, in handshake
c = self._writeb(b'\xa0')
File "/home/spdqbr/Fire HD 8 2018/amonet-lite/modules/common.py", line 91, in _writeb
self.dev.write(out_str)
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 571, in write
raise SerialException('write failed: {}'.format(e))
serial.serialutil.SerialException: write failed: [Errno 5] Input/output error
I appear to be stuck from this point. Do you have any suggestions?
@spdqbr - Sounds like your fastboot is out of date. Several of the mainstream repos have this problem. The reboot recovery option didn't come along until more recently. Try updating manually from sdk or Google for one of the updates you can wget and copy over the existing.
spdqbr said:
I made it to bootrom-step.sh, and that appears to have run successfully. However now when I try
Code:
fastboot reboot recovery
I get the usage message for fastboot:
...
I appear to be stuck from this point. Do you have any suggestions?
Click to expand...
Click to collapse
Ok, I think you have made it! You are success case #1 !!!
Turn the tablet off, and boot recovery by holding Vol buttons when you press Power to turn it on (the usual deal). I think I shall remove the unlocked fastboot flashing from amonet, since it only creates issues.
ktdt00 said:
@spdqbr - Sounds like your fastboot is out of date. Several of the mainstream repos have this problem. The reboot recovery option didn't come along until more recently. Try updating manually from sdk or Google for one of the updates you can wget and copy over the existing.
Click to expand...
Click to collapse
Interesting. Indeed then, it's another option - updating fastboot on Linux/Windows.
I've got a 2018 HD8 that's just sitting here with its battery dead waiting for this exact moment; however, my machine runs Windows (I know, I know).
Is there a LiveCD that you'd recommend to complete this task? Just straight up Ubuntu I assume? Haven't run Linux as my daily driver in a few years so thought I'd double check before downloading anything. For ModemManager I'd assume it would just be `sudo apt-get remove modemmanager` correct?
Thanks!
I've gotten through all the steps, but i'm stuck at fastboot reboot recovery, I am running on arch and have the latest android-tools, so it shouldn't be an out of date problem unless its a feature that hasn't hit actual release yet, holding volume when turning on doesn't do anything.
EDIT: Turns out the package is out of date, because google split adb and fastboot into seperate packages, I got the command working, but it doesn't reboot into twrp it just goes to the amazon logo again, and I never downloaded a twrp image as far as I know.
Also unless this changes this, the HD 8 can not boot to recovery with vol buttons, so removing the fastboot part may not be a great idea, at-least if I understand it right.
EDIT2: I figured it out, I had to download the non-lite amonet because it contained an extra fastboot shell script that actually flashed the recovery, amonet-lite didn't
EDIT3: TWRP cant find the boot_orig.bin file, it finds unlock_recovery-inj.img but not bin files, in both image and zip mode
Also flashing magisk worked, but flashing finalize_no_ota.zip errored with code 1, then any following attempts with code 255
EDIT4: I just ended up doing the rest of the instructions on the original guide, I had to factory reset but that's alright. Thanks, this worked and I never had to open my device! Tester #2 (or 3)
I can't wait to see roms for this, get rid of this amazon garbage
So project treble android Q based GSI image is released.
So any one try it and know us is it working or not.
Actually i will Do that but i am Outside so i cants do it rightnow.
so it will be helpful to know whats working and how the rom is as it is beta release we can except the bugs.
Download link ARM64 AOSP:
https://developer.android.com/preview/gsi-release-notes
Same problem as Q sGSI from Erfan and my Blueline Q port. MediaProjectionService incorrect uid or something.
We might have to wait for OP to fix it cause I tried multiple vendors and boot.imgs and none worked.
And repacking Q GSI and AOSP Master builds just breaks their boot so I can't even mod system or anything.
ProtoDeVNan0 said:
Same problem as Q sGSI from Erfan and my Blueline Q port. MediaProjectionService incorrect uid or something.
We might have to wait for OP to fix it cause I tried multiple vendors and boot.imgs and none worked.
And repacking Q GSI and AOSP Master builds just breaks their boot so I can't even mod system or anything.
Click to expand...
Click to collapse
Ok man lets take some time u will do it..... ?
