Unlock Bootloader on Android 8/9 (Testpoints, DC Phoenix) [NOT FREE] - Honor 9 Guides, News, & Discussion

Hello,
I just found a way to unlock your bootloader on Android 8 (and possibly 9). This method may also work on other phones if they were released with pre June 2018 Android 8 (where the patch for this "exploit" was release as a Android security patch). Just make sure to use the appropriate versions for your phone (also search for a proper board software for your phone)
If your phone is on Android 8 with a security patch lower than June 2018 or on Android 7, you can just buy 4 credits here, then follow this tutorial.
If you are on a higher security patch than June 2018 (also called GPU Turbo in changelogs by Huawei) or on Android 9 (untested), follow the following steps:
Requirements
DC Phoenix (72h timed license costs 19€)
Accessible testpoints (phone needs to be opened)
Step 1:
Write down your IMEI(s), SN, MAC addresses and the current version you are on (e.g. 8.0.0.385C432)
Step 2:
Buy DC Phoenix and install it
Step 3:
Just follow steps 1 - 4 from this tutorial. If you are having trouble enabling manufacturer mode in step 4 because the rom is in chinese, follow this video which shows where to click. HCU will also output the bootloader code in the log, which you should write down.
Step 4:
Now we are doing things a bit differently than in the linked tutorial above: In DC Phoenix click on "Download files" and search for the Android version you had before downgrading to the chinese Android 7 testrom (e.g. 8.0.0.385C432). If you can't find the same one, use a higher one (focus in the 385 part which is the build, also called B385. also make sure the C number matches because that is the region). You should be able to find the main update.app and one customization update.app file. If you have problems with DC Phoenix because it does not enter upgrade mode, put it there manually (described in step 1 here). Your phone should now boot up. To a working android 8 version. If it boots with a google/android logo and your settings says something like "0QT6" for the version, you need to go to to androidhost.ru and search for your phone. It should yield a few results, just pick the same version (or a higher) you flashed with DC Phoenix (e.g. for 8.0.0.385C432 it's this one). There will be a document detailing how to install it via DLOAD (use force upgrade method). After that, your C numer should be fine and updates can be installed (you can update to android 9, then unlock you bootloader via the code from HCU and then install a custom rom)
That's it basically.