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
The difference between Oreo launched and Pie launched, is that Oreo didn't enforce System ad root, only Treble
Pie enforces system as root, so thats maybe the reason? We still have the Oneplus 6t that is absolutly the same so.
CyanideIII said:
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
Click to expand...
Click to collapse
Booted fine on OP5,
GSI from Erfan,
evilbait said:
Booted fine on OP5,
GSI from Erfan,
Click to expand...
Click to collapse
Any link pls?
CyanideIII said:
To install the Android Q GSI on your device, you’ll need to meet the following requirements:
Your device "launched" with Android 9 Pie and is Treble-compliant.....
Our device launched with Oreo
Is it going to work?
Click to expand...
Click to collapse
If you read the requirements document (from the OP link) then the op6, even though not released with pie, meets all the criteria to be able to boot the gsi.
---------- Post added at 10:05 PM ---------- Previous post was at 10:02 PM ----------
Astrubale said:
Any link pls?
Click to expand...
Click to collapse
In the treble section
https://forum.xda-developers.com/pr...ment/rom-android-p-developer-preview-t3816659
Has anyone booted yet?
goRt said:
If you read the requirements document (from the OP link) then the op6, even though not released with pie, meets all the criteria to be able to boot the gsi.
Click to expand...
Click to collapse
-They are unlocked.
-They have Treble support.
-They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
I know but why they said ”launched with Android 9"? All devices that launched with Android 8 must have treble Support!
CyanideIII said:
-They are unlocked.
-They have Treble support.
-They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
I know but why they said ”launched with Android 9"? All devices that launched with Android 8 must have treble Support!
Click to expand...
Click to collapse
The GSI requirements document:
https://developer.android.com/topic/generic-system-image
goRt said:
The GSI requirements document:
https://developer.android.com/topic/generic-system-image
Click to expand...
Click to collapse
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM ???
CyanideIII said:
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM ???
Click to expand...
Click to collapse
Dude,
You're ignoring the answer that I've pointed you to twice, because you don't like the answer:
https://developer.android.com/topic/generic-system-image#device-compliance
Code:
Check devices for compliance
GSI works only on devices with the following characteristics:
They are unlocked.
They have Treble support.
They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
Warning: Attempting to flash GSI to a non-compliant device could result in your device becoming non-bootable. Always confirm that your device is compliant before flashing, and follow the installation steps provided by your device's manufacturer.
GSI doesn't support rollback. You will need a recovery method and original system ROM to revert to the original system.
To determine whether your device can use GSI and determine which GSI OS version you should install, do the following:
Check for Treble support by running the following command:
adb shell getprop ro.treble.enabled
If the response is false, the device isn't compatible with GSI and you shouldn't continue. If the response is true, continue to the next step.
Check for cross-version support by running the following command:
adb shell cat /system/etc/ld.config.version_identifier.txt \
| grep -A 20 "\[vendor\]"
Note: Depending on your platform, the configuration file in the preceding command may or may not have a version identifier in it.
In the output, look in the section [vendor] for namespace.default.isolated.
If the value for that attribute is true, then the device fully supports Vendor Native Development Kit (VNDK) and can use any GSI operating system (OS) version. Choose the latest GSI OS version available.
If the value for the attribute is false, then the device isn't fully VNDK-compliant, and the device can use only the GSI for the same on-device OS version. For example, an Android 9 (API version 28) device that isn't VNDK-compliant can load only an Android 9 GSI image.
The GSI CPU architecture type must match the device’s CPU architecture. To find the right CPU architecture for the GSI image, run the following command:
adb shell getprop ro.product.cpu.abi
Use the output to determine which GSI image to use when flashing your device. For example, on a Pixel 3, the output would indicate that the CPU architecture is arm64-v8a, so you would use the arm64 type of GSI.
For devices that were upgraded to Android 9 from an earlier version, there are two different types of legacy GSI images available: _a and _ab. The system user's privilege level on the device determines which type to use.
To determine the system user’s privilege level, run the following command:
adb shell cat /proc/mounts | grep -q /dev/root && echo "system-as-root" || \
echo "non-system-as-root"
If the output of the command is system-as-root, you must use the _ab type of GSI image. If the output is non-system-as-root, you must use the _a type. If neither value is in the output of the command, the device isn't compatible with GSI and you shouldn't continue.