Related

Guide for noobie

Hi,
I'm currently waiting for buy the Xperia XZ. I check some of XDA's thread and with Sony's smartphone I'm still afraid. So I want to know if there is a thread gathering all the detailled step to root, install TWRP, flash latest firmware, install custom ROM etc... ?
Thanks a lot
[Guide] Here is the DHGE guide for rooting SONY devices 2019-04
Changelog at the bottom of this post.
nathan30 said:
if there is a thread gathering all the detailed step to root, install TWRP, flash latest firmware, install custom ROM etc... ?
Click to expand...
Click to collapse
No - but you can find all you need to know here in this forum or in the devices-fora later than Z3+ or SONY-cross-device.
https://forum.xda-developers.com/crossdevice-dev/sony
Good introductory (written for devices before Z3+):
https://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
It is still valid but the 2015 and newer devices are not rootable anymore as described thanks to DM-Verity.
For rooting the current device you have to open the bootloader.
Any claims to the contrary found "on the web" are only tricks to have you install "interesting" software on a Windows PC.
Do you want root?
A classic post to help you decide
No:
wait for the OTA-updates from SONY (over the air - prosaic?)
don't like waiting or want to downgrade: get Flashtool http://www.flashtool.net
it comes with Xperifirm that finds you the latest ROM
https://forum.xda-developers.com/cr...xperifirm-xperia-firmware-downloader-t2834142
Unfortunately Xperifirm only finds the latest ROM (the only available on SONYs servers) so you better keep your downloads (>2 GBytes each) or find an older ROM in case you need it (xda has a search function). Here you'll find some ROM-versions: https://xpericheck.com
since my Xperia XZ/XZ1 I occasionally have problems with Flashtool that it requires a FSC-script which does not come with it or can not easily be copied from a similar device.
Now I use Newflasher https://forum.xda-developers.com/cr...gress-newflasher-xperia-command-line-t3619426 by @munjeni. This is a command line tool that for me unfortunately only works under Windows (have JDK issues under Debian).
You unpack the ROM (ftf-file) and place the newflasher.exe in the directory where you unpacked to. Then you start the device in flash mode (power on while holding the volume down key) and run the tool from the command line as administrator/root.
If you do not delete userdata.sin you will initiate the equivalent of a factory reset (aka loose all your data and settings!). For an upgrade within the same Andoid version I always delete userdata.sin before newflashing.
Yes:
As stated above, you need to unlock the bootloader to modify the system software on your device. Fortunately SONY gives (for non-carrier-locked) devices the option to unlock the bootloader.
Check if unlocking is allowed: in the service menu (dial *#*#7378423#*#* or *#*#SERVICE#*#* ) check under "Service Info"->"Configuration" the line "Bootloader unlock allowed:"
If you read anything other than "Yes" Stop here!
No: flashing another SONY Rom ("Customized CountryX") does not help you.
Hint: there is an app "SONY service menu" in the app-repository (F-Droid or Google).
OK - you can Now it is your last chance to save your device keys or "backup the trim area partition"
You should do this if you ever want to return to a SONY "blessed" state. e.g claiming service in countries where warranty is not for devices with unlocked bootloader or you want to sell it.
There are some device specific kernels out there whose authors state that they mitigate all DRM issues once the TA is restored. I guess you need these kernels otherwise restoring the TA locks up your device ...
Otherwise do not bother with restoring the TA-partition. Doing so after the next steps will soft brick your device.
Now you have to prepare your PC with some drivers in order to start the backup process:
Go to SONY's developver world http://developer.sonymobile.com
Under "Downloads" you will find the drivers for the XZ or any other device http://developer.sonymobile.com/downloads/drivers/xperia-xz/
These drivers are for Windows, do not bother if you are running a free operating system.
To get fastboot running you might additionally have to find the "fastboot_driver" in the download area. Put the content of the ZIP-file into the directory where you you unzipped the device driver and install it via right-clicking on the file android_winusb.inf.
Install these drivers if you are a Windows user. Under Windows 8 and newer there could be problems with installing "non signed" drivers.
Do a web/xda search to circumvent this security measure of Microsoft or do click on reboot while holding the shift-key and figure it out yourself.
http://www.flashtool.net/win8drivers.php
When you are installing: You also need to install the programs adb and fastboot.
https://forum.xda-developers.com/showthread.php?t=2317790
If you are running a free operating system: search for adb/fastboot or Android SDK in your repository and install these.
Running Linux it helps to insert the udev-rule mentioned in http://www.flashtool.net/lininstall.php otherwise you have to run esp. fastboot with root-privileges (not recommended, although the udev rule saves no punches ...)
On Android on your SONY device you have to be root to save a partition - catch 22 :crying: ...
https://en.wikipedia.org/wiki/Catch-22
Don't fear the ... / catch: For Android Marshmallow ROMs, e.g. up to version 39.0.A.3.30 of the Xperia XZ ROM, exists an exploit of the copy on write function in the Linux kernel that gets you root privileges temporarily.
On newer devices where there is no Marshmallow ROM with a vulnerable kernel available you are out of luck until another exploit is found.
Follow https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
Hint: In post #21 is described how to restore the TA (read the last sentence! -> you have to flash a stock ROM after restore).
If it does not work the first time let the tarnished bovine do its stride several times more.
Or: Repeat the process until success.
If you are already on Nougat you must downgrade the system ROM (see above) to use the exploit and backup the TA-partition.
The latest exploit that is available for devices that came out with Oreo uses a different exploit.
Search for this exploit in the specific forum or on "Sony Cross Device". If you are already on Pie you have to download an Oreo ROM for your device.
This is similar to the procedure described above that has the Xperia XZ in mind.
TA-partiton backed up?
Now the non-reversible part:
Under http://developer.sonymobile.com/unlockbootloader/ you request an unlock code.
READ, READ what SONY have written there!
- You will lose some DRM functionality: https://forum.xda-developers.com/z3-compact/general/loss-drm-keys-t2890936
- Your device will factory reset. You have a backup?
You can get the IMEI-number from the original package of your phone (if you have good eye sight and nobody swapped the boxes) or pull a tab from the side of the phone (you do not want to do that) or print a screen shot of the relevant page of your service menu or head into settings->about device->status->IMEI-Info.
You follow SONY's instructions to unlock the bootloader and hold your breath as after a long reboot everything on your device is wiped. On the newer devices you get an ugly warning "the device can't be trusted anymore".
NEVER EVER enable the MyXperia software from now on!
On some devices this in combination with an unlocked bootloader will hard brick your device.
Here was a link to fxpblog where they destroyed two devices.
Hey, you have been warned. With the TA-backup you always can return to the chicken den.
Become a "developer"
- Tap seven times on the build number of your device. (settings->device info)
- then enable "OEM unlocking" (new for the 2016 and later devices like XZ) and "USB-debugging"
You have read the SONY advice?
Next decision: Root stock ROM or go Custom Rom?
I am VERY happy with LineageOS on a Tablet Z and other devices in my household. I liked the Resurrection Remix ROM on my SAMSUNG phone.
Your mileage may vary: Testing a ROM and reversing will cost you with a proper backup minimum 4-5 hours.
If you choose a custom ROM:
- read the thread to get a hunch if you really want to install it (get over the off topic noob questions and annoying full quotes)
- Follow the instructions of the first page of the ROM-thread to install it. If you can not do this: stop or be prepared for searching and learning.
From February 2017 until May 2017 I had eXistenZ N on my Xperia XZ and like the UI tuning modifications. This "ROM" does not come pre-rooted it is a patch for the stock ROM (match the versions exactly!) that enhances the settings/look.
On SONY devices I recommend rooting stock ROMs.
Shortcut: Pie users can proceed to step 7 here
Having a custom kernel might still be advantageous for you.
You need a custom (or modified stock) kernel (aka boot image) with DM-Verity and SONY-RIC OFF.
This kernel has to be in sync with your ROM. Flashing an unsuitable kernel (e.g. MM-kernel on N-Roms) will result in a boot loop aka "soft brick".
You even can bake one yourself (no easy task) if you find/adapt the sources for your device. -> first stop SONY developer world
This is might be easy! THANKS to the efforts of @AndroPlus, @janjan and others.
You have to look into the device specific fora to find a proper kernel for your ROM-version.
They have also included many patches to improve battery life, mitigate some (e.g. camera) issues from the loss of the device keys ...
Download the kernel and recovery for your device and ROM-version and follow the kernel makers' instructions.
On devices where there is no custom kernel, you can try patching the stock kernel to switch off RIC and DM-verity. In reality behind the scenes it is a bit more than just patching (=modifying) the kernel. You also get some updated init-scripts and as a end result a new boot.img
Very useful is [PoC][Work in progress] Trim Area Proof Of Concept developed by @munjeni
These scripts not only prepare a stock kernel for rooting but also put your TA backup from above to such a use that you regain the DRM-features lost by opening the bootloader! So you do not need a custom kernel with partial DRM-fixes!
For Oreo it is more complicated (it might be easier to search for a suitable boot.img aka kernel and I have not tested it on Pie but see next step):
@serajr enhanced a script specifically for Xperia X Performance, XZ and XZs
https://forum.xda-developers.com/showpost.php?p=74724162&postcount=2793
Under Linux I had to set the executable attributes on the shell scripts and binaries (chmod +x).
You get the required kernel.elf via the tools menu in Flashtool. Dump "kernel.sin".
I started applying the scripts to the Stock ROM in May 2017 since eXistenZ ROM lagged a bit behind in security patches and Android version:
- flashed stock ROM via Flashtool or Newflasher
- prepared a patched boot image with PoC and my kernel...sin and TA.img and answered all questions with "yes" (hit return each time)
Code:
./ta_poc kernel.sin TA.img ramdisk
I am on Debian as operating system.
On Windows you just run the provided batch files and follow the instructions here and in the thread for the scripts.
- flashed the resulting boot image with fastboot flash boot boot.img and test it works. Service menu/Security: keys provided YEAH
- flash recovery and from there root with SuperSU and flash Titanium Backup
- restored my apps with their data via Titanium Backup
==============
Some hints:
==============
Most of these commands emit useful info on the command line - read it, post their error messages if you are stuck.
Version numbers of the software used speeds diagnosis of problems. Often a good advice: "Use latest version."
adb reboot bootloader or switching OFF the device and then pressing the "volume up" button while plugging the USB cable gets you into fastboot mode. You see a black screen and the blue LED light.
I normally do not flash the kernel-ZIP-file via recovery but unpack it and flash this: fastboot flash boot boot.img
To get into recovery mode:
Switch OFF your device. Press the "power" button shortly to switch ON and hold "volume down" button more than 5 seconds (or when you see the yellow LED light on some devices).
Or: adb reboot recovery
If you can not get into recovery (e.g. AndroPlus has no kernel for your latest SONY ROM):
fastboot boot TWRP_latest_version.img
I use an SD card (content there survives factory resets) and there a directory "for_recovery" well stocked with the zip-files I intend to flash. In TWRP you can tell the file manager on what storage (internal, SD-card, USB ...) it will find the flashable ZIP-files. The default is "internal".
Pressing the Power button and "volume up" for about five seconds gives you a hard reset.
Good if you are totally struck - just flash a SONY ROM for your device with Flashtool and all the wipe boxes checked or use Newflasher (overwrites most partitions including your data).
If you like to read about the haarrrdddd way:
https://forum.xda-developers.com/z4-tablet/help/enybody-root-t3154926
The first rooting of a DM-Verity secured device in 2015. Thanks to SONY for releasing source code and binaries.
Rooting - aaahh, finally
Flash the latest Magisk (up to late 2017 I used SuperSU which still works) from recovery.
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
https://www.chainfire.eu/ Find the latest SuperSU from there. You will not find it there any more since Chainfire has sold the rights to the utility. I endorse Magisk since that is open sourced on GitHub.
No: flashing a custom kernel and recovery does not root your device.
For Android Pie users: On my Xperia XZ1 I can skip step 6 completely!
Just install/upgrade to the latest Pie ROM and flash Magisk and install the Magisk app.
Bonus: Debloat the device
https://forum.xda-developers.com/search/forum/2522?query=debloat
Nowadays I use a debloat script written by @serajr for my devices https://forum.xda-developers.com/xperia-xz2/development/oreo-debloat-script-v1-0-t3798979,.
I edit (comment out) the debloat_list.sh in order to keep "com.google.android.apps.maps" and "com.sonymobile.email" which I both use.
mine (you screened my script?):
flash the attached ZIP-file
View attachment xtrm_debloat.flashable_ew_2016-12.zip
found in https://forum.xda-developers.com/xperia-z5/general/discussion-bloat-sony-xperia-z5-t3518860 probably original work by @ganeshbiyer
=============================================================
With opened bootloader you will not get OTA updates any more!
You have to check with the Xperifirm program if there are newer ROMs for your device.
I have not had any problems with installing e.g. a Swiss ROM over a Central Europe. There could be some worries when switching continents.
Download the desired ROM via Xperifirm and follow the instructions of Flashtool to flash the device (over USB update = OUU :laugh.
Accept the use of the FSC script.
Repeat the steps 5 to 6(7) for any other/newer SONY ROMs you flash followed by step 4 (if necessary).
If a wipe is needed I prefer the full wipe in TWRP compared to checking the boxes in Flashtool.
Or use Newflasher without flashing userdata.sin (just delete the file) in case of an upgrade.
=============================================================
CHANGES to this Guide
2019-04-23 updated for Pie, endorsed Newflasher, added link to serjars debloat script, link ckecks
2018-02-28 clarified getting kernel.elf for self patching, some typos, link ckecks
2018-01-31 link for better suited ta_poc added, toned down AndroPlus endorsement, added Magisk
2017-06-25 added link to xpericheck (find older ROMs), added hint for restoring TA for those TLDR-guys
2017-06-02 added procedure for patching stock kernel as alternative to custom kernels
2017-02-05 added recommendation for eXistenZ N ROM
2017-01-25 new URL for SuperSU, typos
2017-01-18 corrected the advice for booting into TWRP
2017-01-17 added info on fastboot driver for Windows users
DHGE said:
No - but you can find anything here or in the devices-fora later than Z3+ or SONY-cross-device.
https://forum.xda-developers.com/crossdevice-dev/sony
Good introductory (written for devices before Z3+):
https://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
It is still valid but the 2015 and newer devices are not rootable anymore (as described) thanks to DM-Verity.
For rooting the current device you have to open the bootloader.
Any claims to the contrary found "on the web" are only tricks to have you install "interesting" software on a Windows PC.
Do you want root?
No:
wait for the OTA-updates from SONY
don't like waiting or want to downgrade: get flashtool http://www.flashtool.net
it comes with Xperifirm (at least for my linux machines) that finds you the latest ROM
https://forum.xda-developers.com/cr...xperifirm-xperia-firmware-downloader-t2834142
Unfortunately it does not find many older ROMs anymore so you better keep your downloads (>2 GBytes each) or find an older ROM in case you need it (xda has a search function).
Yes:
As stated above, you need to unlock the bootloader to modify the system software on your device. Fortunately SONY gives (for non-carrier-locked) devices the option to unlock the bootloader.
Check if unlocking is allowed: in the service menu (dial *#*#7378423#*#* or *#*#SERVICE#*#* ) check under "Service Info"->"Configuration" the line "Bootloader unlock allowed:"
If you read anything other than "Yes" Stop here!
No: flashing another SONY Rom ("Customized CountryX") does not help you.
Hint: there is an app "SONY service menu" in the app-repository (F-Droid or Google).
OK - you can Now it is your last chance to save your device keys or "backup the trim area partition"
You should do this if you ever want to return to a SONY "blessed" state. e.g claiming service in countries where warranty is not for devices with unlocked bootloader or you want to sell it.
Otherwise do not bother with restoring the TA-partition. Doing so after the next steps will soft brick your device.
Go to SONY's developver world http://developer.sonymobile.com
Under drivers you find the drivers for the XZ under "Downloads" http://developer.sonymobile.com/downloads/drivers/xperia-xz/
These drivers are for Windows (which version?), do not bother if you are running a free operating system.
Install these drivers if you are a Windows user. Under Windows 8+ there could be problems with installing "non signed" drivers. Do a web/xda search to circumvent this security measure of Microsoft. http://www.flashtool.net/win8drivers.php
When you are installing: You also need to install the programs adb and fastboot.
https://forum.xda-developers.com/showthread.php?t=2317790
If you are running a free operating system: search for adb/fastboot or Android SDK in your repository and install these.
Running Linux it helps to insert the udev-rule mentioned in http://www.flashtool.net/lininstall.php otherwise you have to run esp. fastboot with root-privileges (not recommended, although the udev rule saves no punches ...)
You have to be root to save a partition - catch 22 :crying: ...
For Android Marshmallow ROMs, precisely up to version 39.0.A.3.30, exists an exploit of the copy on write function in the Linux kernel that gets you root privileges temporarily.
Follow https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
If you are already on Nougat you must downgrade the system ROM (see above) to use the exploit and backup the TA-partition.
TA-partiton backed up?
Now the non-reversible part:
Under http://developer.sonymobile.com/unlockbootloader/ you request an unlock code.
READ, READ what SONY have written there!
- You will lose some DRM functionality: https://forum.xda-developers.com/z3-compact/general/loss-drm-keys-t2890936
- Your device will factory reset. You have a backup?
You can get the IMEI-number from the original package of your phone (if you have good eye sight and nobody swapped the boxes) or pull a tab from the side of the phone (you do not want to do that) or print a screen shot of the relevant page of your service menu or head into settings->about device->status->IMEI-Info.
You follow SONY's instructions to unlock the bootloader and hold your breath as after a long reboot everything on your device is wiped. On the newer devices you get an ugly warning "the device can't be trusted anymore".
Hey, you have been warned. With the TA-backup you always can return to the chicken den.
Become a "developer"
- Tap seven times on the build number of your device. (settings->device info)
- then enable "OEM unlocking" (new for the 2016 devices like XZ) and "USB-debugging"
You have read the SONY advice?
Next decision: Root stock ROM or go Custom Rom?
Well - my opinion - for the newer SONY devices I have not found a recommendable custom ROM yet. I am VERY happy with a generic CyanogenMod on a tablet Z in my household. Do not ask me about the sad story of CyanogenMod as of late 2016...
Your mileage may vary: testing a ROM and reversing will cost you with a proper backup minimum 4-5 hours.
If you choose a custom ROM:
- read the thread to get a hunch if you really want to install it (get over the off topic newbie questions)
- Follow the instructions of the first page of the ROM-thread to install it. If you can not do this stop or be prepared for searching and learning.
On SONY devices I recommend rooting stock ROMs.
You need a custom kernel (aka boot image) with DM-Verity and SONY-RIC OFF.
This kernel has to be in sync with your ROM. Flashing an unsuitable kernel (e.g. MM-kernel on N-Roms) will result in a boot loop aka "soft brck".
You even can bake one yourself (no easy task) if you find/adapt the sources for your device. -> first stop SONY developer world
This is easy! THANKS to @AndroPlus
AndroPlus has also included many patches to improve battery life, mitigate some (e.g. camera) issues from the loss of the device keys ...
https://forum.xda-developers.com/xperia-xz/development/kernel-andropluskernel-v01-t3475240
AndroPlus has kernels for other devices too. Look into the specific device forum for a custom kernel,
Download the kernel and recovery for your device and ROM-version and follow AndroPlus' instructions.
Some hints: (most of these commands emit useful info on the command line - read it, post it if you are stuck)
adb reboot bootloader or switching OFF the device and then pressing the "volume up" button while plugging the USB cable (hooked to your PC! we need DC power for all this) gets you into fastboot mode. You see a black screen and the blue LED light.
I normally unpack the kernel-ZIP-file and flash this: fastboot flash boot boot.img
You get into recovery mode on booting by pressing the "volume up" button when you see the yellow LED light.
If you can not get into recovery (e.g. AndroPlus has no kernel for your latest SONY ROM):
fastboot boot TWRP_latest_version
I use an SD card (content there survives factory resets) and there a directory "for_recovery" well stocked with the zip-files I intend to flash.
Pressing the Power button and "volume up" for about five seconds gives you a hard reset.
If you like to read about the hard way:
https://forum.xda-developers.com/z4-tablet/help/enybody-root-t3154926
The first rooting of a DM-Verity secured device in 2015. Thanks to SONY for releasing source code and binaries.
Rooting - aaahh, finally
Flash the latest SuperSU from recovery.
https://download.chainfire.eu/1019/SuperSU
No: flashing AndroPlus or TWRP does not root your device. You'll have to flash Chainfire's ZIP-file!
Bonus: Debloat the device
https://forum.xda-developers.com/search/forum/2522?query=debloat
mine (you screened my script?):
flash the attached ZIP-file
View attachment 4000189
With opened bootloader you will not get OTA (over the air - prosaic?) updates any more!
You have to check with Xperifirm if there are newer ROMs for your device.
I have not had any problems with installing e.g. a Swiss ROM over a Central Europe. There could be some worries when switching continents.
Download the desired ROM via Xperifirm and follow the instructions of flashtool to flash the device. Accept the use of the FSC script.
Repeat the steps 5 to 6(7) for SONY ROMs followed by step 4 (if necessary).
If a wipe is needed I prefer the full wipe in TWRP compared to checking the boxes in FlashTool.
Click to expand...
Click to collapse
Woaw, thanks a lot for your awesome answer !
I receive my phone today, I'll follow your instructions
@DHGE your guide is well put, and I've not had any problems so far (I used a slightly different version of the Xperia ROM since the version you specified didn't show up, but it worked just fine, is sitting on Android 6.0, and I have the TA backed up).
I've obtained the unlock code from Sony's developer site, but I've still yet to get their email with the instructions on where to shove the code. Its been about two or three hours now, and it was sent to a Gmail address (which has received other mail since). I tried generating a new code to make sure the email was right (it was), and it spat out the same unlock code, so I'm guessing its just based off of the IMEI.
Question is: what does one do with the unlock code? I can't imagine the instructions would be different for each person and am not sure how long it may take Sony to email the Gmail account...
k2trf said:
What does one do with the unlock code?
Click to expand...
Click to collapse
Follow the steps on SONY's website where you obtained the unlock code.
Look at the big link at the right bottom after all the warnings...
Somehow I missed that completely, and just latched onto it saying to wait for the instructions via email. Honestly, I don't even know why they think it necessary. Anyone playing with unlock codes damn sure better be familiar with ADB and fastboot already, or be learning as they go. >_>
Hi,
there something I can do to roll back if I didn't backed up my TA partition?
thanks
bigkekko said:
Hi,
there something I can do to roll back if I didn't backed up my TA partition?
thanks
Click to expand...
Click to collapse
Roll back to recover TA? Unfortunately not.