CyanideIII said:
Dude you're just ignoring my question
I copied that terms from Android developer site and wrote my problem with that
And again you just shared that link
NVM
Click to expand...
Click to collapse
You can also just read further than "They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI." and enter each command to check for GSI support.
The OnePlus 6, even if launched with Android 8, has been updated to Android 9, and is fully compliant with GSI requirements (check attachment)
goRt said:
Dude,
You're ignoring the answer that I've pointed you to twice, because you don't like the answer:
https://developer.android.com/topic/generic-system-image#device-compliance
Code:
Check devices for compliance
GSI works only on devices with the following characteristics:
They are unlocked.
They have Treble support.
They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI.
Warning: Attempting to flash GSI to a non-compliant device could result in your device becoming non-bootable. Always confirm that your device is compliant before flashing, and follow the installation steps provided by your device's manufacturer.
GSI doesn't support rollback. You will need a recovery method and original system ROM to revert to the original system.
To determine whether your device can use GSI and determine which GSI OS version you should install, do the following:
Check for Treble support by running the following command:
adb shell getprop ro.treble.enabled
If the response is false, the device isn't compatible with GSI and you shouldn't continue. If the response is true, continue to the next step.
Check for cross-version support by running the following command:
adb shell cat /system/etc/ld.config.version_identifier.txt \
| grep -A 20 "\[vendor\]"
Note: Depending on your platform, the configuration file in the preceding command may or may not have a version identifier in it.
In the output, look in the section [vendor] for namespace.default.isolated.
If the value for that attribute is true, then the device fully supports Vendor Native Development Kit (VNDK) and can use any GSI operating system (OS) version. Choose the latest GSI OS version available.
If the value for the attribute is false, then the device isn't fully VNDK-compliant, and the device can use only the GSI for the same on-device OS version. For example, an Android 9 (API version 28) device that isn't VNDK-compliant can load only an Android 9 GSI image.
The GSI CPU architecture type must match the device’s CPU architecture. To find the right CPU architecture for the GSI image, run the following command:
adb shell getprop ro.product.cpu.abi
Use the output to determine which GSI image to use when flashing your device. For example, on a Pixel 3, the output would indicate that the CPU architecture is arm64-v8a, so you would use the arm64 type of GSI.
For devices that were upgraded to Android 9 from an earlier version, there are two different types of legacy GSI images available: _a and _ab. The system user's privilege level on the device determines which type to use.
To determine the system user’s privilege level, run the following command:
adb shell cat /proc/mounts | grep -q /dev/root && echo "system-as-root" || \
echo "non-system-as-root"
If the output of the command is system-as-root, you must use the _ab type of GSI image. If the output is non-system-as-root, you must use the _a type. If neither value is in the output of the command, the device isn't compatible with GSI and you shouldn't continue.
Click to expand...
Click to collapse
casual_kikoo said:
You can also just read further than "They were launched with Android 9 (API level 28) or higher. Devices upgraded to Android 9 from an earlier version may or may not support GSI." and enter each command to check for GSI support.
The OnePlus 6, even if launched with Android 8, has been updated to Android 9, and is fully compliant with GSI requirements (check attachment)
Click to expand...
Click to collapse
Now i get it
Sorry and thank you both
i really want to test this but not sure how
Any new info on Android 10 for op6
What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 19.1 suitable for using to re-lock the bootloader on a Google Pixel 5
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 19.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 20.04 installation, if you are using Windows or another Linux distro, the commands may be different or not work at all.
Supported devices:
The following devices have been tested and confirmed to work:
OnePlus 5T (dumpling)
OnePlus 6 (enchilada)
OnePlus 6T (fajita)
OnePlus 7 (guacamoleb)
OnePlus 7 Pro (guacamole)
Google Pixel 4 (flame)
Google Pixel 5 (redfin)
Note: As of OxygenOS 12, OnePlus no longer supports bootloader relocking with custom keys, as such, any OnePlus device that receives official Android 12 and has LineageOS 19.1 based on it (which include the 8/8T/9 models) cannot be supported.