Unbrick Honor 9 STF-L09 (NOT FREE, HCU and DC-Phoenix required)

Introduction
THIS METHOD IS NOT FREE. I HAVE NO IDEA HOW TO DO THIS FOR FREE, EXCEPT MAYBE WITH THIS : https://forum.dc-unlocker.com/forum/modems-and-phones/huawei/162196-free-hcu-license-offer
Oh my god. I just come out of 3 days of trying to get this to work, non-stop. I feel the need to write this guide so people in the exact same configuration as me won't have to go through what I did.
Yes there are many tutorials about unbricking your Honor 9, but few are very detailed, and I couldn't make them to work for my european STF-L09. Plus, very few of them have a solution for updating to the very latest version (9.1.0 as the time of writing). So here we go.
The device I did this with, and the situation I was in.
There are so many variants of the Honor 9, and I've tried tutorials that weren't the same model as me, they just wouldn't work.
Honor 9 STF-L09, Europe version, Kirin960.
Previous installed ROM before brick was Oreo (the Pie update I tried to make bricked the phone), but I think you can do that on any previous version.
After the brick, I had a completely dead Honor 9 : no reaction at all, whether I plugged it in or tried any buttons combination.
What you need
- The correct Drivers
- A HCU Client Timed License, which is 19 EUR for 72h, and is going to give you access to the main software we need, DC-Phoenix.
- The correct .dgtks Repair File
- The correct ROM file to flash
- HiSuite
- Tools to open the back of your phone
- A metal object to connect the testpoints (anything will do : tweezers, copper cable, paperclip, sim-tool...)
- Read these two tutorials from www.dc-unlocker.com :
https://www.dc-unlocker.com/dc-phoenix-flash-repair-tutorial
https://www.dc-unlocker.com/flash-bricked-huawei-phones-in-huawei-1-mode
Step 1 - Connect the testpoints
Then open the back of your phone to reveal the testpoints that you can see on the image below (thanks to the user 4r44444 for the picture).
Then, open the Device Manager on Windows, and reveal the COM and LPT Ports (so you can see if you failed at connecting the testpoints or not).
You don't need to connect the two testpoints shown in the picture : you only need to connect the bottom one with anything else that's metal inside the phone.
It will take you some trial and error but eventually, your Device Manager should refresh and show you an unknown device called "SER".
Step 2 - Install the drivers
First, install the latest version of HiSuite to get the basic drivers. Make sure to close it completely (taskbar) and disable the fact that it opens itself when you plug your phone, or it might screw things up.
Then, install the two drivers that are on both dc-unlocker.com tutorials I've linked above.
https://files.dc-unlocker.com/share.html?v=share/984CE114852148B5B9A9CDD918BEC235
https://files.dc-unlocker.com/share.html?v=share/18B15B9D02C945A79B1967234CECB423
The first one "Huawei_Android_phone_drivers.rar" was not useful for me, but the second one, "Huawei drivers testpoint.rar", is to make your COM port recognizable instead of this unknown "SER" in device manager.
In Device Manager, right click on "SER", "Update driver", and locate the extracted folder on your computer.
This is all you need I think, but I installed so many random drivers (which I would not recommend) that I'm not even sure anymore.
Step 3 - Repair the phone with DC-Phoenix
Following "Method 3" from this link, but with some differences : https://www.dc-unlocker.com/dc-phoenix-flash-repair-tutorial
As I said, this method is not free. You can buy credits to make DC-Phoenix work for 72 hours (you need 15 of them for that I think), but since we need HCU, you're better off buying a timed license which gives access to DC-Phoenix.
Open DC-Phoenix, and click on the "Download files" button on top. There, search for the file "STF-Full-Repair-NV-included-Board-A051-7.0.0_r1.dgtks" and download it, it's the Repair File.
https://get-file.org/search#q|STF-Full-Repair-NV-included-Board-A051-7.0.0_r1|1
With your phone connected via testpoints (it has to appear in the Device Manager in the COM Ports, and I recommend changing the COM Port to 1 (right click, Port settings, advanced,...)), go to the "Update OEMINFO" tab, and check "Use BOOTLOADER". There, choose "Kirin960_T2_A7.0_V4" (maybe it's a different one for you, but for me only this one worked).
Then check "Update OEMINFO and unlock Huawei ID", and choose "STF-L09". Click Update, and this should run without errors. If it doesn't recognize your device, that means that it's not turned off and connected via testpoints.
Once that is done, your device may show a sign of life by booting into fastboot mode (or sometimes not). Anyway, you can go directly to the "Update Firmware" tab, and in the "Update file" field, choose the file "STF-Full-Repair-NV-included-Board-A051-7.0.0_r1", check "Rescue Revovery" and "Old slow algo", and click "Update".
After completion, your phone should be able to boot (after a very long press) into a chinese test ROM.
Step 4 - Repair the phone infos with DCU
Follow this tutorial : http://hcu-client.com/huawei-phone-repair-as-empty-board/
Don't forget to change your phone to Manufactured mode (as explained) so you can read your phone info.
In the Step 4, they let you choose between Repair UMTS or CDMA tab, I chose CDMA because I think the phone has a MEID.
Then, when they tell you that you just have to click on "Repair as empty board" to make everything fill in automatically, for me this was complete bs : only my IMEIs were added.
So what you have to do is fill your original SN, WiFi and BT MAC adresses, and so on. But since your phone is bricked and you probably dumped the box that states the SN, you're outta luck like me. It seems like it's illegal to change a MAC or SN number, so I can't recommend it, but I personally just chose random numbers (that have the same number of digits).
For model I entered "STF-L09", for vendor "hw", and for country "eu". Don't check "Erase restricted ver.", since it's only for Qualcomm CPUs. Click on Repair.
Once this is done, your phone should be resetting, and able to boot in the same ROM as before, except in english.
Step 5 - Upgrade to the latest Android 9.1.0
Normally you'd have to do this step with DC-Phoenix : just flash one of their Full Stock Roms they have on their file database (click Download Files on DC-Phoenix, and search for "STF-L09").
You can try that (don't forget that you have to be in fastboot mode (Vol down + plug USB) to install), but it really didn't work for me, and even if it did, I don't know how you'd update after it, because your phone probably won't receive OTAs.
So the solution I found was this one : https://www.reddit.com/r/Huawei/comments/az4bl7/finally_managed_to_update_my_mate10_pro_to_pie/
First, uninstall your latest version of HiSuite to be able to follow this tutorial and install the old version.
Then, the file I chose in Firmware Finder was this one :
STF-L09 9.0.1.175(C432E2R1P5)
STF-L09C432E2R1P5B175 (9.0.1.175)
STF-L09C432E2R1P5T8B175 (9.0.1.175)
I chose the "full" version, which gave me this link :
http://update.dbankcdn.com/TDS/data/files/p3/s15/G3757/g1699/v260353/f1/full/update.zip
After following this tutorial, your phone should boot normally. You can then installs OTAs to update to 9.1.0. I'd recommend resetting the phone after this last step, to have a clean install.
If it doesn't work for you, you can also try this method : https://www.getdroidtips.com/full-guide-install-stock-firmware-huawei-smartphone/
I'll try to answer as many questions as fast as possible (since the Timed License is quite stressful), so feel free to ask !
Does the HCU Client unblock the network after doing the full repair?
Hello , Is this solution still works for honor 9 ?
I can't find stock rom on official website also.

802SO get back NFC function work on Android 11 (if your phone has beed upgrade to global (android 11) ROM & lost NFC function)

Everybody,
(Thanks for phyxia's post information: flash A11 Au to get NFC work)
I'd try to newflasher all about "au" ROM, because phyxia's information not enough for me!!
My phone is 802SO, and I'd newflasher to global ROM (android 11).
But all function work fine, except NFC.
NFC function was important for me, so I'd try to many more methord to get back NFC work.
Including downgrad to android 9 & 10, and newflasher more other model's ROM, but all fail.
Because the NFC SW-ver (software version) is "0x12 0x41 0x16" (android 11), not same as "0x12 0x01 0x12" (android 10).
I think the NFC SW build in bootloader, so downgrad to andoird 10 or 9, the SW not change (older bootloader can't replace newer).
So, if you want to get NFC function back & don't need VoLTE, just only two way:
1. Waiting for SoftBank ROM upgrade to Android 11. (but wait... wait... wait.................)
2. Newflasher "SOV40_KDDI JP_55.2.C.3.21-R9C_A11" ROM, it's android 11.
I'd try to test NFC, it work fine~
So, my xperia 1 model number "802SO" change to "SOV40".
Hope this post can help someone need NFC function.
When you newflasher finished, into engineer mode to check NFC function & test read tag -->
*#*#7378423#*#* --> Service tests --> NFC --> NFC Diag Test
It can be used with docomo's products as well as au's. The reason for this is simple. Japanese models include a FeliCa (NFC Type F) module inside the Vendor.
The global version is NFC-only, so NFC will not work on the Japanese model, which also uses FeliCa.

[INFO][INDEX] Hot Pepper™ Chilaca (HPP-L60A) 4G-LTE Smartphone | General Info & Discussion Thread

Hot Pepper™ Mobile
Chilaca 4G-LTE Smartphone
T-Mobile® Certified
Model No. HPP-L60A
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
General Info &
Discussion Thread ​
OVERVIEW:
The Chilaca is a T-Mobile certified 4G-LTE smartphone, manufactured by Hot Pepper Mobile for eligible recipients of the federal Lifeline program and the Affordable Connectivity Program (ACP) -- government sponsored initiatives which assist low-income individuals and households with mobile phone service and mobile devices.
For an entry-level device, the Chilaca is a surprisingly capable smartphone. The MediaTek Helio A22 chipset platform utilizes CorePilot technology, which provides power-aware scheduling, CPU thermal management and persistent UX monitoring. These attributes work in harmony to assign the appropriate workload to CPU cores at a calculated and specific frequency and voltage, balancing the needed performance load demand with the optimal power efficiency. This landmark feature shines bright on the Chilaca, giving the user palpably smooth performance, the ability to maintain heavy workloads, all while maintaining impressive battery life in between charges. Moreover, the Chilaca's certification with T-Mobile provides remarkable network connectivity, excellent upload/download speeds, and extended range LTE coverage by way of Band 12 & 71 support.
HARDWARE SPECS:
Chipset: MediaTek Helio A22 (MT6761V/CAB)
CPU: Quad-core ARM Cortex-A53
CPU Max Clock: 2.0 GHz
Architecture: armv7l (32-bit)
CPU Process: 16 nm
GPU: IMG PowerVR Rogue GE8300
GPU Max Clock: 660 MHz
Display: 6.51" 1600 x 720 HD
Screen Density: 280 dpi (hdpi)
Internal Storage: 32GB eMMC (23.9 GB useable)
LTE Modem: Cat 7 DL; Cat 13 UL
LTE Bands: 2, 4, 5, 12, 25, 26, 41,66, 71
Bluetooth: v5.0, LE
WLAN Support: 802.11a/b/g/n/ac (2.4 & 5 GHz)
Battery: Li-Ion 3200 mAh
RAM: 2.0 GB (+ 1.386 GB zRAM)
Cameras: 5 MP Main; 2 MP Front
Ports: Type-C USB | 3.5mm Headphone Jack
FIRMWARE INFO:
OS/Version: Android 12 (Go Edition)
Firmware Build: HPP-L60A-3.0.18
Build ID: 12/SP1A.210812.016
Kernel Version: Linux v4.19.191
Radio: MOLY.LR12A.R3.MP.V208.3.P5
Security Patch Level: September 5, 2022
API Level: 31
Partition Scheme: Dynamic (Non A/B)
Project Treble: Supported
DEVELOPMENT STATUS:
Hot Pepper Mobile CEO Shawn Sun has selected me as a tester for the Chilaca 4G-LTE smartphone. Accordingly, the Chilaca has not yet been released within the mainstream US smartphone market. . This thread will serve as a general info & discussion forum for the Chilaca as more handsets become available via their release and distribution in the Lifeline program throughout the US.
I have obtained the factory firmware for the Chilaca, but have not yet experimented with bootloader unlocking or rooting the phone. I will keep this thread updated with any news in this regard. Should any members need the stock firmware, just leave a comment with the request.
UPDATE: February 17, 2023:
A recent OTA firmware rollout updates the current build to vHPP-L60A-3.0.19 with the December 05, 2022 security patch level.
I have also discovered that, per contractual terms between T-Mobile and the manufacturer, the bootloader on the Chilaca is not supported for unlocking. However, it appears that the Chilaca can be exploited using the MTK Client utility. Once I confirm bootloader unlocking I plan on writing a full tutorial with the step-by-step instructions and the required files for the task. It does appear that the Chilaca has been distributed throughout several US states via the federal Lifeline and ACP initiatives, making the device prominent on the mainstream market. I would ask that any Chilaca device owners leave a comment below.
UPDATE: March 23, 2023:
Another recent OTA security update has bumped the firmware build to HPP-L60A_3.0.20 with the February 1, 2023 security patch level.
In order to exploit the bootloader using MTK Client, you must be running the HPP-L60A_3.0.18 firmware build, or an earlier build. More recent builds have blocked user-initiated access to BROM mode which is essential to proper device recognition while using MTK Client. Fortunately, device owners may downgrade via the firmware package provided below in conjunction with the SP Flash Tool.
UPDATE: April 15, 2023:
An OTA update dated April 12, 2023, has bumped the firmware build to HPP-L60A_3.0.21, with a security patch level of March 5, 2023. This update included some bug fixes on premature kernel panic triggering and some baseband radio issues involving extended range LTE Band 71.
USEFUL LINKS:
• Factory Firmware HPP-L60A_3.0.18
• Chilaca Factory Firmware Restoration Guide
• SP Flash Tool v5.1924 (32 & 64-bit)
• Chilaca FCC Test Report
• Chilaca HPP-L60A User Manual (PDF)
• MTK Client Setup & Usage Guide **
Credit goes to @Sidharth09 for his guide on setting up and using MTK Flash Tool. Please consider hitting the thanks button on his thread.​
Where can I find the decryption key?
MrAx714 said:
Where can I find the decryption key?
Click to expand...
Click to collapse
The download link is fixed.
Hi, guys.
New sign up but get info from y'all pros for long time.
My question about this phone:
Does anyone know if there is a source for a replacement screen for these anywhere yet? Have searched far and wide and no joy... they are very delicate at best.
Thanks and if this is posted in the wrong place just trash the post.
TIA
Peace
b4byl0n said:
Hi, guys.
New sign up but get info from y'all pros for long time.
My question about this phone:
Does anyone know if there is a source for a replacement screen for these anywhere yet? Have searched far and wide and no joy... they are very delicate at best.
Thanks and if this is posted in the wrong place just trash the post.
TIA
Peace
Click to expand...
Click to collapse
Splendid question. I'll see what I can find out on replacement parts.
My preliminary search for the availability of screen replacements and other parts for the Chilaca has been unfruitful. However, I will reach out to the CEO of Hot Pepper Mobile with this inquiry. I'll post back as soon as I know anything.
have you tried mtkclient with this?
luridphantom said:
have you tried mtkclient with this?
Click to expand...
Click to collapse
Indeed. Works on the older HPP-L60A-3. 0.18 firmware build. On newer builds BROM mode has been disabled. But on a positive note you can downgrade to 3.0.18 from a newer build using the firmware from my restoration guide.
wonder how i can be a tester to get my hands on one...
first feedback is to leave a BROM backdoor so we can always mtkclient unlock that baby
luridphantom said:
wonder how i can be a tester to get my hands on one...
first feedback is to leave a BROM backdoor so we can always mtkclient unlock that baby
Click to expand...
Click to collapse
The Chilaca has already completed all testing phases and has received Google Play Certification and T-Mobile certification. It is now being distributed via Lifeline and ACP channels throughout the US.
On unlocking the bootloader, all you need to do is flash my 3.0.18 firmware package and use MTK Client to exploit the bootloader. Once unlocked, you can install OTA updates as long as you are not yet rooted. Once updated to the latest 3.0.20 build, use MTK Client once again to dump your /boot partition in .img format. Use Magisk 26.1 to patch that boot.img, then use fastboot mode to flash the patched image to achieve root.
I have requested the latest full firmware build (3.0.20) for this phone. I should have it this week.
Hi ,. I recently brought a HPPL 69A , Pretty good device honestly but I want to do more with it ,So I looking into Rooting it , Is this could be possible ?