For simplicities sake, all further references will only be to the Google Pixel 5 (redfin).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 19.1 (recommended 8 cores, 32g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 19.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki (https://wiki.lineageos.org/devices/redfin/build) for details on how to complete these tasks
if you have generated your signing keys at some significant time in the past, you may have generated 2048 bit keys. 4096 bit keys are now supported and recommended, so you may want to generate new keys for LineageOS 19.1. If you decided to continue to use the 2048 bit keys make sure to make the appropriate changes in step 2 and 3 below.
signing with keys that have passwords set can cause problems, the easiest way around this is to *not* set a password when you generate your signing keys, however this does add risk that if your key files are stolen, no password is required to use them.
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/.android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/redfin
mkdir ~/android/redfin/patches
mkdir ~/android/redfin/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message (this may no longer be required).
Step 2: Update the signing keys to use & enable AVB
The Pixel 5 device files are mostly contained in the shared "redbull" device for the Pixel 5 and 5 Pro. You will need to add a few parameters to the shared make file found here: ~/android/lineageos/device/google/redbull/BoardConfigLineage.mk, they are:
Code:
BOARD_AVB_ALGORITHM := SHA256_RSA4096
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/device/google/redbull
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/' BoardConfigLineage.mk
Step 3: Set the AVB key to use
To set the correct signing key to use for AVB, do the following:
Code:
cd ~/android/lineageos/device/google/redbull
sed -i 's/external\/avb\/test\/data\/testkey_rsa2048.pem/\/home\/<userid>\/.android-certs\/releasekey.key/' BoardConfig-common.mk
sed -i 's/SHA256_RSA2048/SHA256_RSA4096/' BoardConfig-common.mk
Don't forget to replace your <userid> in the first sed command above with your current logged in user id.
Step 4: Patch the AOSP and Device Makefile
You also need to patch the Makefile included with AOSP as it will otherwise fail during the build.
The required patch can be found here:
https://raw.githubusercontent.com/Wunderment/build_tasks/master/source/core_Makefile-19.1.patch
Download it and store in ~/android/redfin/patches.
Now apply it with the following command:
Code:
cd ~/android/lineageos/build/core
patch Makefile ~/android/redfin/patches/core-Makefile-fix-19.1.patch
If you would like to know more about this patch, see the additional info at the bottom of this post.
Step 5: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
breakfast redfin
croot
mka target-files-package otatools
Step 6: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Step 7: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-19.1-[date]-UNOFFICIAL-redfin-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 8: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/redfin/pkmd/pkmd.bin
Note: if you don't have a releasekey.key file in your certificate directory, use the following command to generate one:
Code:
openssl pkcs8 -in releasekey.pk8 -inform DER -out releasekey.key -nocrypt
Step 9: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer. Or, if you want to use the recovery that was just created, it is located in ~/android/lineageos/out/target/product/redfin and is called vendor_boot.img.
Reboot your phone in to recovery mode
In LineageOS Recovery return to the main menu and select "Apply update", then "Apply from ADB".
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-19.1-[date]-UNOFFICIAL-redfin-signed.zip
When the sideload is complete, reboot into LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously, it's best to do so anyway. In LineageOS Recovery return to the main menu and select "Factory reset", then "Format data/factory reset", then confirm with "Format data".
Step 10: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/redfin/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot flashing lock
On your phone, confirm you want to re-lock and it will reboot
Note: If you have already flashed a custom avb key you must erase it before flashing the new one, use "fastboot erase avb_custom_key" to do so.
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 11: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 12: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files as well as give you root shell access through ADB. Step 3/4 above protects your system/vendor/boot/dtbo/etc. partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous builds/versions of LineageOS. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
The above build will not include other items like GAPPS or Magisk. Those are outside the scope of this tutorial.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the AOSP Makefile may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the file to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
You can! See https://forum.xda-developers.com/t/...ustom-rom-such-as-lineageos-official.4260825/ for more details.
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo/etc. partitions stored in vbmeta. Official LineageOS builds for redfin do include the vendor.img in them along with everything else that is needed, however that is not true for all phones.
An "issue" that might stop someone from using the official redfin builds is that AVB is enabled in the official LineageOS builds but does not validate the hash trees during boot which limits the protection offered.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message and then the standard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what does that patch to the Makefile do?