			
				
Could I root it without a PC
daremoNo said:
Could I root it without a PC
Click to expand...
Click to collapse
The HPP-L60A cannot be rooted without a PC. In fact, rooting it with a PC is a tedious and daunting task to put it mildly The bootloader must first be exploited using MTK Client. Afterwards, Magisk can be used to achieve systemless root. Also, in order to exploit the bootloader, you must be running the HPP-L60A-3.0.18 firmware build. The newer builds have blocked access to BROM mode. You can downgrade using SP Flash Tool to flash the firmware provided above.
So I just got one from the Lifeline program and I like it so far. I need to downgrade to the firmware ref. in the post above so I am attempting that right now. I am running win 11 and am having slight trouble turning off the driver verification for a 64bit os. I was trying to do it from the command line but ran into issues. edit: I turned off the driver enforcement (or at least I thought I was) in the local group policy editor, but I am still not able to install the mtk inf file. I get the error of " the digital inf doesn't contain any driver information. "
Any help would be great please.
ffreylu00x7 said:
So I just got one from the Lifeline program and I like it so far. I need to downgrade to the firmware ref. in the post above so I am attempting that right now. I am running win 11 and am having slight trouble turning off the driver verification for a 64bit os. I was trying to do it from the command line but ran into issues. edit: I turned off the driver enforcement (or at least I thought I was) in the local group policy editor, but I am still not able to install the mtk inf file. I get the error of " the digital inf doesn't contain any driver information. "
Any help would be great please.
Click to expand...
Click to collapse
Use this guide. Works on Win 10 & 11. https://windowsreport.com/driver-signature-enforcement-windows-10/
So I am thinking its file and not me messing up the driver enforcement. Has anyone vetted the link and what's provided in the link as to it being the proper thing to download or can you suggest a place to find a better firmware? I am trying to downgrade then hopefully achieve root access after that. I'll keep an updated post as I figure more out
ffreylu00x7 said:
So I am thinking its file and not me messing up the driver enforcement. Has anyone vetted the link and what's provided in the link as to it being the proper thing to download or can you suggest a place to find a better firmware? I am trying to downgrade then hopefully achieve root access after that. I'll keep an updated post as I figure more out
Click to expand...
Click to collapse
The firmware provided is directly from the servers of the manufacturer. It is official digitally signed firmware. It was provided to me by Hot Pepper Mobile months before the phone was released to the public. I beta tested this phone for the manufacturer. I've also installed this firmware with SP Flash Tool, via the debug and standard installations. There are no issues with the firmware archive.
If you want to efficiency disable driver signature enforcement, follow the guide I linked. Otherwise , you will likely have issues with installing the unsigned vCom drivers which will, in turn, complicate proper device recognition.
If you are having issues with device recognition with SP Flash Tool, here is a great step-by-step guide on configuring the MediaTek vCOM drivers on your PC or laptop. https://forum.xda-developers.com/t/...32-64-bit-driver-install-tutorial-m2.3267033/
So I don't know I it's my os on my computer or why I'm not getting the same options as y'all have instructed but I can't seem to figure out how to install these drivers. I disabled the driver verification enforcement and then went to device manager and this is where things were different. I'm not seeing the COM & PORTS...I installed the drivers from what was provided and followed the instructions. So after there is a new category called "SAMSUNG Android Phone" and I obviously don't have a Samsung so I'm not sure why that happened.
Afq
ffreylu00x7 said:
So I don't know I it's my os on my computer or why I'm not getting the same options as y'all have instructed but I can't seem to figure out how to install these drivers. I disabled the driver verification enforcement and then went to device manager and this is where things were different. I'm not seeing the COM & PORTS...I installed the drivers from what was provided and followed the instructions. So after there is a new category called "SAMSUNG Android Phone" and I obviously don't have a Samsung so I'm not sure why that happened.
Click to expand...
Click to collapse
Did you install the vCOM preloader drivers from the link I posted?
I have this phone. Someone from assurance wireless came knocking on my door and I didn't like truconnect anymore.
Anyway I searched and found your post. Bingo! Currently rooted.
Mine came with .18 on it and I had almost updated. I got mtk client working (used python mtk_gui) and backed up all partitions except the user data. Enabled dev mode. OEM unlocking. Went to the flash tab and did unlock bootloader. Installed magisk 26.1 on phone, adb pushed boot.bin to boot.img, patched file, adb pulled it, back into preloader, wrote the boot partition, don't know if it was necessary since I did a factory reset from the recovery menu, but I used mtk reset. I noticed that every time you use the cli mtk file you have to re enter preloader. Anyway, I did that, set it up, working great.
Now I want to remove the assurance wireless (T-Mobile lifeline mvno) subsidy lock, can mtkclient do that by erasing partitions like I've seen for some other phones? It's not a big deal right now and eventually it'll pass the auto unlock.
This is my first MediaTek root that worked. I have a Lenovo tab m8 tablet I tried it with before and didn't work but I didn't put much time into it. Was a few years back. Also I have a cloud stratus c7 which is also a mt6761 but the app I tried didn't work. But that was an on phone app. I'll have to try mtkclient with it.
Couple of questions. I used mtkgui and generated keys. No idea why or what I might use it for but I like to click things does it serve a purpose with this phone?
When I first ran the magisk patch install, after installing magisk 26.1 on the chilaca unrooted, there was a checkbox option for something about vbmeta in the boot image? I had checked it the first time but didn't use that image. But it doesn't show up anymore, so.. should I have used that?
Lastly, is there a way around the bootup having to press power to boot the phone or it'll shut off? Untrusted device message.
I've done plenty of rooting and jailbreaking and hardware hacking tinkering and such, but I owned a couple Samsung Galaxy s5s, then s7 edge, s8, then went to pixels. Got a pixel 3xl and 6 pro and Google makes everything super easy. I know that on the pixel you get a warning message that goes away after a few seconds (or you can press power to pause/unpause the warning) when bootloader is unlocked. I haven't tried it yet myself but I'm also aware of the ability to sign a rooted boot image (pixels are a/b devices if that matters) and relock the phone with it. Would that work on the chilaca you think? I can give it a shot.
I'm about to do the update to .20 right now. I restored the image through magisk manager so it'll patch the it's fine, just gotta reboot. Bootloader will remain unlocked you said? I'll find out
I'm gonna look into finding a kernel source for the mt6761 and see if I can't get a functional source tree up. Then it'd be nice to patch in sdk 32 (a13) pixel experience source tree will be useful for patch pulling guidance. Also I'm curious if twrp can be built, I started to read up on it and saw something about MediaTek and Qualcomm handling things very different, so we'll see.
Anyway thanks for the thread!!

General TB132FU - FAQ and How to's

Read carefully:​This is a dedicated post for general questions only. If you need technical support about flashing or restoring your device, please use the general topic for TB132FU. Please search for your question below before asking.​​NEW: How to restore the lost Serial Number (on the second response)
How to flash Official global rom​Did my work help you? Be free to buy me a coffee. PayPal me at @alsbvg​
FAQ:
Why so many versions of TB132FU and why so much confusion about the Android system, updates, etc?​
There are currently 3 systems available for the tablet known as TB132FU and is really important to find which one you have.
Fake Global version - Modified Android 12
Official International version - Official Android 12 or latest by Lenovo international
Chinese version - Zui 14 based on Android 12 or latest by Lenovo China
But why so many versions then? The Chinese model is apparently cheaper than the international version, so Chinese sellers are selling online the Chinese model with a modified android version to look like the international version.
How to identify which version of TB132FU I have? By the seller:​If you purchased your tablet online from china like on Aliexpress or from a seller that sells items from china, you most likely have the “Fake” Global version.
If you purchased your tablet on Lenovos’s website or a certified local or national seller in your country, you most likely have the International version. This version usually costs more.
If you purchased from china or anywhere else, but your tablet has a Chinese interface, you have the Chinese version running ZUI 14 or latest.
How to identify which version of TB132FU I have? By the system version:​To make sure which one you have you can also do the following:
On your tablet go to SETTINGS > ABOUT DEVICE > and find your system version.
If it starts with TB132FU_S3 you have the Chinese version running an unofficial android version. The number S3 confirms it’s a modified OS. You will never get any updates.
If it says TB132FU_S0 you have the official international version. This is the official version, so you already have the best compatible system for your tablet. You will get official updates.
If you open the settings and see on the About device menu the system version ZUI, well you have the chinese official device and system.
Can I convert my Chinese TB132FU into the international version?​The answer currently is no. Why? To keep it short: There is a code inside your tablet saying “This is the Chinese tablet” and because of this code you can't install the international android system. Maybe in the future, someone from the community will be able to find that code and change it so the tablet thinks it is the international version.
Can I convert my Official Lenovo-bought TB132FU to the Chinese version to use ZUI?​Same as the answer above. We need to find the code and how to modify it first.
Can I use Lenovo’s Rescue and Smart Assistant software to convert my Chinese TB132FU into the international version?​No. You will brick your device if you try to update your system using this tool.
What are the differences between the Chinese TB132FU and the International version?​Chinese version with ZUI 14
Software: It comes with an Android flavor called ZUI currently based on android 12. Updates will be available.
System languages: English and Chinese only.
Full support for super fast charging with the original charger. Full charge in less than 90 minutes in most cases.
Computer mode: No longer available. The online community is pushing Lenovo to enable this option again.
HDR and L1 status: Fully functional HDR and L1 status for HD content on Netflix in most cases.
Chinese version with Fake global version
Software: It comes with a modified Android 12. No updates will be available.
System languages: All languages available.
Slow charging. Can take up to 3 hours to fully charge.
Computer mode: Available.
HDR and L1 status: Falty HDR on most apps. L1 status for HD content on Netflix.
Official International Version
Software: It comes with Android 12. Updates will be available by Lenovo.
System languages: All languages available.
Slow charging. Can take up to 3 hours to fully charge. (By some reports online) This information hasn't been confirmed yet as the community with the official international version is still small.
Computer mode: Available.
HDR and L1 status: Working HDR. L1 status for HD content on Netflix.
(Under construction)
How-tos and tutorials links:
How to install/restore ZUI on my fake global version?​There are three options available. Please read all 3 below and decide which one you want to try.
OPTION ONE: If you are in a hurry and have technical knowledge download the file our community colleague @Fatperman managed to upload and install it using the SP flash tool. Thread here. A Step-by-step tutorial will be provided by another community member soon. A link will be provided once available.
OPTION TWO: If you are not in a hurry and don't have the technical knowledge to flash the system, there is an easier way, but it takes one or two days.
1 - Download Lenovo’s Rescue and Smart Assistant software here.
2 - Open the software and create an account. Connecting to Google is easier.
3 - Once connected to an account, find the SMALL blue FEEDBACK button on the right side bottom of your screen and click there.
4 - Put your email address and in COMMENTS write that you have problems flashing the Chinese version of TB132FU and that you would like to restore it to the original ZUI 14 software. PLEASE USE YOUR OWN WORDS.
5 - After one or two days (usually), INSIDE the software you will receive a response with instructions on how to install ZUI more easily. Note: You will not get a response via email, you will receive institutions inside Lenovo’s Rescue and Smart Assistant software.
The instructions are pretty simple. READ THEM carefully once you receive them. It's really easy. Basically, they will send you a link to download a special rescue tool and some credentials. Take a screenshot of the instructions as you will need to uninstall the official Rescue software and will lose the message.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download and install the software they sent, enter using the temporary credentials (the credential are confidential and should not be shared), and follow the instructions on the screenshot you took. You will just need to turn off the tablet, click to restore, and connect the cable. After a few minutes, you will have the original ZUI 14 software.
Thanks again for the amazing help of our colleague @Fatperman for his exceptional work!
NEW - OPTION THREE:
This is by far the easist way to recover or flash the original ZUI 14 on our TB132FU. DON'T CLICK to Restore before reading all the steps.
Step 1: Download the original ZUI firmware here. Extract the files to a new folder. Password is on the table. Read carefully.
Step 2: Download and log in on the official rescue and smart assistant.
Step 3: Select to rescue your device and select as in the picture below:
Step 4: Click to download the firmware.
Step 5: Wait for the download to be completed until you see START Rescue. But don't click there yet. Don't close the program.
Step 6: Click the donwloads icon at the top and identify the folder where the download was saved.
On mine it was saved at C:\ProgramData\RSA\Download\RomFiles
Step 7: Access and Open the folder of the downloaded firmware and DELETE all files there, but don't delete the folder.
Step 8: Go to the ZUI firmware you downloaded before and copy all files inside the folder. Paste them inside the folder where you just deleted all files.
It should look something like this:
Step 9: TURN OFF YOUR TABLET and Go back to the rescue tool and now click the blue button Start Rescue. Follow the instructions on your screen.
Wait for the tablet to restar and DONE. You recovered or donwloaded the original ZUI on your tablet.
How to debloat my recently installed ZUI 14 and remove the Chinese apps and make it look better?​1 - After starting your device, select English and connect to your wifi network.
2 - Once you are set, press the home screen for 3 seconds. Click Desktop Settings.
Switch off the "Left one screen".
Change to "Drawer Style"
3 - Find the setting button and go to General Settings > Language & input > Current Keyboard. Change it to English. (You can download Gboard or another keyboard later)
4 - Go back to the original setting screen and click on the search box. Search for google play services. Click to enable. Then search for Google Play Store and enable it as well.
5 - Before opening the Play store and connecting to your account, go to Apps management and uninstall any apps with Chinese characters you may find. Do not uninstall the HD browser just yet in case you need to download something later. Then restart your device.
6 - Open the Google Play store, and connect your account. Now you can update and download all your apps.
(If you see an error saying Google can't connect please follow the steps in this tutorial)
7 - Unistall HD Browser and done.
How to ROOT my TB132FU running ZUI 14?​DISCLAMER: You will lose your data, so backup. It can brick your device if you don't know what to do. You need to know how to use ADB and fastboot commands. The tutorial is for advanced users that knows how to use ADB. Do your research first. If anything goes wrong, flash the ZUI firmware again.
For this tutorial you will need:
Windows computer with all necessary drivers installed
Know how to use ADB
The latest MAGISK manager app.
The latest ZUI firmware for TB132FU
Some minutes to complete all the steps.
Step 1: Go to SETTINGS Menu and click multiple times on your ZUI version. This will give you Developer access.
Step 2: Go General Settings menu > Developer options
Step 3: Click to enable OEM unlocking, also enable debugging mode.
Step 4: Connect your USB cable and run the following command:
adb reboot bootloader
Step 5: Run the fllowing command:
fastboot flashing unlock
On your tablet Click volume UP to unlock your bootloader
Wait for the confirmation on the tablet screen
Step 6: Run command:
fastboot reboot
This will make your tablet restart. Skip all configuarion steps on your tablet and install the latest version of MAGISK on your tablet.
Step 7: On your computer, go to the Firmware folder and copy the file boot.img to your tablet.
Step 8: Open MAGISK and click Select and patch a file. Find the boot.img you copied and patch this file. Wait for the process to be completed.
Step 9: Connect your tablet to your computer and access the folder Downloads in your tablet. There you will see a new boot image Magisk created. Rename that file to boot.img