AOSP's default Makefile makes an assumption that when AVB is enabled, that all the img files will be available well before vbmeta.img is created. This is simply NOT true and AOSP seems to know this as well from the following comment in the Makefile:
Code:
# Not using INSTALLED_VBMETA_SYSTEMIMAGE_TARGET as it won't be set yet.
ifdef BOARD_AVB_VBMETA_SYSTEM
$(eval $(call check-and-set-avb-args,vbmeta_system))
endif
ifdef BOARD_AVB_VBMETA_VENDOR
$(eval $(call check-and-set-avb-args,vbmeta_vendor))
endif
These two calls eventual evaluate to returning the path to the partitions based upon the INSTALLED_*IMAGE_TARGET variable, which isn't created until later in the build process.
Because of this, the command to build vbmeta.img gets corrupted due to the missing make variable being empty and an invalid command line is passed to avbtool near the end of the build.
The corruption happens due to the fact that the following line from the original Makefile:
Code:
--include_descriptors_from_image $(call images-for-partitions,$(1))))))
Gets added to the avbtool call even if "$(call images-for-partitions,$(1))" turns out to be an empty string. Avbtool then throws an error message as it is expecting a parameter after the "--include_descriptors_from_image" flag that is added for the "empty" partition path.
The fix is to call "$(call images-for-partitions,$(1))" earlier, set it to a variable and check to make sure it isn't an empty string before letting the "--include_descriptors_from_image" be added to the avbtool command line to be used later.
This technically generates an incomplete vbmeta.img file during the build process, but since the signing process recreates it from scratch anyway; no harm, no foul.
Thank-Yous
Obviously to all of the members of the LineageOS team!
aleasto & mikeioannina for supporting redfin
optimumpro for the OnePlus 5/5t re-locking guide which inspired this one
Quark.23 for helping with the process and testing on enchilada
Related guides
OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299)
Re-locking the bootloader with a pre-built custom ROM, such as LineageOS official (https://forum.xda-developers.com/t/...ustom-rom-such-as-lineageos-official.4260825/)
Re-locking the bootloader on the OnePlus 6t with a self-signed build of LOS 17.1 (https://forum.xda-developers.com/t/...s-6t-with-a-self-signed-build-of-los.4113743/)
Re-locking the bootloader on the OnePlus 8t with a self-signed build of LOS 18.1 (https://forum.xda-developers.com/t/...with-a-self-signed-build-of-los-18-1.4259409/)
A discussion about bootloader locking/unlocking... AKA I want to relock my bootloader, should I? (over on [reddit]/ r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/) (link broken on purpose to avoid the linked post being embedded here)
Thank you for your guides on bootloader relocking. They have helped to enable bootloader relocking on other devices.
After "all further references will only be to the Google Pixel 5 (redfin)" but before the "Thank-Yous", there are a few (typos?) that refer to the oneplus. In particular, beneath "Other things" and "under what messages do I see during the boot process then?"
HTH
If anyone is interested, I made a tool to automate all this using Hetzner Cloud. This tool's client can pretty much run on anything, including android itself on Termux(since it's a terminal app). You can make the tool upload the finished builds to your private repo so no need to worry about letters from Google for using GAPPS.
Bash:
wget -O ham "https://github.com/antony-jr/ham/releases/download/stable/ham-linux-amd64"
chmod a+x ham
./ham init # Init with your Hetzner Cloud API (Only Once)
./ham get [email protected]/enchilada-los19.1:gapps
# Without gapps
./ham get [email protected]/enchilada-los19.1
# You can close the terminal app after it starts tracking remote build
# the build continues to run on the cloud until finishes or errors out,
# in both cases the server destroys itself to save you a lot of cost.
# It cost me 0.30 euros for single build which ran for about 3 hours.
Thanks for the OP though, I copied a lot of scripts from WundermintOS.
Now the output of the build can be flashed like the OP described for OnePlus 6 and the pkmd.bin file will be included in the recovery zip file along with the boot/recovery image. The tool will ask you question before it starts the build for the variables, like the path to Android Certs in a zip file which will be used for signing.
For anyone that is interested, I've posted an updated guide for LineageOS 20.0 on the Pixel 6 here.