Step 10: This is the most important step. You will now flash this boot.img file using the following commands:
adb reboot bootloader - to reboot to fastboot
fastboot flash boot boot.img
Wait for it to complete then:
fastboot reboot
Done, your tablet is now rooted. You can install Magisk again and root checker to make sure.
How to UNLOCK the bootloader of my TB132FU running ZUI 14?​This will delete all you data
Step 1: Go to SETTINGS Menu and click multiple times on your ZUI version. This will give you Developer access.
Step 2: Go General Settings menu > Developer options
Step 3: Click to enable OEM unlocking, also enable debugging mode.
Step 4: Connect your USB cable and run the following command:
adb reboot bootloader
Step 5: Run the fllowing command:
fastboot flashing unlock
On your tablet Click volume UP to unlock your bootloader
Wait for the confirmation on the tablet screen
Step 6: Run command:
fastboot reboot
Done! Your bootloader is now unlocked.
How to Install and use GOOGLE PLAY on my TB132FU running ZUI 14?​First you have to download and install a compatible Google Framework app. Got to APKmirror and search for google framework. Click the one that says Google Services Framework 12. Scroll down and find the version "December 17, 2021 GMT-0300". Install this version. Only this or older version will work. Do not try a different one. It will update automatically eventually.
Then go to settings and search for Google Play and enable the app. Done. You can now log in and use the PLay Store
How to RESTORE lost S/N Seria number?
Step 1 - Go back to ZUI 14. Use one of the options provided in this thread.
Step 2 - Unlock bootloader and OEM. Please refer to the tutorial to unlock the bootloader in this thread.
Step 3 - Once your bootloader is unlocked go and install on your computer MTK META Utility. Link here. Also install HxD here.
Step 4 - Turn off your tablet, disconnect the USB cable and open MTK META.
Step 5 - Click the option Dump NV region. Wait for it to finish reading. It will open a folder.
Step 6 - On the folder that opened, right-click with your mouse the file proinfo.bin and click to open with HxD, or open the software and drag and drop the file there.
Step 7 - Edit the proinfo.bin to add your Serial Number. Change the 12345ABCDE you see to your actual S/N. It's on the back of your tablet on a small sticker.
Step 8 - On the same folder press SHIFT on your keyboard and right-click on an empty space and click OPEN CMD/SHELL terminal here. Or if you use a ADB folder, copy the proinfo.bin file to it so you can flash it.
Step 9 - Turn on your tablet, make sure Debugging is active, connect your tablet to the computer and send these two commands:
adb reboot bootloader
(this will reboot your tablet to fastboot although the line says bootloader)
Once you see the red lines send the command:
fastboot flash proinfo proinfo.bin
And done. You can check in your setting menu if your serial number changed.
Now you can reflash ZUI or the global rom.
thanks man
Great job !
als_bvg said:
How to debloat my recently installed ZUI 14 and remove the Chinese apps and make it look better?​
4 - Go back to the original setting screen and click on the search box. Search for google play services. Click to enable. Then search for Google Play Store and enable it as well.
5 - Before opening the Play store and connecting to your account, go to Apps management and uninstall any apps with Chinese characters you may find. Do not uninstall the HD browser just yet in case you need to download something later. Then restart your device.
6 - Open the Google Play store, and connect your account. Now you can update and download all your apps.
(If you see an error saying Google can't connect please follow the steps in this tutorial)
7 - Unistall HD Browser and done.
(Under construction)
Click to expand...
Click to collapse
bro im on zui14 and uninstall all apps, i download the google services and play store but cant still connecting to google account, i dtryed the google installer and stay on 3%... any help?
did it, first intall google services framwork, then google play and restart before log in
Hi can you please guys share the Chinese version of the Lenovo RSA no need for the personal credentials, I tried too contact them as you said but I haven't received any answers thanks
Swanzzl said:
Hi can you please guys share the Chinese version of the Lenovo RSA no need for the personal credentials, I tried too contact them as you said but I haven't received any answers
Click to expand...
Click to collapse
I don't think there's a Chinese version of the software. The credentials are needed. They may be off for the holidays so you will need to wait. Hopefully someone gets back to you during this week. Otherwise I would recommend writing again.
after install zui14 my device show message "orange state" in boot, I can't update even with vpn.
can i lock bootloader after installing zui14 in chinese version? how to proceed?
Yes you can. If anything goes wrong you can do everything again. I Unlocked the bootloader and tried flashing a recovery, bricked the tablet and used the tool to fix again.
ednardo777 said:
after install zui14 my device show message "orange state" in boot, I can't update even with vpn.
can i lock bootloader after installing zui14 in chinese version? how to proceed?
Click to expand...
Click to collapse
als_bvg said:
5 - After one or two days (usually), INSIDE the software you will receive a response with instructions on how to install ZUI more easily. Note: You will not get a response via email, you will receive institutions inside Lenovo’s Rescue and Smart Assistant software.
Click to expand...
Click to collapse
Where do I find the instructions in the software? Do they appear as a notification? p.s. I sent the message (feedback) two days ago and still haven't received a answer.
als_bvg said:
Sim você pode. Se algo der errado, você pode fazer tudo de novo. Desbloqueei o bootloader e tentei fazer uma recuperação, bloqueei o tablet e usei a ferramenta para consertar novamente.
Click to expand...
Click to collapse
thanks man
eamcardoso said:
Where do I find the instructions in the software? Do they appear as a notification? p.s. I sent the message (feedback) two days ago and still haven't received a answer.
Click to expand...
Click to collapse
It will popup as a notification inside the rescue tool. They might be off for the holidays. I'll share another method tonight.
Third method on how to flash ZUI or restore the tablet added to the FAQ. Enjoy! Also Tutorial on how to root the device.
als_bvg said:
Third method on how to flash ZUI or restore the tablet added to the FAQ. Enjoy! Also Tutorial on how to root the device.
Click to expand...
Click to collapse
This method worked for me thanks bro
After unlocking the bootloader every time you boot up the device the following text will be displayed on the screen:
Code:
Orange State
Your device has been unlocked and can't be trusted..
Your device will boot in 5 seconds
To remove this text warning and 5s delay you need to change the file "lk.img" (firmware folder):
Open "lk.img" with a hex editor (for example, HxD)
In menu toolbar click "Search-Find" and select "Hex-values" tab.
Search 08 B5 0E 4B 7B 44 1B 68 1B 68 02 2B
Copy text 08 B5 00 20 08 BD 1B 68 1B 68 02 2B
Return back to hex editor window then right click on the highlighted items and select "Paste Insert"
The newly modified 24 characters will be displayed in red
Click "File" and select "Save".
Flash the modified "lk.img" in fastboot mode
fastboot flash lk lk.img
ZUI_14.0.691
The firmware already includes Google Services Framework.
/system/system_ext/priv-app/GoogleServicesFramework/GoogleServicesFramework.apk
com.google.android.gsf - version 12-7567768
It is disabled by default.
When you turn on "Settings - Apps management - Google Basic Services" the application status changes to enabled (installed).
ug0o said:
After unlocking the bootloader every time you boot up the device the following text will be displayed on the screen:
Code:
Orange State
Your device has been unlocked and can't be trusted..
Your device will boot in 5 seconds
To remove this text warning and 5s delay you need to change the file "lk.img" (firmware folder):
Open "lk.img" with a hex editor (for example, HxD)
In menu toolbar click "Search-Find" and select "Hex-values" tab.
Search 08 B5 0E 4B 7B 44 1B 68 1B 68 02 2BView attachment 5799489
Copy text 08 B5 00 20 08 BD 1B 68 1B 68 02 2B
Return back to hex editor window then right click on the highlighted items and select "Paste Insert"View attachment 5799501
The newly modified 24 characters will be displayed in redView attachment 5799503
Click "File" and select "Save".
Flash the modified "lk.img" in fastboot mode
fastboot flash lk lk.img
Click to expand...
Click to collapse
Nice work! Do you have any idea where the code for text on the picture below might be? Technically, if we are able to find this code and modify it, it should allow us to use the Offical Global rom. I tried to replicate these steps and these steps with no success. I can flash the image using fastboot but the message doesn't disappear.
Protip: The version TB132FU_USR_S000034_2206180119_MPR0_ROW allows the bootloader to remain unlocked. Useful for tests with the Global version
While the version "TB132FU_USR_S000089_2210200620_MPR0_ROW" will lock the bootloader and the commands to unlock will not work.
Let me know if you have any insights.
als_bvg said:
Protip: The version TB132FU_USR_S000034_2206180119_MPR0_ROW allows the bootloader to remain unlocked. Useful for tests with the Global version
While the version "TB132FU_USR_S000089_2210200620_MPR0_ROW" will lock the bootloader and the commands to unlock will not work.
Click to expand...
Click to collapse
I had TB132FU_S000034_220618_ROW installed.
I flashed ZUI 14.0.691.
And now I can't flash any firmware through the flashtool. I can't flash my backup of TB132FU_S000034_220618_ROW.
That's why I'm still on the ZUI 14.0.691.
I'm getting used to it
ug0o said:
I had TB132FU_S000034_220618_ROW installed.
I flashed ZUI 14.0.691.
And now I can't flash any firmware through the flashtool. I can't flash my backup of TB132FU_S000034_220618_ROW.
That's why I'm still on the ZUI 14.0.691.
I'm getting used to it
Click to expand...
Click to collapse
Awesome. Just a note: The fake global was TB132FU_S300062_220921_ROW, and the version we could use to try removing the code is TB132FU_USR_S000034_2206180119_MPR0_ROW. This version is flashable via the Third method on the FAQ. I tried to flash a backup using the Flash Tool and even splitting the dump using Wwr MTK tool and using the third flashing method, but no success with the backup either.
But If we manage to locate the 'Incompatible software' code we could use an official ROM.

Categories

Resources